JP2014033282A - Communication method, radio communication device, and program - Google Patents

Abstract

An object of the present invention is to safely and easily acquire identification information used for establishing communication.
A communication method for establishing a connection between a first wireless communication apparatus and a second wireless communication apparatus having a base station function for communicating with the first wireless communication apparatus, the first wireless communication apparatus comprising: Identification information used for identifying whether or not the second wireless communication device is the first wireless communication device to be connected from the first wireless communication device to the second wireless communication device can be set by the user An identification information transmission step of transmitting a frame set in the area, and the second wireless communication device establishes a connection between the first wireless communication device and the second wireless communication device based on the identification information And a generation step of generating code information generation data for generating code information used for the purpose.
[Selection] Figure 1

Description

  The present invention relates to a communication method, a wireless communication apparatus, and a program.

  The 802.11a / b / g / n wireless LAN technology defined by the IEEE (The Institute of Electrical and Electronic Engineers) 802.11 task group, which develops the standard for wireless LAN (Local Area Network), is currently available worldwide. It is popular in offices and homes.

  IEEE802.11a is a specification for communication using frequency bands of 5 GHz band, IEEE802.11b / g is 2.4 GHz band, and IEEE802.11n is both 5 GHz band and 2.4 GHz band. IEEE802.11n uses a wireless communication technique called MIMO (Multiple Input Multiple Output) that improves communication quality by combining a plurality of antennas on the transmission side and reception side.

  The IEEE 802.11a / g / n connection mode includes an infrastructure mode using an access point and an ad hoc mode not using an access point.

  In the infrastructure mode, there are stations that are wireless LAN terminals around the access point, and data transmission between a certain station and another station is performed via the access point. It is used in many environments such as offices and homes, and is a common connection form. When connecting a station and an access point, it is necessary to set an ESSID (Extended Service Set IDentifier) that is an identifier of the wireless LAN network and a passphrase for generating an encryption key on the station side. When compared with the above, it was complicated.

  Therefore, as a method for solving this complexity, Wi-Fi Alliance, which is a wireless LAN related industry group, uses WPS (Wi-Fi Protected), a standard for easily executing connection and security settings of wireless LAN devices. Setup) specifications have been formulated, and the corresponding devices have been certified since January 2007.

  In addition, communication devices equipped with a wireless LAN communication function, that is, Wi-Fi compatible devices are increasing from recent technological trends to personal computers, mobile phones, digital cameras, printers, keyboards, headphones, and the like. For this reason, there is a growing need for direct communication between devices without using an access point.

  Therefore, the specification “Wi-Fi Peer-to-Peer (P2P) Technical Specification Version 1.1” (hereinafter referred to as Wi-Fi Direct), which is directly communicated between Wi-Fi terminals, was established by Wi-Fi Alliance in October 2010. Was formulated. In Wi-Fi Direct, each Wi-Fi compatible device is equipped with a software access point function that realizes the function of the access point in the conventional infrastructure mode on software. Among a plurality of Wi-Fi compatible communication devices (P2P Devices) participating in the network, any one of the communication devices becomes a P2P Group Owner that actually executes the function of the software access point. Communication devices other than P2P Group Owner become P2P Clients and perform communication. The further spread of communication devices equipped with WPS is expected in the future.

  In WPS, a communication device that transmits a probe request for detecting a communicable access point, such as a station, is defined as Enrollee. Further, a communication device that is responsible for giving information such as an ESSID and a passphrase for generating an encryption key to an Enrollee that has transmitted a probe request, such as an access point, is defined as AP / Registrar.

  In WPS, a push button method and a PIN (Personal Identify Number) code method are defined as authentication methods for permitting connection only to authorized users.

  As for the push button method, when the user presses the push button on the AP / Registrar side, the AP / Registrar accepts the connection from the Enrollee for two minutes called Walk Time after the button is pressed. The user transmits a probe request to the AP / Registrar by pressing a button for requesting connection on the Enrollee side or performing an action corresponding to the button.

  The AP / Registrar sends information necessary for establishing a connection, such as an ESSID and a passphrase for generating an encryption key, to the Enrollee that has requested the connection.

  Enrollee uses the information received from the AP / Registrar to establish a connection and perform subsequent communication. However, in the push button method, when establishing a connection, it is necessary to go to the location where the AP / Registrar exists and press the button. In addition, there is a problem that connection is permitted when a person other than the authorized user makes a probe request within two minutes after the button is pressed.

  On the other hand, in the PIN code system, AP / Registrar and Enrollee share a PIN code that is a 4-digit or 8-digit number in advance, and this PIN code is used in the process of generating an encryption key used for authentication. Information such as a passphrase that is the basis of this encryption key (referred to as Credentials) is transmitted from the AP / Registrar to the Enrollee using the encryption key generated based on the PIN code. Therefore, only when the PIN codes shared between the AP / Registrar and the Enrollee match, the encryption keys of both correspond correctly, and Credentials can be transmitted.

  Patent Document 1 describes a technique for automatically generating an SSID based on a PIN code. According to this, the SSID is generated based on the PIN code on the assumption that only the authorized user knows. Therefore, if the stealth mode in which the SSID is not included in the beacon frame periodically transmitted by the access point is set, only the Enrollee that knows the SSID can connect to the AP / Registrar. That is, it is possible to avoid connection by a person other than the authorized user.

  Patent Document 2 describes a technique that uses a PIN code generated by using code generation information and authentication information associated with the user identifier of each user, as will be described later.

  In the PIN code method in WPS, the AP / Registrar must go to the installation location and push the button in the push button method, and overcome the problems such as permitting connection when a probe request is made by a person other than a regular user. Can do.

  However, in the PIN code method, an Enrollee user must input a PIN code set in the AP / Registrar to the Enrollee. In order to notify the user of this PIN code, for example, the PIN code is displayed by pasting a label on which the PIN code is written on the AP / Registrar or clicking the PIN code generation button on the web server connected to the AP / Registrar. To do. Therefore, a third party who should not be allowed to connect to the AP / Registrar knows the PIN code from the third party by looking into the label attached to the AP / Registrar or operating the web server. There is a risk of unauthorized connection.

  In order to avoid this risk, Patent Document 2 discloses that an account management apparatus corresponding to AP / Registrar generates code generation information, and the code generation information and authentication information associated with the user identifier of each user, A technique is described in which a PIN code is generated based on the SSID and transmitted to the Enrollee, and the Enrollee side generates a PIN code based on the received SSID and authentication information.

  However, in the technique of Patent Document 2, it is necessary to create a user identifier and authentication information for each user in advance, and manage these information on the account management apparatus side and the Enrollee side. As a result, there remain problems such as the user having to create information and complicated management of the information.

  Patent Document 1 describes a technique for automatically generating an SSID based on a PIN code. However, the trouble that a user has to grasp and input a PIN code cannot be solved.

  Therefore, the present invention has been made in view of the above problems, and an object of the present invention is to obtain identification information used for establishment of communication safely and easily.

