JP2014099776A - Encryption information automatic update system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an encryption information automatic update system which periodically and automatically updates an encryption key and easily inputs the updated encryption key to a radio slave unit.SOLUTION: An encryption information automatic update system 1 comprises: a radio communication unit 32 which establishes radio communication with a terminal 5 by encryption information; an NFC (Near Field Communication) card 6 which stores ID information; a card reader/writer unit 44 which reads the ID information stored in the NFC card 6; an encryption information generation unit 22 which generates new encryption information and sets the new encryption information in the radio communication unit 32; a storage unit 25 which stores an ID information list 251 indicating ID information of terminals that are authorized to perform the radio communication; and an ID information management unit 23 which writes the encryption information in the NFC card 6 via the card reader/writer unit 44 when the ID information read by the card reader/writer unit 44 from the NFC card 6 is included in the ID information list 251.

Description

  The present invention relates to a technique for suppressing decryption of encryption information for establishing wireless communication in a wireless communication system.

  In recent years, wireless LAN (Local Area Network) systems have been widely used in offices and homes. A wireless LAN system that transmits and receives data using radio waves has an advantage that it is easier to introduce than a wired LAN that requires cable laying. However, in the wireless LAN system, when the encryption key of the wireless LAN is decrypted by packet analysis or dictionary attack, there is a possibility that each data in the network may be abused or network resources may be abused due to unauthorized access.

  As one method of strengthening the security of the wireless LAN system, there is a method in which the wireless LAN system automatically updates its own encryption key. The encryption key is a PreSharedKey such as WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access).

  The problem of Patent Document 1 is described as “to prevent impersonation and to improve network security and data security for each individual who uses the device.” The solution means “NIC or NIC for connecting to network”. A peripheral device (image forming apparatus) provided with an NFC-R / W connected to a USB host for connection using WLAN and wireless communication, and close to an NFC token via the NFC-R / W There is an access by distance wireless communication (S201), and based on the access, the legitimacy of the user is judged based on the certificate information for each user held by the device equipped with the short-range wireless communication function (S202). -S206, S215), when the legitimacy is authenticated (S216, S218), preset processing such as communication path encryption, electronic data Performing authentication judgment of reliability and / or normality. Is described as ".

In recent years, non-contact IC cards are often used for various ID cards such as employee ID cards in companies. An increasing number of mobile phones are equipped with a communication interface similar to a non-contact type IC card. This non-contact type IC card is called an NFC (Near Field Communication) card. The NFC card performs bidirectional communication of 100 to 400 kbps at a very short distance of about 10 cm. The NFC card does not require a battery or a power source, and can communicate with the power generated by electromagnetic induction and rewrite the data stored in the NFC card simply by placing it close to a card reader / writer.
Non-Patent Document 1 describes an outline of a network compatible IC reader / writer and package software for time stamps.

JP 2011-155495 A

Ryozo Ota, “Package for time stamps on network-ready IC readers and writers”, [online], April 18, 2012, Impress watch, Keitai Watch, [October 16, 2012 search], Internet <URL: http://k-tai.impress.co.jp/docs/dotbiz/news/20120418_527226.html>

  When the wireless LAN system automatically updates the encryption key periodically, in order for the wireless slave device to connect to the wireless master device, a new encryption key must be manually input each time, which is cumbersome.

  According to the invention described in Patent Document 1, it is possible to determine the legitimacy of the user based on the certificate information acquired by the card reader. However, the invention described in Patent Document 1 encrypts the communication path every time the validity of the user is authenticated, but when this is applied to wireless communication, only the last authenticated user can communicate. Thus, a plurality of authorized users cannot use wireless communication at the same time.

  Accordingly, an object of the present invention is to provide an encryption information automatic updating system that allows an updated encryption key to be easily input to a wireless slave unit even if the encryption key is automatically updated periodically.

  In order to solve the above-described problem, according to the first aspect of the present invention, wireless communication means for establishing wireless communication with a terminal, storage means for storing identification information, and storage in the storage means, based on encryption information. A non-contact communication means for reading the identification information, a cryptographic information generation means for generating new encryption information and setting it in the wireless communication means, and a storage means for storing an identification information list that is a wireless communication permission target And, if the identification information read from the storage means by the non-contact type communication means exists in the identification information list, the identification information management means for writing the encryption information to the storage means by the non-contact type communication means; And an encryption information automatic update system characterized by comprising:

  Other means will be described in the embodiment for carrying out the invention.

  ADVANTAGE OF THE INVENTION According to this invention, even if an encryption key is updated automatically regularly, the encryption information automatic update system which enables easy input of the updated encryption key with respect to a radio | wireless handset can be provided.

It is a schematic block diagram which shows the encryption information automatic update system in 1st Embodiment. It is a figure which shows the example of the various lists in 1st Embodiment. It is a flowchart which shows the card | curd authentication process of the time recorder in 1st Embodiment. It is a flowchart which shows the card | curd authentication process of the management apparatus in 1st Embodiment. It is a flowchart which shows the process of the terminal in 1st Embodiment. It is a sequence diagram which shows delivery of encryption information in 1st Embodiment. It is a schematic block diagram which shows the encryption information automatic update system in 2nd Embodiment. It is a figure which shows the example of the various lists in 2nd Embodiment. It is a flowchart which shows the card | curd authentication process of the management apparatus in 2nd Embodiment. 10 is a flowchart showing terminal check processing of a wireless LAN router in the second embodiment. It is a flowchart which shows the process of the terminal in 2nd Embodiment. It is a sequence diagram which shows delivery of encryption information in 2nd Embodiment. It is a schematic block diagram which shows the encryption information automatic update system in 3rd Embodiment. It is a figure which shows the example of the various lists in 3rd Embodiment. It is a flowchart which shows the card | curd authentication process of the attendance recording apparatus in 3rd Embodiment. It is a flowchart which shows the card | curd authentication process and encryption information generation handler process of the management apparatus in 3rd Embodiment. It is a schematic block diagram which shows the encryption information automatic update system in 4th Embodiment. It is a flowchart which shows the card | curd authentication process of the encryption information supply apparatus in 4th Embodiment. It is a flowchart which shows the card | curd authentication process and encryption information generation handler process of the management apparatus in 4th Embodiment.

  Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the drawings.

