JP2008035418A - COMMUNICATION DEVICE, ITS CONTROL METHOD, AND CONTROL PROGRAM - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an access point, which outputs a notification signal not containing capability information, allowing for security aspects. <P>SOLUTION: A notification signal is transmitted (S301), which notifies a communicable area of presence of an AP and contains neither SSID nor capability information. A search signal searching the AP is received from a radio information terminal (STA) (S307). It is judged whether or not the received search signal contains identification information of the AP itself (S308). In the case that it is judged that the identification information of the AP itself is contained in the search signal, it is further judged whether or not requested capability information required to the AP is contained in the search signal and the capability information of the AP meets the requested capability information (S309). In the case that it is judged that the capability information of the AP matches the requested capability information contained in the search signal, a search response message containing the capability information of the AP is transmitted to the STA (S310). <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a communication apparatus that realizes network connection for a wireless information terminal in an area and a control method thereof.

  2. Description of the Related Art Conventionally, a communication apparatus that realizes network connection to a wireless information terminal in an area and a control method thereof are known. Such a general communication apparatus (so-called access point) will be described.

  For example, in a wireless LAN compliant with IEEE802.11, an access point periodically sends out a beacon signal in order to notify a wireless information terminal existing in the area of its own. The wireless information terminal can see the SSID, which is the network identifier in the received beacon signal, and transmit a connection request to an access point having that SSID. However, if the SSID is always disclosed on the radio, a malicious third party can intercept it and connect to the network, which can be a security weakness. In order to solve such security problems, an access point having an SSID stealth function that does not include an SSID in a beacon signal has been commercialized (see Non-Patent Document 1). When this SSID stealth function is used, since the SSID is not always disclosed on the wireless space, access from a malicious third party can be prevented and the security of the wireless LAN can be improved. In addition, a system has been proposed in which when a specific packet is transmitted from a wireless information terminal, the SSID is disclosed only for a predetermined time (see Patent Document 1).

On the other hand, in a system that automatically sets various communication parameters required for network connection, the access point is a beacon signal, and its capability information is constantly disclosed on the wireless space. As a result, the wireless information terminal can refer to the capability information and transmit a connection request from a plurality of access points to an access point having the capability desired by itself.
JP 2005-197773 A http://e-words.jp/w/ESS-IDE382B9E38386E383ABE382B9.html

  However, the above-described conventional access point has no means for disclosing the capability information. Therefore, the capability information can be referred from the third party's wireless information terminal, and there is a problem in terms of security.

  The present invention has been made to solve the above-described problems of the prior art, and an object of the present invention is to provide an access point in consideration of security, which outputs a notification signal that does not include capability information.

  In order to achieve the above object, an apparatus according to the present invention is a communication apparatus that realizes network connection by wireless communication for a wireless information terminal in a communicable area. The apparatus includes a first transmission unit that transmits a notification signal notifying the presence of the communication device to the communicable area and not including the capability information of the communication device. In addition, the wireless information terminal includes receiving means for receiving a search signal for searching for a communication device. Further, the received search signal includes requested capability information required for the communication device, and first determining means for determining whether the capability information of the communication device satisfies the requested capability information. . Furthermore, it has a 2nd transmission means which transmits the search response message containing the capability information of the said communication apparatus with respect to a radio | wireless information terminal based on the determination result by the said 1st determination means.

  In order to achieve the above object, a method according to the present invention is a method for controlling a communication apparatus that enables a wireless information terminal in a communicable area to establish a network connection by wireless communication. The method includes a first transmission step of transmitting a notification signal notifying the presence of the communication device to the communicable area and not including the capability information of the communication device. A receiving step of receiving a search signal for searching for a communication device from the wireless information terminal; Further, the received search signal includes a determination step of determining whether or not the required capability information required for the communication device is included and the capability information of the communication device satisfies the required capability information. Furthermore, it has a 2nd transmission process which transmits the search response message containing the capability information of the said communication apparatus with respect to a radio | wireless information terminal according to the determination result in the said determination process.