  In order to solve the above-described problem, the present invention provides communication when a connection is established between a first wireless communication apparatus and a second wireless communication apparatus having a function of a base station that communicates with the first wireless communication apparatus. Identification information used for identifying whether or not the second wireless communication device is a first wireless communication device to be connected from the first wireless communication device to the second wireless communication device. Transmitting an identification information transmission step for transmitting a frame set in an area that can be set by the user, and the second wireless communication device and the second wireless communication based on the identification information. There is provided a communication method including a generation step of generating code information generation data for generating code information used for establishing a connection with an apparatus.

  According to the present invention, identification information used for establishing communication can be acquired safely and easily.

It is a figure which shows an example of a structure of the radio | wireless communications system in embodiment of this invention. It is a figure which shows an example of the hardware constitutions of the station in embodiment of this invention. It is a figure which shows an example of the hardware constitutions of the access point in embodiment of this invention. It is a figure which shows an example of the function structure of the station in embodiment of this invention. It is a figure which shows an example of the frame format of the probe request | requirement in which the connecting terminal identification information in embodiment of this invention is set. It is an example of the connection terminal identification information in which the dummy data in the embodiment of the present invention is incorporated. It is a figure which shows an example of the function structure of the station in embodiment of this invention. It is a flowchart figure which shows an example of the process sequence of PIN code generation in embodiment of this invention. It is a sequence diagram which shows an example of the operation | movement procedure of the radio | wireless communications system in embodiment of this invention. It is a figure which shows an example of the network scan execution screen of the wireless utility tool in embodiment of this invention. It is a figure which shows an example of the connection execution screen of the wireless utility tool in embodiment of this invention. It is a figure which shows an example of a function structure of the radio | wireless utility tool for stations in the modification of embodiment of this invention. It is a flowchart figure which shows an example of the connection procedure of the push button system / PIN code system in the modification of embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

In the embodiment of the present invention, the data in the second layer of the OSI (Open Systems Interconnection) reference model is referred to as a frame.
[System configuration]
1A and 1B are diagrams illustrating an example of a configuration of a wireless communication system 1 according to an embodiment of the present invention. In the embodiment of the present invention, the wireless communication system 1 may have any one of the configurations shown in FIGS.

  The wireless communication system 1 in FIG. 1A includes stations 100a, 100b,... 100n (hereinafter, referred to as station 100 when not distinguished from each other) and an access point 200. The station 100 and the access point 200 communicate via a wireless local area network (LAN) 99. Here, the station 100 is a device that transmits a probe request defined as Enrollee in WPS (Wi-Fi Protected Setup). The access point 200 is a device having a role of providing information such as an SSID and a passphrase for generating an encryption key to an Enrollee that has transmitted a probe request defined as AP / Registrar in WPS.

  The station 100 has a function of performing wireless communication based on the IEEE 802.11a / b / g / n standard. The station 100 is a smartphone, a PC (Personal Computer), a tablet terminal, an MFP (Multifunction Peripheral), a digital camera, or the like.

  The access point 200 periodically transmits a beacon frame to the surroundings. The beacon frame includes a channel (frequency range), ESSID, supported transmission speed, security method, time stamp, QoS, and the like. When the station 100 enters the reach range of the beacon frame, the station 100 receives the beacon frame and transmits a probe request. Thereafter, wireless communication is possible between the access point 200 and the station 100 through authentication processing and connection processing.

  The wireless communication system 1 in FIG. 1B is a connection form using Wi-Fi Direct, and includes a P2P Group Owner 400 that realizes the function of an access point on software, and a P2P Client 300 that is a client terminal. A plurality of P2P Clients 300 may exist. The P2P Client 300 and the P2P Group Owner 400 communicate via a wireless LAN 99 (Local Area Network). P2P Client 300 is Enrollee and P2P Group Owner 400 is AP / Registrar in terms of function sharing in WPS. The functions of the P2P Client 300 and the P2P Group Owner 400 are equivalent to the functions of the station 100 and the access point 200, respectively. The P2P Client 300 and the P2P Group Owner 400 are, for example, a smartphone, a PC (Personal Computer), a tablet terminal, an MFP, a digital camera, and the like.

The embodiment of the present invention will be described based on the wireless communication system 1 in FIG. The present invention can also be implemented in the Wi-Fi Directs specification system of FIG.
[Operation overview]
In the embodiment of the present invention, the wireless communication system 1 operates as follows in order to enable wireless LAN communication between the station 100 and the access point 200. In the embodiment of the present invention, the wireless LAN connection procedure uses the PIN code system defined in WPS.

  First, in an initial state, the station 100 cannot detect the access point 200 (in the case of active scanning), or receives a beacon frame transmitted from the access point 200 and designates the access point 200 to which the user of the station 100 wants to connect. This is the previous state (in the case of passive scanning). In any of these states, the station 100 knows an ESSID (Extended Service Set Identifier) that is a network identifier of the access point 200 to be connected.

  In the embodiment of the present invention, communication is established between the station 100 and the access point 200 using the connection terminal identification information between the station 100 and the access point 200. The connection terminal identification information is a plurality of digits of identification information including alphanumeric characters, symbols, etc., or combinations thereof indicating that connection to the access point 200 is possible. If the connection terminal identification information held by the access point 200 matches the connection terminal identification information held by the station 100, the station 100 executes the subsequent authentication procedure and connection procedure as a connectable terminal.

  In the embodiment of the present invention, a hash function is used to generate a PIN code. The hash functions used in the station 100 and the access point 200 are the same.

  Hereinafter, an outline of the operation will be described in (1) to (4).

  (1) First, a probe request is transmitted from the station 100 to the access point 200. In this probe request, ESSID and connection terminal identification information are set. This connection terminal identification information is set in an area that can be arbitrarily used by a user (vendor) defined in, for example, the IEEE 802.11 probe request frame format.

  (2) The access point 200 receives a probe request including an ESSID that matches the ESSID set in the own device, and generates a probe request response based on connection terminal identification information included in the probe request. Specifically, it is determined whether or not the connection terminal identification information included in the received probe request matches the connection terminal identification information held by the access point 200. If they match, a probe request response in which the ESSID and PIN code generation data are set is transmitted to the station 100. The PIN code generation data is original data (one of the input values of the hash function) for generating a PIN code, and is randomly generated every time the access point 200 transmits a probe request response. The PIN code generation data is set in an area that can be arbitrarily used by a user (vendor) specified in, for example, a frame format of a probe request response of IEEE 802.11. On the other hand, if the connection terminal identification information included in the received probe request does not match the connection terminal identification information held by the access point 200, a probe request response not including PIN code generation data is generated and transmitted to the station 100. Is done.

  (3) Next, the station 100 and the access point 200 generate a PIN code. In the embodiment of the present invention, the output value of the hash function using the input value as the ESSID and PIN code generation data is the PIN code. Here, as described above, since the station 100 and the access point 200 use the same hash function, the PIN code is the same if the ESSID and PIN code generation data held by the station 100 and the access point 200 are the same.