(Configuration of the first embodiment)
FIG. 1 is a schematic configuration diagram showing an automatic encryption information update system according to the first embodiment.
The encryption information automatic update system 1 is installed in, for example, an office, and records work attendance and leaving and provides encryption information for accessing the wireless LAN router 3 to workers in the office. .
The encryption information automatic update system 1 includes a management device 2, a wireless LAN router 3 that is an access point, a time recorder 4, and a network 9 that interconnects them. The encryption information automatic update system 1 enables establishment of wireless communication with the wireless LAN router 3 by placing the NFC card 6 over the time recorder 4 and then over the terminal 5. The encryption information automatic update system 1 acquires the latest encryption information (SSID (Service Set IDentifier) and encryption key) from the time recorder 4 by the NFC card 6 and supplies the encryption information to the terminal 5 by the NFC card 6.
The management apparatus 2 includes a wired communication unit 21 that transmits / receives data via the network 9 and an encryption information generation unit 22 (encryption information generation) that newly generates encryption information at a predetermined time or a predetermined trigger and sets the encryption information in the wireless LAN router 3. Means), an ID information management unit 23 (identification information management unit) for managing ID information (identification information) of the NFC card 6, a power management unit 24 (power management unit) for managing power, and a memory for storing information Unit 25 (storage means). The storage unit 25 stores an ID information list 251 (identification information list), a permission list 252, and an unauthorized access log 253 that are wireless communication permission targets. If the ID information read from the NFC card 6 by the card reader / writer unit 44 of the time recorder 4 to be described later exists in the ID information list 251, the ID information management unit 23 (identification information management means) stores the ID information in this NFC card 6. Write cryptographic information. The power management unit 24 (power management unit) turns on the power of the wireless LAN router 3 when the card reader / writer unit 44 first transmits encryption information to the NFC card 6. The management device 2 manages a wireless LAN router 3 to be described later.
The wireless LAN router 3 includes a wired communication unit 31 that transmits and receives data via the network 9, a wireless communication unit 32 that transmits and receives data via radio waves, and a wireless control unit 33 that controls the wireless communication unit 32. ing. The wireless LAN router 3 establishes a wireless communication path with a terminal 5 to be described later using encryption information, and enables data transmission / reception between the various devices connected to the network 9 and the terminal 5. .
The time recorder 4 is stored in the wired communication unit 41 that transmits and receives data via the network 9, the display unit 42 that displays characters, figures, images, and the like, the attendance recording unit 43 that records attendance, and the NFC card 6. A card reader / writer unit 44 (non-contact communication means) for reading and writing various information, an operation unit 45 for receiving user operations, and an attendance record 46 storing attendance record information. The card reader / writer unit 44 (non-contact type communication means) reads ID information stored in the NFC card 6. The time recorder 4 reads the ID information stored in the NFC card 6 and records the attendance time or the departure time in the attendance record 46.
The terminal 5 includes a wireless communication unit 51 that is a wireless LAN slave unit, a wireless connection unit 52 that controls the wireless communication unit 51, and a card reader unit 53 that reads various information stored in the NFC card 6. .
The NFC card 6 (storage means) includes an antenna unit 61 that transmits and receives radio waves, a control unit 62 that controls wireless communication, and a storage unit 63 that stores (stores) various types of information. The NFC card 6 stores various types of information such as ID information, and transmits / receives data to / from the card reader / writer when it is trapped by an NFC-compatible card reader / writer. The NFC card 6 transmits and receives radio waves by the antenna unit 61, transmits information in the storage unit 63 to the outside, and stores information input from the outside in the storage unit 63.
In the encryption information automatic update system 1 of the first embodiment, when the NFC card 6 is passed to the card reader / writer unit 44 of the time recorder 4, the SSID and the encryption key are written in the storage unit 63 of the NFC card 6. It is configured. The encryption information automatic updating system 1 determines whether or not it is possible to connect to the target network 9 based on the ID information stored in the NFC card 6. Write cryptographic information. The terminal 5 having the wireless communication unit 51 that is a wireless LAN slave unit reads the SSID and the encryption key written in the storage area of the NFC card 6 and establishes wireless communication with the wireless LAN router 3.
The encryption information automatic update system 1 of the first embodiment improves security by automatically automatically generating encryption information (SSID and encryption key).

  2A to 2C are diagrams illustrating examples of various lists according to the first embodiment.

FIG. 2A is an example of the ID information list 251 in the first embodiment.
The ID information list 251 includes an ID information column 251-1 and a name column 251-2. In the ID information list 251, information relating to a person who has the authority to access the encryption information automatic update system 1 is stored in advance.
In the ID information column 251-1, identification information of a person who has the authority to access the encryption information automatic update system 1 is stored. In the first embodiment, for example, an employee number is stored as the identification information.
The name column 251-2 stores the names of persons who have the authority to access the encrypted information automatic update system 1.

FIG. 2B is an example of the permission list 252 in the first embodiment.
The permission list 252 includes an ID information column 252-1 and a MAC (Media Access Control) address column 252-2. When any employee goes to work, an entry of a combination of the ID information and the MAC address of the NFC card 6 possessed by the person who went to work is stored in the permission list 252. When the person who went to work leaves, the entry in the permission list 252 related to the ID information of the NFC card 6 possessed by the person is deleted.
The ID information column 252-1 stores ID information stored in the NFC card 6 possessed by the person who has worked. This ID information is, for example, the employee number of the person who went to work.
The MAC address column 252-2 stores the MAC address stored in the NFC card 6 possessed by the person who has worked. This MAC address is, for example, the MAC address of the terminal 5 possessed by the person who has worked.

FIG. 2C is an example of the attendance record 46 in the first embodiment.
The attendance record 46 includes a type column 46-1, a date / time column 46-2, an ID information column 46-3, and a name column 46-4. A new entry is added to the attendance record 46 each time the NFC card 6 is deceived by the time recorder 4.
In the type column 46-1, type information indicating whether it is going to work or leaving is stored. In the encryption information automatic update system 1 of the first embodiment, every time the same NFC card 6 is tapped, a toggle operation is performed in which attendance and leaving are recorded alternately. However, the present invention is not limited to this, and the encryption information automatic updating system may be configured to record by switching between attendance and leaving by the operation button of the operation unit 45, and can switch between attendance and withdrawal depending on the time zone. You may comprise so that it may record.
The date / time column 46-2 stores the date / time concerning attendance or leaving.
The ID information column 46-3 stores ID information (identification information) of persons involved in attendance or leaving.
The name column 46-4 stores the names of persons involved in attendance or leaving.

(Operation of the first embodiment)

FIG. 3 is a flowchart showing the card authentication process of the time recorder in the first embodiment.
When the time recorder 4 is turned on, the card authentication process of FIG. 3 starts.
In step S10, the card reader / writer unit 44 of the time recorder 4 determines whether or not the NFC card 6 has been tampered with. If the determination condition is not satisfied (No), the card reader / writer unit 44 performs the process of step S10 again. If the determination condition is satisfied (Yes), the card reader / writer unit 44 performs the process of step S11.
In step S <b> 11, the card reader / writer unit 44 reads the ID information and the MAC address from the NFC card 6.
In step S <b> 12, the attendance recording unit 43 transmits the ID information and the MAC address to the management device 2 through the wired communication unit 41. Here, the node A indicates a path of information received by the management apparatus 2 in step S23 of FIG. 4 described later.
In step S <b> 13, the attendance recording unit 43 determines whether the wired communication unit 41 has received data from the management device 2. The attendance recording unit 43 performs the process of step S13 again if the determination condition is not satisfied (No), and performs the process of step S14 if the determination condition is satisfied (Yes). Here, the node B indicates a path of information transmitted by the management apparatus 2 in steps S28 and S31 of FIG. 4 described later.
In step S14, the attendance recording unit 43 determines the received content. The attendance recording unit 43 performs the process of step S15 if the received content is the SSID and the encryption key, and performs the process of step S17 if the received content is the “leave” information.
In step S 15, the attendance recording unit 43 writes the received SSID and encryption key to the NFC card 6.
In step S16, the attendance recording unit 43 adds a new entry to the attendance record 46 and records the attendance.
In step S <b> 17, the attendance recording unit 43 adds a new entry to the attendance record 46 and records leaving.
In step S18, the attendance recording unit 43 notifies the user that the access by the NFC card 6 is completed, and the process returns to step S10.

FIG. 4 is a flowchart showing card authentication processing of the management apparatus in the first embodiment.
When the management apparatus 2 is turned on, the card authentication process in FIG. 4 is started.
In step S <b> 20, the power management unit 24 turns on the power of the wireless LAN router 3.
In step S <b> 21, the encryption information generation unit 22 newly generates an SSID and an encryption key and sets them in the wireless LAN router 3.
In step S <b> 22, the power management unit 24 turns off the power of the wireless LAN router 3.
In step S <b> 23, the wired communication unit 21 receives ID information and a MAC address from the time recorder 4. Here, the node A indicates the path of the ID information and the MAC address information transmitted by the time recorder 4 in step S12 of FIG.
In step S24, the ID information management unit 23 determines whether or not the ID information received from the time recorder 4 is a connection permission target ID. The ID information management unit 23 performs the process of step S25 if the determination condition is not satisfied (No), and performs the process of step S26 if the determination condition is satisfied (Yes). If the ID information received from the time recorder 4 is the same as that stored in any ID information column 251-1 of the ID information list 251, the ID information management unit 23 is a connection permission target ID. Judge.
In step S25, the ID information management unit 23 records the unauthorized access in the unauthorized access log 253 and returns to the process of step S23.

