[go: up one dir, main page]

WO2007088671A1 - Lan system, lan setting device, and lan setting method - Google Patents

Lan system, lan setting device, and lan setting method Download PDF

Info

Publication number
WO2007088671A1
WO2007088671A1 PCT/JP2006/323816 JP2006323816W WO2007088671A1 WO 2007088671 A1 WO2007088671 A1 WO 2007088671A1 JP 2006323816 W JP2006323816 W JP 2006323816W WO 2007088671 A1 WO2007088671 A1 WO 2007088671A1
Authority
WO
WIPO (PCT)
Prior art keywords
shared key
receiving
encrypted
lan setting
lan
Prior art date
Application number
PCT/JP2006/323816
Other languages
French (fr)
Japanese (ja)
Inventor
Hiromi Kondo
Masami Suzuki
Original Assignee
Pioneer Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pioneer Corporation filed Critical Pioneer Corporation
Publication of WO2007088671A1 publication Critical patent/WO2007088671A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Definitions

  • the present invention relates to a LAN system that encrypts and communicates information between a plurality of devices, and in particular, a LAN setting device that sets setting information such as a shared key necessary for encryption and decryption of information in each device. And LAN setting method.
  • LAN local area network
  • Patent Document 1 In the technique of Patent Document 1, only a specific administrator manages a predetermined recording medium (memory card or the like), and when an access point and a device on the terminal side are connected via a network via a wireless LAN. The following operations are to be performed.
  • a predetermined recording medium memory card or the like
  • an administrator attaches a recording medium to a slot provided in a parent device (such as a personal computer) as an access point, and performs keyboard input and mouse operation.
  • a parent device such as a personal computer
  • the access point automatically generates setting information such as a WEP (Wired Equivalent Privicy) key that is a shared key based on the password and saves it as internal information
  • WEP Wired Equivalent Privicy
  • the device automatically records the recording medium force WEP key. Is read and saved as internal information.
  • the setting information such as the WEP key that is the shared key is stored in the access point. Therefore, encryption communication can be performed between the access point and the device using a common WEP key.
  • an administrator or the like can easily set up a LAN between an access point and a terminal device using a recording medium, and only a specific administrator can However, it is said that security can be ensured by appropriately managing the recording media.
  • Patent Document 1 Japanese Patent Application Laid-Open No. 2005-191989
  • family members other than the administrator can easily perform setting operations even if they try to update the setting information such as shared keys as appropriate. It is inconvenient because you cannot.
  • the present invention has been made in view of such a conventional problem, and provides a LAN system, a LAN setting device, and a LAN setting method capable of more easily performing LAN settings and ensuring security.
  • the purpose is to provide.
  • the invention described in claim 1 is configured by connecting one or more devices including a transmission-side LAN unit and one or more devices including a reception-side LAN setting unit by wire or wirelessly.
  • the transmission-side LAN setting means detects shared key generation means for generating a shared key, and physical characteristics of one or more users as unique information, and transmits the transmission-side identification information from the unique information.
  • a transmission side unique information input means for generating the encryption key and the transmission side identification information to encrypt the shared key to generate an encryption key and configure the generated one or more encryption key sharing keys
  • Cryptographic key sharing key generation means for generating a cryptographic key sharing key ring as an element, and transmission for transmitting the encrypted shared key ring to one or more devices comprising the receiving LAN setting means
  • the receiving side LAN setting means detects the physical characteristics of one or more users as unique information, and generates receiving side identification information from the unique information.
  • the transmitter of the device comprising the transmission side LAN setting means
  • a shared key decrypting unit that reproduces the shared key generated by one or more devices including the transmission side LAN setting unit by decrypting with information.
  • the invention described in claim 3 is a LAN setting device provided in a plurality of devices for constructing a wired or wireless LAN system, and includes a shared key generating means for generating a shared key, and one or more users
  • a transmitting-side unique information input unit that detects physical characteristics as unique information and generates transmitting-side identification information from the unique information, and encrypts the shared key with the transmitting-side identification information to obtain an encrypted shared key.
  • Generate one or more generated encrypted shared keys An encrypted shared key ring generating unit that generates an encrypted shared key ring as a constituent element, and a transmitting unit that transmits the encrypted shared key ring to a device on the receiving side. .