  In order to achieve the above object, a program according to the present invention is a control program for a communication device that allows a wireless information terminal in a communicable area to establish a network connection by wireless communication, and is executed by the communication device. . In addition, a first transmission step of transmitting a notification signal notifying the existence of the communication device and not including the capability information of the communication device to a communicable area is realized. Furthermore, a receiving step of receiving a search signal for searching for a communication device from the wireless information terminal is realized. Still further, a determination step of determining whether or not the received search signal includes required capability information required for the communication device and the capability information of the communication device satisfies the required capability information is realized. . And the 2nd transmission process which transmits the search response message containing the capability information of the said communication apparatus with respect to a wireless information terminal according to the determination result in a determination process is implement | achieved.

  ADVANTAGE OF THE INVENTION According to this invention, the access point in consideration of the security aspect which outputs the alerting signal which does not contain capability information can be provided.

  Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the drawings. However, the constituent elements described in this embodiment are merely examples, and are not intended to limit the scope of the present invention only to them.

(First embodiment)
The first embodiment of the present invention relates to a communication device (wireless base station device) that automatically performs various communication parameter settings required for network connection between devices having a wireless communication function. In particular, the present invention relates to a control method for controlling notification of capability information of a communication device.

  FIG. 1 is a diagram showing an internal configuration of a communication apparatus according to the present embodiment, a so-called access point 203. As shown in FIG. 1, the access point (AP) 203 includes a wireless transmission / reception unit 102, a determination unit 103, an interface unit 104, a control unit 105, a setting storage unit 106, and a time measuring unit 107. Among these, the wireless transmission / reception unit 102 includes an antenna and directly transmits / receives data to / from a wireless information terminal (hereinafter referred to as STA). The determination unit 103 makes various determinations based on information obtained from the STA. Specifically, it is mainly determined whether or not the STA is to perform communication. The interface unit 104 includes an interface with another device. For example, an Ethernet (registered trademark) port for connecting to the WAN corresponds to this. The control unit 105 is a so-called CPU, and controls the entire access point 203 by executing various programs. The setting storage unit 106 stores information set externally for the access point 203. For example, the setting of whether to enable the function (SSID stealth function) that does not include the SSID that is the network identifier in the beacon, or whether to include capability information in the beacon is stored. The control unit 105 performs each control based on the settings stored in the setting storage unit 106. The timer 107 measures the elapsed time. In particular, in the case of setting to include capability information in a beacon for a certain period of time, the time is measured and the passage of a predetermined time is transmitted to the control unit 105.

  FIG. 2 is a diagram for explaining a wireless network using the AP 203 according to the present embodiment. In FIG. 2, two STAs 201 to 202 exist in a range where radio waves reach each other. The AP 203 is set to the SSID stealth mode, and the SSID is not notified in the beacon signal that is a notification signal periodically transmitted from the AP 203. The AP 203 is set not to include capability information in the beacon. Note that the AP 203 has a wireless communication parameter automatic setting function as the capability of the AP 203, and wireless communication parameters can be automatically set with STAs having the same function. Here, it is assumed that the STA 202 is a legitimate user terminal, and that the AP 203 has a wireless communication parameter automatic setting function and knows the SSID for connecting to the AP 203 in advance. On the other hand, it is assumed that the STA 201 is a third party terminal and that the AP 203 has a wireless communication parameter automatic setting function and does not know the SSID for connecting to the AP 203.

  Next, the flow of processing when setting wireless communication parameters for connection between the AP 203 and the STAs 201 and 202 will be described with reference to FIG. Further, the processing inside the AP 203 will be described with reference to FIG.

  The AP 203 periodically sends out a beacon signal and notifies its presence to terminals in the radio wave arrival area 204 of the AP 203 (S301 to S304). Due to the SSID stealth function, the SSID is not included in the beacon signal, and further, the capability information of the AP 203 is not included. Upon receiving the beacon signal from the AP 203, the STA 201 transmits a search request message that does not include capability information in order to connect to the AP 203 (S305). At this time, it is necessary to set the SSID, but since there is no means for knowing the SSID, an arbitrary character string is included as an SSID in the search request message.

  As shown in FIG. 4, at this point, the AP 203 receives a search request message (S501). Next, the AP 203 determines whether or not the AP 203 is set to the stealth mode (S502), and the control unit 105 and the determination unit 103 check the SSID (S503, S306). Here, since the SSID is different from the AP 203, no response is returned from the AP 203 (NG in S503).

