WO2017110969A1 - Wireless communication system, server, terminal, wireless communication method, and program - Google Patents

Wireless communication system, server, terminal, wireless communication method, and program Download PDF

Info

Publication number
WO2017110969A1
WO2017110969A1 PCT/JP2016/088287 JP2016088287W WO2017110969A1 WO 2017110969 A1 WO2017110969 A1 WO 2017110969A1 JP 2016088287 W JP2016088287 W JP 2016088287W WO 2017110969 A1 WO2017110969 A1 WO 2017110969A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
server
key
common key
packet
Prior art date
Application number
PCT/JP2016/088287
Other languages
French (fr)
Japanese (ja)
Inventor
雅幸 佐藤
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2017110969A1 publication Critical patent/WO2017110969A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks

Definitions

  • the present invention is based on a Japanese patent application: Japanese Patent Application No. 2015-251471 (filed on Dec. 24, 2015), and the entire description of the application is incorporated herein by reference.
  • the present invention relates to a wireless communication system, a server, a terminal, a wireless communication method, and a program, and more particularly, wireless based on short-range wireless communication technology such as BLE (Bluetooth (registered trademark) Low Energy) capable of communication with extremely low power.
  • BLE Bluetooth (registered trademark) Low Energy) capable of communication with extremely low power.
  • the present invention relates to a communication system, a key server that provides a common key used in such wireless communication, a beacon terminal that transmits an advertisement packet, a receiving terminal that receives the advertisement packet, a wireless communication method, and a program.
  • beacon terminals have been increasingly installed as communication devices in stores and exhibition booths.
  • the beacon terminal transmits an advertisement packet including the identifier of the beacon terminal based on BLE (Bluetooth (registered trademark) Low Energy) technology that enables communication with extremely low power.
  • BLE Bluetooth (registered trademark) Low Energy
  • a terminal for example, a smartphone, tablet terminal, notebook PC (Personal Computer), etc., hereinafter referred to as “receiving terminal”
  • the application software installed in the receiving terminal in advance extracts the beacon terminal identifier from the advertisement packet, and sends the extracted identifier to a predetermined distribution server.
  • the distribution server transmits information such as store product information and exhibition booth product information to the receiving terminal according to the identifier received from the receiving terminal.
  • the receiving terminal displays the information received from the distribution server on the display. Thereby, for example, push-type advertisements related to store products, exhibition booth products, and the like are possible.
  • Patent Document 1 discloses a technique of communicating using a common key between a beacon device and a server.
  • Patent Document 2 in communication between a communication terminal and an electronic device (health device, housing facility, peripheral device) that is an operation target of the communication terminal, security is achieved by using BLE and encryption technology based on a common key. The technology to be secured is described.
  • Patent Document 3 describes a technique in which a service control device generates an authentication key used for communication between itself and a service using device every arbitrary period and distributes the authentication key to the service using device.
  • Non-Patent Document 1 describes a key derivation function (KDF, Key ⁇ Derivation Function) for generating a key.
  • KDF Key ⁇ Derivation Function
  • 3GPP TS 33.401 v13.0.02015 (2015-09): "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 13). ''
  • a technology is known in which a beacon terminal (hereinafter also referred to as “transmitting terminal”) encrypts information included in an advertisement packet using a common key method. Specifically, the transmitting terminal encrypts information such as the identifier of the transmitting terminal with a common key and then sends it out as an advertisement packet, and the receiving terminal decrypts it with the common key so that the information such as the identifier of the transmitting terminal is transmitted.
  • the common key is generally embedded in hardware in each of the transmission terminal and the reception terminal, and is difficult to change. In this case, when a malicious person obtains the common key, information such as the identifier of the transmitting terminal may be decrypted, and “spoofing” of the transmitting terminal may be possible.
  • Patent Document 3 discloses a technique for generating an authentication key used for communication between itself and another device for each arbitrary period.
  • this technology is applied to a transmission terminal (beacon terminal) and a reception terminal that perform communication based on BLE (Bluetooth (registered trademark) Low Energy)
  • the transmission terminal itself generates a common key.
  • BLE Bluetooth (registered trademark) Low Energy
  • a key generated or updated by the transmitting terminal is received from the transmitting terminal. There arises a problem that it cannot be safely distributed to terminals.
  • An object of the present invention is to provide a wireless communication system, a terminal, a server, a wireless communication method, and a program that contribute to solving such a problem.
  • the wireless communication system includes a server that updates a common key at a predetermined timing, and a packet that includes predetermined information encrypted using the common key updated by the server.
  • a first terminal that transmits to a second terminal based on a communication technology, the second terminal receives the packet from the first terminal, and the predetermined information included in the packet is Decrypt using the shared key updated by the server.
  • the server provides a key update unit that updates a common key at a predetermined timing, and a packet that includes predetermined information encrypted using the common key, based on the short-range wireless communication technology.
  • the key update unit For the first terminal that transmits and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using a common key, the key update unit And a key providing unit that provides the updated common key.
  • the first terminal includes a key receiving unit that receives a common key updated by a server at a predetermined timing, and a packet that includes predetermined information encrypted using the common key.
  • a packet transmission unit that transmits the data based on the short-range wireless communication technology.
  • a second terminal includes a key receiving unit that receives a common key updated by a server at a predetermined timing, and a packet that includes predetermined information encrypted using the common key.
  • a packet receiving unit that receives the packet from a first terminal that transmits based on a short-range wireless communication technology; and a decrypting unit that decrypts predetermined information included in the packet using the common key.
  • the wireless communication method includes a step in which a server updates a common key at a predetermined timing, and a predetermined terminal encrypted by using the common key updated by the server.
  • the wireless communication method is a short-range wireless communication technique in which a server updates a common key at a predetermined timing, and a packet including predetermined information encrypted using the common key. Updating the first terminal that transmits based on the first terminal and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using a common key Providing a common key.
  • a wireless communication method in which a first terminal receives a common key updated by a server at a predetermined timing, and predetermined information encrypted using the common key. Generating a packet including, for the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using the common key generated by the server, Transmitting the packet based on short-range wireless communication technology.
  • a wireless communication method in which a second terminal receives a common key updated by a server at a predetermined timing; and predetermined information encrypted using the common key. Receiving the packet from a first terminal that transmits the packet containing the packet based on short-range wireless communication technology; and decrypting predetermined information included in the packet using the common key.
  • a program for updating a common key at a predetermined timing and a packet including predetermined information encrypted using the common key are transmitted based on a short-range wireless communication technique. Provide the updated common key to the first terminal and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using the common key Processing to be executed by the server.
  • a program according to a tenth aspect of the present invention is a process of accepting a common key updated by a server at a predetermined timing to a computer provided in a first terminal, and encrypted using the common key. Generating a packet including the predetermined information, receiving the packet from the first terminal, and decrypting the predetermined information included in the packet using a common key generated by the server And causing the terminal to execute processing for transmitting the packet based on a short-range wireless communication technology.
  • a program according to an eleventh aspect of the present invention is a process of accepting a common key updated by a server at a predetermined timing with respect to a computer provided in a second terminal, and encrypted using the common key. Processing for receiving the packet from the first terminal that transmits the packet including the predetermined information based on the near field communication technology, and processing for decrypting the predetermined information included in the packet using the common key And execute.
  • program can also be provided as a program product recorded in a non-transitory computer-readable storage medium.
  • the server According to the wireless communication system, the server, the terminal, the wireless communication method, and the program according to the present invention, it is possible to improve the security of communication between the transmitting terminal and the receiving terminal in the short-range wireless communication system.
  • FIG. 4 is a sequence diagram illustrating an operation of distributing a common key to a receiving terminal in the wireless communication system according to the first embodiment.
  • FIG. FIG. 5 is a sequence diagram illustrating an operation of authenticating a receiving terminal in the wireless communication system according to the first embodiment. It is a block diagram which illustrates the composition of the radio communications system concerning a 2nd embodiment. It is a sequence diagram which illustrates the operation
  • FIG. 10 is a sequence diagram illustrating an operation of distributing a common key to receiving terminals in a wireless communication system according to a third embodiment.
  • FIG. 1 is a diagram illustrating a configuration of a wireless communication system according to an embodiment.
  • the wireless communication system includes a server 2 (for example, a key server) that updates a common key at a predetermined timing, and predetermined information (for example, a beacon terminal) encrypted using the common key updated by the server 2.
  • Packet for example, an advertisement packet
  • a first terminal 4 for example, a beacon terminal
  • the second terminal 6 receives the packet from the first terminal 4, and decrypts the predetermined information included in the packet using the common key updated by the server 2.
  • FIG. 2 is a diagram illustrating another configuration of the wireless communication system according to the embodiment.
  • the wireless communication system further includes a relay station 8 that relays the common key updated by the server 2.
  • the first terminal 4 (for example, a beacon terminal) receives the common key updated by the server 2 via the relay station 8 (for example, connectable to a WAN (Wide-Area-Network)).
  • the first terminal 4 cannot communicate directly with the server 2 (for example, the terminal 4 as a beacon terminal cannot connect to a LAN (Local Area Network) / WAN (Wide Area Network)).
  • the common key used for encryption by the first terminal 4 can be updated.
  • the relay station 8 can receive the shared key updated by the server 2 from the server 2 via SSL (Secure Socket Layer) communication established between the server 2 and the relay station 8. Further, the relay station 8 may display the common key received from the server 2. Further, the first terminal 4 may accept manual input of the common key by the user with reference to the common key displayed by the relay station 8. According to such a wireless communication system, the shared key updated by the server 2 can be safely distributed to the first terminal 4 on the assumption that the user who inputs the shared key can be trusted.
  • SSL Secure Socket Layer
  • the second terminal 6 may receive the shared key updated by the server 2 from the server 2 via the SSL communication established between the server 2 and the second terminal 6. Good. According to such a wireless communication system, the shared key updated by the server 2 can be safely distributed to the second terminal 6.
  • FIG. 3 is a block diagram illustrating the configuration of the server 2 (for example, key server) according to an embodiment.
  • the server 2 has a key update unit 10 that updates a common key at a predetermined timing, and a packet (for example, an advertisement packet) that includes predetermined information encrypted using the common key.
  • a first terminal (terminal 4 in FIG. 1 or FIG. 2) that transmits based on a wireless communication technology (for example, BLE), and a packet received from the first terminal, and predetermined information included in the packet is transferred to the common key
  • a key providing unit 12 that provides a common key updated by the key updating unit 10 to a second terminal (terminal 6 in FIG. 1 or 2) that performs decryption using
  • FIG. 4 is a block diagram illustrating the configuration of the terminal 4 (for example, a beacon terminal) according to an embodiment.
  • the terminal 4 includes a key receiving unit 14 that receives a common key updated by a server (the server 2 in FIG. 1 or FIG. 2) at a predetermined timing, and a predetermined encrypted using the common key.
  • An encryption unit 16 that generates a packet (for example, an advertisement packet) including information (for example, an identifier of the terminal 4), and a server that receives the packet from the first terminal 4 and generates predetermined information included in the packet
  • a packet transmission unit 18 that transmits a packet to the second terminal (terminal 6 in FIG. 1 or FIG. 2) using the common key, based on a short-range wireless communication technology (for example, BLE). ing.
  • a short-range wireless communication technology for example, BLE
  • FIG. 5 is a block diagram illustrating the configuration of a terminal 6 (for example, a receiving terminal) according to an embodiment.
  • a key reception unit 20 that receives a common key updated by a server (server 2 in FIG. 1 or 2) at a predetermined timing, and a packet that includes predetermined information encrypted using the common key
  • a packet receiving unit 22 that receives a packet from a first terminal (terminal 4 in FIG. 1 or 2) that transmits a packet based on short-range wireless communication technology, and predetermined information included in the packet using a common key
  • a decoding unit 24 for decoding.
  • terminal 4 (FIG. 4), or terminal 6 (FIG. 5)
  • Security can be improved. This is because the common key used by the terminal 4 for encrypting the predetermined information included in the packet and the terminal 6 used for decryption by the terminal 6 is updated by the server 2 at a predetermined timing. Even so, the security problem only occurs temporarily.
  • information for example, an identifier of a beacon terminal
  • the common key is periodically updated to transmit a transmitter ( Distribution to a beacon terminal) and a receiver (BLE receiving terminal) makes it possible to enhance security.
  • the key can be safely distributed (for example, by SSL) between the server 2 that updates the key and the relay station 8 or the terminal 6. There is no problem that the generated key cannot be securely distributed as in the case of applying.
  • FIG. 6 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment.
  • the wireless communication system includes a key server 32, a relay station 38, a beacon terminal 34, and a receiving terminal 36.
  • the key server 32 and the relay station 38 are connected via a WAN (Wide Area Network).
  • the key server 32 and the receiving terminal 36 are also connected via the WAN.
  • the beacon terminal 34 and the receiving terminal 36 communicate based on short-range wireless communication technology (here, BLE (Bluetooth (registered trademark) Low Energy) technology is used as an example)).
  • BLE Bluetooth (registered trademark) Low Energy
  • the key server 32 updates the common key used in the BLE communication between the beacon terminal 34 and the receiving terminal 36 at a predetermined timing.
  • the relay station 38 relays the common key updated by the key server 32 to the beacon terminal 34.
  • the beacon terminal 34 receives the common key updated by the key server 32 via the relay station 38.
  • the beacon terminal 34 transmits an advertisement packet including the identifier of the beacon terminal 34 encrypted using the common key updated by the key server 32 based on BLE.
  • the receiving terminal 36 receives the advertisement packet from the beacon terminal 34, and decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the common key updated by the key server 32.
  • the application software preinstalled in the receiving terminal 36 sends the identifier of the beacon terminal 34 extracted from the advertisement packet to a predetermined distribution server (not shown), and the distribution server determines the merchandise of the store according to the identifier.
  • Receive information such as information and product information of exhibition booths.
  • FIG. 7 is a block diagram illustrating the configuration of each device included in the wireless communication system shown in FIG.
  • the key server 32 the relay station 38, the beacon terminal 34, and the receiving terminal 36 will be described with reference to the block diagram of FIG.
  • the key server 32 includes a key update unit 40 and a key provision unit 42.
  • the key update unit 40 updates the common key at a predetermined timing (for example, at a constant cycle).
  • the key update unit 40 may use, as the updated common key, the message digest obtained by inputting the code assigned to each provider and the pre-update common key to the one-way hash function as a message and a key, respectively.
  • the key update unit 40 can use the following function as the one-way hash function.
  • HMAC-SHA-256 is a one-way hash function for generating a hash message authentication code (HMAC: Hash Message Authentication Code).
  • HMAC Hash Message Authentication Code
  • a one-way hash function has a property (irreversibility) that an input cannot be read from a generated code.
  • the message digest (derived key) on the left side is the updated common key.
  • the input key on the right side is the previous common key.
  • the input S is a message for stirring the key, and here, it is a code (for example, 6 octets, that is, 48 bits) uniquely assigned to each operator.
  • the length of the common key can be, for example, 16, 24 or 32 octets, that is, 128, 192, or 256 bits.
  • the key update unit 40 generates an initial common key based on, for example, a pseudo random number.
  • the key updating unit 40 substitutes the previous common key for the input key on the right side of the above formula, and obtains the updated key as derived key.
  • the common key is generated based on the pseudo random number every time, there is a risk that a random key generation algorithm, a random number, and further a common key generated from the random number may be estimated.
  • a random key generation algorithm a random number, and further a common key generated from the random number may be estimated.
  • the frequency with which the key update unit 40 updates the common key (that is, the expiration date of the common key) can be set to several days as an example.
  • the time required for key renewal can be reduced by extending the validity period of the common key, there is a trade-off relationship in which the state in which the security is lost is prolonged when the common key is leaked.
  • the key providing unit 42 provides the common key updated by the key updating unit 40 to the beacon terminal 34 via the relay station 38 and also to the receiving terminal 36.
  • the key providing unit 42 may also notify the expiration date of the common key.