  • the invention according to claim 5 is a LAN setting device provided in a plurality of devices that construct a wired or wireless LAN system, and detects physical characteristics of one or more users as unique information,
  • Receiving-side unique information input means for generating receiving-side identification information from unique information; receiving means for receiving an encrypted shared key bundle transmitted from another device; and the encryption received by the receiving means
  • Shared key decryption means for reproducing the shared key generated by the other device by decrypting one or more of the encrypted shared keys included in the shared key ring with the receiving side identification information It is characterized by.
  • the invention according to claim 6 includes at least one device including a transmission-side LAN setting means, and a reception side.
  • a LAN setting method in a LAN system configured by connecting one or more devices having a LAN setting means by wire or wirelessly, wherein the transmitting side LAN setting means generates a shared key for generating a shared key.
  • Generating an encrypted shared key generating an encrypted shared key bundle having one or more of the generated encrypted shared keys as components, and the encrypted shared key bundle Transmitting to the receiving device, and the receiving LAN setting means detects physical characteristics of one or more users as unique information and receives from the unique information.
  • Side identification information is generated.
  • An information input step a reception step of receiving the encrypted shared key ring transmitted from the device on the transmission side, and one or more of the ciphers included in the encrypted shared key ring received in the reception step And a shared key decrypting step of reproducing the shared key generated by the device on the transmitting side by decrypting the encrypted shared key with the receiving side identification information.
  • the invention described in claim 7 is a LAN setting method for setting a plurality of devices that construct a wired or wireless LAN system, and detects physical characteristics of one or more users as specific information. And transmitting side unique information input for generating the transmitting side identification information. Generating an encrypted shared key by encrypting the shared key using the transmitting side identification information and generating one or more generated encrypted shared keys as a constituent element An encrypted shared key bundle generating step; and a transmitting step of transmitting the encrypted shared key bundle to a receiving device.
  • the invention according to claim 8 is a LAN setting method for setting a plurality of devices for constructing a wired or wireless LAN system, and detects physical characteristics of one or more users as specific information.
  • a receiving-side unique information input step for generating receiving-side identification information from the unique information, a receiving step for receiving an encrypted shared key bundle transmitted from another device, and the encryption received in the receiving step.
  • FIG. 1 is an explanatory diagram for outlining the configuration of a conventional LAN system.
  • FIG. 2 is an explanatory diagram outlining the configuration of the LAN system according to the embodiment of the present invention.
  • FIG. 3 is a block diagram showing configurations of a transmission side LAN setting device and a reception side LAN setting device according to an embodiment of the present invention.
  • ⁇ 4 It is a block diagram showing the configuration of the transmission side LAN setting device and the reception side LAN setting device according to the embodiment.
  • FIG. 5 is a flowchart for explaining an operation example of the transmission side LAN setting device and the reception side LAN setting device shown in FIG. 4.
  • the LAN system 1 includes a personal computer 2 having a communication function using a wired LAN or a wireless LAN, a tuner 3 that receives a television broadcast, a printer 4, a DVD (Digital Versatile Disk), a hard disk, and the like. Record on storage media It is possible to construct a wired LAN or wireless LAN between multiple devices such as recording and playback devices 5 and 6 that perform video recording and the like.
  • At least one of the devices constituting the wireless LAN system is operated as an access point or a master device for wireless communication control, and the remaining devices are used as devices on the terminal side. It is possible to function as a (station). Multiple devices can be connected to the network.
  • wired LAN system it is possible to operate at least one of the devices constituting the wired LAN system as a master device for communication control, and a LAN connected via Ethernet. Multiple devices can be connected to the network via a wired connection, such as a system, a LAN system connected by a power line, a LAN system connected by an antenna coaxial line, and the like.
  • Each device may be provided with a transmission side LAN setting device TX or a reception side LAN setting device RX shown in FIG. 3 according to the function of each device.
  • a device that performs only passive operations can at least function as a station.
  • a receiving side LAN setting device RX is provided.
  • a transmitter-side LAN setting device TX is provided for devices such as tuner 3 that exclusively transmit information to other devices.
  • devices that have the function of receiving information from other devices such as personal computers 2 and recording / reproducing devices 5 and 6 and transmitting information to other devices also function as access points and master devices.