  (4) Thereafter, when a PIN code connection procedure using WPS is executed and the PIN codes generated in the station 100 and the access point 200 match, information (Credentials) necessary for authentication is transmitted from the access point 200 to the station 100. Is done. Thereafter, when the authentication procedure is completed, communication is started between the station 100 and the access point 200.

Through the operations (1) to (4) above, the user of the station 100 does not need a complicated manual input operation of the PIN code and can connect only the station 100 that can be connected to the access point 200 in advance. High security can be realized. Further, since the connection terminal identification information and the PIN code generation data are set in the frame format of the IEEE802.11 specification, the implementation of the present invention becomes easy.
[Hardware configuration]
An example of the hardware configuration of the station 100 and the access point 200 in the embodiment of the present invention will be described with reference to FIGS. 2 and 3 below. 2 and 3 show the device driver and firmware.

<Station>
FIG. 2 is a diagram showing an example of the configuration of the station 100 in the embodiment of the present invention. FIG. 2 shows an example in which a wireless LAN defined in the IEEE802.11a / b / g / n specification is used as a wireless communication protocol.

  The station 100 includes a station main body 110, a WLAN card 120, an operation unit 130, a display unit 140, and the like. The station main body 110, the WLAN card 120, the operation unit 130, and the display unit 140 are connected via a bus 150.

  The station main body 110 includes a main CPU (Central Processing Unit) 111, a memory device 112, an auxiliary storage device 113, a device driver 114, a bus control unit 115, and the like. The WLAN card 120 includes a firmware 121, a local CPU 122, a bus control unit 123, a WLAN MAC 124, a WLAN PLCP 125, and an RF (Radio Frequency) unit 126.

  A program for realizing processing in the station 100 is installed in the auxiliary storage device 113. The auxiliary storage device 113 stores the installed station program and also stores necessary files and data. The auxiliary storage device is, for example, a hard disk. The station program includes a station wireless utility tool 1000 according to an embodiment of the present invention described later. The station wireless utility tool 1000 is software having a function for realizing connection with the access point 200, and is preinstalled in the station 100 in the embodiment of the present invention. The station wireless utility tool 1000 may be installed when the station 100 is shipped, or may be installed after the station 100 is started up via download from the Internet or an external recording medium.

  The memory device 112 reads the program from the auxiliary storage device 113 and stores it when there is an instruction to start the program from the main CPU 111. The memory device 112 stores necessary files, data, applications, and the like. The memory device 112 is, for example, a ROM, RAM, NVRAM, or the like.

  The main CPU 111 executes programs, device drivers 114, and the like.

  The device driver 114 controls the WLAN MAC 124 in cooperation with the firmware 121.

  The bus control unit 115 controls the bus 150 in cooperation with the bus control unit 123 in the WLAN card 120.

  The local CPU 122 of the WLAN card 120 causes the firmware 121 to be executed. The firmware 121 controls the WLAN MAC 124 by reading / writing values from / to the registers of the WLAN MAC 124.

  The bus control unit 123 controls the bus 150 in cooperation with the bus control unit 115 in the station main body 110.

  The WLAN MAC 124 generates data to be transmitted and disassembles received data.

  The WLAN PLCP 125 converts the digital data generated by the WLAN MAC 124 into an electrical signal, converts the received electrical signal into digital data, and passes it to the WLAN MAC 124.

  The RF unit 126 performs frequency conversion between the frequency of the electrical signal and the frequency of the radio wave.

  The operation unit 130 is a soft key such as a hard key, a button, a mouse, and a touch panel for a user to perform an input operation such as setting and command. The operation content is notified to the main CPU 111.

  The display unit 140 is a user interface screen such as a liquid crystal or an organic EL (Electro Luminescence) on which various kinds of information such as a cursor, menu, window, character, or image are displayed and output to the user.

<Access point>
FIG. 3 is a diagram showing an example of the configuration of the access point 200 in the embodiment of the present invention. FIG. 3 shows an example in which a wireless LAN defined in the IEEE802.11a / b / g / n specification is used as a wireless communication protocol.

  The access point 200 includes an access point main body 210, a WLAN card 220, an Ethernet (registered trademark) card 230, an operation unit 240, a display unit 250, and the like. The access point main body 210, the WLAN card 220, the Ethernet card 230, the operation unit 240, and the display unit 250 are connected via a bus 260.

  The access point main body 210 includes a main CPU 211, a memory device 212, an auxiliary storage device 213, a device driver 214, a bus control unit 215, and the like. The WLAN card 220 includes firmware 221, a local CPU 222, a bus control unit 223, a WLAN MAC 224, a WLAN PLCP 225, an RF unit 226, and the like. The hardware of the access point main body 210 and the WLAN card 220 perform the same operation as that of the hardware of the station 100 in FIG. Therefore, these descriptions are omitted.

  However, the memory device 212 and the auxiliary storage device 213 are different from FIG. 2 in that a program for an access point is stored, and that the program includes an access point wireless utility tool 2000 described later.

In addition, the access point 200 is provided with an Ethernet card 230 for wired connection to the Internet, an intranet, or a LAN by Ethernet stipulated in IEEE 802.3. However, in the case of a connection form using Wi-Fi Direct, the P2P Group Owner 400 may not include the Ethernet card 230.
[Function configuration]
<Station>
FIG. 4 is a diagram illustrating an example of a functional configuration of the station 100 according to the embodiment of the present invention. Each function is realized by the main CPU 111 in FIG. 2 executing a program and cooperating with hardware.

  The station 100 includes probe request generation means 1001, probe request transmission / response reception means 1002, PIN code generation / calculation means 1003, authentication / connection control means 1004, authentication / connection request transmission / response reception means 1005, storage means 1006, user An I / F control unit 1007 and a wireless LAN communication I / F unit 1008 are included. Among these functions, the station wireless utility tool 1000 includes a probe request generation unit 1001 and a PIN code generation / calculation unit 1003.

  The probe request generation unit 1001 generates a probe request to be transmitted to the access point 200 in order to detect a communicable access point 200. In the probe request, the ESSID and connection terminal identification information stored in the storage unit 1006 are set.