  • the key providing unit 42 may transmit the common key updated by the key updating unit 40 to the relay station 38 via SSL (Secure Socket Layer) communication established with the relay station 38.
  • the key providing unit 42 may transmit the common key updated by the key updating unit 40 to the receiving terminal 36 via SSL communication established with the receiving terminal 36.
  • the relay station 38 includes a key reception unit 56 and a display unit 58.
  • the key receiving unit 56 receives the common key from the key providing unit 42 of the key server 32.
  • the display unit 58 displays the common key received by the key receiving unit 56 on a display or the like.
  • the beacon terminal 34 includes a key reception unit 44, an encryption unit 46, and a packet transmission unit 48.
  • the key reception unit 44 receives the common key updated by the key server 32 via the relay station 38. Specifically, the key receiving unit 44 receives manual input (for example, keyboard input) of the common key by the user who refers to the common key displayed on the display unit 58 of the relay station 38.
  • manual input for example, keyboard input
  • the encryption unit 46 encrypts the identifier of the beacon terminal 34 using the common key received by the key reception unit 44, and generates an advertisement packet including the encrypted identifier.
  • the packet transmission unit 48 transmits the advertisement packet generated by the encryption unit 46 to the receiving terminal 36 based on a short-range wireless communication technology such as BLE.
  • the receiving terminal 36 includes a key receiving unit 50, a packet receiving unit 52, and a decrypting unit 54.
  • the key receiving unit 50 receives the common key updated by the key server 32 and its expiration date.
  • the key receiving unit 50 may receive the common key updated by the key server 32 from the key server 32 via SSL communication established between the key server 32 and the receiving terminal 36. Further, the key receiving unit 50 may acquire a new common key from the key server 32 when the expiration date given to the common key updated by the key server 32 has expired.
  • the packet receiving unit 52 receives an advertisement packet from the beacon terminal 34.
  • the decrypting unit 54 decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the common key received by the key receiving unit 50.
  • FIG. 8 is a sequence diagram illustrating the common key distribution operation from the key server 32 to the beacon terminal 34.
  • the key update unit 40 of the key server 32 generates a common key using a pseudo random number (step A1).
  • step A2 the key providing unit 42 of the key server 32 and the key receiving unit 56 of the relay station 38 establish SSL communication.
  • a server certificate for the key server 32 and a client certificate for the relay station 38 are used. Since communication based on SSL is publicly known, detailed description is omitted.
  • the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 56 of the relay station 38 (step A3).
  • the display unit 58 of the relay station 38 displays the common key received by the key receiving unit 56 on a display or the like (step A4).
  • the key receiving unit 44 of the beacon terminal 34 receives the input of the common key from the user who refers to the common key displayed on the relay station 38 (for example, via the numeric keypad) (step A5).
  • step A5 The sequence in FIG. 8 (steps A1 to A5) is repeated each time the key update unit 40 of the key server 32 updates the common key at a predetermined timing (for example, a constant cycle).
  • FIG. 9 is a sequence diagram illustrating the common key distribution operation from the key server 32 to the receiving terminal 36.
  • the packet receiving unit 52 of the receiving terminal 36 receives an advertisement packet including the encrypted identifier of the beacon terminal 34 from the packet transmitting unit 48 of the beacon terminal 34 (step B1).
  • the decryption unit 54 of the receiving terminal 36 decrypts the identifier of the beacon terminal 34 using the common key (step B2).
  • step B3 When the expiration date given to the common key updated by the key server 32 has expired (step B3), the key receiving unit 50 newly obtains a common key from the key server 32 by the following operations (steps B4 to B6). get.
  • the key server 32 authenticates the receiving terminal 36 (step B4).
  • FIG. 10 is a sequence diagram illustrating the authentication operation of the receiving terminal 36.
  • RADIUS authentication IEEE 802.1X authentication
  • FIG. 10 is a sequence diagram illustrating the authentication operation of the receiving terminal 36.
  • RADIUS authentication IEEE 802.1X authentication
  • the receiving terminal 36 sends an authentication request to the key server 32 (step C1).
  • the key server 32 transmits an authentication request to an authentication server (also referred to as a RADIUS server; not shown in FIGS. 6 and 7) (step C2).
  • an authentication server also referred to as a RADIUS server; not shown in FIGS. 6 and 7)
  • the authentication server verifies whether or not the receiving terminal 36 belongs to a member registered in advance (step C3).
  • the authentication server transmits a notification of “authentication OK” to the key server 32 (step C4).
  • the key server 32 Upon receipt of the “authentication OK” notification, the key server 32 further transmits the notification to the receiving terminal 36 (step C5).
  • the key providing unit 42 of the key server 32 and the key receiving unit 50 of the receiving terminal 36 establish SSL communication (step B5).
  • a server certificate for the key server 32 and a client certificate for the receiving terminal 36 are used. Since communication based on SSL is publicly known, detailed description is omitted.
  • the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 50 of the receiving terminal 36 (step B6).
  • the decrypting unit 54 of the receiving terminal 36 decrypts the information included in the advertisement packet using the updated common key received by the key receiving unit 50 (step B7).
  • the security of communication between the beacon terminal 34 and the receiving terminal 36 that perform BLE communication can be improved. This is because the beacon terminal 34 is used for encrypting the identifier of the beacon terminal 34 included in the advertisement packet, and the common key used for the decryption by the receiving terminal 36 is updated by the key server 32 at a predetermined timing. For this reason, even if the common key is leaked, a security problem occurs only temporarily.
  • a relay station 38 that relays the updated common key is provided by the key server 32, and the beacon terminal 34 is connected to the WAN (Wide Area Network) via the relay station 38. Accept the updated common key. Thereby, even when the beacon terminal 34 cannot connect to a LAN (Local Area Network) / WAN or the like, the beacon terminal 34 can update the common key used for encryption.
  • WAN Wide Area Network
  • the relay station 38 can receive the common key from the key server 32 via SSL communication established between the key server 32 and the relay station 38. Further, the receiving terminal 36 receives the common key from the key server 32 via SSL communication established between the receiving terminal 36 and the key server 32. As a result, the shared key updated by the key server 32 can be safely distributed to the beacon terminal 34 and the receiving terminal 36.
  • FIG. 11 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment.
  • the wireless communication system includes a key server 32, a relay station 39, a beacon terminal 35, and a receiving terminal 36.
  • the configurations of the key server 32 and the receiving terminal 36 are the same as those in the first embodiment. Below, it demonstrates centering on the difference of this embodiment and 1st Embodiment.
  • the WiFi (Wireless Fidelity) connection setting based on the passphrase for example, WPA2 (WiFi Protected Access 2) encryption setting
  • WPA2 WiFi Protected Access 2
  • the relay station 39 of the present embodiment includes a key reception unit 56 and a key transmission unit 59.
  • the key receiving unit 56 receives the common key from the key server 32
  • the key transmitting unit 59 notifies the beacon terminal 35 to that effect.
  • the key transmission unit 59 receives a request for a common key from the beacon terminal 35
  • the key transmission unit 59 transmits the common key to the beacon terminal 35.
  • the beacon terminal 35 of this embodiment includes a key receiving unit 45, an encryption unit 46, and a packet transmission unit 48.
  • the key reception unit 45 requests the relay station 39 for the common key.
  • the key receiving unit 45 receives the common key transmitted from the relay station 39 in response to the request and provides it to the encryption unit 46.
  • FIG. 12 is a sequence diagram illustrating such an operation.
  • the key server 32 transmits the common key to the relay station 39 via the SSL communication path when the common key is generated (step A1) or updated due to the expiration of the common key (steps A2 and A3).
  • the key transmitting unit 59 of the relay station 39 notifies the beacon terminal 35 of the issuance of the common key via WiFi (step S31). A6).
  • the key receiving unit 45 of the beacon terminal 35 Upon receiving such notification, the key receiving unit 45 of the beacon terminal 35 requests a common key from the relay station 39 (step A7).
  • the key transmission unit 59 of the relay station 39 transmits the common key to the beacon terminal 35 via WiFi (for example, WPA2 encrypted), and the key reception unit 45 of the beacon terminal 35 receives the common key (step A8). .
  • the beacon terminal 35 When the beacon terminal 35 receives a new common key, the beacon terminal 35 starts using the received common key. Further, when there is a common key that is already in use, the beacon terminal updates the common key that is in use with the received common key.
  • the distribution of the common key to the beacon terminal 35 is automated. Therefore, as in the first embodiment, it is possible to save the user from manually inputting the common key to the beacon terminal by periodically referring to the display of the relay station.
  • the SSL communication is used between the key server and the relay station, and the WiFi communication encrypted with WPA2 or the like between the relay station and the beacon terminal. Is used. This makes it possible to distribute the common key safely.
  • a wireless communication system according to a third embodiment will be described in detail with reference to the drawings.
  • the receiving terminal detects that the common key issued or updated by the key server has expired (step B3 in FIG. 9)
  • it receives a new common key from the key server. (Steps B4 to B6).
  • the receiving terminal detects a common key mismatch between the beacon terminal and the receiving terminal
  • a new common key is acquired from the key server.
  • this function can be similarly applied to the first embodiment.
  • FIG. 13 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment.
  • the wireless communication system includes a key server 32, a relay station 39, a beacon terminal 60, and a receiving terminal 37.
  • the configurations of the key server 32 and the relay station 39 are the same as those in the second embodiment. Below, it demonstrates centering on the difference of this embodiment and 2nd Embodiment.
  • the beacon terminal 60 of this embodiment includes a key reception unit 45, an encryption unit 47, and a packet transmission unit 48.
  • the encryption unit 47 encrypts the identifier of the beacon terminal 60 using the common key received by the key reception unit 45. Further, the encryption unit 47 obtains a hash value by applying a predetermined hash algorithm to the identifier of the beacon terminal 60. Further, the encryption unit 47 generates an advertisement packet including the encrypted identifier and the calculated hash value (for example, including the encrypted identifier added with the calculated hash value). To do.
  • the encryption unit 47 uses, for example, MD5 (Message Digest Algorithm 5), SHA1 (SecureHash Algorithm 1), SHA-256, SHA-384, SHA-512, RIPEMD-160 (RACE Integrity Primitives) as hash algorithms. Evaluation Message Digest 160) can be used.
  • MD5 Message Digest Algorithm 5
  • SHA1 SecureHash Algorithm 1
  • SHA-256 SHA-384
  • SHA-512 SHA-512
  • RIPEMD-160 RACE Integrity Primitives
  • the receiving terminal 37 of this embodiment includes a packet receiving unit 52, a decrypting unit 55, and a key receiving unit 50.
  • the decrypting unit 55 separates the hash value included in the advertisement packet received by the packet receiving unit 52 and the encrypted identifier.
  • the decrypting unit 55 decrypts the encrypted identifier using the common key.
  • the decryption unit 55 calculates a hash value by applying the same hash algorithm as that used by the encryption unit 47 of the beacon terminal 60 to the decrypted identifier.
  • the decoding unit 55 compares the calculated hash value with the hash value extracted from the advertisement packet.
  • the decrypting unit 55 recognizes that the common key held by the beacon terminal 60 matches the common key held by the receiving terminal 37. On the other hand, if the two hash values do not match, the decrypting unit 55 determines that the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37 do not match. If it is determined that they do not match, the decrypting unit 55 instructs the key receiving unit 50 to newly receive a common key from the key server 32. The key reception unit 50 receives the common key updated by the key server 32 in response to the instruction.
  • FIG. 14 is a sequence diagram illustrating such an operation.
  • beacon terminal 60 transmits an advertisement packet including the identifier of beacon terminal 60 encrypted using the common key and the hash value of the identifier (step B8).
  • the receiving terminal 37 separates the hash value included in the received advertisement packet and the encrypted identifier, and decrypts the encrypted identifier using the common key (step B9). Further, the receiving terminal 37 calculates a hash value by applying the same hash algorithm as the beacon terminal 60 to the decrypted identifier. Here, when the calculated hash value and the hash value included in the advertisement packet do not match, the receiving terminal 37 does not match the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37. It determines with a thing (step B10). When such determination is made, the receiving terminal 37 receives a new common key from the key server 32 in the same manner as in the first embodiment (see FIG. 9) (steps B4 to B6).
  • the receiving terminal when the receiving terminal detects a match between the common key held by the beacon terminal and the common key held by the receiving terminal, the receiving terminal newly receives the common key from the key server. According to this configuration, it is possible to eliminate the mismatch between the two common keys.
  • the common key mismatch is detected based on the advertisement packet received from the beacon terminal by the receiving terminal. Therefore, when the key server distributes the common key, it is not necessary to notify the information regarding the expiration date.
  • the configuration via the relay station when distributing the common key to the beacon terminals has been described.
  • a specific receiving terminal for example, a receiving terminal of a business operator who has installed a beacon terminal
  • the relay station may be omitted.
  • the key server in the above embodiment can be shared among a plurality of beacon terminals installed by a plurality of operators. At this time, the key server may generate a separate common key for each different beacon terminal, or may distribute the same common key to a plurality of beacon terminals.
  • the key server may be omitted and the relay station may serve as the key server.
  • the relay station may serve as the key server.
  • the beacon terminal itself updates the common key, and the updated common key is received by the receiving terminal. It can also be distributed to.
  • the beacon terminal is an advertiser that generates an advertisement packet and also plays a role of a key update server.
  • the wireless communication system according to the first aspect is as described above.
  • [Form 2] A relay station that relays the shared key updated by the server;
  • the first terminal receives the shared key updated by the server via the relay station,
  • [Form 3] The relay station receives a shared key updated by the server from the server via SSL (Secure Socket Layer) communication established between the server and the relay station;
  • the relay station displays the common key received from the server,
  • the first terminal accepts an input of a common key by a user. 4.
  • the server uses the code assigned to each provider and the pre-update common key as a message and a key, respectively, and the message digest obtained by entering the one-way hash function as the post-update common key.
  • the wireless communication system according to any one of forms 1 to 7.
  • the second terminal acquires a new common key from the server when the expiration date given to the common key updated by the server has expired.
  • the wireless communication system according to any one of Forms 1 to 8.
  • the first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet, If the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decoding predetermined information included in the packet, the second terminal A new common key from The wireless communication system according to any one of Forms 1 to 9.
  • the first terminal transmits an advertisement packet including the identifier of the first terminal encrypted by using the common key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy).
  • BLE Bluetooth (registered trademark) Low Energy
  • a beacon terminal that The second terminal has an application that acquires and displays information from the distribution server using the identifier of the first terminal.
  • the wireless communication system according to any one of Forms 1 to 10.
  • [Form 12] As in the server according to the second aspect.
  • the key providing unit provides the first terminal via a relay station that relays the common key updated by the key updating unit; The server according to mode 12.
  • the key providing unit transmits the common key updated by the key updating unit to the relay station via SSL communication established with the relay station; The server according to Form 13.
  • the key providing unit transmits the common key updated by the key updating unit to the second terminal via SSL communication established with the second terminal; The server according to any one of forms 12 to 14.
  • the key update unit updates the common key at a predetermined cycle.
  • the key update unit uses a message digest obtained by inputting a code assigned to each provider and a common key before update as a message and a key to a one-way hash function, respectively, as a common key after update.
  • the server according to any one of forms 12 to 16.
  • [Form 18] As in the first terminal according to the third aspect.
  • the key receiving unit receives an input of a common key by a user;
  • the key accepting unit obtains a shared key updated by the server from the relay station upon receiving notification from the relay station that relays the shared key updated by the server that the shared key has been received from the server.
  • a beacon terminal that transmits an advertisement packet including the identifier of the first terminal encrypted by using the shared key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy). 21.
  • the first terminal according to any one of forms 18 to 20.
  • the key receiving unit receives the shared key updated by the server from the server via SSL communication established between the server and the second terminal; The 2nd terminal of form 22.
  • the key reception unit acquires a new common key from the server when the expiration date given to the shared key updated by the server has expired.
  • the first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet, When the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decrypting the predetermined information included in the packet, the key receiving unit Obtain a new common key, 25.
  • the second terminal according to any one of forms 22 to 24.
  • the first terminal transmits an advertisement packet including the identifier of the first terminal encrypted using the common key updated by the server, based on BLE (Bluetooth (registered trademark) Low Energy).
  • BLE Bluetooth (registered trademark) Low Energy
  • the second terminal according to any one of forms 22 to 25 The second terminal according to any one of forms 22 to 25.
  • [Form 27] The wireless communication method according to the fifth aspect is as described above.
  • [Form 28] The wireless communication method according to the sixth aspect is as described above.
  • [Form 29] The wireless communication method according to the seventh aspect is as described above.
  • [Form 30] The wireless communication method according to the eighth aspect is as described above.
  • [Form 33] A program according to the eleventh aspect.