  • the receiving side LAN setting device RX is provided in addition to the transmitting side LAN setting device TX that makes it possible to demonstrate the above.
  • a dedicated machine that functions as an access point or a master device is equipped with a sending LAN setting device TX and a receiving LAN setting device RX.
  • a device including at least the transmission-side LAN setting device TX can function as an access point or a master device.
  • the transmission side The LAN setting device TX or the receiving side LAN setting device RX can be combined in various ways, and at least a device including the transmitting side LAN setting device TX can function as an access point or a master device.
  • the transmission-side LAN setting device TX is configured to include a unique information input unit 10, a shared key generation unit 11, an encryption key sharing key bundle generation unit 12, and a transmission unit 13.
  • the shared key bundle KEY T is broadcast or transmitted by wire or wireless to another device that is provided with at least the receiving-side LAN setting device RX and can function as a station.
  • the unique information input unit 10 is a human physical feature (for example, fingerprint, iris, signature, A detection sensor that optically detects or detects voice (information such as a face, speech voice, etc.) and a feature extraction unit that extracts feature information from the detection output of the detection sensor and uses it as identification information IDtx Configured.
  • the transmission side unique information input unit 10 detects physical feature information that is unique information of each person, and the feature of the detected unique information is a predetermined feature extraction algorithm (in other words, For example, identification information (hereinafter referred to as “transmission side identification information”) IDtx for identifying each person who has operated the device is generated by performing extraction according to feature extraction calculation processing.
  • transmission side identification information identification information
  • the sender-specific information input unit 10 receives the physical characteristics of each human being. Each time a sender identification information IDtx is generated.
  • Shared key generation unit 11 generates a random number when the power is turned on and becomes operable, and generates a shared key WEP based on the generated random number. That is, the shared key generation unit 11 includes an “encryption key” for the encryption unit 100 to encrypt a so-called plaintext into a ciphertext and a “decryption key” for the other device to receive and decrypt the ciphertext.
  • the shared key WEP used as The generated random number may be used as it is as the shared key WEP, or the shared key WEP may be generated by processing the random number based on a predetermined algorithm.
  • the encrypted shared key ring generation unit 12 encrypts the shared key WEP generated by the shared key generation unit 11 with the transmission side identification information IDtx generated by the transmission side unique information input unit 10.
  • the encryption key KEY corresponding to the number of sender identification information IDtx generated so far is generated, and the set of the generated encryption key KEY is an electronic key ring.
  • Shared key ring KEYT is an electronic key ring.
  • the physical characteristics of one or more users are presented (input) one or more times, and the sender-side identification information corresponding to the number of pieces presented in the sender-specific information input unit 10 is provided.
  • IDtx is generated, the encrypted shared key bundle generation unit 12 encrypts the shared key WEP generated by the shared key generation unit 11 with each of the transmission side identification information IDtx, thereby Generate as many encrypted shared keys KEY as possible and increase it as a component of the encrypted shared key bundle KE YT.
  • the encrypted shared key The bundle generation unit 12 generates the encryption key shared key KEYa (l) by encrypting the shared key WEP generated by the shared key generation unit 11 with the transmission side identification information IDtxa (l).
  • a single encryption shared key KEYa (l) is a component of the encryption key KEYT.
  • the encrypted shared key ring generation unit 12 further generates the encryption key shared key KEYa (2) by encrypting the shared key WEP with the sender identification information IDtxa (2), and the components of the encryption key shared key bundle KEYT are The number of encryption keys is increased to two, the shared key KEYa (l) and the new encrypted shared key KEYa (2). Even when the same user (a) makes a third or more presentation, a new encryption key ring is generated and added to the key key KEYT each time the user is presented. Increase it.
  • the transmission side identification information IDtx, shared key WEP, encryption key shared key KEY, and encryption key shared key ring KEYT related to one user ( a ).
  • Sender side identification information IDtx, shared key WEP, encryption key shared key KEY, and encryption key shared key ring KEYT are generated in the same way .
  • the transmission side unique information input unit 10 transmits the transmission side identification information IDtxa (l) to IDt xa (n), IDtxb (l) to IDtxb (m), IDtxc (l) to IDtxc (k)
  • the bundle generation unit 12 converts the shared key WEP generated by the shared key generation unit 11 into identification information IDtxa (l) to IDtxa (n), IDtxb (l) to IDtxb (m), IDtxc (l ) ⁇ IDtxc (k) based on!