  In the embodiment of the present invention, the connection terminal information is set in an area that can be arbitrarily set by the user (vendor) in the signal format of the probe request. Specifically, the connection terminal identification information is set in the Vendor Specific Attribute area included in the probe request frame format defined in the IEEE802.11a / b / g / n specification. FIG. 5 is a diagram showing an example of setting connection terminal identification information to the probe request frame format defined in IEEE 802.11 in the embodiment of the present invention. FIG. 5A is a diagram showing a format of a probe request frame (probe request frame), in which connection terminal information is set in a frame body area that can be set within a range of 0 to 2312 bytes. FIG. 5B is a diagram showing information elements (IEs) that can be set in the frame body, and includes a Vendor Specific IE. FIG. 5C is a diagram showing an information element (WSC IE) compliant with the WSC (Wi-Fi Simple Configuration Specification 2.0) specification set in the Vendor Specific IE. Note that WSC is a specification related to the WPS protocol. In the WSC specification, when “221” is set in the Element ID and “50 6F 9A 04” is set in the OUI (Organizationally Unique Identifier) area, the WSC IE indicates that the vendor is a Vendor Specific IE that can be arbitrarily used. Therefore, in the embodiment of the present invention, “221” is set as the Element ID, and “50 6F 9A 04” is set as the OUI. The WSC IE includes a WSC Attribute area, and the connected terminal identification information according to the embodiment of the present invention is set in this area. FIG. 5D is a diagram showing the setting contents of WSC Attribute when the Element ID is “221”. Here, when “221” is set in the Attribute ID of the WSC Attribute, the WSC Attribute indicates that the vendor is a Vendor Specific Attribute that can be arbitrarily used. Therefore, in the embodiment of the present invention, “221” is set in Attribute ID. Then, the connected terminal identification information is set in the Vendor Specific area of the WSC Attribute. As shown in FIG. 5D, for example, when the connection terminal identification information is “t5kw2r9e”, this data is set to Vendor Specific.

  Also, the terminal identification information does not necessarily need to be set at the beginning of the Vendor Specific Attribute. For example, as shown in FIG. 6, several bytes of dummy data created at random may be incorporated before or after the value of the terminal identification information. Good. FIG. 6 is an example of connection terminal identification information incorporating dummy data when dummy data is “A”, “B”, and “C”, for example. FIG. 6A shows an example in which dummy data is incorporated at the head of the connection terminal identification information. FIG. 6B shows an example in which dummy data is incorporated at the end of the connection terminal identification information. FIG. 6C shows an example in which dummy data is incorporated between the connection terminal identification information. Thereby, when the probe request frame is captured by a third party, it is possible to reduce a risk that the presence of the terminal identification information is known or decoded.

  In the embodiment of the present invention, the connection terminal identification information is set using the frame format of the probe request conforming to the specifications of IEEE802.11 and WSC in view of the ease of implementation of the technology of the present invention. The connection terminal identification information setting area is not limited to this. That is, the connection terminal identification information setting area is not limited to the name Vendor Specific. It is also possible to create a new signal and set connection terminal identification information in the signal.

  The connection terminal identification information is written in advance in the ROM or the like of the memory device 112 of the station 100, or is set in the memory device 112 when the station wireless utility tool 1000 is installed. For example, connection terminal identification information may be assigned when the station wireless utility tool 1000 is downloaded from the Internet.

  In the access point 200 that has received the probe request, if the connection terminal identification information included in the probe request matches the terminal identification information set in advance in the access point 200, the access point 200 changes to the station 100. A probe request response including PIN code generation data, which is information necessary for connection, is transmitted.

  Note that a plurality of terminal identification information held by the access point 200 may exist for each station 100 to be connected.

  The probe request transmission / response reception unit 1002 transmits the probe request generated by the probe request generation unit 1001 to the access point 200 via the wireless LAN communication I / F unit 1008. The probe request transmission / response receiving unit 1002 receives the probe request response transmitted from the access point 200 and stores the PIN code generation data included in the probe request response in the storage unit 1006.

  The PIN code generation / calculation means 1003 uses the input value as the ESSID and PIN code generation data included in the probe request response, and executes a calculation process using a hash function. The output value of this calculation process becomes the PIN code. The hash function used in the embodiment of the present invention is, for example, a one-way function SHA-1 (Secure Hash Algorithm 1) or MD5 (Message Digest 5). Note that the hash function to be used is not limited to this, and an appropriate hash function may be used in consideration of security and processing load of calculation.

  The PIN code generation / calculation means 1003 executes a hash function calculation process using the PIN code as an input value in the process of user authentication by EAP (Extensible Authentication Protocol) defined in IEEE 802.1x.

  The authentication / connection control unit 1004 generates a message used in an authentication request, a connection request, and a user authentication procedure using EAP in a PIN code connection procedure using WPS. It also controls the authentication / connection request transmission / response reception means 1005 to instruct frame transmission / reception.

  Authentication / connection request transmission / response reception means 1005 transmits the frame generated by authentication / connection control means 1004 to access point 200 via wireless LAN communication I / F means 1010, and the frame transmitted from access point 200 Accept.

  The storage unit 1006 stores ESSID, connection terminal identification information, hash function, PIN code, and the like. The ESSID stores the ESSID included in the beacon frame transmitted from the access point 200 in the case of the passive scan method, and is manually stored by the user of the station 100 or the like in the case of the active scan method. As described above, the connection terminal identification information is written in a ROM or the like at the time of product shipment of the station 100, stored in the station wireless utility tool 1000, or acquired or downloaded when the station 100 is downloaded. . The connection terminal identification information is data that can be updated. However, if it does not match the connection terminal identification information held by the access point 200 to be communicated with, it is not possible to communicate with that access point 200, so it is necessary to match the value with the access point 200 when updating the connection terminal identification information. . As the hash function, a hash function used for PIN code generation is stored. As the PIN code, the PIN code generated by the PIN code generation / calculation unit 1003 is stored. Note that the storage unit 1006 uses the memory device 112, the auxiliary storage device 113, or an external recording medium of FIG.

  The user I / F control unit 1007 controls the operation unit 130 and the display unit 140 shown in FIG. 2 to receive an instruction input from the user and display a screen for receiving the input.

  The wireless LAN communication I / F unit 1010 controls the WLAN card 120 shown in FIG. 2 and transmits and receives data based on the IEEE 802.3 standard.

<Access point>
FIG. 7 is a diagram showing an example of a functional configuration of the access point 200 in the embodiment of the present invention. Each function is realized by the main CPU 211 in FIG. 3 executing a program and cooperating with hardware.

  The access point 200 includes a probe request reception / response unit 2001, a PIN code generation data generation unit 2002, a probe request response generation unit 2003, a PIN code generation / calculation unit 2004, an authentication / connection request reception / response unit 2005, and an authentication / connection control. A unit 2006, a storage unit 2007, a wireless LAN communication I / F unit 2008, and the like. Among these functions, the access point wireless utility tool 2000 includes a PIN code generation data creation unit 2002, a probe request response generation unit 2003, and a PIN code generation / calculation unit 2004.

  The probe request acceptance / response unit 2001 accepts a probe request transmitted from the station 100. First, when the ESSID set in the received probe request does not match the ESSID held by the own device, the probe request reception / response unit 2001 discards the probe request. If it matches the ESSID held by itself, the probe request is analyzed and the process is continued. Next, it is determined whether or not the connection terminal identification information included in the received probe request matches the connection terminal information held by the access point 200. If they match, the probe request response generation unit 2003 is caused to execute a probe request response including the PIN code generation data. If they do not match, a probe request response that does not include PIN code generation data is generated. Further, the probe request reception / response unit 2001 transmits the probe request response generated by the probe request response generation unit 2003 to the station 100.