In step S26, the ID information management unit 23 determines whether or not the ID information received from the time recorder 4 is already a connection permitted ID. The ID information management unit 23 performs the process of step S27 if the determination condition is not satisfied (No), and performs the process of step S30 if the determination condition is satisfied (Yes). Here, if the ID information received from the time recorder 4 is the same as that stored in any ID information column 252-1 of the permission list 252, the ID information management unit 23 has already permitted connection. Judged to be ID.
In step S27, the ID information management unit 23 registers the received ID information and MAC address in the permission list 252.
In step S <b> 28, the ID information management unit 23 supplies (transmits) SSID and encryption key information to the time recorder 4. Here, the node B indicates a path of information of the SSID and the encryption key received by the time recorder 4 in step S13 of FIG.
In step S29, the ID information management unit 23 increments the number of permitted persons (number of employees at work) by 1 and performs the process of step S33.

In step S <b> 30, the ID information management unit 23 deletes the received ID information and the entry related to the MAC address from the permission list 252.
In step S31, the ID information management unit 23 notifies the time recorder 4 of leaving. Here, the node B indicates the path of the “exit” information received by the time recorder 4 in step S13 of FIG.
In step S32, the ID information management unit 23 reduces the number of permits (number of employees at work) by 1 and performs the process of step S33.
In step S <b> 33, the ID information management unit 23 determines whether or not the number of permits (number of employees at work) exceeds zero. The ID information management unit 23 performs the process of step S35 if the determination condition is not satisfied (No), and performs the process of step S34 if the determination condition is satisfied (Yes).
In step S34, the power management unit 24 turns on the power of the wireless LAN router 3, enables wireless communication with the terminal 5, and returns to the process of step S23.
In step S <b> 35, the encryption information generation unit 22 generates an SSID and an encryption key and sets them in the wireless LAN router 3.
In step S36, the power management unit 24 turns off the wireless LAN router 3 and returns to the process in step S23.

FIG. 5 is a flowchart showing the processing of the terminal in the first embodiment.
When the user turns on the power of the terminal 5, the process of FIG.
In step S40, the wireless connection unit 52 of the terminal 5 determines whether or not the NFC card 6 has been compromised. If the determination condition is not satisfied (No), the wireless connection unit 52 returns to the process of step S40 again. If the determination condition is satisfied (Yes), the wireless connection unit 52 performs the process of step S41.
In step S <b> 41, the wireless connection unit 52 acquires the SSID and encryption key information from the NFC card 6 by the card reader unit 53.
In step S42, the wireless connection unit 52 sets a wireless LAN connection. That is, the wireless connection unit 52 sets the acquired SSID and encryption key for the wireless communication unit 51.
In step S <b> 43, the wireless connection unit 52 establishes a wireless LAN connection with the wireless LAN router 3.
In step S44, the wireless connection unit 52 determines the state. The wireless connection unit 52 performs the process of step S46 if the user instructs power off, and performs the process of step S45 if the user instructs log off, and instructs the user other than log off or power off. If so, after performing a process (not shown), the process returns to step S44 again.
In step S45, the wireless connection unit 52 performs a logoff process and ends the process of FIG.
In step S46, the wireless connection unit 52 performs a power-off process and ends the process of FIG.

FIG. 6 is a sequence diagram showing delivery of encryption information in the first embodiment.
By turning on the power supply of the management apparatus 2, the processes of sequences Q10 to Q12 are started.
In sequence Q10, the management device 2 turns on the power of the wireless LAN router 3.
In sequence Q11, the management device 2 generates an SSID and an encryption key and sets them in the wireless LAN router 3.
In sequence Q12, the management apparatus 2 turns off the power of the wireless LAN router 3.

A person who goes to work at the beginning of the day tricks the time recorder 4 into the NFC card 6 to start processing of sequences Q20 to Q26.
In sequence Q20, the time recorder 4 reads the MAC address and ID information from the NFC card 6.
In sequence Q21, the time recorder 4 transmits the MAC address and ID information to the management apparatus 2.
In sequence Q22, the management device 2 determines that the received ID information is a connection target ID.
In sequence Q23, the management device 2 transmits the SSID and the encryption key to the time recorder 4.
In sequence Q <b> 24, the management device 2 determines that the permitted number (number of employees at work) exceeds 1, and turns on the power of the wireless LAN router 3.
In sequence Q25, the time recorder 4 adds a new entry to the attendance record 46 and records the attendance of this person.
In sequence Q26, the time recorder 4 writes the SSID and the encryption key in the NFC card 6.
Through the processing of these sequences Q20 to Q26, the encryption information automatic update system 1 records the attendance of the user of the NFC card 6, writes new encryption information to the NFC card 6, and further turns on the power of the wireless LAN router 3. Can do. After sequence Q26, the person who has started working removes the NFC card 6 from the time recorder 4, sits at his desk, and activates the terminal 5, for example.

When a person who goes to work deceives the NFC card 6 at the terminal 5, the processing of sequences Q30 to Q32 starts.
In sequence Q30, the terminal 5 reads the SSID and the encryption key from the NFC card 6.
In sequence Q31, the terminal 5 performs wireless LAN setting based on the SSID and the encryption key.
In sequence Q32, the terminal 5 establishes a wireless connection with the wireless LAN router 3.
After sequence Q32, the person who went to work separates this NFC card 6 from the terminal 5, stores it in his card case, for example, and continues to use this terminal 5.

(Effects of the first embodiment)
The first embodiment described above has the following effects (A) to (E).

(A) Since the wireless LAN router 3 automatically updates the encryption information at a predetermined opportunity, the possibility of unauthorized access by an unauthorized user can be reduced and the security of the wireless LAN connection can be improved.

(B) Since the encryption information updated by the wireless LAN router 3 is automatically set in the terminal 5 via the NFC card 6, it is possible to omit manual setting of the wireless LAN.

(C) When the number of office workers managed by the time recorder 4 exceeds 0, the wireless LAN router 3 is automatically turned on. Thereby, the man-hour for turning on the wireless LAN router 3 manually can be omitted.

(D) When the number of office workers managed by the time recorder 4 is 0 or less, the power of the wireless LAN router 3 is automatically turned off. Thereby, the power consumption of the wireless LAN router 3 can be reduced. Furthermore, unauthorized access to the wireless LAN router 3 by unauthorized users can be prevented in a time zone when there is no person who has gone to the office.

(E) The management device 2 is turned off after setting the encryption information (SSID and encryption key) in the wireless LAN router 3. As a result, when the wireless LAN router 3 is next powered on, new encryption information (SSID and encryption key) can be set. Furthermore, compared with the case where encryption information (SSID and encryption key) is set after powering on the wireless LAN router 3, restart after setting encryption information can be omitted.