  • the encrypted shared key ring generation unit 12 increases the encryption key shared key KEY that is a constituent element of the encrypted key shared key bundle KEYT as the transmission side identification information IDtx increases.
  • the transmission unit 13 has a communication function for performing wired or wireless communication with the reception unit 21 in each reception-side LAN setting device RX provided in one or more other devices.
  • the encryption key shared key ring KEYT is broadcasted as a broadcast packet (that is, widely distributed to devices equipped with the receiving LAN setting device RX) and wirelessly transmitted.
  • the encrypted key-sharing KEYT is broadcast on the beacon.
  • the reception-side LAN setting device RX includes a unique information input unit 20, a reception unit 21, and a shared key decryption unit 22.
  • the unique information input unit (hereinafter referred to as “reception-side unique information input unit”) 20 is similar to the transmission-side unique information input unit 10 provided in the transmission-side LAN setting device TX described above.
  • the detection sensor that detects the human physical feature presented from and the feature information extracted from the detection output of the detection sensor to identify the identification information (hereinafter referred to as "reception side identification information") I Drx feature extraction It is comprised with the part. That is, the receiving side unique information input unit 20 also detects the physical characteristic information that is unique information of each person, and, similarly to the transmitting side unique information input unit 10, Receiving side identification information IDrx for identifying each person who has operated the device is generated by extracting according to a predetermined feature extraction algorithm.
  • the fingerprint is displayed on the unique information input unit 20.
  • the receiving side identification information IDrx is generated by inputting physical feature information such as the iris and iris.
  • the receiving unit 21 communicates with the transmitting unit 13 in the transmission side LAN setting device TX provided in another device having a function as an access point or a master device by wire or wirelessly. Has a communication function.
  • the shared key decryption unit 22 inputs the reception side identification information IDr X generated by the reception side unique information input unit 20 and the latest encryption key shared key ring KEYT received by the reception unit 21.
  • the encrypted shared key ring KEYT contains each encrypted shared key KEY with the receiving side identification information IDrx, so that it can be installed on other devices that become access points and master devices.
  • the transmitting side LAN setting device reproduces the same shared key WEP as the shared key WEP generated by the shared key generation unit 11 in the TX.
  • the physical feature information is input to 20 and the encrypted identification key KEY is encrypted by the same transmission side identification information IDtx as the reception side identification information IDrx generated based on the physical feature information.
  • the shared key decryption unit 22 decrypts the encrypted shared key KEY based on the receiving side identification information IDrx, so that it can be Therefore, the same shared key WEP as the shared key WEP set in the device is properly decrypted.
  • the encryption that has been transmitted as the access point or the master device is transmitted. Try to decrypt the sentence into plaintext.
  • the user can send the transmission-side LAN setting device.
  • Select a desired device equipped with TX and send information on one or more physical features (in other words, unique to the sending side LAN setting device TX to the sending side unique information input unit 10 Just enter (Information) and the shared key WEP is encrypted.
  • information on at least one or more physical characteristics is transmitted to one or more users each of the transmission side LAN setting device TX provided in the device that should be the access point or the master device.
  • the cipher key-sharing KEYT consisting of a set of cipher key-sharing keys corresponding to the number of physical feature information that has been input is the station with the receiving LAN setting device RX. Because it is broadcasted to the other device, the same physical features information entered by any of the above-mentioned users for the access point or master device's sending LAN setting device TX is entered.
  • the receiving side LAN setting device RX provided in the station side device, it is easy to share the same access point / master device side device with the station side device. It is possible to set the WEP.
  • the user has to set the necessary shared key for the device (station) on the terminal side by using a remote controller or the like, and using the means, the method is very large.
  • the devices on the access point and master device side must be re-set by entering a new password for all the devices Just enter at least one physical feature information that is the same as at least one physical feature you entered in Since the common shared key WEP can be set for the point or master device and the station device, encrypted communication can be performed, so which part of the physical characteristics to be input to the station device The burden of memorizing whether or not there is can be greatly reduced, and excellent operability can be provided.
  • the communication power between the device provided with the transmission side LAN setting device TX and the device provided with the reception side LAN setting device RX is formed by a shared key WEP, it is secure. A LAN environment can be secured.