Abstract

The present invention improves the security of communication between a transmitting terminal and receiving terminal in a short-range wireless communication system. A wireless communication system provided with a server for updating a common key with prescribed timing, and a first terminal for transmitting a packet that includes prescribed information encrypted using a common key updated by the server to a second terminal on the basis of a short-range wireless communication technique. A second terminal receives the packet from the first terminal, and decrypts the prescribed information included in the packet using a common key updated by the server.

Description

無線通信システム、サーバ、端末、無線通信方法、および、プログラムWireless communication system, server, terminal, wireless communication method, and program
 [関連出願についての記載]
 本発明は、日本国特許出願:特願2015-251471号(2015年12月24日出願)に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
 本発明は、無線通信システム、サーバ、端末、無線通信方法、および、プログラムに関し、特に極低電力で通信が可能なBLE(Bluetooth(登録商標) Low Energy)等の近距離無線通信技術に基づく無線通信システム、かかる無線通信で使用される共通鍵を提供する鍵サーバ、アドバタイズメント・パケットを送信するビーコン端末、アドバタイズメント・パケットを受信する受信端末、無線通信方法、および、プログラムに関する。 [Description of related applications]
The present invention is based on a Japanese patent application: Japanese Patent Application No. 2015-251471 (filed on Dec. 24, 2015), and the entire description of the application is incorporated herein by reference.
The present invention relates to a wireless communication system, a server, a terminal, a wireless communication method, and a program, and more particularly, wireless based on short-range wireless communication technology such as BLE (Bluetooth (registered trademark) Low Energy) capable of communication with extremely low power. The present invention relates to a communication system, a key server that provides a common key used in such wireless communication, a beacon terminal that transmits an advertisement packet, a receiving terminal that receives the advertisement packet, a wireless communication method, and a program.
 近年、店舗や展示ブース等に通信機器としてビーコン(Beacon)端末が設置される機会が増大している。ビーコン端末は、ビーコン端末の識別子を含むアドバタイズメント・パケットを、極低電力で通信が可能なBLE(Bluetooth(登録商標) Low Energy)技術に基づいて送信する。ビーコン端末から所定の距離に端末(例えばスマートフォン、タブレット端末、ノートPC(Personal Computer)等、以下「受信端末」という。)が近づくと、ビーコン端末から送出されたアドバタイズメント・パケットを受信する。すると、予め受信端末にインストールされたアプリケーション・ソフトウェアは、アドバタイズメント・パケットからビーコン端末の識別子を抽出し、抽出した識別子を所定の配信サーバに送出する。配信サーバは、受信端末から受信した識別子に応じて、店舗の商品情報、展示ブースの製品情報等の情報を受信端末に送信する。受信端末は、配信サーバから受信した情報をディスプレイに表示する。これにより、例えば店舗の商品や展示ブースの製品等に関するプッシュ型の広告が可能となる。 In recent years, beacon terminals have been increasingly installed as communication devices in stores and exhibition booths. The beacon terminal transmits an advertisement packet including the identifier of the beacon terminal based on BLE (Bluetooth (registered trademark) Low Energy) technology that enables communication with extremely low power. When a terminal (for example, a smartphone, tablet terminal, notebook PC (Personal Computer), etc., hereinafter referred to as “receiving terminal”) approaches a predetermined distance from the beacon terminal, an advertisement packet sent from the beacon terminal is received. Then, the application software installed in the receiving terminal in advance extracts the beacon terminal identifier from the advertisement packet, and sends the extracted identifier to a predetermined distribution server. The distribution server transmits information such as store product information and exhibition booth product information to the receiving terminal according to the identifier received from the receiving terminal. The receiving terminal displays the information received from the distribution server on the display. Thereby, for example, push-type advertisements related to store products, exhibition booth products, and the like are possible.
 本発明の関連技術として、特許文献1には、ビーコン装置とサーバとの間で共通鍵を用いて通信する技術が開示されている。 As a related technique of the present invention, Patent Document 1 discloses a technique of communicating using a common key between a beacon device and a server.
 また、特許文献2には、通信端末と通信端末の操作対象となる電子機器(健康機器、住宅設備、周辺機器)との間の通信において、BLEを用い、共通鍵に基づく暗号技術によりセキュリティを確保する技術が記載されている。 In Patent Document 2, in communication between a communication terminal and an electronic device (health device, housing facility, peripheral device) that is an operation target of the communication terminal, security is achieved by using BLE and encryption technology based on a common key. The technology to be secured is described.
 さらに、特許文献3には、サービス制御装置が自身とサービス利用装置との間の通信で使用する認証鍵を任意の期間ごとに生成して、サービス利用装置に配布する技術が記載されている。 Furthermore, Patent Document 3 describes a technique in which a service control device generates an authentication key used for communication between itself and a service using device every arbitrary period and distributes the authentication key to the service using device.
 また、非特許文献1には、鍵を生成するための鍵導出関数(KDF、Key Derivation Function)が記載されている。 Non-Patent Document 1 describes a key derivation function (KDF, Key 、 Derivation Function) for generating a key.
国際公開第2015/118971号International Publication No. 2015/118971 国際公開第2015/111444号International Publication No. 2015/111444 特開2003-244135号公報JP 2003-244135 A
 上記特許文献および非特許文献の全開示内容は、本書に引用をもって繰り込み記載されているものとする。以下の分析は、本発明者によってなされたものである。 The entire disclosures of the above patent documents and non-patent documents are incorporated herein by reference. The following analysis was made by the present inventors.
 ビーコン端末(以下「送信端末」ともいう。)がアドバタイズメント・パケットに含まれる情報を共通鍵方式で暗号化する技術が知られている。具体的には、送信端末が送信端末の識別子等の情報を共通鍵で暗号化した上でアドバタイズメント・パケットとして送出し、受信端末は共通鍵で復号することにより、送信端末の識別子等の情報を抽出する。ここで、共通鍵は、一般に送信端末および受信端末のそれぞれに対してハードウェア的に埋め込まれており、変更することが困難である。この場合、悪意のある人物が共通鍵を入手したとき、送信端末の識別子等の情報が解読され、送信端末の「なりすまし」が可能となるおそれがある。  A technology is known in which a beacon terminal (hereinafter also referred to as “transmitting terminal”) encrypts information included in an advertisement packet using a common key method. Specifically, the transmitting terminal encrypts information such as the identifier of the transmitting terminal with a common key and then sends it out as an advertisement packet, and the receiving terminal decrypts it with the common key so that the information such as the identifier of the transmitting terminal is transmitted. To extract. Here, the common key is generally embedded in hardware in each of the transmission terminal and the reception terminal, and is difficult to change. In this case, when a malicious person obtains the common key, information such as the identifier of the transmitting terminal may be decrypted, and “spoofing” of the transmitting terminal may be possible.
 特許文献1、2に記載された技術においても共通鍵が不変であるため、共通鍵が漏洩すると、同様にセキュリティ上の問題が生じるおそれがある。 In the techniques described in Patent Documents 1 and 2, since the common key is invariant, if the common key is leaked, there is a possibility that a security problem may occur.
 特許文献3には、自身と他の装置との間の通信で使用する認証鍵を任意の期間ごとに生成する技術が開示されている。しかしながら、かかる技術をBLE(Bluetooth(登録商標) Low Energy)に基づいて通信を行う送信端末(ビーコン端末)と受信端末に適用した場合、送信端末自身が共通鍵を生成することになる。しかし、BLEで通信を行う送信端末と受信端末との間では、安全に鍵を配布するための通信を確立することは困難であるため、送信端末が生成または更新した鍵を、送信端末から受信端末に安全に配布することができないという問題が生じる。 Patent Document 3 discloses a technique for generating an authentication key used for communication between itself and another device for each arbitrary period. However, when this technology is applied to a transmission terminal (beacon terminal) and a reception terminal that perform communication based on BLE (Bluetooth (registered trademark) Low Energy), the transmission terminal itself generates a common key. However, since it is difficult to establish communication for securely distributing a key between a transmitting terminal and a receiving terminal that perform communication by BLE, a key generated or updated by the transmitting terminal is received from the transmitting terminal. There arises a problem that it cannot be safely distributed to terminals.
 そこで、近距離無線通信システムにおいて、送信端末と受信端末との間における通信のセキュリティを向上させることが課題となる。本発明の目的は、かかる課題解決に寄与する無線通信システム、端末、サーバ、無線通信方法、および、プログラムを提供することにある。 Therefore, it is an issue to improve the security of communication between the transmission terminal and the reception terminal in the short-range wireless communication system. An object of the present invention is to provide a wireless communication system, a terminal, a server, a wireless communication method, and a program that contribute to solving such a problem.
 本発明の第1の態様に係る無線通信システムは、所定のタイミングで共通鍵を更新するサーバと、前記サーバが更新した共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて第2の端末に送信する第1の端末とを備え、前記第2の端末は、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが更新した共通鍵を用いて復号する。 The wireless communication system according to the first aspect of the present invention includes a server that updates a common key at a predetermined timing, and a packet that includes predetermined information encrypted using the common key updated by the server. A first terminal that transmits to a second terminal based on a communication technology, the second terminal receives the packet from the first terminal, and the predetermined information included in the packet is Decrypt using the shared key updated by the server.
 本発明の第2の態様に係るサーバは、所定のタイミングで共通鍵を更新する鍵更新部と、共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末、および、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を共通鍵を用いて復号する第2の端末に対して、前記鍵更新部が更新した共通鍵を提供する鍵提供部と、を備えている。 The server according to the second aspect of the present invention provides a key update unit that updates a common key at a predetermined timing, and a packet that includes predetermined information encrypted using the common key, based on the short-range wireless communication technology. For the first terminal that transmits and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using a common key, the key update unit And a key providing unit that provides the updated common key.
 本発明の第3の態様に係る第1の端末は、所定のタイミングでサーバによって更新された共通鍵を受け付ける鍵受付部と、前記共通鍵を用いて暗号化された所定の情報を含むパケットを生成する暗号化部と、第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが生成した共通鍵を用いて復号する第2の端末に対して、前記パケットを近距離無線通信技術に基づいて送信するパケット送信部と、を備えている。 The first terminal according to the third aspect of the present invention includes a key receiving unit that receives a common key updated by a server at a predetermined timing, and a packet that includes predetermined information encrypted using the common key. An encryption unit to be generated; and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using the common key generated by the server. And a packet transmission unit that transmits the data based on the short-range wireless communication technology.
 本発明の第4の態様に係る第2の端末は、所定のタイミングでサーバによって更新された共通鍵を受け付ける鍵受付部と、前記共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末から前記パケットを受信するパケット受信部と、前記パケットに含まれる所定の情報を、前記共通鍵を用いて復号する復号部と、を備えている。 A second terminal according to a fourth aspect of the present invention includes a key receiving unit that receives a common key updated by a server at a predetermined timing, and a packet that includes predetermined information encrypted using the common key. A packet receiving unit that receives the packet from a first terminal that transmits based on a short-range wireless communication technology; and a decrypting unit that decrypts predetermined information included in the packet using the common key. Yes.
 本発明の第5の態様に係る無線通信方法は、サーバが所定のタイミングで共通鍵を更新するステップと、第1の端末が、前記サーバが更新した共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信するステップと、第2の端末が、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが更新した共通鍵を用いて復号するステップと、を含む。 The wireless communication method according to the fifth aspect of the present invention includes a step in which a server updates a common key at a predetermined timing, and a predetermined terminal encrypted by using the common key updated by the server. A step of transmitting a packet including information based on a short-range wireless communication technology; a second terminal receives the packet from the first terminal; and the server updates predetermined information included in the packet Decrypting using the common key.
 本発明の第6の態様に係る無線通信方法は、サーバが、所定のタイミングで共通鍵を更新するステップと、共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末、および、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、共通鍵を用いて復号する第2の端末に対して、更新した共通鍵を提供するステップと、を含む。 The wireless communication method according to the sixth aspect of the present invention is a short-range wireless communication technique in which a server updates a common key at a predetermined timing, and a packet including predetermined information encrypted using the common key. Updating the first terminal that transmits based on the first terminal and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using a common key Providing a common key.
 本発明の第7の態様に係る無線通信方法は、第1の端末が、所定のタイミングでサーバによって更新された共通鍵を受け付けるステップと、前記共通鍵を用いて暗号化された所定の情報を含むパケットを生成するステップと、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが生成した共通鍵を用いて復号する第2の端末に対して、前記パケットを近距離無線通信技術に基づいて送信するステップと、を含む。 According to a seventh aspect of the present invention, there is provided a wireless communication method in which a first terminal receives a common key updated by a server at a predetermined timing, and predetermined information encrypted using the common key. Generating a packet including, for the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using the common key generated by the server, Transmitting the packet based on short-range wireless communication technology.
 本発明の第8の態様に係る無線通信方法は、第2の端末が、所定のタイミングでサーバによって更新された共通鍵を受け付けるステップと、前記共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末から前記パケットを受信するステップと、前記パケットに含まれる所定の情報を、前記共通鍵を用いて復号するステップと、を含む。 According to an eighth aspect of the present invention, there is provided a wireless communication method in which a second terminal receives a common key updated by a server at a predetermined timing; and predetermined information encrypted using the common key. Receiving the packet from a first terminal that transmits the packet containing the packet based on short-range wireless communication technology; and decrypting predetermined information included in the packet using the common key.
 本発明の第9の態様に係るプログラムは、所定のタイミングで共通鍵を更新する処理と、共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末、および、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、共通鍵を用いて復号する第2の端末に対して、更新した共通鍵を提供する処理と、をサーバに実行させる。 According to a ninth aspect of the present invention, a program for updating a common key at a predetermined timing and a packet including predetermined information encrypted using the common key are transmitted based on a short-range wireless communication technique. Provide the updated common key to the first terminal and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using the common key Processing to be executed by the server.
 本発明の第10の態様に係るプログラムは、第1の端末に設けられたコンピュータに対して、所定のタイミングでサーバによって更新された共通鍵を受け付ける処理と、前記共通鍵を用いて暗号化された所定の情報を含むパケットを生成するステップと、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが生成した共通鍵を用いて復号する第2の端末に対して、前記パケットを近距離無線通信技術に基づいて送信する処理と、を実行させる。 A program according to a tenth aspect of the present invention is a process of accepting a common key updated by a server at a predetermined timing to a computer provided in a first terminal, and encrypted using the common key. Generating a packet including the predetermined information, receiving the packet from the first terminal, and decrypting the predetermined information included in the packet using a common key generated by the server And causing the terminal to execute processing for transmitting the packet based on a short-range wireless communication technology.
 本発明の第11の態様に係るプログラムは、第2の端末に設けられたコンピュータに対して、所定のタイミングでサーバによって更新された共通鍵を受け付ける処理と、前記共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末から前記パケットを受信する処理と、前記パケットに含まれる所定の情報を、前記共通鍵を用いて復号する処理と、を実行させる。 A program according to an eleventh aspect of the present invention is a process of accepting a common key updated by a server at a predetermined timing with respect to a computer provided in a second terminal, and encrypted using the common key. Processing for receiving the packet from the first terminal that transmits the packet including the predetermined information based on the near field communication technology, and processing for decrypting the predetermined information included in the packet using the common key And execute.
 なお、プログラムは、非一時的なコンピュータ可読記録媒体(non-transitory computer-readable storage medium)に記録されたプログラム製品として提供することもできる。 Note that the program can also be provided as a program product recorded in a non-transitory computer-readable storage medium.
 本発明に係る無線通信システム、サーバ、端末、無線通信方法、および、プログラムによると、近距離無線通信システムにおいて、送信端末と受信端末との間における通信のセキュリティを向上させることができる。 According to the wireless communication system, the server, the terminal, the wireless communication method, and the program according to the present invention, it is possible to improve the security of communication between the transmitting terminal and the receiving terminal in the short-range wireless communication system.
一実施形態に係る無線通信システムの構成を例示する図である。It is a figure which illustrates the structure of the radio | wireless communications system which concerns on one Embodiment. 一実施形態に係る無線通信システムの他の構成を例示する図である。It is a figure which illustrates other composition of the radio communications system concerning one embodiment. 一実施形態に係るサーバの構成を例示するブロック図である。It is a block diagram which illustrates the composition of the server concerning one embodiment. 一実施形態に係る第1の端末(送信端末)の構成を例示するブロック図である。It is a block diagram which illustrates the composition of the 1st terminal (transmission terminal) concerning one embodiment. 一実施形態に係る第2の端末(受信端末)の構成を例示するブロック図である。It is a block diagram which illustrates the composition of the 2nd terminal (receiving terminal) concerning one embodiment. 第1の実施形態に係る無線通信システムの構成を例示する図である。It is a figure which illustrates the structure of the radio | wireless communications system which concerns on 1st Embodiment. 第1の実施形態に係る無線通信システムの構成を例示するブロック図である。It is a block diagram which illustrates the composition of the radio communications system concerning a 1st embodiment. 第1の実施形態に係る無線通信システムにおいて、ビーコン端末へ共通鍵を配布する動作を例示するシーケンス図である。It is a sequence diagram which illustrates the operation | movement which distributes a common key to a beacon terminal in the radio | wireless communications system which concerns on 1st Embodiment. 第1の実施形態に係る無線通信システムにおいて、受信端末へ共通鍵を配布する動作を例示するシーケンス図である。4 is a sequence diagram illustrating an operation of distributing a common key to a receiving terminal in the wireless communication system according to the first embodiment. FIG. 第1の実施形態に係る無線通信システムにおいて、受信端末を認証する動作を例示するシーケンス図である。FIG. 5 is a sequence diagram illustrating an operation of authenticating a receiving terminal in the wireless communication system according to the first embodiment. 第2の実施形態に係る無線通信システムの構成を例示するブロック図である。It is a block diagram which illustrates the composition of the radio communications system concerning a 2nd embodiment. 第2の実施形態に係る無線通信システムにおいて、ビーコン端末へ共通鍵を配布する動作を例示するシーケンス図である。It is a sequence diagram which illustrates the operation | movement which distributes a common key to a beacon terminal in the radio | wireless communications system which concerns on 2nd Embodiment. 第3の実施形態に係る無線通信システムの構成を例示するブロック図である。It is a block diagram which illustrates the composition of the radio communications system concerning a 3rd embodiment. 第3の実施形態に係る無線通信システムにおいて、受信端末へ共通鍵を配布する動作を例示するシーケンス図である。FIG. 10 is a sequence diagram illustrating an operation of distributing a common key to receiving terminals in a wireless communication system according to a third embodiment.