  On the other hand, since the STA 202 knows that the AP 203 has a wireless communication parameter automatic setting function, a search request message including capability information indicating that the AP 203 has a wireless communication parameter automatic setting function in order to connect to the AP 203 Is sent out (S307). At that time, it is necessary to set the SSID, but since the user of the STA 202 knows the SSID in advance, the correct SSID is included in the information search request message.

  The AP 203 receives the search request message (S501), and the AP 203 determines whether or not the AP 203 is set to the stealth mode (S502). If the AP 203 that has received the search request message is set in the stealth mode, the AP 203 proceeds to step S503, and the control unit 105 and the determination unit 103 check the SSID. This corresponds to the processing of S308 in FIG.

  Here, since the SSID is the same as that of the AP 203, the AP 203 shifts the control to the capability information check (S309, S504). In the capability information check processing (S309, S504) performed by the control unit 105 and the determination unit 103, the presence / absence of capability information and whether the function notified by the capability information of the STA 202 is a function supported by the AP 203 are also checked. If the capability information check result is OK, the AP 203 sends a search response message including its capability information to the STA 202 (S310, S505). Thereafter, a normal wireless communication parameter automatic setting protocol is executed between the AP 203 and the STA 202 (S311 and S506).

  When the capability information check result is NG, the AP 203 sends a search response message not including its own capability information to the STA 202 (S507). Therefore, the wireless communication parameter setting protocol is not executed. Alternatively, if the capability information check result is NG, the AP 203 does not send anything, so the STA 202 cannot connect.

  Here, reference is made to the case where the SSID set by the STA 201 is correct. When the search request message including the correct SSID is sent from the STA 201 (S314), the AP 203 that has received the message is set to the stealth mode, so the control unit 105 and the determination unit 103 check the SSID (S315). , S503). Here, since the SSID is the same as the AP 203, the AP 203 shifts the control to the capability information check (S316, S504). The capability information check (S309, S504) performed by the control unit 105 and the determination unit 103 checks whether there is capability information or whether the function information notified by the capability information of the STA 202 is a function that is also supported by the AP 203. Since the user of the STA 201 does not know that the AP 203 has a wireless communication parameter setting function, the search request message transmitted by the STA 201 does not include capability information. Therefore, the capability information check is NG, and the wireless communication parameter setting protocol is not executed. As described above, even when the SSID included in the search request is correct, if the capability information is not included, the wireless communication parameter is not automatically set between the terminal that transmitted the search request and the AP. That is, by performing a double check, that is, an SSID check and a capability information check, the security can be further strengthened as compared with the case where only the SSID stealth function is enabled.

  The case where the AP 203 is operating in the SSID stealth mode has been described above, but the same processing can be performed for the AP 203 that is not set in the SSID stealth mode. According to this embodiment, since a wireless communication parameter is set only with a user terminal that knows in advance that the AP has a wireless communication parameter setting function, a malicious third party can connect to the network. Can be prevented. Moreover, security can be further strengthened by combining with the SSID stealth function.

(Second Embodiment)
Next, a second embodiment of the present invention will be described with reference to FIGS. This embodiment is different from the first embodiment in that the wireless communication parameter setting sequence operates by pressing a button provided on each of the AP 203 and the STA 202. Since other configurations and operations are the same as those of the first embodiment, the same components and processes are denoted by the same reference numerals and description thereof is omitted here. FIG. 5 is a diagram showing a flow of processing when setting wireless communication parameters for connection between the AP 203 and the STAs 201 and 202. FIG. 6 is a flowchart showing processing inside the AP 203.

  As in the first embodiment, the AP 203 periodically sends out a beacon signal and notifies its presence to terminals in the radio wave arrival area 204 of the AP 203 (S301 to S304, S601). Note that the SSID stealth function is enabled, the SSID is not included in the beacon signal, and further, the capability information of the AP 203 is not included. Here, it is assumed that the button is pressed in the AP 203 and the STA 202 in order to perform the wireless communication parameter setting protocol (S405 and S406, 602). The AP 203 whose button is pressed enters the wireless communication parameter setting mode, and transmits a beacon signal including capability information by the operation of the control unit 105 (S407 to S410, S603). At this time, the timer unit 107 of the AP 203 starts a timer (S604). It is assumed that the SSID stealth function is enabled as it is.