  • the encryption key sharing key bundle is transferred from the access point or master device side device provided with the transmission side LAN setting device TX to the station side device provided with the reception side LAN setting device RX. Since KEYT is broadcast, the station side device has the same shared key WEP as the access point or master device side device. A simple configuration without the need to implement the protocol can be achieved.
  • FIG. 4 is a block diagram showing the configurations of the transmission-side LAN setting device TX and the reception-side LAN setting device RX of the present embodiment, and the same or corresponding parts as those in FIG. 3 are denoted by the same reference numerals.
  • FIG. 5 is a flowchart for explaining an operation example of the transmission side LAN setting device TX and the reception side LAN setting device RX.
  • the transmission side LAN setting device TX is provided in a device for performing the function as an access point or a master device
  • the reception side LAN setting device RX is provided in a device for exhibiting at least the function as a station.
  • a device for functioning as an access point or a master device is provided together with the transmission side RAN setting device TX.
  • the transmission side LAN setting device TX is formed by a processor, a digital signal processor (DSP), an electronic circuit, a semiconductor memory, etc. that perform arithmetic and control functions according to a predetermined computer program.
  • a shared key generation unit 11 an encrypted shared key generation unit 12 a, an encrypted shared key bundle storage unit 12 b, a transmission unit 13, and a shared key storage unit 14.
  • the encrypted shared key generation unit 12a and the encrypted shared key bundle storage unit 12b realize a configuration corresponding to the encrypted shared key generation unit 12 shown in FIG.
  • the shared key storage unit 14 is formed of a semiconductor memory or the like, and the random number generated by the shared key generation unit 11 that is operable when the power is turned on, that is, the latest random number is shared key.
  • the latest shared key WEP stored therein is supplied to the encryption key generation unit 12a, and the transmission side LAN
  • the latest shared key WEP stored therein is supplied to the encryption key unit 100.
  • the transmission-side specific information input unit 10 detects an optical sensor that detects the human-specific physical characteristics (for example, any information such as fingerprints, irises, signatures, faces, speech sounds, etc.) for which user power is also presented. It is configured to include a detection sensor formed by a voice detection sensor and a feature extraction unit that extracts feature information from the detection output of the detection sensor and identifies it as identification information (transmission side identification information) IDtx .
  • identification information transmission side identification information
  • the transmission side unique information input unit 10 is configured to generate the transmission side identification information IDtx based on the fingerprint information, an optical detection sensor that optically detects the fingerprint, and its detection And a feature extraction unit for extracting feature information by image processing the output. ing.
  • the optical detection sensor for optically detecting the iris and the detection output thereof are subjected to image processing.
  • a feature extraction unit for extracting feature information.
  • the optical detection sensor for optically detecting the signed pattern, or the writing pressure of the signed pattern
  • a feature extraction unit that extracts feature information by performing image processing, pattern recognition processing, and the like on the detection output.
  • the optical detection sensor that optically detects the face and the detection output are subjected to image processing.
  • a feature extraction unit for extracting feature information.
  • a voice detection sensor such as a microphone that detects the uttered voice, and its detection output It is configured to include a feature extraction unit that extracts features by analyzing the frequency characteristics and so on.
  • the information can identify an individual person, not only a fingerprint, an iris, a signature, a face, and a speech voice, but also other physical features may be detected and feature extraction may be performed. .
  • the following description will be given on the assumption that the transmission side unique information input unit 10 generates the transmission side identification information IDtx based on the above-described fingerprint information.
  • the encryption key shared key generation unit 12a of the present embodiment stores the shared key storage unit 14 in the shared key storage unit 14.
  • an encrypted shared key KEY is generated and supplied to the encrypted shared key bundle storage unit 12b.
  • the encryption key sharing unit 12a encrypts the latest shared key WEP with the sender identification information IDtx each time the user presents a fingerprint, thereby obtaining the encryption key shared key KEY. Generated and supplied to the encrypted shared key ring storage unit 12b. In addition, there is already one or more sender identification information. When the IDtx is generated, the latest shared key WEP is encrypted with each of the transmission side identification information IDtx, so that the number of encryption key shared keys corresponding to the respective transmission side identification information IDtx is obtained. Generate KEY.