  The probe request response generation unit 2003 performs processing in response to the probe request response generation request from the probe request reception / response unit 2001 based on the received connection terminal identification information. If the connection terminal identification information included in the received probe request matches the connection terminal information held by the access point 200, a PIN code generation data generation request is made to the PIN code generation data generation unit 2002. Then, a probe request response including the created PIN code generation data and the ESSID set in the own device stored in the storage unit 2007 is generated. In the embodiment of the present invention, the PIN code generation data is set in the Vendor Specific area of the frame format of the probe request response. The contents set in the frame format are the same as when the connection terminal identification information is set in the probe request shown in FIG. The area for setting the PIN code generation data is not limited to this. On the other hand, if the connection terminal identification information included in the received probe request does not match the connection terminal information held by the access point 200, a probe request response not including the PIN code generation data is generated. When the probe request response generation unit 2003 generates a probe request response, the probe request reception / response unit 2001 requests transmission processing to the station 100.

  The PIN code generation data creation unit 2002 creates PIN code generation data based on the request from the probe request response generation unit 2003. The PIN code generation data is represented as random alphanumeric characters, symbols, or a combination thereof. The PIN code generation data creation unit 2002 notifies the generated PIN code generation data to the probe request response generation unit 2003.

  Similar to the PIN code generation / calculation unit 1003 of the station 100, the PIN code generation / calculation unit 2004 generates a PIN code using a hash function that conceals the contents of the calculation process. In the PIN code generation process, the PIN code is obtained as the output value of the hash function using the ESSID and PIN code generation data as the input values, as in the PIN code generation / calculation unit 1003 of the station 100. Therefore, when the PIN code generation / calculation unit 1003 of the station 100 and the PIN code generation / calculation unit 2004 of the access point 200 use the same SSID and PIN code generation data as the input value of the hash function, the PIN code that is the output value is Equivalent. Also, the PIN code generation / calculation means 2004 executes a hash function calculation process using the PIN code as an input value in the process of user authentication by EAP defined in IEEE 802.1x.

  The authentication / connection control unit 2006 generates an authentication request response, a connection request response in a PIN code connection procedure using WPS, and a message used in a user authentication procedure using EAP. Further, the authentication / connection request reception / response unit 2005 is controlled to instruct frame transmission / reception.

  The authentication / connection request reception / response unit 2005 transmits the frame generated by the authentication / connection control unit 2006 to the station 100 via the wireless LAN communication I / F unit 2008, and receives the frame transmitted from the station 100.

  The storage unit 2007 stores ESSID, connection terminal identification information, hash function, PIN code, and Credentials that are information necessary for authentication. As the storage unit 2007, the memory device 212, the auxiliary storage device 213, and the external recording medium of FIG. 3 are used.

The wireless LAN communication I / F unit 2008 controls the WLAN card 220 shown in FIG. 3 and transmits / receives data based on the IEEE 802.3 standard.
[Processing procedure (PIN code generation)]
Hereinafter, a PIN code generation process performed by the PIN code generation / calculation unit 1003 of the station 100 will be described. Note that the PIN code generation / calculation unit 2004 of the access point 200 also performs the same processing.

  FIG. 8 is a flowchart showing an example of a PIN code generation processing procedure by the PIN code generation / calculation unit 1003 according to the embodiment of the present invention. The description will be given using an example in which the ESSID input to the PIN code generation / calculation unit 1003 is “network2” and the PIN code generation data is “a5knb3p”.

  First, the PIN code generation / calculation means 1003 converts the ESSID and PIN code generation data into ASCII codes for each character, and obtains an exclusive OR (EOR) for each byte (S502). That is, ESSID “network2” is converted to “6E 65 74 77 6F 72 6B 32”, and PIN code generation data “a5 knkb3p” is converted to “61 35 69 6E 6D 62 33 70”. Here, when the length of the SSID and PIN code generation data is 9 characters or more, the lower 8 characters are extracted, and when the length of the SSID is less than 8 characters, the upper space is filled with a space. It may be expanded to 8 characters and converted to ASCII code for each character. Next, the EOR calculation value “0F 50 1D 19 02 10 58 42” is obtained by obtaining the EOR for each lower 4 bits of “6E 65 74 77 6F 72 6B 32” and “61 35 69 6E 6D 62 33 70”. Is obtained.

  The PIN code generation / operation unit 1003 uses the character code of the first byte from the bottom of the EOR as the input value of the hash function (S504). That is, “0x42” is set as the input value of the hash function.

  The PIN code generation / calculation unit 1003 sets the last digit of the output value of the hash function as the value of the first digit from the bottom of the PIN code (S506). For example, when “5” is obtained as the output value of the hash function, “5” is set as the value of the first digit from the bottom of the PIN code.

  The PIN code generation / calculation unit 1003 adds the lower first digit of the output value of the hash function and the first byte from the lower end of the EOR calculated value obtained in step S502 (S508). That is, the last 1 digit [5] of the output value of the hash function and the first byte “0x42” from the bottom of the EOR calculated value are added to obtain “0x47”.

  The PIN code generation / calculation unit 1003 sets the added value as the input value of the hash function (S510). In other words, the added value “0 × 47” is used as the input value of the hash function.

  The PIN code generation / calculation unit 1003 sets the last digit of the output value of the hash function as the value of the second digit from the bottom of the PIN code (S512). For example, when “3” is obtained as the output value of the hash function, this “3” is set as the value of the second digit from the bottom of the PIN code.

  The PIN code generation / operation unit 1003 adds the last digit of the output value of the hash function obtained in step 912 and the second byte from the bottom of the EOR calculation value (S514). That is, the lower first digit “3” of the output value of the hash function and the second byte “0x58” from the lower end of the EOR calculated value are added to obtain “0x5B”.

  The PIN code generation / calculation unit 1003 sets the added value as the input value of the hash function (S516). In other words, the added value “0 × 5B” is used as the input value of the hash function.

  The PIN code generation / calculation unit 1003 sets the last digit of the output value of the hash function as the value of the third digit from the bottom of the PIN code (S518). For example, when “2” is obtained as the output value of the hash function, this “2” is set to the third digit value from the bottom of the PIN code.

  Thereafter, the above-described processing is repeated until an 8-digit value is calculated as the PIN code (S520).

  In the example shown in FIG. 8 by the above procedure, “85662235” is obtained as the PIN code.

  In the embodiment of the present invention, the PIN code generation data (“a5knb3p” in the example of FIG. 8) is a random value generated every time a probe request is received by the access point 200. Accordingly, the same PIN code “85662235” can be generated only by the station 100 that has received the PIN code generation data “a5knmb3p” having the common ESSID “network2” and the access point 200 that has transmitted the PIN code generation data. It is done. Thus, for example, when the same PIN code is transmitted from a plurality of stations 100 to the access point 200, connection from the station 100 transmitted later can be rejected, and unauthorized access from a third party can be prevented. It can be avoided. It should be noted that the same PIN code generation data is created and set in the probe request response for a group composed of a plurality of stations 100 designated in advance by an administrator of the wireless communication system 1 or a user of the station 100 It may be.