(Configuration of Second Embodiment)

FIG. 7 is a schematic configuration diagram showing an automatic encryption information update system in the second embodiment. The same reference numerals are assigned to the same elements as those in the encryption information automatic updating system 1 (see FIG. 1) of the first embodiment.
The encryption information automatic update system 1a according to the second embodiment is installed in an office or the like, for example, and records the attendance and leaving for the worker in the office, and the encryption for accessing the wireless LAN router 3 Information is provided.
The encryption information automatic update system 1a of the second embodiment includes a management device 2a different from the management device 2 (see FIG. 1) of the first embodiment and a wireless LAN router 3 (see FIG. 1) of the first embodiment. And a plurality of wireless LAN routers 3a-1 and 3a-2. Hereinafter, when the wireless LAN routers 3a-1 and 3a-2 are not particularly distinguished, they are simply referred to as a wireless LAN router 3a.
The management device 2a of the second embodiment includes a storage unit 25a different from the storage unit 25 (see FIG. 1) of the first embodiment. The storage unit 25a according to the second embodiment includes an ID information list 251a different from the ID information list 251 according to the first embodiment (see FIG. 1), and a permission list 252 according to the first embodiment (see FIG. 1). Has different permission lists 252a. The ID information list 251a and the permission list 252a of the second embodiment will be described with reference to FIG.
The wireless LAN router 3a of the second embodiment includes a check request unit 34 (check request means) in addition to the same configuration as the wireless LAN router 3 (see FIG. 1) of the first embodiment. The check request unit 34 (check request means) repeatedly acquires ID information (identification information) stored in the NFC card 6 when wireless communication is established with the terminal 5. The radio control unit 33 (radio control means) disconnects radio communication with the terminal 5 when the check request unit 34 cannot acquire ID information (identification information). The operation of the check request unit 34 of the second embodiment will be described with reference to FIG.

FIGS. 8A to 8C are diagrams showing examples of various lists in the second embodiment.
FIG. 8A shows an example of the ID information list 251a in the second embodiment. The same elements as those in the permission list 252 (see FIG. 2A) of the first embodiment are given the same reference numerals.
The ID information list 251a of the second embodiment further includes an access point column 251a-3 in addition to the ID information list 251 (see FIG. 2A) of the first embodiment.
In the ID information list 251a, information of persons who have the authority to access the encrypted information automatic update system 1 is stored in advance.
The ID information column 251a-1 has the authority to access the encryption information automatic update system 1 in the same manner as the ID information column 251-1 (see FIG. 2A) of the first embodiment. Is stored.
In the name field 251a-2, the name of the person who has the authority to access the encryption information automatic update system 1 is the same as the name field 251-2 (see FIG. 2A) of the first embodiment. Is stored.
The access point column 251a-3 stores information for specifying a wireless LAN router 3a that can be accessed by a person who has the authority to access the encryption information automatic update system 1. Here, “A” is information for specifying the wireless LAN router (A) 3a-1. “B” is information for specifying the wireless LAN router (B) 3a-2.

FIG. 8B is an example of the permission list 252a in the second embodiment. The same elements as those in the permission list 252 (see FIG. 2B) in the first embodiment are given the same reference numerals.
The permission list 252a includes an ID information column 252a-1, a MAC address column 252a-2, and an access point column 252a-3. The permission list 252a stores an entry of a combination of ID information, MAC address, and access point of the NFC card 6 possessed by the person who has worked. Further, when the person who went to work leaves the permission list 252a, the entry related to the ID information of the NFC card 6 possessed by the person is deleted.
In the ID information column 252a-1, the ID information column 252-1 (see FIG. 2B) of the first embodiment is stored in the NFC card 6 possessed by the person who attended the work. ID information is stored.
In the MAC address column 252a-2, the MAC address column 252-2 (see FIG. 2B) of the first embodiment is stored in the NFC card 6 possessed by the person who attended the work. The MAC address is stored.
The access point column 252a-3 stores information for specifying the wireless LAN router 3a that can be accessed by the person who has worked.

  FIG. 8C is an example of the attendance record 46 in the second embodiment. The configuration is the same as the attendance record 46 (see FIG. 2C) in the first embodiment.

(Operation of Second Embodiment)

FIG. 9 is a flowchart showing a card authentication process of the management apparatus in the second embodiment. The same elements as those in the card authentication process (see FIG. 4) of the first embodiment are given the same reference numerals.
When the management apparatus 2a is turned on, the card authentication process is started.
After the process starts, the processes in steps S20 to S27 are the same as the processes in steps S20 to S27 (see FIG. 4) of the first embodiment.
In step S28a, the ID information management unit 23 supplies (transmits) the SSID and encryption key information of the wireless LAN router 3a corresponding to the time recorder 4 based on the access point column 252a-3. Here, the node B indicates a path of information of the SSID and the encryption key received by the time recorder 4 in step S13 of FIG.
The process of steps S29 to S33 is the same as the process of steps S29 to S33 (see FIG. 4) of the first embodiment.
In step S34a, the power management unit 24 turns on the power of all the wireless LAN routers 3a to enable the wireless communication of the terminal 5, and performs the process of step S37.
In step S37, the ID information management unit 23 sets the terminal check handler to start at a predetermined cycle, and returns to the process of step S23.
In step S35a, the encryption information generation unit 22 generates SSIDs and encryption keys of all the wireless LAN routers 3a and sets them in each wireless LAN router 3a.
In step S36a, the power management unit 24 turns off the power of all the wireless LAN routers 3a and performs the process of step S38.
In step S38, the ID information management unit 23 cancels the activation setting of the terminal check handler, and returns to the process of step S23.

FIG. 10 is a flowchart showing a terminal check handler process of the wireless LAN router in the second embodiment.
In step S37 of FIG. 9, the wireless LAN router 3a is set by the management apparatus 2 so that this terminal check handler is activated at a predetermined cycle.
In steps S60 to S68, the check request unit 34 repeats the process for all terminals 5 that have already been established.
In step S <b> 61, the check request unit 34 transmits a check request to the terminal 5. Here, the node C indicates a path of information received by the terminal 5 in step S44 of FIG.
In step S <b> 62, the check request unit 34 determines whether there is a response from the terminal 5. If the determination condition is satisfied (Yes), the check request unit 34 performs the process of step S63. If the determination condition is not satisfied (No), the check request unit 34 performs the process of step S66. Here, the node D indicates a path of information received from the terminal 5 in steps S49 and S50 of FIG.
In step S63, the check request unit 34 receives a response to the check request.
In step S64, the check request unit 34 determines whether the response is an error. If the determination condition is satisfied (Yes), the check request unit 34 performs the process of step S66. If the determination condition is not satisfied (No), the check request unit 34 performs the process of step S65.
In step S65, the check request unit 34 determines whether or not the response content is illegal. If the determination condition is satisfied (Yes), the check request unit 34 performs the process of step S66. If the determination condition is not satisfied (No), the check request unit 34 performs the process of step S67.
In step S66, the radio control unit 33 (radio control means) determines that the terminal 5 is in an unauthorized state and cancels the radio connection.
In step S67, the check request unit 34 records a check request log.
In step S68, the check request unit 34 determines whether or not the processing has been repeated for all the terminals 5 that have already been established. The check request unit 34 returns to the process of step S60 if the determination condition is not satisfied, and ends the process of FIG. 10 if the determination condition is satisfied.