 はじめに、一実施形態の概要について説明する。なお、この概要に付記する図面参照符号は、専ら理解を助けるための例示であり、本発明を図示の態様に限定することを意図するものではない。 First, an outline of one embodiment will be described. Note that the reference numerals of the drawings attached to this summary are merely examples for facilitating understanding, and are not intended to limit the present invention to the illustrated embodiment.
 図1は、一実施形態に係る無線通信システムの構成を例示する図である。図1を参照すると、無線通信システムは、所定のタイミングで共通鍵を更新するサーバ2(例えば鍵サーバ)と、サーバ2が更新した共通鍵を用いて暗号化された所定の情報(例えばビーコン端末である端末4の識別子)を含むパケット(例えばアドバタイズメント・パケット)を近距離無線通信技術(例えばBLE(Bluetooth(登録商標) Low Energy))に基づいて第2の端末6(例えば受信端末)に送信する第1の端末4(例えばビーコン端末)を備えている。ここで、第2の端末6は、第1の端末4から前記パケットを受信し、前記パケットに含まれる所定の情報を、サーバ2が更新した共通鍵を用いて復号する。 FIG. 1 is a diagram illustrating a configuration of a wireless communication system according to an embodiment. Referring to FIG. 1, the wireless communication system includes a server 2 (for example, a key server) that updates a common key at a predetermined timing, and predetermined information (for example, a beacon terminal) encrypted using the common key updated by the server 2. Packet (for example, an advertisement packet) including the identifier of the terminal 4 that is a second terminal 6 (for example, a receiving terminal) based on short-range wireless communication technology (for example, BLE (Bluetooth (registered trademark) Low Energy)). A first terminal 4 (for example, a beacon terminal) for transmission is provided. Here, the second terminal 6 receives the packet from the first terminal 4, and decrypts the predetermined information included in the packet using the common key updated by the server 2.
 かかる無線通信システムによると、近距離無線通信システムにおいて、送信側の端末4と受信側の端末6との間における通信のセキュリティを向上させることができる。なぜなら、端末4がパケットに含まれる所定の情報を暗号化するために使用し、端末6が復号に使用する共通鍵はサーバ2によって所定のタイミングで更新されるため、仮に共通鍵が漏洩したとしても、セキュリティ上の問題は一時的にしか生じないからである。 According to such a wireless communication system, it is possible to improve the security of communication between the terminal 4 on the transmission side and the terminal 6 on the reception side in the short-range wireless communication system. Because the common key used by the terminal 4 for encrypting the predetermined information contained in the packet and used by the terminal 6 for decryption is updated by the server 2 at a predetermined timing. However, this is because a security problem occurs only temporarily.
 図2は、一実施形態に係る無線通信システムの他の構成を例示する図である。図2を参照すると、無線通信システムは、サーバ2が更新した共通鍵を中継する中継局8をさらに備えている。このとき、第1の端末4(例えばビーコン端末)は、サーバ2が更新した共通鍵を、(例えばWAN(Wide Area Network)に接続可能な)中継局8を経由して受け付ける。かかる無線通信システムによると、第1の端末4がサーバ2と直接通信できない場合(例えば、ビーコン端末である端末4がLAN(Local Area Network)/WAN(Wide Area Network)接続不可の場合)であっても、第1の端末4が暗号化に使用する共通鍵を更新することが可能となる。 FIG. 2 is a diagram illustrating another configuration of the wireless communication system according to the embodiment. Referring to FIG. 2, the wireless communication system further includes a relay station 8 that relays the common key updated by the server 2. At this time, the first terminal 4 (for example, a beacon terminal) receives the common key updated by the server 2 via the relay station 8 (for example, connectable to a WAN (Wide-Area-Network)). According to such a wireless communication system, the first terminal 4 cannot communicate directly with the server 2 (for example, the terminal 4 as a beacon terminal cannot connect to a LAN (Local Area Network) / WAN (Wide Area Network)). However, the common key used for encryption by the first terminal 4 can be updated.
 ここで、中継局8は、サーバ2と中継局8の間に確立されたSSL(Secure Socket Layer)通信を介してサーバ2からサーバ2が更新した共通鍵を受信することができる。また、中継局8は、サーバ2から受信した共通鍵を表示するようにしてもよい。また、第1の端末4は、中継局8が表示した共通鍵を参照したユーザによる共通鍵の手動による入力を受け付けるようにしてもよい。かかる無線通信システムによると、共通鍵の入力を行うユーザが信頼できることを前提として、サーバ2が更新した共通鍵を安全に第1の端末4に配布することが可能となる。 Here, the relay station 8 can receive the shared key updated by the server 2 from the server 2 via SSL (Secure Socket Layer) communication established between the server 2 and the relay station 8. Further, the relay station 8 may display the common key received from the server 2. Further, the first terminal 4 may accept manual input of the common key by the user with reference to the common key displayed by the relay station 8. According to such a wireless communication system, the shared key updated by the server 2 can be safely distributed to the first terminal 4 on the assumption that the user who inputs the shared key can be trusted.
 さらに、第2の端末6(例えば受信端末)は、サーバ2と第2の端末6の間に確立されたSSL通信を介してサーバ2からサーバ2が更新した共通鍵を受信するようにしてもよい。かかる無線通信システムによると、サーバ2が更新した共通鍵を安全に第2の端末6に配布することが可能となる。 Further, the second terminal 6 (for example, the receiving terminal) may receive the shared key updated by the server 2 from the server 2 via the SSL communication established between the server 2 and the second terminal 6. Good. According to such a wireless communication system, the shared key updated by the server 2 can be safely distributed to the second terminal 6.
 図3は、一実施形態に係るサーバ2(例えば鍵サーバ)の構成を例示するブロック図である。図3を参照すると、サーバ2は、所定のタイミングで共通鍵を更新する鍵更新部10と、共通鍵を用いて暗号化された所定の情報を含むパケット(例えばアドバタイズメント・パケット)を近距離無線通信技術(例えばBLE)に基づいて送信する第1の端末(図1または図2の端末4)、および、第1の端末からパケットを受信し、パケットに含まれる所定の情報を、共通鍵を用いて復号する第2の端末(図1または図2の端末6)に対して、鍵更新部10が更新した共通鍵を提供する鍵提供部12と、を備えている。 FIG. 3 is a block diagram illustrating the configuration of the server 2 (for example, key server) according to an embodiment. Referring to FIG. 3, the server 2 has a key update unit 10 that updates a common key at a predetermined timing, and a packet (for example, an advertisement packet) that includes predetermined information encrypted using the common key. A first terminal (terminal 4 in FIG. 1 or FIG. 2) that transmits based on a wireless communication technology (for example, BLE), and a packet received from the first terminal, and predetermined information included in the packet is transferred to the common key And a key providing unit 12 that provides a common key updated by the key updating unit 10 to a second terminal (terminal 6 in FIG. 1 or 2) that performs decryption using
 図4は、一実施形態に係る端末4(例えばビーコン端末)の構成を例示するブロック図である。図4を参照すると、端末4は、所定のタイミングでサーバ(図1または図2のサーバ2)によって更新された共通鍵を受け付ける鍵受付部14と、共通鍵を用いて暗号化された所定の情報(例えば端末4の識別子)を含むパケット(例えばアドバタイズメント・パケット)を生成する暗号化部16と、第1の端末4からパケットを受信し、パケットに含まれる所定の情報を、サーバが生成した共通鍵を用いて復号する第2の端末(図1または図2の端末6)に対して、パケットを近距離無線通信技術(例えばBLE)に基づいて送信するパケット送信部18と、を備えている。 FIG. 4 is a block diagram illustrating the configuration of the terminal 4 (for example, a beacon terminal) according to an embodiment. Referring to FIG. 4, the terminal 4 includes a key receiving unit 14 that receives a common key updated by a server (the server 2 in FIG. 1 or FIG. 2) at a predetermined timing, and a predetermined encrypted using the common key. An encryption unit 16 that generates a packet (for example, an advertisement packet) including information (for example, an identifier of the terminal 4), and a server that receives the packet from the first terminal 4 and generates predetermined information included in the packet A packet transmission unit 18 that transmits a packet to the second terminal (terminal 6 in FIG. 1 or FIG. 2) using the common key, based on a short-range wireless communication technology (for example, BLE). ing.
 図5は、一実施形態に係る端末6(例えば受信端末)の構成を例示するブロック図である。図5を参照すると、所定のタイミングでサーバ(図1または図2のサーバ2)によって更新された共通鍵を受け付ける鍵受付部20と、共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末(図1または図2の端末4)からパケットを受信するパケット受信部22と、パケットに含まれる所定の情報を、共通鍵を用いて復号する復号部24と、を備えている。 FIG. 5 is a block diagram illustrating the configuration of a terminal 6 (for example, a receiving terminal) according to an embodiment. Referring to FIG. 5, a key reception unit 20 that receives a common key updated by a server (server 2 in FIG. 1 or 2) at a predetermined timing, and a packet that includes predetermined information encrypted using the common key A packet receiving unit 22 that receives a packet from a first terminal (terminal 4 in FIG. 1 or 2) that transmits a packet based on short-range wireless communication technology, and predetermined information included in the packet using a common key And a decoding unit 24 for decoding.
 これらのサーバ2(図3)、端末4(図4)、または、端末6(図5)によると、近距離無線通信システムにおいて、送信側の端末4と受信側の端末6との間における通信のセキュリティを向上させることができる。なぜなら、端末4がパケットに含まれる所定の情報を暗号化するために使用し、端末6が復号に使用する共通鍵はサーバ2によって所定のタイミングで更新されるため、共通鍵が漏洩した場合であっても、セキュリティ上の問題は一時的にしか生じないからである。 According to these servers 2 (FIG. 3), terminal 4 (FIG. 4), or terminal 6 (FIG. 5), communication between the terminal 4 on the transmission side and the terminal 6 on the reception side in the short-range wireless communication system. Security can be improved. This is because the common key used by the terminal 4 for encrypting the predetermined information included in the packet and the terminal 6 used for decryption by the terminal 6 is updated by the server 2 at a predetermined timing. Even so, the security problem only occurs temporarily.
 以上のように、一実施形態によると、例えばビーコン端末のアドバタイズメント・パケットに含まれる情報(例えばビーコン端末の識別子)を共通鍵方式で暗号化し、定期的に共通鍵を更新して発信機(ビーコン端末)と受信機(BLE受信端末)に配布することで、セキュリティを強化することが可能となる。また、一実施形態によると、鍵を更新するサーバ2と、中継局8または端末6との間で、安全に(例えばSSLで)鍵を配布することができ、特許文献2に記載された技術を適用した場合のように、生成した鍵を安全に配布できないという問題は生じない。 As described above, according to an embodiment, for example, information (for example, an identifier of a beacon terminal) included in an advertisement packet of a beacon terminal is encrypted by a common key method, and the common key is periodically updated to transmit a transmitter ( Distribution to a beacon terminal) and a receiver (BLE receiving terminal) makes it possible to enhance security. According to one embodiment, the key can be safely distributed (for example, by SSL) between the server 2 that updates the key and the relay station 8 or the terminal 6. There is no problem that the generated key cannot be securely distributed as in the case of applying.
<実施形態1>
 次に、第1の実施形態に係る無線通信システムについて図面を参照して詳細に説明する。 <Embodiment 1>
Next, the wireless communication system according to the first embodiment will be described in detail with reference to the drawings.
[構成]
 図6は、本実施形態に係る無線通信システムの構成を例示する図である。図6を参照すると、無線通信システムは、鍵サーバ32、中継局38、ビーコン端末34、および、受信端末36を備えている。鍵サーバ32と中継局38は、WAN(Wide Area Network)を介して接続する。同様に、鍵サーバ32と受信端末36も、WANを介して接続する。一方、ビーコン端末34と受信端末36は、近距離無線通信技術(ここでは、一例としてBLE(Bluetooth(登録商標) Low Energy)技術とする)に基づいて通信する。 [Constitution]
FIG. 6 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment. Referring to FIG. 6, the wireless communication system includes a key server 32, a relay station 38, a beacon terminal 34, and a receiving terminal 36. The key server 32 and the relay station 38 are connected via a WAN (Wide Area Network). Similarly, the key server 32 and the receiving terminal 36 are also connected via the WAN. On the other hand, the beacon terminal 34 and the receiving terminal 36 communicate based on short-range wireless communication technology (here, BLE (Bluetooth (registered trademark) Low Energy) technology is used as an example)).
 鍵サーバ32は、所定のタイミングで、ビーコン端末34と受信端末36の間のBLE通信で使用する共通鍵を更新する。中継局38は、鍵サーバ32が更新した共通鍵をビーコン端末34に中継する。ビーコン端末34は、鍵サーバ32が更新した共通鍵を、中継局38を介して受け付ける。ビーコン端末34は、鍵サーバ32が更新した共通鍵を用いて暗号化されたビーコン端末34の識別子を含むアドバタイズメント・パケットをBLEに基づいて送信する。受信端末36は、ビーコン端末34からアドバタイズメント・パケットを受信し、アドバタイズメント・パケットに含まれるビーコン端末34の識別子を、鍵サーバ32が更新した共通鍵を用いて復号する。受信端末36に予めインストールされたアプリケーション・ソフトウェアは、アドバタイズメント・パケットから抽出したビーコン端末34の識別子を所定の配信サーバ(非図示)に送出し、配信サーバから、識別子に応じて、店舗の商品情報、展示ブースの製品情報等の情報を受信する。 The key server 32 updates the common key used in the BLE communication between the beacon terminal 34 and the receiving terminal 36 at a predetermined timing. The relay station 38 relays the common key updated by the key server 32 to the beacon terminal 34. The beacon terminal 34 receives the common key updated by the key server 32 via the relay station 38. The beacon terminal 34 transmits an advertisement packet including the identifier of the beacon terminal 34 encrypted using the common key updated by the key server 32 based on BLE. The receiving terminal 36 receives the advertisement packet from the beacon terminal 34, and decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the common key updated by the key server 32. The application software preinstalled in the receiving terminal 36 sends the identifier of the beacon terminal 34 extracted from the advertisement packet to a predetermined distribution server (not shown), and the distribution server determines the merchandise of the store according to the identifier. Receive information such as information and product information of exhibition booths.
 図7は、図6に示す無線通信システムに含まれる各機器の構成を例示するブロック図である。以下、図7のブロック図を参照して、鍵サーバ32、中継局38、ビーコン端末34、および、受信端末36の詳細な構成を説明する。 FIG. 7 is a block diagram illustrating the configuration of each device included in the wireless communication system shown in FIG. Hereinafter, detailed configurations of the key server 32, the relay station 38, the beacon terminal 34, and the receiving terminal 36 will be described with reference to the block diagram of FIG.
 図7を参照すると、鍵サーバ32は、鍵更新部40および鍵提供部42を備えている。 Referring to FIG. 7, the key server 32 includes a key update unit 40 and a key provision unit 42.
 鍵更新部40は、所定のタイミング(例えば一定の周期)で共通鍵を更新する。鍵更新部40は、事業者ごとに割り当てられたコードと更新前の共通鍵を、それぞれメッセージおよびキーとして一方向ハッシュ関数に入力して得られたメッセージダイジェストを、更新後の共通鍵としてもよい。鍵更新部40は、一方向ハッシュ関数として、一例として、以下の関数を使用することができる。 The key update unit 40 updates the common key at a predetermined timing (for example, at a constant cycle). The key update unit 40 may use, as the updated common key, the message digest obtained by inputting the code assigned to each provider and the pre-update common key to the one-way hash function as a message and a key, respectively. . As an example, the key update unit 40 can use the following function as the one-way hash function.
 derived key = HMAC-SHA-256(key, S) Derived key = HMAC-SHA-256 (key, S)
 ここで、HMAC-SHA-256は、ハッシュメッセージ認証コード(HMAC:Hash Message Authentication Code)を生成するための一方向ハッシュ関数である。一方向ハッシュ関数は、生成されるコードから入力を読み取ることができないという性質(不可逆性)を有する。左辺のメッセージダイジェスト(derived key)は、更新後の共通鍵である。右辺の入力keyは、直前の共通鍵である。また、入力Sは、keyを撹拌するためのメッセージであり、ここでは、事業者ごとに一意に割り当てられたコード(例えば、6オクテット、すなわち、48ビット)とする。なお、共通鍵の長さは、例えば、16, 24または32オクテット、すなわち、128, 192または256ビットとすることができる。 Here, HMAC-SHA-256 is a one-way hash function for generating a hash message authentication code (HMAC: Hash Message Authentication Code). A one-way hash function has a property (irreversibility) that an input cannot be read from a generated code. The message digest (derived key) on the left side is the updated common key. The input key on the right side is the previous common key. The input S is a message for stirring the key, and here, it is a code (for example, 6 octets, that is, 48 bits) uniquely assigned to each operator. The length of the common key can be, for example, 16, 24 or 32 octets, that is, 128, 192, or 256 bits.
 鍵更新部40は、初回の共通鍵を例えば疑似乱数に基づいて生成する。一方、鍵を更新する場合、鍵更新部40は上式の右辺の入力keyに前回の共通鍵を代入し、derived keyとして更新後の鍵を得る。なお、共通鍵を毎回疑似乱数に基づいて生成した場合には、乱数生成アルゴリズムや乱数、さらには、乱数から生成される共通鍵を推測されるおそれがある。しかしながら、本実施形態のように、直前の鍵を用いて新しい鍵を生成することにより、共通鍵の推測を困難とし、安全に共通鍵を生成することが可能となる。 The key update unit 40 generates an initial common key based on, for example, a pseudo random number. On the other hand, when updating the key, the key updating unit 40 substitutes the previous common key for the input key on the right side of the above formula, and obtains the updated key as derived key. When the common key is generated based on the pseudo random number every time, there is a risk that a random key generation algorithm, a random number, and further a common key generated from the random number may be estimated. However, as in the present embodiment, by generating a new key using the immediately preceding key, it is difficult to guess the common key, and the common key can be generated safely.
 また、鍵更新部40が共通鍵を更新する頻度(すなわち、共通鍵の有効期限)は、一例として、数日程度とすることができる。なお、共通鍵の有効期限を長くすると鍵の更新の手間が削減されるメリットがあるものの、共通鍵が漏洩した場合に安全性が損われた状態が長期化するトレードオフの関係が存在する。 Further, the frequency with which the key update unit 40 updates the common key (that is, the expiration date of the common key) can be set to several days as an example. In addition, although there is a merit that the time required for key renewal can be reduced by extending the validity period of the common key, there is a trade-off relationship in which the state in which the security is lost is prolonged when the common key is leaked.
 鍵提供部42は、鍵更新部40が更新した共通鍵を、中継局38を介してビーコン端末34に提供するとともに、受信端末36に提供する。ここで、鍵提供部42は、共通鍵を中継局38および受信端末36に提供する際に、共通鍵の有効期限を併せて通知するようにしてもよい。また、鍵提供部42は、中継局38との間に確立されたSSL(Secure Socket Layer)通信を介して鍵更新部40が更新した共通鍵を中継局38に送信してもよい。同様に、鍵提供部42は、受信端末36との間に確立されたSSL通信を介して鍵更新部40が更新した共通鍵を受信端末36に送信してもよい。 The key providing unit 42 provides the common key updated by the key updating unit 40 to the beacon terminal 34 via the relay station 38 and also to the receiving terminal 36. Here, when providing the common key to the relay station 38 and the receiving terminal 36, the key providing unit 42 may also notify the expiration date of the common key. The key providing unit 42 may transmit the common key updated by the key updating unit 40 to the relay station 38 via SSL (Secure Socket Layer) communication established with the relay station 38. Similarly, the key providing unit 42 may transmit the common key updated by the key updating unit 40 to the receiving terminal 36 via SSL communication established with the receiving terminal 36.