  • the encryption key sharing key storage unit 12b is formed of a semiconductor memory or the like.
  • the encryption key sharing key KEY generated by the encryption key sharing key generation unit 12a up to now is encrypted. It is stored as a shared key ring KEY T.
  • the transmission unit 13 has a communication function of performing wired or wireless communication with the reception unit 21 in each reception-side LAN setting device RX provided in one or more other devices.
  • the encryption key shared key ring KEYT is broadcasted as a broadcast packet (that is, widely distributed to devices equipped with the receiving LAN setting device RX) and wirelessly transmitted.
  • the encrypted key-sharing KEYT is broadcast on the beacon.
  • the receiving side LAN setting device RX is composed of a processor, digital signal processor (DSP), electronic circuit, semiconductor memory, etc. that perform arithmetic and control functions according to a predetermined computer program.
  • Side unique information input unit) 20 a receiving unit 21, a shared key decryption unit 22a, and a shared key storage unit 22b.
  • the receiving-side unique information input unit 20 is similar to the transmitting-side unique information input unit 10, for example, human physical characteristics (for example, any information such as fingerprints, irises, signatures, faces, speech sounds, etc.) ) And a feature extraction unit that extracts the detection output force characteristic information of the detection sensor and obtains identification information (reception side identification information) IDrx. That is, as described above, if the transmission side unique information input unit 10 is configured to generate the transmission side identification information IDtx based on the fingerprint information, the reception side unique information input unit 20 is also based on the fingerprint information. Receiving side identification information IDrx is generated.
  • the receiving unit 21 communicates with the transmitting unit 13 in the transmission-side LAN setting device TX provided in another device having a function as an access point or a master device by wire or wirelessly. Has a communication function.
  • a wired connection is made (in the case of a wired LAN)
  • the encryption key transmitted as a broadcast packet is shared.
  • keyed key bundle KEYT is received and wireless connection is established (in the case of wireless LAN), the encrypted key shared key bundle KEYT transmitted on the beacon is received.
  • the shared key decryption unit 22 of the present embodiment uses the latest reception side identification information IDrx generated by the reception side unique information input unit 20 and the encryption key shared key bundle KEYT received by the reception unit 21. Input and decrypt each encrypted shared key KEY included in the encrypted key shared key ring KEYT with the latest receiving side identification information IDrx, so that it is provided in the device on the access point or master device side.
  • the same shared key WEP as the latest shared key WEP generated by the shared key generator 11 in the transmitting LAN setting device TX is properly played back.
  • the shared key storage unit 22b is formed of a semiconductor memory or the like, and stores the latest shared key WEP decrypted (reproduced) by the shared key decryption unit 22. Then, by supplying the latest shared key WEP to the decryption unit 200 in the device provided with the receiving side LAN setting device RX, it has been transmitted from the access point or the device device on the master device side. Enables decryption of ciphertext into plaintext.
  • FIG. Figure 5 shows the settings of the sending LAN setting device TX and the receiving LAN setting when the user constructs a new LAN system or when a device as a station is newly added in the already constructed LAN system. This shows the operation of the device RX. In addition, the operation when the user constructs a wireless LAN system will be described.
  • step S1 when the user turns on the power of the device provided with the transmission side LAN setting device TX, the shared key generation unit 11 in the transmission side LAN setting device TX is set to a random number. And a shared key WEP is generated and stored in the shared key storage unit 14.
  • step S2 the display means provided in the transmission-side LAN setting device TX
  • step S3 when a fingerprint is input to the optical sensor provided in the transmission side unique information input unit 10, the transmission side unique information input unit 10 also transmits the fingerprint power.
  • Side identification information IDtx is generated, and the encryption key generation unit 12a encrypts the shared key storage unit 14 by encrypting the latest shared key WEP stored with the transmission side identification information IDtx.
  • ⁇ ⁇ shared key KEY is generated and stored in the encrypted shared key bundle storage unit 12b as a component of the encrypted shared key bundle KEYT.
  • the transmission side unique information input unit 10 displays a plurality of transmission sides related to each fingerprint.
  • the identification information IDtx is generated, and the encrypted shared key generation unit 12a encrypts the shared key WEP based on each of the transmission side identification information IDtx, thereby generating a plurality of encrypted shared keys KEY. It is generated and stored in the encryption key sharing key storage unit 12b as a constituent element of the encryption key sharing key KEYT.