  Upon receiving the beacon signal from the AP 203, the STA 201 transmits a search request message including capability information in order to connect to the AP 203 (S411). At that time, it is necessary to set the SSID, but since there is no means for knowing the SSID, it is assumed that an arbitrary character string is included as an SSID in the search request message. The AP 203 that has received the search request message checks the SSID by the control unit 105 and the determination unit 103 because it is set to the stealth mode (S412).

  In FIG. 6, the AP 203 receives the search request message (S501), and the AP 203 determines whether or not the AP 203 is set to the stealth mode (S502). If the AP 203 that has received the search request message is set in the stealth mode, the AP 203 proceeds to step S503, and the control unit 105 and the determination unit 103 check the SSID. Here, since the SSID is different from the AP 203, no response is returned from the AP 203.

  Since the STA 202 knows that the AP 203 has a wireless communication parameter automatic setting function, it sends a search request message including capability information indicating that it has the wireless communication parameter automatic setting function in order to connect to the AP 203. (S413). At that time, it is necessary to set the SSID, but since the user of the STA 202 knows the SSID in advance, the correct SSID is included in the information search request message.

  The AP 203 that has received the search request message in step S501 determines whether or not the AP 203 is set in the stealth mode (S502). If the stealth mode is set, the process proceeds to step S503. In step S503, the control unit 105 and the determination unit 103 check the SSID (S414). Here, since the SSID is the same as that of the AP 203, the AP 203 shifts the control to the capability information check (S415, S504). The capability information check (S415) performed by the control unit 105 and the determination unit 103 checks whether there is capability information, and whether the function notified by the capability information of the STA 202 is a function that is also supported by the AP 203. If the capability information check result is OK, the AP 203 sends a search response message including its capability information to the STA 202 (S416, S505). Thereafter, a normal wireless communication parameter automatic setting protocol is executed between the AP 203 and the STA 202 (S417, S506). When the capability information check result is NG, the AP 203 sends a search response message not including its own capability information to the STA 202 (S507). Therefore, the wireless communication parameter setting protocol is not executed. Alternatively, if the capability information check result is NG, the AP 203 does not send anything, so the STA 202 cannot connect. If time-out unit 107 of AP 203 detects a timeout (S605), the process returns to step S601, and a beacon signal not including capability information is transmitted by the function of control unit 105.

  The example in which the AP 203 transmits a beacon signal including capability information when the button is pressed has been described above, but the same processing can be performed in the operation of starting the wireless parameter setting protocol other than the button pressing. According to the present embodiment, after the button is pressed, the AP transmits the beacon including the capability information only for a certain period of time, and other terminals have the wireless communication parameter automatic setting function other than the time. I can not recognize that. Accordingly, since it is possible to prevent a malicious third party from connecting to the network, security can be enhanced.

(Other embodiments)
Although the embodiments of the present invention have been described in detail above, the present invention may be applied to a system constituted by a plurality of devices or may be applied to an apparatus constituted by one device.

  The present invention can also be achieved by supplying a program that realizes the functions of the above-described embodiments directly or remotely to a system or apparatus, and the system or apparatus reads and executes the supplied program code. The Accordingly, the program code itself installed in the computer in order to realize the functional processing of the present invention by the computer is also included in the technical scope of the present invention.

  In this case, the program may be in any form as long as it has a program function, such as an object code, a program executed by an interpreter, or script data supplied to the OS.

  Examples of the recording medium for supplying the program include a floppy (registered trademark) disk, a hard disk, an optical disk, and a magneto-optical disk. Further, there are MO, CD-ROM, CD-R, CD-RW, magnetic tape, nonvolatile memory card, ROM, DVD DVD-ROM, DVD-R, and the like.

  In addition, there is a usage method in which a client PC browser is used to connect to an Internet site and a program according to the present invention itself or a file including an automatic installation function is downloaded to a recording medium such as a hard disk. It can also be realized by dividing the program code constituting the program according to the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server that allows a plurality of users to download a program for realizing the functional processing of the present invention on a computer is also included in the scope of the present invention.

  Further, the program according to the present invention may be encrypted and stored in a storage medium such as a CD-ROM and distributed to users. This is realized by having a user who has cleared a predetermined condition download key information to be decrypted from a homepage via the Internet, execute the encrypted program by using the key information, and install it on a computer. It is also possible.