 図7を参照すると、中継局38は、鍵受付部56および表示部58を備えている。鍵受付部56は、鍵サーバ32の鍵提供部42から共通鍵を受信する。表示部58は、鍵受付部56が受信した共通鍵をディスプレイ等に表示する。 Referring to FIG. 7, the relay station 38 includes a key reception unit 56 and a display unit 58. The key receiving unit 56 receives the common key from the key providing unit 42 of the key server 32. The display unit 58 displays the common key received by the key receiving unit 56 on a display or the like.
 図7を参照すると、ビーコン端末34は、鍵受付部44、暗号化部46、および、パケット送信部48を備えている。 Referring to FIG. 7, the beacon terminal 34 includes a key reception unit 44, an encryption unit 46, and a packet transmission unit 48.
 鍵受付部44は、鍵サーバ32によって更新された共通鍵を、中継局38を経由して受け付ける。具体的には、鍵受付部44は、中継局38の表示部58が表示した共通鍵を参照したユーザによる、共通鍵の手動入力(例えばキーボード入力)を受け付ける。 The key reception unit 44 receives the common key updated by the key server 32 via the relay station 38. Specifically, the key receiving unit 44 receives manual input (for example, keyboard input) of the common key by the user who refers to the common key displayed on the display unit 58 of the relay station 38.
 暗号化部46は、鍵受付部44が受け付けた共通鍵を用いて、ビーコン端末34の識別子を暗号化し、暗号化された識別子を含むアドバタイズメント・パケットを生成する。パケット送信部48は、受信端末36に対して、暗号化部46が生成したアドバタイズメント・パケットを、BLE等の近距離無線通信技術に基づいて送信する。 The encryption unit 46 encrypts the identifier of the beacon terminal 34 using the common key received by the key reception unit 44, and generates an advertisement packet including the encrypted identifier. The packet transmission unit 48 transmits the advertisement packet generated by the encryption unit 46 to the receiving terminal 36 based on a short-range wireless communication technology such as BLE.
 図7を参照すると、受信端末36は、鍵受付部50、パケット受信部52、および、復号部54を備えている。鍵受付部50は、鍵サーバ32によって更新された共通鍵およびその有効期限を受け付ける。ここで、鍵受付部50は、鍵サーバ32と受信端末36の間に確立されたSSL通信を介して鍵サーバ32から鍵サーバ32が更新した共通鍵を受信するようにしてもよい。また、鍵受付部50は、鍵サーバ32が更新した共通鍵に付与された有効期限が切れた場合、鍵サーバ32から新たに共通鍵を取得するようにしてもよい。パケット受信部52は、ビーコン端末34からアドバタイズメント・パケットを受信する。復号部54は、アドバタイズメント・パケットに含まれるビーコン端末34の識別子を、鍵受付部50が受信した共通鍵を用いて復号する。 Referring to FIG. 7, the receiving terminal 36 includes a key receiving unit 50, a packet receiving unit 52, and a decrypting unit 54. The key receiving unit 50 receives the common key updated by the key server 32 and its expiration date. Here, the key receiving unit 50 may receive the common key updated by the key server 32 from the key server 32 via SSL communication established between the key server 32 and the receiving terminal 36. Further, the key receiving unit 50 may acquire a new common key from the key server 32 when the expiration date given to the common key updated by the key server 32 has expired. The packet receiving unit 52 receives an advertisement packet from the beacon terminal 34. The decrypting unit 54 decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the common key received by the key receiving unit 50.
[動作]
 次に、本実施形態に係る無線通信システムの動作について、図面を参照して説明する。 [Operation]
Next, the operation of the wireless communication system according to the present embodiment will be described with reference to the drawings.
 図8は、鍵サーバ32からビーコン端末34への共通鍵の配布動作を例示するシーケンス図である。 FIG. 8 is a sequence diagram illustrating the common key distribution operation from the key server 32 to the beacon terminal 34.
 図8を参照すると、鍵サーバ32の鍵更新部40は、疑似乱数を用いて共通鍵を生成する(ステップA1)。 Referring to FIG. 8, the key update unit 40 of the key server 32 generates a common key using a pseudo random number (step A1).
 次に、鍵サーバ32の鍵提供部42と、中継局38の鍵受付部56は、SSL通信を確立する(ステップA2)。このとき、鍵サーバ32に対するサーバ証明書と、中継局38に対するクライアント証明書が使用される。なお、SSLに基づく通信は公知であるため、詳細な説明を省略する。 Next, the key providing unit 42 of the key server 32 and the key receiving unit 56 of the relay station 38 establish SSL communication (step A2). At this time, a server certificate for the key server 32 and a client certificate for the relay station 38 are used. Since communication based on SSL is publicly known, detailed description is omitted.
 SSL通信を確立すると、鍵サーバ32の鍵提供部42は中継局38の鍵受付部56に共通鍵を送信する(ステップA3)。 When the SSL communication is established, the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 56 of the relay station 38 (step A3).
 中継局38の表示部58は、鍵受付部56が受信した共通鍵をディスプレイ等に表示する(ステップA4)。 The display unit 58 of the relay station 38 displays the common key received by the key receiving unit 56 on a display or the like (step A4).
 ビーコン端末34の鍵受付部44は、中継局38に表示された共通鍵を参照したユーザから(例えばテンキーを介して)共通鍵の入力を受け付ける(ステップA5)。 The key receiving unit 44 of the beacon terminal 34 receives the input of the common key from the user who refers to the common key displayed on the relay station 38 (for example, via the numeric keypad) (step A5).
 図8のシーケンス(ステップA1~A5)は、所定のタイミング(例えば一定の周期)で鍵サーバ32の鍵更新部40が共通鍵を更新するたびに繰り返される。 The sequence in FIG. 8 (steps A1 to A5) is repeated each time the key update unit 40 of the key server 32 updates the common key at a predetermined timing (for example, a constant cycle).
 図9は、鍵サーバ32から受信端末36への共通鍵の配布動作を例示するシーケンス図である。 FIG. 9 is a sequence diagram illustrating the common key distribution operation from the key server 32 to the receiving terminal 36.
 図9を参照すると、受信端末36のパケット受信部52はビーコン端末34のパケット送信部48から暗号化されたビーコン端末34の識別子を含むアドバタイズメント・パケットを受信する(ステップB1)。 Referring to FIG. 9, the packet receiving unit 52 of the receiving terminal 36 receives an advertisement packet including the encrypted identifier of the beacon terminal 34 from the packet transmitting unit 48 of the beacon terminal 34 (step B1).
 次に、受信端末36の復号部54は、共通鍵を用いてビーコン端末34の識別子を復号する(ステップB2)。 Next, the decryption unit 54 of the receiving terminal 36 decrypts the identifier of the beacon terminal 34 using the common key (step B2).
 鍵受付部50は、鍵サーバ32によって更新される共通鍵に付与された有効期限が切れた場合(ステップB3)、以下の動作(ステップB4~B6)により、鍵サーバ32から新たに共通鍵を取得する。 When the expiration date given to the common key updated by the key server 32 has expired (step B3), the key receiving unit 50 newly obtains a common key from the key server 32 by the following operations (steps B4 to B6). get.
 まず、鍵サーバ32は、受信端末36の認証を行う(ステップB4)。 First, the key server 32 authenticates the receiving terminal 36 (step B4).
 図10は、受信端末36の認証動作を例示するシーケンス図である。ここで、認証手順として、一例としてRADIUS認証(IEEE802.1X認証)を使用することができる。 FIG. 10 is a sequence diagram illustrating the authentication operation of the receiving terminal 36. Here, as an example of the authentication procedure, RADIUS authentication (IEEE 802.1X authentication) can be used.
 図10を参照すると、受信端末36は、鍵サーバ32に認証要求を送出する(ステップC1)。 Referring to FIG. 10, the receiving terminal 36 sends an authentication request to the key server 32 (step C1).
 次に、鍵サーバ32は、認証サーバ(RADIUSサーバともいう。図6、図7において非図示)に対して、認証要求を送信する(ステップC2)。 Next, the key server 32 transmits an authentication request to an authentication server (also referred to as a RADIUS server; not shown in FIGS. 6 and 7) (step C2).
 認証サーバは、受信端末36が事前に登録された会員のものであるか否かを検証する(ステップC3)。 The authentication server verifies whether or not the receiving terminal 36 belongs to a member registered in advance (step C3).
 受信端末36が登録済みのものである場合、認証サーバは「認証OK」の通知を鍵サーバ32に送信する(ステップC4)。 If the receiving terminal 36 is already registered, the authentication server transmits a notification of “authentication OK” to the key server 32 (step C4).
 鍵サーバ32は、「認証OK」の通知を受けると、さらに、当該通知を受信端末36に送信する(ステップC5)。 Upon receipt of the “authentication OK” notification, the key server 32 further transmits the notification to the receiving terminal 36 (step C5).
 以上の手続きにより、鍵サーバ32による受信端末36の認証(図9のステップB4)が完了する。 With the above procedure, the authentication of the receiving terminal 36 by the key server 32 (step B4 in FIG. 9) is completed.
 図9に戻ると、鍵サーバ32の鍵提供部42と、受信端末36の鍵受付部50は、SSL通信を確立する(ステップB5)。このとき、鍵サーバ32に対するサーバ証明書と、受信端末36に対するクライアント証明書が使用される。なお、SSLに基づく通信は公知であるため、詳細な説明を省略する。 Returning to FIG. 9, the key providing unit 42 of the key server 32 and the key receiving unit 50 of the receiving terminal 36 establish SSL communication (step B5). At this time, a server certificate for the key server 32 and a client certificate for the receiving terminal 36 are used. Since communication based on SSL is publicly known, detailed description is omitted.
 SSL通信を確立すると、鍵サーバ32の鍵提供部42は受信端末36の鍵受付部50に共通鍵を送信する(ステップB6)。 When the SSL communication is established, the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 50 of the receiving terminal 36 (step B6).
 受信端末36の復号部54は、鍵受付部50が受信した更新後の共通鍵を用いて、アドバタイズメント・パケットに含まれる情報を復号する(ステップB7)。 The decrypting unit 54 of the receiving terminal 36 decrypts the information included in the advertisement packet using the updated common key received by the key receiving unit 50 (step B7).
[効果]
 本実施形態の無線通信システムによると、BLE通信を行うビーコン端末34と受信端末36との間における通信のセキュリティを向上させることができる。なぜなら、ビーコン端末34がアドバタイズメント・パケットに含まれるビーコン端末34の識別子を暗号化するために使用するとともに、受信端末36が復号に使用する共通鍵は鍵サーバ32によって所定のタイミングで更新されるため、仮に共通鍵が漏洩したとしても、セキュリティ上の問題は一時的にしか生じないからである。 [effect]
According to the wireless communication system of this embodiment, the security of communication between the beacon terminal 34 and the receiving terminal 36 that perform BLE communication can be improved. This is because the beacon terminal 34 is used for encrypting the identifier of the beacon terminal 34 included in the advertisement packet, and the common key used for the decryption by the receiving terminal 36 is updated by the key server 32 at a predetermined timing. For this reason, even if the common key is leaked, a security problem occurs only temporarily.
 また、本実施形態では、鍵サーバ32が更新した共通鍵を中継する中継局38を設け、ビーコン端末34はWAN(Wide Area Network)に接続可能な中継局38を経由して、鍵サーバ32が更新した共通鍵を受け付ける。これにより、ビーコン端末34がLAN(Local Area Network)/WAN等に接続できない場合であっても、ビーコン端末34が暗号化に使用する共通鍵を更新することが可能となる。 In the present embodiment, a relay station 38 that relays the updated common key is provided by the key server 32, and the beacon terminal 34 is connected to the WAN (Wide Area Network) via the relay station 38. Accept the updated common key. Thereby, even when the beacon terminal 34 cannot connect to a LAN (Local Area Network) / WAN or the like, the beacon terminal 34 can update the common key used for encryption.
 さらに、中継局38は、鍵サーバ32と中継局38の間に確立されたSSL通信を介して鍵サーバ32から共通鍵を受信することができる。また、受信端末36は、受信端末36と鍵サーバ32の間に確立されたSSL通信を介して鍵サーバ32から共通鍵を受信する。これにより、鍵サーバ32が更新した共通鍵を安全にビーコン端末34と受信端末36に配布することが可能となる。 Furthermore, the relay station 38 can receive the common key from the key server 32 via SSL communication established between the key server 32 and the relay station 38. Further, the receiving terminal 36 receives the common key from the key server 32 via SSL communication established between the receiving terminal 36 and the key server 32. As a result, the shared key updated by the key server 32 can be safely distributed to the beacon terminal 34 and the receiving terminal 36.
<実施形態2>
 次に、第2の実施形態に係る無線通信システムについて図面を参照して詳細に説明する。第1の実施形態では、中継局からビーコン端末への鍵の送付をユーザが手動で行うものとした。本実施形態では、中継局からビーコン端末への鍵の配布を自動化する。 <Embodiment 2>
Next, a wireless communication system according to the second embodiment will be described in detail with reference to the drawings. In the first embodiment, the user manually sends the key from the relay station to the beacon terminal. In this embodiment, key distribution from the relay station to the beacon terminal is automated.
[構成]
 図11は、本実施形態に係る無線通信システムの構成を例示する図である。図11を参照すると、無線通信システムは、鍵サーバ32、中継局39、ビーコン端末35、および、受信端末36を備えている。鍵サーバ32および受信端末36の構成は、第1の実施形態と同様である。以下では、本実施形態と第1の実施形態との差分を中心に説明する。 [Constitution]
FIG. 11 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment. Referring to FIG. 11, the wireless communication system includes a key server 32, a relay station 39, a beacon terminal 35, and a receiving terminal 36. The configurations of the key server 32 and the receiving terminal 36 are the same as those in the first embodiment. Below, it demonstrates centering on the difference of this embodiment and 1st Embodiment.
 本実施形態では、中継局39とビーコン端末35との間では、パスフレーズに基づくWiFi(Wireless Fidelity)接続設定(例えばWPA2(WiFi Protected Access 2)の暗号化設定)が予め完了しており、常時接続が確立されているものとする。 In this embodiment, between the relay station 39 and the beacon terminal 35, the WiFi (Wireless Fidelity) connection setting based on the passphrase (for example, WPA2 (WiFi Protected Access 2) encryption setting) is completed in advance, Assume that a connection is established.
 図11を参照すると、本実施形態の中継局39は、鍵受付部56および鍵送信部59を備えている。鍵送信部59は、鍵受付部56が鍵サーバ32から共通鍵を受信すると、ビーコン端末35にその旨を通知する。また、鍵送信部59は、ビーコン端末35から共通鍵の要求を受け付けると、ビーコン端末35に共通鍵を送信する。 Referring to FIG. 11, the relay station 39 of the present embodiment includes a key reception unit 56 and a key transmission unit 59. When the key receiving unit 56 receives the common key from the key server 32, the key transmitting unit 59 notifies the beacon terminal 35 to that effect. When the key transmission unit 59 receives a request for a common key from the beacon terminal 35, the key transmission unit 59 transmits the common key to the beacon terminal 35.
 図11を参照すると、本実施形態のビーコン端末35は、鍵受付部45、暗号化部46およびパケット送信部48を備えている。鍵受付部45は、中継局39が鍵サーバ32から共通鍵を受信した旨の通知を中継局39から受信すると、中継局39に共通鍵を要求する。また、鍵受付部45は、当該要求に応じて中継局39から送信された共通鍵を受信して、暗号化部46に提供する。 Referring to FIG. 11, the beacon terminal 35 of this embodiment includes a key receiving unit 45, an encryption unit 46, and a packet transmission unit 48. When receiving a notification from the relay station 39 that the relay station 39 has received the common key from the key server 32, the key reception unit 45 requests the relay station 39 for the common key. In addition, the key receiving unit 45 receives the common key transmitted from the relay station 39 in response to the request and provides it to the encryption unit 46.
[動作]
 次に、実施形態の無線通信システムにおいて、ビーコン端末35へ共通鍵を配布する動作について説明する。図12は、かかる動作を例示するシーケンス図である。 [Operation]
Next, the operation of distributing the common key to the beacon terminal 35 in the wireless communication system of the embodiment will be described. FIG. 12 is a sequence diagram illustrating such an operation.
 鍵サーバ32は、共通鍵の生成時(ステップA1)または共通鍵の有効期限満了による更新時に、SSL通信経路を介して中継局39に共通鍵を送信する(ステップA2、A3)。 The key server 32 transmits the common key to the relay station 39 via the SSL communication path when the common key is generated (step A1) or updated due to the expiration of the common key (steps A2 and A3).
 中継局39の鍵送信部59は、鍵受付部56が鍵サーバ32から新規に、または更新された共通鍵を受信すると、ビーコン端末35に対してWiFi経由で共通鍵の発行を通知する(ステップA6)。 When the key receiving unit 56 receives a new or updated common key from the key server 32, the key transmitting unit 59 of the relay station 39 notifies the beacon terminal 35 of the issuance of the common key via WiFi (step S31). A6).
 かかる通知を受けると、ビーコン端末35の鍵受付部45は、中継局39に対して共通鍵を要求する(ステップA7)。 Upon receiving such notification, the key receiving unit 45 of the beacon terminal 35 requests a common key from the relay station 39 (step A7).
 すると、中継局39の鍵送信部59は、ビーコン端末35にWiFi経由(例えばWPA2暗号化済)で共通鍵を送信し、ビーコン端末35の鍵受付部45は共通鍵を受信する(ステップA8)。 Then, the key transmission unit 59 of the relay station 39 transmits the common key to the beacon terminal 35 via WiFi (for example, WPA2 encrypted), and the key reception unit 45 of the beacon terminal 35 receives the common key (step A8). .
 ビーコン端末35は、新たに共通鍵を受信すると受信した共通鍵の使用を開始する。また、ビーコン端末は、すでに使用中の共通鍵が存在する場合、使用中の共通鍵を受信した共通鍵によって更新する。 When the beacon terminal 35 receives a new common key, the beacon terminal 35 starts using the received common key. Further, when there is a common key that is already in use, the beacon terminal updates the common key that is in use with the received common key.
[効果]
 本実施形態によると、ビーコン端末35に対する共通鍵の配布が自動化される。したがって、第1の実施形態のように、ユーザが定期的に中継局の表示を参照して手動でビーコン端末に共通鍵を入力する手間を省くことが可能となる。また、本実施形態では、共通鍵をビーコン端末に配布する際に、鍵サーバと中継局との間ではSSL通信を用い、中継局とビーコン端末との間ではWPA2等で暗号化されたWiFi通信を用いる。これにより、安全に共通鍵を配布することが可能となる。 [effect]
According to this embodiment, the distribution of the common key to the beacon terminal 35 is automated. Therefore, as in the first embodiment, it is possible to save the user from manually inputting the common key to the beacon terminal by periodically referring to the display of the relay station. In this embodiment, when distributing the common key to the beacon terminals, the SSL communication is used between the key server and the relay station, and the WiFi communication encrypted with WPA2 or the like between the relay station and the beacon terminal. Is used. This makes it possible to distribute the common key safely.
<実施形態3>
 次に、第3の実施形態に係る無線通信システムについて図面を参照して詳細に説明する。第1および第2の実施形態に係る無線通信システムでは、受信端末は、鍵サーバが発行または更新した共通鍵の期限切れを検出すると(図9のステップB3)、鍵サーバから新たな共通鍵を受信する(ステップB4~B6)。一方、本実施形態では、受信端末がビーコン端末と受信端末との間における共通鍵の不一致を検出すると、鍵サーバから新たな共通鍵を取得する。本実施形態では、一例として、かかる機能を第2の実施形態に適用した例について説明する。ただし、かかる機能は、第1の実施形態にも同様に適用することができる。なお、本実施形態では、ビーコン端末は鍵サーバによって更新された最新の共通鍵を保持するものと仮定する。 <Embodiment 3>
Next, a wireless communication system according to a third embodiment will be described in detail with reference to the drawings. In the wireless communication systems according to the first and second embodiments, when the receiving terminal detects that the common key issued or updated by the key server has expired (step B3 in FIG. 9), it receives a new common key from the key server. (Steps B4 to B6). On the other hand, in this embodiment, when the receiving terminal detects a common key mismatch between the beacon terminal and the receiving terminal, a new common key is acquired from the key server. In the present embodiment, as an example, an example in which this function is applied to the second embodiment will be described. However, this function can be similarly applied to the first embodiment. In the present embodiment, it is assumed that the beacon terminal holds the latest common key updated by the key server.
[構成]
 図13は、本実施形態に係る無線通信システムの構成を例示する図である。図13を参照すると、無線通信システムは、鍵サーバ32、中継局39、ビーコン端末60、および、受信端末37を備えている。鍵サーバ32および中継局39の構成は、第2の実施形態と同様である。以下では、本実施形態と第2の実施形態との差分を中心に説明する。 [Constitution]
FIG. 13 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment. Referring to FIG. 13, the wireless communication system includes a key server 32, a relay station 39, a beacon terminal 60, and a receiving terminal 37. The configurations of the key server 32 and the relay station 39 are the same as those in the second embodiment. Below, it demonstrates centering on the difference of this embodiment and 2nd Embodiment.