  • step S4 the transmission unit 13 broadcasts and transmits the encrypted key shared key bundle KEYT stored in the encrypted shared key bundle storage unit 12b to other devices on a beacon.
  • the transmission unit 13 continuously transmits a beacon to other devices in a preset cycle. Therefore, the encrypted shared key ring KEYT is also broadcast to other devices according to the beacon transmission cycle.
  • step S5 when the receiving side LAN setting device RX provided in the station side device receives the beacon by the receiving unit 21, in step S5, the encrypted sharing transmitted on the beacon is transmitted. Receive the key ring KEYT and enter it. In step S6, the display means (not shown) provided in the receiving-side LAN setting device RX suggests that information on the fingerprint, which is a user-specific physical feature, is input.
  • step S7 when the user inputs a fingerprint to the optical sensor provided in the receiving side unique information input unit 20, the receiving side unique information input unit 20 recognizes the fingerprint force receiving side identification.
  • Information IDtx is generated.
  • the shared key decryption unit 22a receives the receiving side identification information. Based on IDtx, the decryption process is applied to the encryption key shared key KEY in the encryption key shared key KEYT, so that the shared key WEP can be decrypted properly. Decrypt The shared key WEP is stored in the shared key storage unit 33b.
  • the reception side LAN setting device RX performs the processing of steps S5 to S8 described above, the device as the access point or master device provided with the transmission side LAN setting device TX and the reception side
  • the same shared key WEP is set in the device as a station provided with the LAN setting device RX, and encrypted communication can be performed between both devices.
  • the user selects a desired device provided with the transmission-side LAN setting device TX, and is provided in the transmission-side LAN setting device TX. Just enter one or more physical feature information (in other words, unique information) into the sender's unique information input unit 10, and the encrypted key EP the shared key WEP is encrypted.
  • An encryption key KEYT can be transmitted to another device, and the user selects a desired device provided with the receiving LAN setting device RX, The same body as the one input to the receiving side unique information input unit 20 provided in the receiving side LAN setting device RX to the transmitting side unique information input unit 10 provided in the transmission side LAN setting device TX described above.
  • the shared key WEP can be set.
  • the cipher key-sharing KEYT consisting of a set of cipher key-sharing keys corresponding to the number of physical feature information that has been input is the station with the receiving LAN setting device RX. Because it is broadcasted to the other device, the same physical features information entered by any of the above-mentioned users for the access point or master device's sending LAN setting device TX is entered. By simply inputting to the receiving side LAN setting device RX provided in the station side device, it is easy to share the same access point / master device side device with the station side device. It is possible to set the WEP.
  • one or more users can connect with an access point or a master device. At least one physical feature information is input to the transmitter LAN setting device TX provided in the device to be received, and the receiver side LAN provided in the device on the station side.
  • the setting device RX can be reconfigured or updated simply by inputting at least one physical feature that is the same as the physical feature entered for the transmission side LAN setting device TX on the access point or master device side. Therefore, it is possible to provide excellent operability for the user.
  • the communication power between the device provided with the transmission-side LAN setting device TX and the device provided with the reception-side LAN setting device RX is formed by the shared key WEP, it is secure. A LAN environment can be secured.
  • the encryption key sharing key bundle is transferred from the access point provided with the transmission side LAN setting device TX or the device on the master device side to the device on the station side provided with the reception side LAN setting device RX. Since KEYT is broadcast, the station side device has the same shared key WEP as the access point or master device side device. A simple configuration without the need to implement the protocol can be achieved.
  • each of the transmission side LAN setting devices TX provided in the access point and the master device side has each If each family member has entered information on one or more physical characteristics, at least one receiving LAN setting device RX is installed in each family member station device. By entering physical feature information, you can set the LAN settings for each family member, and eliminate the inconvenience that only a specific family member can set the LAN settings. All the family members will be able to set up the LAN.