  Further, the functions of the above-described embodiments can be realized by performing part or all of the actual processing by the OS running on the computer based on the instructions of the program.

  Furthermore, when the program according to the present invention is written in the memory provided in the function expansion unit of the PC and the CPU or the like provided in the function expansion unit performs part or all of the actual processing based on the program, Included in the category.

It is a block diagram of the access point which concerns on 1st Embodiment of this invention. It is a block diagram of 1st Embodiment and 2nd Embodiment. It is a sequence diagram of a 1st embodiment. It is a flowchart of a 1st embodiment. It is a sequence diagram of a second embodiment. It is a flowchart of a 2nd embodiment.

Explanation of symbols

201 wireless information terminal 202 wireless information terminal 203 access point 204 wireless area of access point

Claims (10)

A communication device that realizes network connection by wireless communication to a wireless information terminal in a communicable area,
First transmission means for transmitting to the communicable area a notification signal notifying the presence of the communication device and not including the capability information of the communication device;
Receiving means for receiving a search signal for searching for a communication device from the wireless information terminal;
A first determination means for determining whether or not the requested capability information required for the communication device is included in the received search signal and the capability information of the communication device satisfies the required capability information;
Second transmission means for transmitting a search response message including capability information of the communication device to a wireless information terminal based on a determination result by the first determination means;
A communication apparatus comprising: A second determination means for determining whether or not the received search signal includes network identification information for connecting to the communication device;
The said 1st determination means performs the determination regarding the said capability information further, when the said 2nd determination means determines with the said network identification information being contained in the said search signal. The communication apparatus as described in. The second transmission means includes
When the first determination unit determines that the requested capability information included in the search signal and the network identification information for connecting to the communication device do not match, the capability information of the communication device is not included. The communication apparatus according to claim 1, wherein the search response message is transmitted to the wireless information terminal. The second transmission means includes
When the first determination unit determines that the requested capability information is not included in the search signal, a search response message that does not include the capability information of the communication device is transmitted to the wireless information terminal. The communication device according to claim 1.   For the communicable area, the network identification information for connecting to the communication device, the notification signal not including the capability information of the communication device, and the network identification information for connecting to the communication device are not included. 2. The communication according to claim 1, further comprising a control unit that controls the first transmission unit to transmit any one of the notification signals including the capability information of the communication device. apparatus. Further comprising setting means for setting whether or not the capability information is notified by the notification signal;
When the setting unit is set to notify the capability information, the control unit does not include the identification information of the communication device itself, but transmits the notification signal including the capability information of the communication device. The communication apparatus according to claim 5, wherein the first transmission unit is controlled. The control means is capable of controlling the communication device in a wireless communication parameter setting mode for setting wireless communication parameters between the communication device and the wireless information terminal;
The communication apparatus according to claim 5, wherein in the wireless communication parameter setting mode, the first transmission unit is controlled to notify the capability information.   The communication apparatus according to claim 7, further comprising a timing unit configured to control the wireless communication parameter setting mode so as to continue only during a predetermined period. A communication device control method for realizing wireless network connection to a wireless information terminal in a communicable area,
A first transmission step of transmitting to the communicable area a notification signal notifying the presence of the communication device and not including the capability information of the communication device;
Receiving a search signal for searching for a communication device from the wireless information terminal;
A determination step of determining whether the received capability information required for the communication device is included in the search signal and the capability information of the communication device satisfies the required capability information;
A second transmission step of transmitting a search response message including the capability information of the communication device to the wireless information terminal according to the determination result in the determination step;
A method for controlling a communication apparatus, comprising: A communication device control program for realizing wireless network connection with a wireless information terminal in a communicable area, which is executed by the communication device,
A first transmission step of transmitting to the communicable area a notification signal notifying the presence of the communication device and not including the capability information of the communication device;
Receiving a search signal for searching for a communication device from the wireless information terminal;
A determination step of determining whether the received capability information required for the communication device is included in the search signal and the capability information of the communication device satisfies the required capability information;
A second transmission step of transmitting a search response message including the capability information of the communication device to the wireless information terminal according to the determination result in the determination step;
A communication apparatus control program characterized by realizing the above.

Images