FIG. 11 is a flowchart showing the processing of the terminal in the second embodiment.
The process shown in FIG. 11 is started when the user turns on the terminal 5.
In step S40, the wireless connection unit 52 of the terminal 5 determines whether or not the NFC card 6 has been compromised. If the determination condition is not satisfied (No), the wireless connection unit 52 returns to the process of step S40 again. If the determination condition is satisfied (Yes), the wireless connection unit 52 performs the process of step S41a.
In step S <b> 41 a, the wireless connection unit 52 acquires all SSID and encryption key information from the NFC card 6 by the card reader unit 53.
In step S42a, the wireless connection unit 52 sets all wireless LAN connections to which access authority is granted. That is, the wireless connection unit 52 sets all acquired SSIDs and encryption keys for the wireless communication unit 51.
In step S43a, the wireless connection unit 52 establishes a wireless LAN connection with all the wireless LAN routers 3a to which access authority is granted.
In step S44, the wireless connection unit 52 determines the state. The wireless connection unit 52 performs the process of step S46 if the user instructs power off, and performs the process of step S45 if the user instructs log off, and receives a check request from the wireless LAN router 3a. If so, the process of step S47 is performed. If not, the process returns to the process of step S44 again after performing a process (not shown). Here, the node C indicates the route of the information transmitted by the wireless LAN router 3a in step S61 of FIG.
In step S45, the wireless connection unit 52 performs a logoff process and ends the process of FIG.
In step S46, the wireless connection unit 52 performs a power-off process and ends the process of FIG.
In step S <b> 47, the wireless connection unit 52 determines whether or not the NFC card 6 is placed on the card reader unit 53. The wireless connection unit 52 performs the process of step S48 if the determination condition is satisfied (Yes), and performs the process of step S50 if the determination condition is not satisfied (No).
In step S <b> 48, the wireless connection unit 52 acquires ID information from the NFC card 6.
In step S49, the wireless connection unit 52 responds to the wireless LAN router 3a with ID information in association with the check request, and returns to the process of step S44. Here, the node D indicates the path of information received by the wireless LAN router 3a in step S62 of FIG.
In step S50, the wireless connection unit 52 returns an error response to the wireless LAN router 3a, and then returns to the process of step S44. Here, the node D indicates the path of information received by the wireless LAN router 3a in step S62 of FIG.

FIG. 12 is a sequence diagram showing delivery of encryption information in the second embodiment. The same reference numerals are given to the same elements as the encryption information delivery (see FIG. 6) of the first embodiment.
Processing of sequences Q10 to Q12 is the same as the processing of sequences Q10 to Q12 shown in FIG.
Processing of sequences Q20 to Q26 is the same as the processing of sequences Q20 to Q26 shown in FIG. After sequence Q26, the person who has started working removes the NFC card 6 from the time recorder 4, sits at his desk, and activates the terminal 5, for example.
Processing of sequences Q30 to Q32 is the same as the processing of sequences Q30 to Q32 shown in FIG. After sequence Q32, the person who went to work keeps on the NFC card 6 while using the terminal 5.
In sequence Q33, the wireless LAN router 3a transmits a check request to the terminal 5.
In sequence Q34, the terminal 5 transmits a check response to the wireless LAN router 3a. This check response includes ID information. The wireless LAN router 3a confirms that the ID information included in the check response exists in the permission list 252a, and confirms that it is the terminal 5 related to the authorized regular user.
When the predetermined period elapses, the wireless LAN router 3a transmits a check request to the terminal 5 in sequence Q35.
In sequence Q36, the terminal 5 transmits a check response to the wireless LAN router 3a.
By repeating the check request and the check response, the wireless LAN router 3a can confirm that the terminal 5 belongs to an authorized user and not an unauthorized user.
When the person who went to work finishes using the terminal 5, the NFC card 6 is separated from the terminal 5 and stored in his / her card case, for example. Since the terminal 5 does not recognize the NFC card 6, it does not transmit a check response to the wireless router 3a. Since the wireless router 3a cannot receive the check response correctly, the wireless router 3a disconnects the wireless LAN connection with the terminal 5.
As described above, the NFC card 6 in the second embodiment enables only a wireless LAN connection between one terminal 5 and the wireless router 3a at a time. As a result, unauthorized access due to impersonation can be prevented, and the security of wireless LAN connection can be further improved.

(Effect of 2nd Embodiment)
The second embodiment described above has the following effects (F) and (G).

(F) Since the terminal 5 connected to the wireless LAN router 3a is confirmed as an authorized user by the ID information included in the check response, the security of the network 9 is further improved. As a result, it is possible to provide a highly secure wireless LAN environment to SOHO (Small Office / Home Office) and small and medium-sized enterprises even without difficult knowledge and technology.

(G) The wireless connection unit 52 of the terminal 5 checks whether or not the NFC card 6 has been removed from the card reader unit 53, and when the NFC card 6 is removed, responds to the wireless LAN router 3a with an error. As a result, the encryption information automatic update system 1a can use the wireless LAN router 3a only while the NFC card 6 is placed on the card reader unit 53, so that unauthorized access due to impersonation can be prevented. A secure security environment.

(Configuration of Third Embodiment)

FIG. 13 is a schematic configuration diagram showing an automatic encryption information update system according to the third embodiment. The same reference numerals are assigned to the same elements as those in the encryption information automatic updating system 1 (see FIG. 1) of the first embodiment.
An encryption information automatic update system 1b according to the third embodiment is installed in, for example, each lecture room of a university, and records the attendance for students of the university and also uses the encryption for accessing the wireless LAN router 3 Information is provided.
The encryption information automatic update system 1b of the third embodiment includes a management device 2b different from the management device 2 (see FIG. 1) of the first embodiment, and a time recorder 4 (see FIG. 1) of the first embodiment. Is provided with a different attendance recording device 4b and a campus server 7.
The management device 2b of the third embodiment includes a storage unit 25b different from the storage unit 25 (see FIG. 1) of the first embodiment. The storage unit 25b of the third embodiment includes a permission list 252b different from the permission list 252 (see FIG. 1) of the first embodiment, and further includes a lecture time list 254. The permission list 252b and the lecture time list 254 will be described with reference to FIG.
The attendance recording device 4b corresponds to the time recorder 4 (see FIG. 1) of the first embodiment, a wired communication unit 41 that transmits and receives data via the network 9, and a display unit 42 that displays characters, figures, images, and the like. An attendance recording unit 43b for recording attendance, a card reader / writer unit 44 for reading and writing various information stored in the NFC card 6, an operation unit 45 for receiving user operations, and attendance recording information. Attendance record 48. The attendance recording device 4 b reads ID information stored in the NFC card 6 and records attendance at the lecture in the attendance record 48.
The encryption information automatic update system 1b of the third embodiment records the attendance of each student and provides the NFC card 6 with encryption information for accessing the wireless LAN router 3. Further, the encryption information automatic updating system 1b generates new encryption information every time the lecture time ends.

  FIGS. 14A to 14D are diagrams showing examples of various lists in the third embodiment.

FIG. 14A is an example of the ID information list 251 in the third embodiment.
The ID information list 251 of the third embodiment is configured in the same way as the ID information list 251 (see FIG. 2A) of the first embodiment.

FIG. 14B is an example of the permission list 252b in the third embodiment.
Unlike the permission list 252 of the first embodiment, the permission list 252b of the third embodiment includes only an ID information column 252b-1. When any student attends, an entry related to the ID information of the NFC card 6 possessed by the attendee is stored in the permission list 252. When the lecture ends, all entries in the permission list 252 are deleted.
The ID information column 252b-1 stores ID information stored in the NFC card 6 possessed by the attendee and ID information of the attendee. In the first embodiment, for example, a student ID number is stored as the identification information.

FIG. 14C is an example of the lecture time list 254 in the third embodiment.
The lecture time list 254 includes a lecture column 254-1, a lecture time column 254-2, and an attendance reception time column 254-3. The management device 2 refers to the lecture time list 254 and determines whether to accept attendance.
The lecture column 254-1 stores the types of lectures from the 1st class to the 5th class, and the types of opening and closing.
The lecture time column 254-2 stores the start time and end time of each lecture, or the opening and closing times.
The attendance acceptance time column 254-3 stores the time at which acceptance of attendance of each lecture is started and the time at which acceptance of attendance is stopped.