 図13を参照すると、本実施形態のビーコン端末60は、鍵受付部45、暗号化部47およびパケット送信部48を備えている。暗号化部47は、鍵受付部45が受け付けた共通鍵を用いて、ビーコン端末60の識別子を暗号化する。また、暗号化部47は、ビーコン端末60の識別子に所定のハッシュアルゴリズムを適用してハッシュ値を求める。さらに、暗号化部47は、暗号化された識別子と、求めたハッシュ値とを含む(例えば、暗号化された識別子の先頭に求めたハッシュ値を付加したものを含む)アドバタイズメント・パケットを生成する。ここで、暗号化部47は、ハッシュアルゴリズムとして、例えば、MD5(Message Digest Algorithm 5)、SHA1(Secure Hash Algorithm 1)、SHA-256、SHA-384、SHA-512、RIPEMD-160(RACE Integrity Primitives Evaluation Message Digest 160)等を用いることができる。 Referring to FIG. 13, the beacon terminal 60 of this embodiment includes a key reception unit 45, an encryption unit 47, and a packet transmission unit 48. The encryption unit 47 encrypts the identifier of the beacon terminal 60 using the common key received by the key reception unit 45. Further, the encryption unit 47 obtains a hash value by applying a predetermined hash algorithm to the identifier of the beacon terminal 60. Further, the encryption unit 47 generates an advertisement packet including the encrypted identifier and the calculated hash value (for example, including the encrypted identifier added with the calculated hash value). To do. Here, the encryption unit 47 uses, for example, MD5 (Message Digest Algorithm 5), SHA1 (SecureHash Algorithm 1), SHA-256, SHA-384, SHA-512, RIPEMD-160 (RACE Integrity Primitives) as hash algorithms. Evaluation Message Digest 160) can be used.
 図13を参照すると、本実施形態の受信端末37は、パケット受信部52、復号部55および鍵受付部50を備えている。復号部55は、パケット受信部52が受信したアドバタイズメント・パケットに含まれるハッシュ値と、暗号化された識別子とを分離する。また、復号部55は、暗号化された識別子を、共通鍵を用いて復号する。さらに、復号部55は、復号された識別子に対して、ビーコン端末60の暗号化部47が使用したものと同一のハッシュアルゴリズムを適用してハッシュ値を算出する。ここで、復号部55は、算出したハッシュ値と、アドバタイズメント・パケットから抽出したハッシュ値とを比較する。両ハッシュ値が一致する場合、復号部55は、ビーコン端末60が保持する共通鍵と受信端末37が保持する共通鍵とが一致することを把握する。一方、両ハッシュ値が一致しない場合、復号部55は、ビーコン端末60が保持する共通鍵と受信端末37が保持する共通鍵とが一致しないものと判定する。一致しないものと判定した場合、復号部55は、鍵サーバ32から新たに共通鍵を受け付けるように鍵受部50に指示する。鍵受付部50は、かかる指示に応じて、鍵サーバ32によって更新された共通鍵を受け付ける。 Referring to FIG. 13, the receiving terminal 37 of this embodiment includes a packet receiving unit 52, a decrypting unit 55, and a key receiving unit 50. The decrypting unit 55 separates the hash value included in the advertisement packet received by the packet receiving unit 52 and the encrypted identifier. The decrypting unit 55 decrypts the encrypted identifier using the common key. Furthermore, the decryption unit 55 calculates a hash value by applying the same hash algorithm as that used by the encryption unit 47 of the beacon terminal 60 to the decrypted identifier. Here, the decoding unit 55 compares the calculated hash value with the hash value extracted from the advertisement packet. When the two hash values match, the decrypting unit 55 recognizes that the common key held by the beacon terminal 60 matches the common key held by the receiving terminal 37. On the other hand, if the two hash values do not match, the decrypting unit 55 determines that the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37 do not match. If it is determined that they do not match, the decrypting unit 55 instructs the key receiving unit 50 to newly receive a common key from the key server 32. The key reception unit 50 receives the common key updated by the key server 32 in response to the instruction.
[動作]
 次に、実施形態の無線通信システムにおいて受信端末37へ共通鍵を配布する動作について説明する。図14は、かかる動作を例示するシーケンス図である。 [Operation]
Next, an operation for distributing the common key to the receiving terminal 37 in the wireless communication system of the embodiment will be described. FIG. 14 is a sequence diagram illustrating such an operation.
 図14を参照すると、ビーコン端末60は、共通鍵を用いて暗号化されたビーコン端末60の識別子と、当該識別子のハッシュ値とを含むアドバタイズメント・パケットを送信する(ステップB8)。 Referring to FIG. 14, beacon terminal 60 transmits an advertisement packet including the identifier of beacon terminal 60 encrypted using the common key and the hash value of the identifier (step B8).
 受信端末37は、受信したアドバタイズメント・パケットに含まれるハッシュ値と、暗号化された識別子とを分離し、暗号化された識別子を、共通鍵を用いて復号する(ステップB9)。さらに、受信端末37は、復号された識別子に対して、ビーコン端末60と同一のハッシュアルゴリズムを適用してハッシュ値を算出する。ここで、算出したハッシュ値と、アドバタイズメント・パケットに含まれるハッシュ値とが一致しない場合、受信端末37は、ビーコン端末60が保持する共通鍵と受信端末37が保持する共通鍵とが一致しないものと判定する(ステップB10)。受信端末37は、かかる判定を行うと、第1の実施形態(図9参照)と同様にして、鍵サーバ32から新たに共通鍵を受け付ける(ステップB4~B6)。 The receiving terminal 37 separates the hash value included in the received advertisement packet and the encrypted identifier, and decrypts the encrypted identifier using the common key (step B9). Further, the receiving terminal 37 calculates a hash value by applying the same hash algorithm as the beacon terminal 60 to the decrypted identifier. Here, when the calculated hash value and the hash value included in the advertisement packet do not match, the receiving terminal 37 does not match the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37. It determines with a thing (step B10). When such determination is made, the receiving terminal 37 receives a new common key from the key server 32 in the same manner as in the first embodiment (see FIG. 9) (steps B4 to B6).
[効果]
 本実施形態では、受信端末が、ビーコン端末が保持する共通鍵と受信端末が保持する共通鍵との一致を検出すると、鍵サーバから新たに共通鍵を受信する。かかる構成によると、両共通鍵の不一致を解消することが可能となる。また、本実施形態では、受信端末がビーコン端末から受信するアドバタイズメント・パケットに基づいて共通鍵の不一致を検出する。したがって、鍵サーバが共通鍵を配布する際に、有効期限に関する情報を併せて通知する必要がなくなる。 [effect]
In the present embodiment, when the receiving terminal detects a match between the common key held by the beacon terminal and the common key held by the receiving terminal, the receiving terminal newly receives the common key from the key server. According to this configuration, it is possible to eliminate the mismatch between the two common keys. In the present embodiment, the common key mismatch is detected based on the advertisement packet received from the beacon terminal by the receiving terminal. Therefore, when the key server distributes the common key, it is not necessary to notify the information regarding the expiration date.
<変形例>
 上記実施形態について、さらに、以下の変形が可能である。 <Modification>
The following modifications are possible for the above embodiment.
 上記実施形態では、ビーコン端末に共通鍵を配布する際に中継局を経由する構成について説明した。ただし、複数の受信端末のうちの特定の受信端末(例えば、ビーコン端末を設置した事業者の受信端末)が中継局の機能を担うものとし、中継局を省略することも可能である。 In the above embodiment, the configuration via the relay station when distributing the common key to the beacon terminals has been described. However, a specific receiving terminal (for example, a receiving terminal of a business operator who has installed a beacon terminal) among the plurality of receiving terminals assumes the function of a relay station, and the relay station may be omitted.
 また、上記実施形態における鍵サーバは、複数の事業者が設置する複数のビーコン端末の間で共有することも可能である。このとき、鍵サーバは、異なるビーコン端末ごとに別個の共通鍵を生成してもよいし、複数のビーコン端末について、同一の共通鍵を配布するようにしてもよい。 In addition, the key server in the above embodiment can be shared among a plurality of beacon terminals installed by a plurality of operators. At this time, the key server may generate a separate common key for each different beacon terminal, or may distribute the same common key to a plurality of beacon terminals.
 なお、共通鍵の更新を単一の事業者向けに行う場合、鍵サーバを省略して、中継局が鍵サーバの機能を担うようにしてもよい。また、この場合において、ビーコン端末と受信端末との間でセキュアな通信を確立できるのであれば、さらに中継局も省略して、ビーコン端末自身が共通鍵を更新し、更新した共通鍵を受信端末に配布することもできる。このとき、ビーコン端末はアドバタイズメント・パケットを生成するアドバタイザであると同時に、鍵更新サーバの役割も担うことになる。 When the common key is updated for a single operator, the key server may be omitted and the relay station may serve as the key server. In this case, if secure communication can be established between the beacon terminal and the receiving terminal, the relay station is also omitted, the beacon terminal itself updates the common key, and the updated common key is received by the receiving terminal. It can also be distributed to. At this time, the beacon terminal is an advertiser that generates an advertisement packet and also plays a role of a key update server.
 なお、本発明において、下記の形態が可能である。
[形態1]
 上記第1の態様に係る無線通信システムのとおりである。
[形態2]
 前記サーバが更新した共通鍵を中継する中継局を備え、
 前記第1の端末は、前記サーバが更新した共通鍵を、前記中継局を経由して受け付ける、
 形態1に記載の無線通信システム。
[形態3]
 前記中継局は、前記サーバと前記中継局の間に確立されたSSL(Secure Socket Layer)通信を介して前記サーバから前記サーバが更新した共通鍵を受信する、
 形態2に記載の無線通信システム。
[形態4]
 前記中継局は、前記サーバから受信した共通鍵を表示し、
 前記第1の端末は、ユーザによる共通鍵の入力を受け付ける、
 形態2または3に記載の無線通信システム。
[形態5]
 前記中継局は、前記サーバから共通鍵を受信すると、その旨を前記第1の端末に通知し、
 前記第1の端末は、前記通知に応じて、前記中継局から前記共通鍵を取得する、
 形態2または3に記載の無線通信システム。
[形態6]
 前記第2の端末は、前記サーバと前記第2の端末の間に確立されたSSL通信を介して前記サーバから前記サーバが更新した共通鍵を受信する、
 形態1ないし5のいずれか一に記載の無線通信システム。
[形態7]
 前記サーバは、共通鍵を所定の周期で更新する、
 形態1ないし6のいずれか一に記載の無線通信システム。
[形態8]
 前記サーバは、事業者ごとに割り当てられたコードと更新前の共通鍵を、それぞれメッセージおよびキーとして一方向ハッシュ関数に入力して得られたメッセージダイジェストを、更新後の共通鍵とする、
 形態1ないし7のいずれか一に記載の無線通信システム。
[形態9]
 前記第2の端末は、前記サーバが更新した共通鍵に付与された有効期限が切れた場合、前記サーバから新たに共通鍵を取得する、
 形態1ないし8のいずれか一に記載の無線通信システム。
[形態10]
 前記第1の端末は、前記所定の情報に所定のハッシュアルゴリズムを適用して求めたハッシュ値を前記パケットに含めて送信し、
 前記第2の端末は、前記パケットに含まれるハッシュ値と、前記パケットに含まれる所定の情報を復号した値に前記所定のハッシュアルゴリズムを適用して求めたハッシュ値とが一致しない場合、前記サーバから新たに共通鍵を取得する、
 形態1ないし9のいずれか一に記載の無線通信システム。
[形態11]
 前記第1の端末は、前記サーバが更新した共通鍵を用いて暗号化された前記第1の端末の識別子を含むアドバタイズメント・パケットを、BLE(Bluetooth(登録商標) Low Energy)に基づいて送信するビーコン端末であり、
 前記第2の端末は、前記第1の端末の識別子を用いて、配信サーバから情報を取得して表示するアプリケーションを有する、
 形態1ないし10のいずれか一に記載の無線通信システム。
[形態12]
 上記第2の態様に係るサーバのとおりである。
[形態13]
 前記鍵提供部は、前記鍵更新部が更新した共通鍵を中継する中継局を経由して、前記第1の端末に提供する、
 形態12に記載のサーバ。
[形態14]
 前記鍵提供部は、前記中継局との間に確立されたSSL通信を介して前記鍵更新部が更新した共通鍵を前記中継局に送信する、
 形態13に記載のサーバ。
[形態15]
 前記鍵提供部は、前記第2の端末との間に確立されたSSL通信を介して前記鍵更新部が更新した共通鍵を前記第2の端末に送信する、
 形態12ないし14のいずれか一に記載のサーバ。
[形態16]
 前記鍵更新部は、共通鍵を所定の周期で更新する、
 形態12ないし15のいずれか一に記載のサーバ。
[形態17]
 前記鍵更新部は、事業者ごとに割り当てられたコードと更新前の共通鍵を、それぞれメッセージおよびキーとして一方向ハッシュ関数に入力して得られたメッセージダイジェストを、更新後の共通鍵とする、
 形態12ないし16のいずれか一に記載のサーバ。
[形態18]
 上記第3の態様に係る第1の端末のとおりである。
[形態19]
 前記鍵受付部は、ユーザによる共通鍵の入力を受け付ける、
 形態18に記載の第1の端末。
[形態20]
 前記鍵受付部は、前記サーバが更新した共通鍵を中継する中継局から、前記サーバから共通鍵を受信した旨の通知を受けると、前記中継局から前記サーバが更新した共通鍵を取得する、
 形態18に記載の第1の端末。
[形態21]
 前記サーバが更新した共通鍵を用いて暗号化された前記第1の端末の識別子を含むアドバタイズメント・パケットを、BLE(Bluetooth(登録商標) Low Energy)に基づいて送信するビーコン端末である、
 形態18ないし20のいずれか一に記載の第1の端末。
[形態22]
 上記第4の態様に係る第2の端末のとおりである。
[形態23]
 前記鍵受付部は、前記サーバと前記第2の端末の間に確立されたSSL通信を介して前記サーバから前記サーバが更新した共通鍵を受信する、
 形態22に記載の第2の端末。
[形態24]
 前記鍵受付部は、前記サーバが更新した共通鍵に付与された有効期限が切れた場合、前記サーバから新たに共通鍵を取得する、
 形態22または23に記載の第2の端末。
[形態25]
 前記第1の端末は、前記所定の情報に所定のハッシュアルゴリズムを適用して求めたハッシュ値を前記パケットに含めて送信し、
 前記鍵受付部は、前記パケットに含まれるハッシュ値と、前記パケットに含まれる所定の情報を復号した値に前記所定のハッシュアルゴリズムを適用して求めたハッシュ値とが一致しない場合、前記サーバから新たに共通鍵を取得する、
 形態22ないし24のいずれか一に記載の第2の端末。
[形態26]
 前記第1の端末は、前記サーバが更新した共通鍵を用いて暗号化された前記第1の端末の識別子を含むアドバタイズメント・パケットを、BLE(Bluetooth(登録商標) Low Energy)に基づいて送信するビーコン端末であり、
 前記第2の端末は、前記第1の端末の識別子を用いて、配信サーバから情報を取得して表示するアプリケーションを有する、
 形態22ないし25のいずれか一に記載の第2の端末。
[形態27]
 上記第5の態様に係る無線通信方法のとおりである。
[形態28]
 上記第6の態様に係る無線通信方法のとおりである。
[形態29]
 上記第7の態様に係る無線通信方法のとおりである。
[形態30]
 上記第8の態様に係る無線通信方法のとおりである。
[形態31]
 上記第9の態様に係るプログラムのとおりである。
[形態32]
 上記第10の態様に係るプログラムのとおりである。
[形態33]
 上記第11の態様に係るプログラムのとおりである。 In the present invention, the following modes are possible.
[Form 1]
The wireless communication system according to the first aspect is as described above.
[Form 2]
A relay station that relays the shared key updated by the server;
The first terminal receives the shared key updated by the server via the relay station,
The wireless communication system according to aspect 1.
[Form 3]
The relay station receives a shared key updated by the server from the server via SSL (Secure Socket Layer) communication established between the server and the relay station;
The wireless communication system according to mode 2.
[Form 4]
The relay station displays the common key received from the server,
The first terminal accepts an input of a common key by a user.
4. The wireless communication system according to mode 2 or 3.
[Form 5]
When the relay station receives the common key from the server, the relay station notifies the first terminal to that effect,
The first terminal acquires the common key from the relay station in response to the notification.
4. The wireless communication system according to mode 2 or 3.
[Form 6]
The second terminal receives a shared key updated by the server from the server via SSL communication established between the server and the second terminal;
The wireless communication system according to any one of Embodiments 1 to 5.
[Form 7]
The server updates the common key at a predetermined cycle.
The wireless communication system according to any one of Forms 1 to 6.
[Form 8]
The server uses the code assigned to each provider and the pre-update common key as a message and a key, respectively, and the message digest obtained by entering the one-way hash function as the post-update common key.
The wireless communication system according to any one of forms 1 to 7.
[Form 9]
The second terminal acquires a new common key from the server when the expiration date given to the common key updated by the server has expired.
The wireless communication system according to any one of Forms 1 to 8.
[Mode 10]
The first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet,
If the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decoding predetermined information included in the packet, the second terminal A new common key from
The wireless communication system according to any one of Forms 1 to 9.
[Form 11]
The first terminal transmits an advertisement packet including the identifier of the first terminal encrypted by using the common key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy). A beacon terminal that
The second terminal has an application that acquires and displays information from the distribution server using the identifier of the first terminal.
The wireless communication system according to any one of Forms 1 to 10.
[Form 12]
As in the server according to the second aspect.
[Form 13]
The key providing unit provides the first terminal via a relay station that relays the common key updated by the key updating unit;
The server according to mode 12.
[Form 14]
The key providing unit transmits the common key updated by the key updating unit to the relay station via SSL communication established with the relay station;
The server according to Form 13.
[Form 15]
The key providing unit transmits the common key updated by the key updating unit to the second terminal via SSL communication established with the second terminal;
The server according to any one of forms 12 to 14.
[Form 16]
The key update unit updates the common key at a predetermined cycle.
The server according to any one of forms 12 to 15.
[Form 17]
The key update unit uses a message digest obtained by inputting a code assigned to each provider and a common key before update as a message and a key to a one-way hash function, respectively, as a common key after update.
The server according to any one of forms 12 to 16.
[Form 18]
As in the first terminal according to the third aspect.
[Form 19]
The key receiving unit receives an input of a common key by a user;
The 1st terminal of form 18.
[Form 20]
The key accepting unit obtains a shared key updated by the server from the relay station upon receiving notification from the relay station that relays the shared key updated by the server that the shared key has been received from the server.
The 1st terminal of form 18.
[Form 21]
A beacon terminal that transmits an advertisement packet including the identifier of the first terminal encrypted by using the shared key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy).
21. The first terminal according to any one of forms 18 to 20.
[Form 22]
As in the second terminal according to the fourth aspect.
[Form 23]
The key receiving unit receives the shared key updated by the server from the server via SSL communication established between the server and the second terminal;
The 2nd terminal of form 22.
[Form 24]
The key reception unit acquires a new common key from the server when the expiration date given to the shared key updated by the server has expired.
The 2nd terminal of form 22 or 23.
[Form 25]
The first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet,
When the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decrypting the predetermined information included in the packet, the key receiving unit Obtain a new common key,
25. The second terminal according to any one of forms 22 to 24.
[Form 26]
The first terminal transmits an advertisement packet including the identifier of the first terminal encrypted using the common key updated by the server, based on BLE (Bluetooth (registered trademark) Low Energy). A beacon terminal that
The second terminal has an application that acquires and displays information from the distribution server using the identifier of the first terminal.
The second terminal according to any one of forms 22 to 25.
[Form 27]
The wireless communication method according to the fifth aspect is as described above.
[Form 28]
The wireless communication method according to the sixth aspect is as described above.
[Form 29]
The wireless communication method according to the seventh aspect is as described above.
[Form 30]
The wireless communication method according to the eighth aspect is as described above.
[Form 31]
A program according to the ninth aspect.
[Form 32]
A program according to the tenth aspect.
[Form 33]
A program according to the eleventh aspect.
 なお、上記特許文献および非特許文献の全開示内容は、本書に引用をもって繰り込み記載されているものとする。本発明の全開示(請求の範囲を含む)の枠内において、さらにその基本的技術思想に基づいて、実施形態の変更・調整が可能である。また、本発明の全開示の枠内において種々の開示要素(各請求項の各要素、各実施形態の各要素、各図面の各要素等を含む)の多様な組み合わせ、ないし、選択が可能である。すなわち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得るであろう各種変形、修正を含むことは勿論である。特に、本書に記載した数値範囲については、当該範囲内に含まれる任意の数値ないし小範囲が、別段の記載のない場合でも具体的に記載されているものと解釈されるべきである。 It should be noted that the entire disclosure contents of the above patent documents and non-patent documents are incorporated by reference in this document. Within the scope of the entire disclosure (including claims) of the present invention, the embodiment can be changed and adjusted based on the basic technical concept. Further, various combinations or selections of various disclosed elements (including each element of each claim, each element of each embodiment, each element of each drawing, etc.) are possible within the framework of the entire disclosure of the present invention. is there. That is, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the entire disclosure including the claims and the technical idea. In particular, with respect to the numerical ranges described in this document, any numerical value or small range included in the range should be construed as being specifically described even if there is no specific description.
2  サーバ
4  端末
6  端末
8  中継局
10  鍵更新部
12  鍵提供部
14  鍵受付部
16  暗号化部
18  パケット送信部
20  鍵受付部
22  パケット受信部
24  復号部
32  鍵サーバ
34、35、60  ビーコン端末
36、37  受信端末
38、39  中継局
40  鍵更新部
42  鍵提供部
44、45  鍵受付部
46、47  暗号化部
48  パケット送信部
50  鍵受付部
52  パケット受信部
54、55  復号部
56  鍵受付部
58  表示部
59  鍵送信部 2 server 4 terminal 6 terminal 8 relay station 10 key updating unit 12 key providing unit 14 key receiving unit 16 encryption unit 18 packet transmitting unit 20 key receiving unit 22 packet receiving unit 24 decoding unit 32 key servers 34, 35, 60 beacon terminals 36, 37 Receiving terminal 38, 39 Relay station 40 Key updating unit 42 Key providing unit 44, 45 Key receiving unit 46, 47 Encryption unit 48 Packet transmitting unit 50 Key receiving unit 52 Packet receiving unit 54, 55 Decoding unit 56 Key reception Unit 58 display unit 59 key transmission unit