  The calculation processing method for generating the PIN code is kept secret in the wireless utility tool. That is, only the station 100 having the station wireless utility tool 1000 and the access point 200 having the access point wireless utility tool 2000 can generate the same PIN code. That is, even if the third party obtains the ESSID and PIN code generation data, a legitimate PIN code generated by the wireless utility tool cannot be generated, so that security can be improved.

In addition, although the case where the calculation process which produces | generates a PIN code is a hash function was demonstrated as an example in FIG. 8, the content of the calculation process is not this limitation.
[Operation procedure]
FIG. 9 is a sequence diagram illustrating an example of an operation procedure of the wireless communication system 1 according to the embodiment of the present invention. In FIG. 9, the operation procedure according to the WPS specification from the probe request transmission process from the station 100 to the access point 200 to the Credentials transmission process from the access point 200 to the station 100 will be described as an example. That is, in the initial state of FIG. 9, the station 100 cannot acquire the ESSID of the access point 200 to be connected. In addition, a wireless utility tool is installed in each of the station 100 and the access point 200. The overall flow of FIG. 9 is as follows: between the station 100 and the access point 200, a probe request / response (Probe Request / Response), an authentication request / response (Authentication Request / Response), and a connection request / response (Association Request / Response). Response) After the processing is completed, user authentication messages (M1 to M8) using EAP are transmitted and received. Thereafter, Credentials are transmitted from the access point 200 to the station 100.
In the PIN code method, the AP / Registrar side and the Enrollee side share a PIN code that is a 4-digit or 8-digit number in advance. In the process of generating the encryption key in the connection, a PIN code is used between the AP / Registrar side and the Enrollee side. Information (Credentials) such as a passphrase that is a source of the encryption key necessary for communication is transmitted from the AP / Registrar to the Enrollee using the encryption key generated based on the PIN code. Therefore, only when the PIN codes shared between the AP / Registrar and the Enrollee match, the encryption keys of both correspond correctly, and Credentials can be transmitted.

  S600: The access point 200 transmits a beacon frame about every 100 milliseconds. This beacon frame includes the ESSID of the network through which the access point 200 communicates wirelessly.

  S602: The user of the station 100 activates the station wireless utility tool 1000 via the operation unit 130, and inputs execution of scan processing for detecting an ESSID.

  FIG. 10 is a diagram showing an example of an input screen for executing the scan process displayed by the station wireless utility tool 1000 in the embodiment of the present invention. Here, the “YES” soft key is pressed to execute the scanning process.

  When the scanning process is executed in the station 100, beacon frames transmitted from the access point 200 are collected. The station 100 may automatically receive a beacon frame. In this case, the user's input operation for executing the scan process for acquiring the ESSID is not necessary.

  S604: When the station 100 acquires the ESSID included in the beacon frame, the station wireless utility tool 1000 causes the display unit 140 to display a screen showing a list of ESSIDs. Note that the ESSID manually input by the user of the station 100 is also displayed in the ESSID list. The screen displaying the list of ESSIDs is operated to select the ESSID to be connected.

  FIG. 11 is a diagram showing an example of a connection execution screen displayed by the station wireless utility tool 1000 according to the embodiment of the present invention. From this list, the user can select an ESSID to be connected. On this screen, when the user moves the cursor or the like to the location of the ESSID that the user wants to connect to, the background color of the location of that ESSID changes and the ESSID to be specified is clearly indicated. In addition, a “connect button” is displayed at the location of the ESSID where the cursor is placed.

  S606: The user of the station 100 designates the ESSID to be connected from the ESSID displayed in FIG. 11 with the cursor via the operation unit 130 such as a mouse, and the connection button soft key displayed in FIG. Press. When the user I / F control unit 1007 accepts this user operation, the probe request generation unit 1001 is requested to execute a probe request generation process.

  S608: The probe request generation unit 1001 of the station 100 acquires the connection terminal identification information of the embodiment of the present invention from the storage unit 1008 in order to generate a probe request. The probe request generation unit 1001 generates a probe request including the ESSID selected as the connection destination in step 606 and the acquired connection terminal identification information. Further, the connection terminal identification information is set in the above-mentioned Vendor Specific area shown in FIG. When the probe request generation unit 1001 generates the probe request, the probe request generation unit 1001 instructs the probe request transmission / response reception unit 1002 to transmit the probe request to the access point 200.

  S610: Probe request transmission / response reception means 1002 transmits a probe request to access point 200 via wireless LAN communication I / F means 1010. This probe request includes ESSID and connection terminal identification information.

  S612: Upon receiving the probe request, the probe request reception / response unit 2001 of the access point 200 first checks whether the ESSID included in the probe request matches the ESSID set in the own device. If the received ESSID is not set in the own device, the probe request is discarded. On the other hand, when the received ESSID is set in the own device, the processing is continued. Next, the probe request reception / response unit 2001 confirms whether or not the connection terminal identification information included in the probe request is connection terminal information held by itself. As a result of the confirmation, if the own device holds the received connected terminal identification information, the probe request reception / response means 2001 sends a probe request response (Probe Response) including PIN code generation data to the probe request response. The generation unit 2003 is caused to execute. On the other hand, as a result of the confirmation, if the own device does not hold the received connected terminal identification information, the probe request reception / response unit 2001 generates a probe request response not including the PIN code generation data.

  S614: The PIN code generation data creation unit 2002 creates PIN code generation data that is random alphanumeric characters, symbols, or a combination thereof. When the PIN code generation data generation unit 2002 generates the PIN code generation data, the PIN code generation data generation unit 2002 stores the PIN code generation data in the storage unit 2007 and also generates a probe request response including the PIN code generation data in the probe request response generation unit 2003. Let

  S616: The probe request response generation unit 2003 generates a probe request response including PIN code generation data, and transmits the probe request response to the station 100 via the wireless LAN communication I / F unit 2008. This is unicast communication in which the MAC address of the probe request response station 100 is set. Also, the PIN code generation data is set in the Vendor Specific area of the probe request response, as in FIG. 5 described above. If PIN code generation data is not created, no value is set in the Vendor Specific area of the probe request response.

  S618: Upon receiving the probe request response, the probe request transmission / response reception unit 1002 of the station 100 stores the PIN code generation information included in the probe request response in the storage unit 1006, and sends an authentication request to the authentication / connection control unit 1004. Request generation processing of (Authentication Request). Authentication / connection request transmission / response reception means 1005 sets the MAC address of access point 200 as the destination address of the generated authentication request, and transmits it to access point 200 via wireless LAN communication I / F means 1008. Note that the authentication procedure performed in steps S618 and S620 follows the procedure defined in IEEE 802.11.

  S620: Upon receiving the authentication request, the authentication / connection request reception / response unit 2005 of the access point 200 sends an authentication request response (Authentication Response) generated by the authentication / connection control unit 2006 to the station 100 based on the received authentication request. respond. The MAC address of the station 100 is set as the destination address of the authentication request response.