FIG. 14D is an example of the attendance record 48 in the third embodiment.
The attendance record 48 includes a type column 48-1, a date / time column 48-2, an ID information column 48-3, and a name column 48-4. When a new NFC card 6 is put on the time recorder 4 at the attendance time of a lecture, a new entry is added to the attendance record 48.
In the type column 48-1, type information indicating a lecture time is stored. In the third embodiment, the type information from the first lecture to the fifth lecture can be stored.
The date and time column 48-2 stores the date and time at which the lecture was attended.
The ID information column 48-3 stores a student ID number which is ID information (identification information) of the attended student.
The name column 48-4 stores the names of students who attended.

(Operation of Third Embodiment)

FIG. 15 is a flowchart showing card authentication processing of the attendance recording apparatus in the third embodiment.
When the power of the attendance recording apparatus 4b is turned on, the card authentication process of FIG. 15 is started.
In step S70, the card reader / writer unit 44 of the attendance recording apparatus 4b determines whether or not the NFC card 6 has been tampered with. If the determination condition is not satisfied (No), the card reader / writer unit 44 performs the process of step S70 again. If the determination condition is satisfied (Yes), the card reader / writer unit 44 performs the process of step S71.
In step S <b> 71, the card reader / writer unit 44 reads ID information from the NFC card 6.
In step S72, the attendance recording unit 43b transmits the ID information and the MAC address to the management device 2b by the wired communication unit 41. Here, the node A3 indicates a path of information received by the management apparatus 2b in step S81 of FIG.
In step S73, the attendance recording unit 43b determines whether the wired communication unit 41 has received data from the management device 2b. If the determination condition is not satisfied (No), the attendance recording unit 43b performs the process of step S73 again. If the determination condition is satisfied (Yes), the attendance recording unit 43b performs the process of step S74. Here, the node B3 indicates a path of information transmitted by the management apparatus 2b in steps S85, S88, and S90 of FIG.
In step S74, the attendance recording unit 43b determines the received content. The attendance recording unit 43b performs the process of step S75 if the received content is SSID, encryption key, and lecture information, and performs the process of step S78 if the received content is “attendance recorded” information. If the received content is “outside reception time” information, the process of step S79 is performed.
In step S75, the attendance recording unit 43b writes the SSID and the encryption key that are the received contents in the NFC card 6.
In step S76, the attendance recording unit 43b adds a new entry to the attendance record 48 and records attendance at this lecture.
In step S77, the attendance recording unit 43b displays on the display unit 42 that the attendance has been recorded, and the process returns to step S70.
In step S78, the attendance recording unit 43b displays on the display unit 42 that the attendance has been recorded, and the process returns to step S70.
In step S79, the attendance recording unit 43b displays on the display unit 42 that it is outside the reception time for attendance, and the process returns to step S70.

  FIGS. 16A and 16B are flowcharts showing a card authentication process and an encryption information generation handler process of the management apparatus according to the third embodiment.

FIG. 16A is a flowchart showing card authentication processing of the management apparatus in the third embodiment.
When the power of the management apparatus 2 is turned on, the card authentication process in FIG.
In step S80, the ID information management unit 23 sets activation of the encryption information generation handler. The cryptographic information generation handler is activated at the opening time, the end time of each lecture, and the closing time.
In step S81, the wired communication unit 21 receives the ID information from the attendance recording device 4b. Here, the node A3 indicates the path of the ID information transmitted by the attendance recording apparatus 4b in step S72 of FIG.
In step S82, the ID information management unit 23 determines whether or not the ID information received from the attendance recording device 4b is a connection permission target ID. The ID information management unit 23 performs the process of step S83 if the determination condition is not satisfied (No), and performs the process of step S84 if the determination condition is satisfied (Yes). Here, if the ID information received from the attendance recording device 4b is the same as that stored in any ID information column 251-1 of the ID information list 251, the ID information management unit 23 connects. It is determined that the ID is a permission target ID.
In step S83, the ID information management unit 23 records the unauthorized access in the unauthorized access log 253 and returns to the process in step S81.

In step S84, the ID information management unit 23 determines whether it is currently an attendance reception time. The ID information management unit 23 performs the process of step S85 if the determination condition is not satisfied (No), and performs the process of step S86 if the determination condition is satisfied (Yes).
In step S85, the ID information management unit 23 notifies the attendance recording device 4b that it is outside the acceptance time of attendance, and the process returns to step S81. Here, the node B3 indicates the path of the SSID, encryption key, and lecture information received by the attendance recording apparatus 4b in step S73 of FIG.
In step S86, the ID information management unit 23 determines whether or not the ID information received from the attendance recording device 4b is already a connection permitted ID. The ID information management unit 23 performs the process of step S87 if the determination condition is not satisfied (No), and performs the process of step S90 if the determination condition is satisfied (Yes). If the ID information received from the attendance recording device 4b is the same as that stored in any ID information column 252b-1 of the permission list 252b, the ID information management unit 23 has already established a connection permitted ID. It is judged that.
In step S87, the ID information management unit 23 registers the received ID information in the permission list 252b.
In step S88, the ID information management unit 23 supplies (transmits) the SSID, the encryption key, and the lecture information to the attendance recording apparatus 4b. Here, the node B3 indicates the path of the SSID, encryption key, and lecture information received by the attendance recording apparatus 4b in step S73 of FIG.
In step S89, the ID information management unit 23 turns on the wireless LAN router 3 and returns to the process of step S81.

  In step S90, the ID information management unit 23 notifies the attendance recording apparatus 4b that the attendance has already been recorded, and the process returns to step S81. Here, the node B3 indicates the path of the SSID, encryption key, and lecture information received by the attendance recording apparatus 4b in step S73 of FIG.

FIG. 16B is a flowchart showing the processing of the encryption information generation handler of the management apparatus in the third embodiment.
When the management device 2 performs the process of step S80 of FIG. 16A, the encryption information generation handler is set to start at a predetermined time. In the third embodiment, the cryptographic information generation handler is activated at the opening time, the end time of each lecture, and the closing time. When the predetermined time comes, the management device 2 activates the processing of the encryption information generation handler.
In step S100, the ID information management unit 23 initializes the permission list 252b and deletes all entries.
In step S <b> 101, the power management unit 24 turns on the power of the wireless LAN router 3.
In step S <b> 102, the encryption information generation unit 22 newly generates an SSID and an encryption key and sets them in the wireless LAN router 3.
In step S103, the power management unit 24 turns off the power of the wireless LAN router 3, and ends the process of FIG.

(Effect of the third embodiment)
The third embodiment described above has the following effects (H) to (K).

(H) When the user puts the NFC card 6 on the attendance recording device 4b, the encryption information automatic update system 1b records attendance of the lecture and also stores encryption information for accessing the wireless LAN router 3 in the NFC card 6. I am writing. Thereby, the user can easily acquire the encryption information for accessing the wireless LAN router 3.

(I) The encryption information automatic update system 1b generates new encryption information at a predetermined time (lecture end, opening, closing). Thereby, for example, new encryption information is generated every lecture time, so that security can be improved.

(J) The encryption information automatic update system 1b generates new encryption information and initializes the permission list 252b at a predetermined time (lecture end, opening, closing). This eliminates the need for the user to record the exit after recording the attendance, thereby improving convenience.

(K) The encryption information automatic update system 1b generates new encryption information and then writes the encryption information to the NFC card 6 when the NFC card 6 related to the ID information that may be connected first is deceived. At the same time, the power of the wireless LAN router 3 is turned on. Thereby, in a state where there is no attendee of the lecture, the power of the wireless LAN router 3 can be turned off to reduce power consumption. Furthermore, unauthorized access to the wireless LAN router 3 by unauthorized users can be prevented in a time zone when there are no attendees of the lecture.