Claims (33)

  1.  所定のタイミングで共通鍵を更新するサーバと、
     前記サーバが更新した共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて第2の端末に送信する第1の端末と、を備え、
     前記第2の端末は、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが更新した共通鍵を用いて復号する、
     ことを特徴とする無線通信システム。     A server that updates the common key at a predetermined timing;
    A first terminal that transmits a packet including predetermined information encrypted using a shared key updated by the server to a second terminal based on a short-range wireless communication technology,
    The second terminal receives the packet from the first terminal, and decrypts predetermined information included in the packet using a common key updated by the server,
    A wireless communication system.
  2.  前記サーバが更新した共通鍵を中継する中継局を備え、
     前記第1の端末は、前記サーバが更新した共通鍵を、前記中継局を経由して受け付ける、
     請求項1に記載の無線通信システム。     A relay station that relays the shared key updated by the server;
    The first terminal receives the shared key updated by the server via the relay station,
    The wireless communication system according to claim 1.
  3.  前記中継局は、前記サーバと前記中継局の間に確立されたSSL(Secure Socket Layer)通信を介して前記サーバから前記サーバが更新した共通鍵を受信する、
     請求項2に記載の無線通信システム。     The relay station receives a shared key updated by the server from the server via SSL (Secure Socket Layer) communication established between the server and the relay station;
    The wireless communication system according to claim 2.
  4.  前記中継局は、前記サーバから受信した共通鍵を表示し、
     前記第1の端末は、ユーザによる共通鍵の入力を受け付ける、
     請求項2または3に記載の無線通信システム。     The relay station displays the common key received from the server,
    The first terminal accepts an input of a common key by a user.
    The wireless communication system according to claim 2 or 3.
  5.  前記中継局は、前記サーバから共通鍵を受信すると、その旨を前記第1の端末に通知し、
     前記第1の端末は、前記通知に応じて、前記中継局から前記共通鍵を取得する、
     請求項2または3に記載の無線通信システム。     When the relay station receives the common key from the server, the relay station notifies the first terminal to that effect,
    The first terminal acquires the common key from the relay station in response to the notification.
    The wireless communication system according to claim 2 or 3.
  6.  前記第2の端末は、前記サーバと前記第2の端末の間に確立されたSSL通信を介して前記サーバから前記サーバが更新した共通鍵を受信する、
     請求項1ないし5のいずれか1項に記載の無線通信システム。     The second terminal receives a shared key updated by the server from the server via SSL communication established between the server and the second terminal;
    The radio | wireless communications system of any one of Claim 1 thru | or 5.
  7.  前記サーバは、共通鍵を所定の周期で更新する、
     請求項1ないし6のいずれか1項に記載の無線通信システム。     The server updates the common key at a predetermined cycle.
    The radio | wireless communications system of any one of Claim 1 thru | or 6.
  8.  前記サーバは、事業者ごとに割り当てられたコードと更新前の共通鍵を、それぞれメッセージおよびキーとして一方向ハッシュ関数に入力して得られたメッセージダイジェストを、更新後の共通鍵とする、
     請求項1ないし7のいずれか1項に記載の無線通信システム。     The server uses the code assigned to each provider and the pre-update common key as a message and a key, respectively, and the message digest obtained by entering the one-way hash function as the post-update common key.
    The radio | wireless communications system of any one of Claim 1 thru | or 7.
  9.  前記第2の端末は、前記サーバが更新した共通鍵に付与された有効期限が切れた場合、前記サーバから新たに共通鍵を取得する、
     請求項1ないし8のいずれか1項に記載の無線通信システム。     The second terminal acquires a new common key from the server when the expiration date given to the common key updated by the server has expired.
    The radio | wireless communications system of any one of Claim 1 thru | or 8.
  10.  前記第1の端末は、前記所定の情報に所定のハッシュアルゴリズムを適用して求めたハッシュ値を前記パケットに含めて送信し、
     前記第2の端末は、前記パケットに含まれるハッシュ値と、前記パケットに含まれる所定の情報を復号した値に前記所定のハッシュアルゴリズムを適用して求めたハッシュ値とが一致しない場合、前記サーバから新たに共通鍵を取得する、
     請求項1ないし9のいずれか1項に記載の無線通信システム。     The first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet,
    If the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decoding predetermined information included in the packet, the second terminal A new common key from
    The wireless communication system according to any one of claims 1 to 9.
  11.  前記第1の端末は、前記サーバが更新した共通鍵を用いて暗号化された前記第1の端末の識別子を含むアドバタイズメント・パケットを、BLE(Bluetooth(登録商標) Low Energy)に基づいて送信するビーコン端末であり、
     前記第2の端末は、前記第1の端末の識別子を用いて、配信サーバから情報を取得して表示するアプリケーションを有する、
     請求項1ないし10のいずれか1項に記載の無線通信システム。     The first terminal transmits an advertisement packet including the identifier of the first terminal encrypted by using the common key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy). A beacon terminal that
    The second terminal has an application that acquires and displays information from the distribution server using the identifier of the first terminal.
    The radio | wireless communications system of any one of Claim 1 thru | or 10.
  12.  所定のタイミングで共通鍵を更新する鍵更新部と、
     共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末、および、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、共通鍵を用いて復号する第2の端末に対して、前記鍵更新部が更新した共通鍵を提供する鍵提供部と、を備える、
     ことを特徴とするサーバ。     A key update unit that updates the common key at a predetermined timing;
    A first terminal that transmits a packet including predetermined information encrypted using a common key based on short-range wireless communication technology; and the packet is received from the first terminal and is included in the packet A key providing unit that provides a common key updated by the key updating unit to a second terminal that decrypts the predetermined information using the common key;
    A server characterized by that.
  13.  前記鍵提供部は、前記鍵更新部が更新した共通鍵を中継する中継局を経由して、前記第1の端末に提供する、
     請求項12に記載のサーバ。     The key providing unit provides the first terminal via a relay station that relays the common key updated by the key updating unit;
    The server according to claim 12.
  14.  前記鍵提供部は、前記中継局との間に確立されたSSL通信を介して前記鍵更新部が更新した共通鍵を前記中継局に送信する、
     請求項13に記載のサーバ。     The key providing unit transmits the common key updated by the key updating unit to the relay station via SSL communication established with the relay station;
    The server according to claim 13.
  15.  前記鍵提供部は、前記第2の端末との間に確立されたSSL通信を介して前記鍵更新部が更新した共通鍵を前記第2の端末に送信する、
     請求項12ないし14のいずれか1項に記載のサーバ。     The key providing unit transmits the common key updated by the key updating unit to the second terminal via SSL communication established with the second terminal;
    The server according to any one of claims 12 to 14.
  16.  前記鍵更新部は、共通鍵を所定の周期で更新する、
     請求項12ないし15のいずれか1項に記載のサーバ。     The key update unit updates the common key at a predetermined cycle.
    The server according to any one of claims 12 to 15.
  17.  前記鍵更新部は、事業者ごとに割り当てられたコードと更新前の共通鍵を、それぞれメッセージおよびキーとして一方向ハッシュ関数に入力して得られたメッセージダイジェストを、更新後の共通鍵とする、
     請求項12ないし16のいずれか1項に記載のサーバ。     The key update unit uses a message digest obtained by inputting a code assigned to each provider and a common key before update as a message and a key to a one-way hash function, respectively, as a common key after update.
    The server according to any one of claims 12 to 16.
  18.  所定のタイミングでサーバによって更新された共通鍵を受け付ける鍵受付部と、
     前記共通鍵を用いて暗号化された所定の情報を含むパケットを生成する暗号化部と、
     第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが生成した共通鍵を用いて復号する第2の端末に対して、前記パケットを近距離無線通信技術に基づいて送信するパケット送信部と、を備える、
     ことを特徴とする第1の端末。     A key accepting unit that accepts a common key updated by the server at a predetermined timing;
    An encryption unit for generating a packet including predetermined information encrypted using the common key;
    Receiving the packet from the first terminal and decrypting the predetermined information contained in the packet using a common key generated by the server to the short-range wireless communication technology A packet transmission unit for transmitting based on,
    The 1st terminal characterized by the above-mentioned.
  19.  前記鍵受付部は、ユーザによる共通鍵の入力を受け付ける、
     請求項18に記載の第1の端末。     The key receiving unit receives an input of a common key by a user;
    The first terminal according to claim 18.
  20.  前記鍵受付部は、前記サーバが更新した共通鍵を中継する中継局から、前記サーバから共通鍵を受信した旨の通知を受けると、前記中継局から前記サーバが更新した共通鍵を取得する、
     請求項18に記載の第1の端末。     The key accepting unit obtains a shared key updated by the server from the relay station upon receiving notification from the relay station that relays the shared key updated by the server that the shared key has been received from the server.
    The first terminal according to claim 18.
  21.  前記サーバが更新した共通鍵を用いて暗号化された前記第1の端末の識別子を含むアドバタイズメント・パケットを、BLE(Bluetooth(登録商標) Low Energy)に基づいて送信するビーコン端末である、
     請求項18ないし20のいずれか1項に記載の第1の端末。     A beacon terminal that transmits an advertisement packet including the identifier of the first terminal encrypted by using the shared key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy).
    The first terminal according to any one of claims 18 to 20.
  22.  所定のタイミングでサーバによって更新された共通鍵を受け付ける鍵受付部と、
     前記共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末から前記パケットを受信するパケット受信部と、
     前記パケットに含まれる所定の情報を、前記共通鍵を用いて復号する復号部と、を備える、
     ことを特徴とする第2の端末。     A key accepting unit that accepts a common key updated by the server at a predetermined timing;
    A packet receiving unit that receives the packet from a first terminal that transmits a packet including predetermined information encrypted using the common key based on short-range wireless communication technology;
    A decryption unit that decrypts the predetermined information included in the packet using the common key,
    The 2nd terminal characterized by the above-mentioned.
  23.  前記鍵受付部は、前記サーバと前記第2の端末の間に確立されたSSL通信を介して前記サーバから前記サーバが更新した共通鍵を受信する、
     請求項22に記載の第2の端末。     The key receiving unit receives the shared key updated by the server from the server via SSL communication established between the server and the second terminal;
    The second terminal according to claim 22.
  24.  前記鍵受付部は、前記サーバが更新した共通鍵に付与された有効期限が切れた場合、前記サーバから新たに共通鍵を取得する、
     請求項22または23に記載の第2の端末。     The key reception unit acquires a new common key from the server when the expiration date given to the shared key updated by the server has expired.
    The second terminal according to claim 22 or 23.
  25.  前記第1の端末は、前記所定の情報に所定のハッシュアルゴリズムを適用して求めたハッシュ値を前記パケットに含めて送信し、
     前記鍵受付部は、前記パケットに含まれるハッシュ値と、前記パケットに含まれる所定の情報を復号した値に前記所定のハッシュアルゴリズムを適用して求めたハッシュ値とが一致しない場合、前記サーバから新たに共通鍵を取得する、
     請求項22ないし24のいずれか1項に記載の第2の端末。     The first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet,
    When the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decrypting the predetermined information included in the packet, the key receiving unit Obtain a new common key,
    The second terminal according to any one of claims 22 to 24.
  26.  前記第1の端末は、前記サーバが更新した共通鍵を用いて暗号化された前記第1の端末の識別子を含むアドバタイズメント・パケットを、BLE(Bluetooth(登録商標) Low Energy)に基づいて送信するビーコン端末であり、
     前記第2の端末は、前記第1の端末の識別子を用いて、配信サーバから情報を取得して表示するアプリケーションを有する、
     請求項22ないし25のいずれか1項に記載の第2の端末。     The first terminal transmits an advertisement packet including the identifier of the first terminal encrypted by using the common key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy). A beacon terminal that
    The second terminal has an application that acquires and displays information from the distribution server using the identifier of the first terminal.
    The second terminal according to any one of claims 22 to 25.
  27.  サーバが所定のタイミングで共通鍵を更新するステップと、
     第1の端末が、前記サーバが更新した共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信するステップと、
     第2の端末が、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが更新した共通鍵を用いて復号するステップと、を含む、
     ことを特徴とする無線通信方法。     A step in which the server updates the common key at a predetermined timing;
    A first terminal transmitting a packet including predetermined information encrypted using a shared key updated by the server based on a short-range wireless communication technique;
    A second terminal receiving the packet from the first terminal, and decrypting predetermined information included in the packet using a common key updated by the server,
    A wireless communication method.
  28.  サーバが、所定のタイミングで共通鍵を更新するステップと、
     共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末、および、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、共通鍵を用いて復号する第2の端末に対して、更新した共通鍵を提供するステップと、を含む、
     ことを特徴とする無線通信方法。     A server updating the common key at a predetermined timing;
    A first terminal that transmits a packet including predetermined information encrypted using a common key based on short-range wireless communication technology; and the packet is received from the first terminal and is included in the packet Providing the updated common key to a second terminal that decrypts the predetermined information using the common key,
    A wireless communication method.
  29.  第1の端末が、所定のタイミングでサーバによって更新された共通鍵を受け付けるステップと、
     前記共通鍵を用いて暗号化された所定の情報を含むパケットを生成するステップと、
     前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが生成した共通鍵を用いて復号する第2の端末に対して、前記パケットを近距離無線通信技術に基づいて送信するステップと、を含む、
     ことを特徴とする無線通信方法。     A first terminal receiving a common key updated by a server at a predetermined timing;
    Generating a packet including predetermined information encrypted using the common key;
    Short-range wireless communication technology for receiving the packet from the first terminal and for decoding the predetermined information included in the packet using a common key generated by the server to the second terminal Transmitting based on:
    A wireless communication method.
  30.  第2の端末が、所定のタイミングでサーバによって更新された共通鍵を受け付けるステップと、
     前記共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末から前記パケットを受信するステップと、
     前記パケットに含まれる所定の情報を、前記共通鍵を用いて復号するステップと、を含む、
     ことを特徴とする無線通信方法。     The second terminal accepting the common key updated by the server at a predetermined timing;
    Receiving the packet from a first terminal that transmits a packet including predetermined information encrypted using the common key based on short-range wireless communication technology;
    Decrypting predetermined information contained in the packet using the common key,
    A wireless communication method.
  31.  所定のタイミングで共通鍵を更新する処理と、
     共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末、および、前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、共通鍵を用いて復号する第2の端末に対して、更新した共通鍵を提供する処理と、をサーバに実行させる、
     ことを特徴とするプログラム。     A process of updating the common key at a predetermined timing;
    A first terminal that transmits a packet including predetermined information encrypted using a common key based on short-range wireless communication technology; and the packet is received from the first terminal and is included in the packet Causing the server to execute a process of providing the updated common key to the second terminal that decrypts the predetermined information using the common key.
    A program characterized by that.
  32.  第1の端末に設けられたコンピュータに対して、所定のタイミングでサーバによって更新された共通鍵を受け付ける処理と、
     前記共通鍵を用いて暗号化された所定の情報を含むパケットを生成するステップと、
     前記第1の端末から前記パケットを受信し、前記パケットに含まれる所定の情報を、前記サーバが生成した共通鍵を用いて復号する第2の端末に対して、前記パケットを近距離無線通信技術に基づいて送信する処理と、を実行させる、
     ことを特徴とするプログラム。     A process of accepting a common key updated by a server at a predetermined timing with respect to a computer provided in the first terminal;
    Generating a packet including predetermined information encrypted using the common key;
    Short-range wireless communication technology for receiving the packet from the first terminal and for decoding the predetermined information included in the packet using a common key generated by the server to the second terminal And processing to transmit based on
    A program characterized by that.
  33.  第2の端末に設けられたコンピュータに対して、所定のタイミングでサーバによって更新された共通鍵を受け付ける処理と、
     前記共通鍵を用いて暗号化された所定の情報を含むパケットを近距離無線通信技術に基づいて送信する第1の端末から前記パケットを受信する処理と、
     前記パケットに含まれる所定の情報を、前記共通鍵を用いて復号する処理と、を実行させる、
     ことを特徴とするプログラム。     A process of accepting a common key updated by a server at a predetermined timing with respect to a computer provided in the second terminal;
    A process of receiving the packet from a first terminal that transmits a packet including predetermined information encrypted using the common key based on short-range wireless communication technology;
    A process of decrypting predetermined information included in the packet using the common key,
    A program characterized by that.
PCT/JP2016/088287 2015-12-24 2016-12-22 Wireless communication system, server, terminal, wireless communication method, and program WO2017110969A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015251471A JP2017118312A (en) 2015-12-24 2015-12-24 Radio communication system, server, terminal, radio communication method, and program
JP2015-251471 2015-12-24