  S622: Upon receiving the authentication request response, the authentication / connection request acceptance / response unit 2005 of the station 100 transmits a connection request (Association Request) generated by the authentication / connection control unit 2006 to the access point 200. The MAC address of the access point 200 is set as the destination address of the connection request. The connection procedure performed in steps S622 and S624 follows the procedure defined in IEEE 802.11.

  S624: Upon receiving the connection request, the authentication / connection request accepting / response unit 2005 of the access point 200 sends a connection request response (Association Response) generated by the authentication / connection control unit 2006 to the station 100 based on the received connection request. respond. The MAC address of the station 100 is set as the destination address of the connection request response.

  S626: When the authentication / connection request reception / response unit 2005 of the station 100 receives the connection request response and notifies the authentication connection / control unit 1004, the PIN code generation / calculation unit 1003 generates a PIN code. The PIN code generation / calculation unit 1003 executes an arithmetic process using the ESSID and the PIN code generation data received in step 616 as an input value of the hash function, and generates a PIN code. The PIN code generation method is based on, for example, the method shown in FIG. 8 described above.

  S628: When the access point 200 transmits a connection request response to the station 100 in step S624, the access point 200 causes the PIN code generation / calculation unit 2004 to generate a PIN code. The PIN code generation / calculation means 2004 performs an arithmetic process using the ESSID and the PIN code generation data generated in step 614 as an input value of the hash function, and generates a PIN code. The PIN code generation method is based on, for example, the method shown in FIG. 8 described above.

  S630: The station 100 executes user authentication processing after step S626 is completed. As a protocol for performing the user authentication, EAP having an authentication function defined in IEEE 802.1x is used. Upon starting the EAP authentication process, the authentication / connection request transmission / response reception unit 1005 transmits EAPOL-Start (EAP over LAN-Start) generated by the authentication / connection control unit 1004 to the access point 200. EAPOL-Start means the start of the EAP authentication procedure. The subsequent EAP authentication sequence follows the procedure defined by IEEE 802.1x.

  S632: When the access point 200 receives EAPOL-Start, the authentication / connection request acceptance / response unit 2005 transmits an EAP-Request Identity to the station 100.

  S634: The station 100 transmits EAP-Response (M1: Message 1) to the access point 200.

  S636: Upon receiving Message 1 (M1), the access point 200 transmits EAPOL-Request (M2) to the station 100.

  S638: When the station 100 receives Message2 (M2), the authentication / connection control unit 1004 causes the PIN code generation / calculation unit 1003 to execute a hash function calculation process using the PIN code as an input value. The authentication / connection control unit 1004 stores the output value of the hash function calculated by the PIN code generation / calculation unit 1003 in Message3 (M3). Here, the hash function used in the embodiment of the present invention is, for example, MD5. Note that the hash function is not limited to MD5, and a hash function common to the station 100 and the access point 200 may be used.

  S640: The station 100 transmits EAP-Response (M3) in which the output value of the hash function is stored to the access point 200.

  S642: When the access point 200 receives Message3 (M3), the authentication / connection control unit 2006 causes the PIN code generation / calculation unit 2004 to execute a calculation process of a hash function (for example, MD5) using the PIN code as an input value. . The authentication / connection control unit 2006 stores the output value of the hash function calculated by the PIN code generation / calculation unit 2004 in Message4 (M4).

  S644: The access point 200 transmits EAP-Request (M4) in which the output value of the hash function is stored to the access point 200.

  S646: Upon receiving Message 4 (M4), the station 100 transmits EAP-Response (M5).

  S648: Upon receiving Message 5 (M5), the access point 200 transmits EAP-Request (M6).

  S650: Upon receiving Message 6 (M6), the station 100 transmits EAP-Response (M7).

  S652: When the access point 200 receives Message 7 (M7), the authentication / connection control unit 2006 encrypts information (Credentials) necessary for authentication with the encryption key generated from the PIN code, and stores it in Message 8 (M8). .

  S654: The access point 200 transmits EAP-Request (M8) in which Credentials are stored.

  S656: After that, the station 100 uses the Credentials transmitted from the access point 200 to perform an authentication process with the access point 200 by 4-way handshake defined by IEEE 802.11i. When this authentication process is completed, communication is started between the station 100 and the access point 200.

  As described above, according to the embodiment of the present invention, identification information (connection terminal identification information) for identifying a terminal connected to the access point 200 and PIN code generation data are used in the connection establishment procedure between the station 100 and the access point 200. Thus, the user of the station 100 can automatically and safely obtain the PIN code without manually inputting the PIN code. In addition, the administrator of the wireless communication system 1 and the user of the station 100 do not need to manage information necessary for connection.

  As a specific example to which the present invention is applied, for example, when a digital camera and a printer or the like that captures images with this digital camera are connected by WiFi Direct, the connection terminal identification information is stored in advance in a ROM or the like at the time of product shipment. If so, it is possible to realize a highly secure communication method that does not require the user to manually input a PIN code without being aware of information necessary for connection. Since the connection terminal identification information is changeable information, for example, the same connection terminal identification information is assigned to a device to be communicated when a wireless utility tool is downloaded or updated, or input by a user operation. Also good.

  In addition, if the wireless utility tool is installed (installed), the present invention is not limited to the manufacturer of the station 100 and the access point 200, and general consumers can easily execute the functions of the present invention. In addition, any device having a general wireless LAN communication function is not limited to the configuration and type of hardware, and the present invention can be executed.

  According to the embodiment of the present invention, connection terminal identification information and PIN code generation data are set in an area that can be arbitrarily set by a user (vendor) in the probe request / response frame format defined in IEEE 802.11. Therefore, it is easy to implement the technical specifications of the present invention. That is, since the present invention uses the wireless LAN protocol of the IEEE802.11 specification that is widely used in general, for example, even when the manufacturers of the station 100 and the access point 200 are different, the devices are easily interconnected. The connection terminal identification information and the PIN code generation data may be set in an area where the frame is expanded or changed, or a new message (signal) may be added and set.

Further, in the embodiment of the present invention, since a hash function is used in the calculation process for generating the PIN code, a brute force attack and dictionary using an assumed password are compared with a case where only an ASCII code is calculated. It is possible to further increase the robustness against attacks and the like.
[Modification]
In the embodiment of the present invention, the operation of the wireless communication system 1 when the WPS authentication method is the PIN code method has been described. However, in a modification of the embodiment of the present invention, the operation when the user uses the push button method is described. explain.

  The outline of the authentication method by the push button method in WPS is as follows. First, a push button provided on the access point 200 is pressed by the user. Next, the access point 200 accepts a probe request from the station 100 during the Walk Time for 2 minutes after the push button is pressed. The Walk Time of 2 minutes is a value that can be arbitrarily set. Information indicating that the push button has been pressed is set in the beacon frame transmitted from the access point 200 during the Walk Time. Here, the information indicating that the push button has been pressed is indicated by setting the Selected Register Attribute area in the information element (WSC IE) included in the beacon frame to True. On the other hand, after the Walk Time has elapsed or when the push button has not been pressed, the area of the Selected Registrar Attribute included in the beacon frame from the access point 200 is set to False. Then, the station 100 that has received the beacon frame in which this Selected Registrar Attribute is set to True executes connection processing based on the push button method. From this station 100, information indicating connection in the push button method is set in the probe request, and the access point 200 transmits Credentials to the station 100 when receiving the probe request.