(Configuration of Fourth Embodiment)

FIG. 17 is a schematic configuration diagram showing an automatic encryption information update system in the fourth embodiment.
The encryption information automatic update system 1c according to the fourth embodiment is introduced into, for example, a business hotel, for example, and provides users with encryption information for accessing the wireless LAN router 3 and an account for accessing the video server 8. Information is provided. The encryption information automatic update system 1c according to the fourth embodiment includes a management device 2c different from the management device 2 according to the first embodiment (see FIG. 1), and a wireless LAN router 3 according to the first embodiment (see FIG. 1). ) Two wireless LAN routers (A) 3-1 (first wireless communication means) and wireless LAN router (B) 3-2 (second wireless communication means) similar to those of the first embodiment, It includes an encryption information supply device 4c different from the time recorder 4 (see FIG. 1), and further includes a moving image server 8. Hereinafter, when the wireless LAN router (A) 3-1 and the wireless LAN router (B) 3-2 are not particularly distinguished, they are simply referred to as a wireless LAN router 3.

The management device 2c of the fourth embodiment includes a storage unit 25c different from the storage unit 25 (see FIG. 1) of the first embodiment. The storage unit 25c according to the fourth embodiment includes an ID information list 251 similar to the ID information list 251 according to the first embodiment (see FIG. 1), and an unauthorized access log 253 according to the first embodiment (see FIG. 1). And an unauthorized access log 253 similar to the above.
The encryption information supply device 4c of the fourth embodiment includes a wired communication unit 41, a display unit 42, a card reader / writer unit 44, and an operation unit similar to the time recorder 4 (see FIG. 1) of the first embodiment. 45. Furthermore, the encryption information supply apparatus 4c of the fourth embodiment includes an encryption supply unit 43c and a printing unit 49 that prints characters, figures, and the like on paper. The encryption information supply device 4c according to the fourth embodiment supplies encryption information for accessing the wireless LAN router 3 to the user's NFC card 6.
The moving image server 8 provides moving image streaming content to the terminal 5 accessed with a predetermined account.

(Operation of Fourth Embodiment)

FIG. 18 is a flowchart showing card authentication processing of the encryption information supply apparatus in the fourth embodiment.
When the power of the encryption information supply device 4c is turned on, the card authentication process of FIG. 18 starts.
In step S110, the card reader / writer unit 44 of the encryption information supply device 4c determines whether or not the NFC card 6 has been inserted. If the determination condition is not satisfied (No), the card reader / writer unit 44 performs the process of step S110 again. If the determination condition is satisfied (Yes), the card reader / writer unit 44 performs the process of step S111.
In step S <b> 111, the card reader / writer unit 44 reads ID information from the NFC card 6.
In step S112, the encryption supply unit 43c transmits the ID information and the MAC address to the management device 2c by the wired communication unit 41. Here, the node A4 indicates a path of information received by the management apparatus 2c in step S121 of FIG. 19 described later.
In step S113, the wired communication unit 41 determines whether data is received from the management device 2c. If the determination condition is not satisfied (No), the wired communication unit 41 performs the process of step S113 again. If the determination condition is satisfied (Yes), the wired communication unit 41 performs the process of step S114. Here, the node B4 indicates a path of information transmitted by the management apparatus 2c in steps S125 and S126 of FIG. 19 described later.
In step S114, the encryption supply unit 43c determines the received content. The wired communication unit 41 performs the process of step S115 if the received content is the SSID, the encryption key, and the account information of the moving image server 8, and performs the process of step S117 if the received content is error information. .
In step S115, the cipher supply unit 43c writes the received SSID, the encryption key, and the account information of the moving image server 8 to the NFC card 6 by the card reader / writer unit 44.
In step S116, the cipher supply unit 43c causes the printing unit 49 to print the SSID, the encryption key, and the account information of the moving image server 8 that are the received contents, and then returns to the process of step S110.
In step S116, the cipher supply unit 43c displays an error on the display unit 42, and then returns to the process of step S110.

  FIGS. 19A and 19B are flowcharts showing a card authentication process and an encryption information generation handler process of the management apparatus in the fourth embodiment.

FIG. 19A is a flowchart showing card authentication processing of the management device 2c in the fourth embodiment.
When the power of the management apparatus 2c is turned on, the card authentication process of FIG. 19A starts.
In step S120, the ID information management unit 23 sets activation of the encryption information generation handler. The encryption information generation handler starts at 11:00 am every day.
In step S121, the wired communication unit 21 receives the ID information from the encryption information supply device 4c. Here, the node A4 indicates the path of the ID information transmitted by the encryption information supply device 4c in step S112 of FIG.
In step S122, the ID information management unit 23 determines whether or not the ID information received from the encryption information supply device 4c is a connection permission target ID. Here, if the determination condition is not satisfied (No), the ID information management unit 23 performs the process of step S123, and if the determination condition is satisfied (Yes), performs the process of step S124. If the ID information received from the encryption information supply device 4c is the same as that stored in any ID information column 251-1 of the ID information list 251, the ID information management unit 23 is subject to connection permission. Judged to be ID.
In step S123, the ID information management unit 23 notifies the encryption information supply device of an error, and returns to the process of step S121.

In step S124, the ID information management unit 23 calculates today's Julian day and determines whether it is an even number. The ID information management unit 23 performs the process of step S126 if the determination condition is not satisfied (No), and performs the process of step S125 if the determination condition is satisfied (Yes). The Julian day refers to the number of days since noon (universal standard time) on January 1, 4713 BC.
In step S125, the ID information management unit 23 supplies the SSID and encryption key of the wireless LAN router (B) 3-2 and the account (Y) of the video server 8 to the encryption information supply device 4c. The process returns to step S121. Here, the node B4 indicates the path of the SSID and the encryption key received by the encryption information supply device 4c and the account information of the moving image server 8 in step S113 of FIG.
In step S126, the ID information management unit 23 supplies the SSID and encryption key of the wireless LAN router (A) 3-1 and the account (X) of the video server 8 to the encryption information supply device 4c. The process returns to step S121. Here, the node B4 indicates the path of the SSID and the encryption key received by the encryption information supply device 4c and the account information of the moving image server 8 in step S113 of FIG.

FIG. 19B is a flowchart showing the encryption information generation handler process of the management device 2c in the fourth embodiment.
In step S130, the cipher information generation unit 22 calculates today's Julian day and determines whether it is an even number. If the determination condition is not satisfied (No), the cryptographic information generation unit 22 performs the process of step S134. If the determination condition is satisfied (Yes), the encryption information generation unit 22 performs the process of step S131.
In step S131, the encryption information generation unit 22 generates an SSID and an encryption key and sets them in the wireless LAN router (B) 3-2.
In step S132, the encryption information generation unit 22 instructs the moving image server 8 to stop the account (Y) that has been supplied to the NFC card 6 so far.
In step S133, the encryption information generation unit 22 acquires a new account (Y) from the moving image server 8, and ends the process of FIG.
In step S134, the encryption information generation unit 22 generates an SSID and an encryption key, and sets them in the wireless LAN router (A) 3-1.
In step S135, the encryption information generation unit 22 instructs the moving image server 8 to stop the account (X) that has been supplied to the NFC card 6 so far.
In step S136, the encryption information generation unit 22 acquires a new account (X) from the moving image server 8, and ends the process of FIG.

(Effect of the fourth embodiment)
The fourth embodiment described above has the following effects (L) to (N).

(L) The management device 2c sets the newly generated encryption information (SSID and encryption key) alternately for the two wireless LAN routers 3 at a predetermined cycle, and sets the most recently set encryption information to the NFC card. 6 is supplied. Thereby, the user can access the wireless LAN router 3 by the supplied encryption information at least for a predetermined period.