Publications (1)

Publication Number Publication Date
WO2017110969A1 true WO2017110969A1 (en) 2017-06-29

Family

ID=59089516

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/088287 WO2017110969A1 (en) 2015-12-24 2016-12-22 Wireless communication system, server, terminal, wireless communication method, and program

Country Status (2)

Country Link
JP (1) JP2017118312A (en)
WO (1) WO2017110969A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6567600B2 (en) 2017-06-16 2019-08-28 矢崎総業株式会社 connector
JP6874042B2 (en) * 2019-03-08 2021-05-19 華邦電子股▲ふん▼有限公司Winbond Electronics Corp. Updating the encryption key stored in non-volatile memory
JP2020170993A (en) * 2019-04-05 2020-10-15 株式会社東海理化電機製作所 Communication system and communication method
JP7220132B2 (en) * 2019-07-26 2023-02-09 エヌ・ティ・ティ・コムウェア株式会社 Communication device, communication system, communication method, and program
JP7413196B2 (en) 2020-08-06 2024-01-15 東芝三菱電機産業システム株式会社 Communications system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11331150A (en) * 1998-05-13 1999-11-30 Sony Corp Certifying/charging method for information user, method for distributing information for information restoration to information user, radio calling device and reproducing or receiving device
JP2003101533A (en) * 2001-09-25 2003-04-04 Toshiba Corp Device authentication management system and method therefor
US20040008846A1 (en) * 2002-07-10 2004-01-15 Alexander Medvinsky Method of preventing unauthorized distribution and use of electronic keys using a key seed
WO2004105308A1 (en) * 2003-05-22 2004-12-02 Fujitsu Limited Encrypted data reception device and decryption key updating method
JP2007287003A (en) * 2006-04-19 2007-11-01 Cis Electronica Industria & Comercio Ltda Magnetic card reading system
JP5588060B1 (en) * 2013-11-15 2014-09-10 ヤフー株式会社 User information providing apparatus, user information providing method, user information providing program, and advertisement distribution system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3719090B2 (en) * 1999-09-07 2005-11-24 日本電信電話株式会社 POSITION INFORMATION SERVICE SYSTEM, POSITION INFORMATION USING METHOD IN POSITION INFORMATION SERVICE SYSTEM, SENDING TERMINAL, KEY UPDATE CENTER, AND RECEIVING TERMINAL
JP2003032237A (en) * 2001-07-12 2003-01-31 Mist Wireless Technology Kk Cipher key injection system, cipher key injecting method, password number input unit, dealing terminal and host apparatus
JP4239802B2 (en) * 2003-11-27 2009-03-18 株式会社日立製作所 Multicast transmission method
JP2007199949A (en) * 2006-01-25 2007-08-09 Mitsubishi Electric Corp Information management system and information processor
JP5311459B2 (en) * 2008-08-19 2013-10-09 株式会社メガチップス Information collection system and external access device
US8953794B1 (en) * 2013-08-01 2015-02-10 Cambridge Silicon Radio Limited Apparatus and method for securing beacons
JP2015222880A (en) * 2014-05-23 2015-12-10 アプリックスIpホールディングス株式会社 Information communication system, information communication device and beacon device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11331150A (en) * 1998-05-13 1999-11-30 Sony Corp Certifying/charging method for information user, method for distributing information for information restoration to information user, radio calling device and reproducing or receiving device
JP2003101533A (en) * 2001-09-25 2003-04-04 Toshiba Corp Device authentication management system and method therefor
US20040008846A1 (en) * 2002-07-10 2004-01-15 Alexander Medvinsky Method of preventing unauthorized distribution and use of electronic keys using a key seed
WO2004105308A1 (en) * 2003-05-22 2004-12-02 Fujitsu Limited Encrypted data reception device and decryption key updating method
JP2007287003A (en) * 2006-04-19 2007-11-01 Cis Electronica Industria & Comercio Ltda Magnetic card reading system
JP5588060B1 (en) * 2013-11-15 2014-09-10 ヤフー株式会社 User information providing apparatus, user information providing method, user information providing program, and advertisement distribution system

Also Published As

Publication number Publication date
JP2017118312A (en) 2017-06-29

Similar Documents

Publication Publication Date Title
US10601594B2 (en) End-to-end service layer authentication
JP7364674B2 (en) Secure over-the-air firmware upgrades
WO2017110969A1 (en) Wireless communication system, server, terminal, wireless communication method, and program
KR102349605B1 (en) Method and apparatus for providing services based on identifier of user device
CN102970299B (en) File safe protection system and method thereof
TWI581599B (en) Key generation system, data signature and encryption system and method
JP2014527379A (en) System and method for encoding exchanges using a set of shared ephemeral key data
CN102739642A (en) Permitting access to a network
US10021562B2 (en) Mobile trusted module (MTM)-based short message service security system and method thereof
JP6807153B2 (en) Devices and related methods for secure hearing device communication
KR101621044B1 (en) Apparatus and Method for Securing Data using Public Key Distribution in Internet of Things
Han et al. A novel secure key paring protocol for RF4CE ubiquitous smart home systems
CN110493272B (en) Communication method and communication system using multiple keys
US20050086481A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
CN105554008A (en) User terminal, authentication server, middle server, system and transmission method
CN105634720A (en) Cryptographic security profiles
JP2006197065A (en) Terminal device and authentication device
KR20190040443A (en) Apparatus and method for creating secure session of smart meter
CN110784870A (en) Wireless local area network secure communication method and system and authentication server
JP7160443B2 (en) Wireless communication system, server, terminal, wireless communication method, and program
Ortiz-Yepes Balsa: Bluetooth low energy application layer security add-on
CN101483867A (en) User identity verification method, related device and system in WAP service
CN113918971A (en) Block chain based message transmission method, device, equipment and readable storage medium
CN101990203B (en) Key agreement method, device and system based on universal self-initializing architecture
JP5220625B2 (en) Authentication method and system in terminal-to-terminal negotiation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16878856

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16878856

Country of ref document: EP

Kind code of ref document: A1