  FIG. 12 is a diagram illustrating an example of a functional configuration of the station wireless utility tool 1000 mounted on the station 100 according to a modification of the embodiment of the present invention. In a modification, the station wireless utility tool 1000 includes a WPS method determination unit 1009 in addition to the configuration of the embodiment of the present invention. The WPS method determination unit 1009 determines whether the WPS authentication method is a PIN code method or a push button method. Specifically, the WPS method determination unit 1009 analyzes the beacon frame from the access point 200 to be connected when the user of the station 100 presses the connection button on the connection execution screen (see FIG. 11), and the WSC IE It is determined whether the area of the selected Registrar Attribute is True or False. In the case of True, a probe request based on the push button method is transmitted. On the other hand, in the case of False, a probe request based on the PIN code method of the embodiment of the present invention is transmitted.

  FIG. 13 is a flowchart showing an example of a WPS push button method or PIN code method connection procedure in the station 100 according to a modification of the embodiment of the present invention. In the initial state of FIG. 13, the ESSID is detected in the station 100.

  S702: The connection execution screen shown in FIG. 11 described above is displayed on the display unit 140 of the station 100. Based on this connection execution screen, the user of the station 100 designates the ESSID to be connected with the cursor and presses the connection button.

  S704: The WPS method determination unit 1009 of the station 100 analyzes the beacon frame from the access point 200 corresponding to the ESSID specified in step S702, and determines whether the area of the Selected Registrar Attribute in the WSC IE is True. Determine if there is. If it is True, it means that the push button is pressed on the access point 200 side, and the connection is made by the push button method. In the case of False, the push button is not pressed on the access point 200 side, and the connection is made by the PIN code method.

  S706: When the push button is pressed on the access point 200 side, that is, when the area of the Selected Registrar Attribute included in the beacon frame is True (YES in step S704), connection processing based on the push button method is executed. . In executing the connection process, first, a probe request based on the push button method generated by the probe request generation unit 1001 is transmitted.

  S708: After the connection processing between the station 100 and the access point 200 is completed, communication between the station 100 and the access point 200 is started.

  S710: When the push button is not pressed on the access point 200 side, that is, when the region of the Selected Registrar Attribute included in the beacon frame is False (NO in step S704), the PIN according to the connection procedure of the embodiment of the present invention is used. After the code is automatically generated, connection processing based on the PIN code method is executed. In executing the connection process, first, a probe request based on the PIN code method generated by the probe request generation unit 1001 is transmitted. Thereafter, as shown in step S708, a connection is established between the station 100 and the access point 200, and communication is started.

As described above, in the modification of the embodiment of the present invention, the information indicating that the push button is pressed on the access point 200 side is transmitted from the station 100 to the access point 200 depending on whether or not the station 100 has detected information. Determine the probe request method to be performed. This eliminates inconsistencies and inefficiencies, such as sending a probe request based on the PIN code method even when the push button is pressed on the access point side. A request can be sent.
[Other variations]
The present invention can be applied to a wireless communication technology other than a wireless LAN that uses information used for authentication when establishing a connection, such as a PIN code.

  The present invention is not limited to the wireless communication system defined by IEEE 802.11a / b / g / n, and can be applied to a communication method for confirming the validity of a terminal to be connected.

  Although the embodiments of the present invention have been described in detail above, the present invention is not limited to such specific embodiments, and various modifications are possible within the scope of the gist of the present invention described in the claims. Can be changed.

1 wireless communication system 100 station 200 access point 300 P2P Client
400 P2P Group Owner
1000 Wireless utility tool for station 1001 Probe request generation means 1002 Probe request transmission / response reception means 1003 PIN code generation / calculation means 1004 Authentication / connection request transmission means 1005 Authentication / connection request transmission / response reception means 1009 WPS system determination means 2000 Access point Wireless utility tool 2001 Probe request reception / response means 2002 PIN code generation data creation means 2003 Probe request response generation means 2004 PIN code generation / calculation means 2005 Authentication / connection request reception / response means 2006 Authentication / connection control means

Special table 2009-513089 JP 2009-253380 A

Claims (10)

A communication method for establishing a connection between a first wireless communication device and a second wireless communication device having a function of a base station that communicates with the first wireless communication device,
Identification information used for identifying whether or not the second wireless communication device is to be connected to the second wireless communication device from the first wireless communication device is set by the user. An identification information transmission step of transmitting a frame set in a possible area;
Code information generation data for generating code information used by the second wireless communication apparatus to establish a connection between the first wireless communication apparatus and the second wireless communication apparatus based on the identification information. A communication method including a generating step for generating. A code information generation data transmission step of transmitting a frame in which the code information generation data is set from the second wireless communication apparatus to the first wireless communication apparatus;
The communication method according to claim 1, wherein the code information generation data is set in a user-settable area in the frame. The generating step includes
The communication method according to claim 1 or 2, wherein the code information generation data is generated when the identification information transmitted from the first wireless communication device matches the identification information held by the second wireless communication device. .   And a code information generation step of generating the code information based on network identification information for identifying a network to which the first wireless communication device and the second wireless communication device are connected and the code information generation data. Item 4. The communication method according to any one of Items 1 to 3.   The communication method according to any one of claims 1 to 4, wherein dummy information is randomly added to the identification information. A first wireless communication apparatus and a second wireless communication apparatus having a base station function for communicating with the first wireless communication apparatus;
Identification information receiving means for receiving identification information transmitted from the first wireless communication device and used to identify whether or not the second wireless communication device is a first wireless communication device to be connected;
A first generation unit configured to generate code information generation data for generating code information used to establish a connection between the first wireless communication device and the second wireless communication device based on the identification information; 2. Wireless communication apparatus. Code information generation data transmission means for transmitting a frame in which the code information generation data is set;
The second wireless communication apparatus according to claim 6, wherein the code information generation data is set in a user-settable area in the frame. A program executed in a first wireless communication device and a second wireless communication device having a function of a base station that communicates with the first wireless communication device,
Identification information used for identifying whether or not the second wireless communication device is to be connected to the second wireless communication device from the first wireless communication device is set by the user. Identification information transmitting means for transmitting a frame set in a possible area;
Code information generation data for generating code information used by the second wireless communication apparatus to establish a connection between the first wireless communication apparatus and the second wireless communication apparatus based on the identification information. A program that functions as a generating means for generating. Causing the second wireless communication apparatus to function as code information generation data transmitting means for transmitting a frame in which the code information generation data is set, to the first wireless communication apparatus;
The program according to claim 8, wherein the code information generation data is set in a user-settable area in the frame. The generating means includes
The program according to claim 8 or 9, wherein the code information generation data is generated when the identification information transmitted from the first wireless communication device matches the identification information held by the second wireless communication device.

Images