(M) The encryption information automatic update system 1c stores the account of the moving image server 8 that can be accessed via the wireless LAN router 3 together with the encryption information for accessing the wireless LAN router 3 with respect to the user's NFC card 6. Supply. Thereby, the user can acquire information necessary for using the system at once.

(N) The encryption information automatic update system 1c issues an account (X) and an account (Y) of the video server 8, updates the account information alternately at a predetermined cycle, and updates the account information updated most recently to the NFC card. 6 is supplied. Thereby, the user can log in to the moving image server 8 with the account information supplied to the NFC card 6 at least for a predetermined period.

(Modification)
The present invention is not limited to the above-described embodiment, and can be modified without departing from the spirit of the present invention. For example, there are the following (a) to (k).

(A) The encryption information automatic update systems 1, 1 a, 1 b, and 1 c according to the first to fourth embodiments all transmit encryption information for accessing the wireless LAN routers 3 and 3 a to the terminal 5 via the NFC card 6. It has been handed over. However, the present invention is not limited to this, and the encryption information automatic update system is an encryption for accessing the wireless LAN routers 3 and 3a by directly pointing the terminal 5 having the NFC function to the card reader / writer unit 44 such as the time recorder 4. Information may be acquired.

(B) The terminal 5 is not limited to a computer, and may be a so-called smartphone, mobile phone, touch panel terminal, or the like.

(C) The communication between the time recorder 4 and the terminal 5 is not limited to the communication via the NFC card 6, but other nearby devices such as Bluetooth (registered trademark), ZIGBEE (registered trademark), WiFi (registered trademark), Transfer Jet, and the like. Infrared communication such as distance wireless communication, visible light communication, or IrDA (Infrared Data Association) may be used.

(D) The encryption information automatic update system 1c of the fourth embodiment is not limited to application to a business hotel. For example, in a video rental store, encryption information for accessing the wireless LAN routers 3 and 3a, An account may be supplied to a server that manages the rental status of rental content. As a result, since the management server can be accessed simply by pointing a smartphone having an NFC function to a card reader / writer of a video rental store, the rental status of rental content can be easily viewed. Also, the video rental store operator can easily grasp the rental contents that the user is interested in by recording the access status to the management server.

(E) The encryption information automatic update system 1c of the fourth embodiment is not limited to application to a business hotel. For example, it is a service for accessing a public wireless LAN in an Internet cafe, a library, an airport lounge, a coffee shop, or the like. You may apply.

(F) The encryption information automatic update system 1 of the first embodiment is not limited to the configuration of FIG. For example, the time recorder 4 may have a configuration in which the management device 2 and the wireless LAN router 3 are incorporated, or the management device 2 may have a configuration in which the wireless LAN router 3 is incorporated.

(G) The power management unit 24 of the encryption information automatic updating system 1 of the first embodiment turns on and off the power of the wireless LAN router 3. However, the present invention is not limited to this, and the power management unit 24 may be configured to turn on and off the power of the wireless communication unit 32, and is not limited thereto.

(H) The encryption information generation unit 22 of the encryption information automatic update system 1 of the first embodiment generates an SSID and an encryption key and sets them in the wireless communication unit 32 of the wireless LAN router 3. However, the present invention is not limited to this, and the encryption information generation unit 22 may generate only the encryption key and set it in the wireless communication unit 32 of the wireless LAN router 3.

(I) The power management unit 24 of the encryption information automatic update system 1 according to the first embodiment turns off the power of the wireless LAN router 3 after the encryption information generation unit 22 generates the SSID and the encryption key. However, the present invention is not limited to this, and the encryption information generation unit 22 may generate the SSID and the encryption key after the power management unit 24 turns on the power of the wireless LAN router 3.

(J) The attendance record 46 of the first and second embodiments is provided in the time recorder 4. However, the present invention is not limited to this, and the management devices 2 and 2a may be provided.

(K) The attendance record 48 of the third embodiment is provided in the attendance recording device 4b. However, the present invention is not limited to this, and the management apparatus 2b may be provided.

1, 1a, 1b, 1c Cryptographic information automatic update system 2, 2a, 2b, 2c Management device 21 Wired communication unit 22 Cryptographic information generating unit (Cryptographic information generating means)
23 ID information management section (identification information management means)
24 Power management unit (Power management means)
25, 25a, 25b, 25c storage unit (storage means)
251 ID information list (identification information list)
252 Permit list 253 Unauthorized access log 254 Lecture time list 3, 3a-1, 3a-2 Wireless LAN router 31 Wired communication unit 32 Wireless communication unit (wireless communication means)
33 Radio control unit (Radio control means)
34 Check request section (Check request means)
4 Time recorder 4b Attendance recording device 4c Encryption information supply device 41 Wired communication unit 42 Display unit 43 Attendance recording unit 43b Attendance recording unit 43c Encryption supply unit 44 Card reader / writer unit (non-contact type communication means)
45 operation unit 46 attendance record 48 attendance record 49 printing unit 5 terminal 51 wireless communication unit 52 wireless connection unit 53 card reader unit 6 NFC card 61 antenna unit 62 control unit 63 storage unit (storage means)
7 Campus server 8 Movie server 9 Network

Claims (11)

Wireless communication means for establishing wireless communication with the terminal by means of encryption information;
Storage means for storing identification information;
Non-contact communication means for reading the identification information stored in the storage means;
Generating new encryption information and setting it in the wireless communication means;
Storage means for storing a list of identification information to be permitted for wireless communication;
If the identification information read from the storage means by the non-contact type communication means exists in the identification information list, the identification information management means for writing the encryption information to the storage means by the non-contact type communication means;
A cryptographic information automatic update system characterized by comprising: The encryption information is one of a wireless communication encryption key, or a wireless communication encryption key and an SSID (Service Set IDentifier) of the wireless communication means.
The system for automatically updating encryption information according to claim 1. Power management means for turning on the power of the wireless communication means when the encryption information is first transmitted to the storage means by the non-contact communication means;
The encryption information automatic update system according to claim 1 or 2, further comprising: The power management means turns on the power, and the encryption information generation means generates new encryption information.
The encryption information automatic update system according to claim 3, wherein: Before the power management means turns off the power, the encryption information generation means generates new encryption information;
The encryption information automatic update system according to claim 3, wherein: The identification information management means, if the identification information read from the storage means by the contactless communication means is present in the identification information list, further register the identification information in the permission list of the storage means,
The encryption information automatic update system according to claim 3, wherein: The identification information management means deletes the identification information related to the storage means from the permission list if the identification information read from the storage means by the contactless communication means exists in the permission list. To
The system for automatically updating cipher information according to claim 6. The power management unit turns off the power of the wireless communication unit when all identification information is deleted from the permission list by the identification information management unit.
The system for automatically updating cipher information according to claim 7. The power management means turns off the wireless communication means at a predetermined time;
The encryption information automatic update system according to claim 3, wherein: A check request unit that repeatedly acquires the identification information stored in the storage unit when wireless communication is established with the terminal by the encryption information of the storage unit;
A wireless control means for disconnecting wireless communication with the terminal when the check request means fails to acquire identification information;
The cryptographic information automatic update system according to claim 3, further comprising: A first wireless communication means and a second wireless communication means for establishing wireless communication by means of encryption information;
Storage means for storing identification information;
Non-contact communication means for reading the identification information stored in the storage means;
Encryption information generating means for generating encryption information at a predetermined time and alternately setting either one of the first wireless communication means and the second wireless communication means;
Storage means for storing a list of identification information to be permitted for wireless communication;
If the identification information read from the storage means by the non-contact type communication means is present in the identification information list, the identification that the encryption information generated most recently is written to the storage means by the non-contact type communication means Information management means;
A cryptographic information automatic update system characterized by comprising:

Images