  • each family member cannot use the LAN easily, but in this example, each family member can access it. If the information on one or more physical features is input to the transmitter LAN setting device TX provided on the point or master device side, the receiving side provided on the station side device By entering at least one physical feature information into the LAN setting device RX, each person can easily use the LAN. For this reason, this example demonstrates an excellent effect when constructing a home LAN system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A LAN setting device for more easily performing LAN setting. A transmission-side LAN setting device (TX) is provided to the device on the access point side; a reception-side LAN setting device (RX) is provided to the device on the station side. The transmission-side LAN setting device (TX) generates at least one encrypted shared key (KEY) by encrypting a shared key (WEP) according to the transmission-side identification information IDtx created from the information on the physical feature presented by the user, transmits (distributes) the encrypted shared keys (KEY) as a encrypted shared key bunch (KEYT) to the station-side device. The reception-side LAN setting device (RX) decrypts the encrypted shared keys (KEY) included in the received encrypted shared key bunch (KEYT) according to the reception-side identification information IDrx created from the information on the physical feature presented by the user and thereby reproduces the shared key (WEP). With this, the same shared key (WEP) as the access point side device and the station side device is set, and the user can easily perform LAN setting.

Description

明 細 書  Specification
LANシステム、 LAN設定装置及び LAN設定方法  LAN system, LAN setting device and LAN setting method
技術分野  Technical field
[0001] 本発明は、複数の機器間で情報を暗号ィ匕して通信する LANシステムに関し、特に 情報の暗号化と復号に必要な共有鍵等の設定情報を各機器に設定する LAN設定 装置及び LAN設定方法に関する。  TECHNICAL FIELD [0001] The present invention relates to a LAN system that encrypts and communicates information between a plurality of devices, and in particular, a LAN setting device that sets setting information such as a shared key necessary for encryption and decryption of information in each device. And LAN setting method.
背景技術  Background art
[0002] 近年、複数台のコンピュータやプリンタ等の機器を通信可能に接続し、利便性の高 いネットワークを実現するローカルエリアネットワーク(Local Area Network: LAN)が 普及している。また、主流であったオフィス機器を対象とした LANのみならず、ォー ディォ機器やビデオ機器等のオフィス機器以外の機器をネットワーク接続することが 可能な LANへと発展しつつある。  In recent years, a local area network (LAN) that connects a plurality of computers, printers, and other devices so as to be communicable and realizes a highly convenient network has become widespread. In addition to LANs for mainstream office equipment, it is developing into a LAN that can connect devices other than office equipment such as audio equipment and video equipment to the network.
[0003] こうした LANの普及に伴い、ユーザーにとって利便性が高く且つセキュア(Secure) な LAN環境を確保することができる技術が必要となってきており、例えば特許文献 1 に提案されたものがある。  [0003] With the widespread use of such LANs, there is a need for technology that can secure a secure LAN environment that is convenient and secure for users. For example, there has been proposed in Patent Document 1 .
[0004] この特許文献 1の技術では、特定の管理者のみが所定の記録媒体 (メモリカード等 )を管理することとし、無線 LANによってアクセスポイントと端末側の機器とをネットヮ ーク接続する際、次のような操作を行うこととしている。  [0004] In the technique of Patent Document 1, only a specific administrator manages a predetermined recording medium (memory card or the like), and when an access point and a device on the terminal side are connected via a network via a wireless LAN. The following operations are to be performed.
[0005] まず、図 1 (a)に模式的に示すように、管理者がアクセスポイントとしての親機器 (パ ソコン等)に設けられているスロットに記録媒体を装着し、キーボード入力やマウス操 作によって、文字や記号力もなるパスワード (識別情報)を入力すると、アクセスポイン トがそのパスワードに基づいて共有鍵である WEP (Wired Equivalent Privicy)キー等 の設定情報を自動生成し、内部情報として保存すると共に、記録媒体にも記憶させ る。  [0005] First, as schematically shown in Fig. 1 (a), an administrator attaches a recording medium to a slot provided in a parent device (such as a personal computer) as an access point, and performs keyboard input and mouse operation. When you enter a password (identification information) that also has characters and symbolic power, the access point automatically generates setting information such as a WEP (Wired Equivalent Privicy) key that is a shared key based on the password and saves it as internal information At the same time, it is stored in a recording medium.
[0006] 次に、図 1 (b)に示すように、管理者がその記録媒体をアクセスポイントから取り出し て、端末側の機器のスロットに装着すると、その機器が自動的に記録媒体力 WEP キー等の設定情報を読み取って内部情報として保存する。 [0007] このように、管理者が記録媒体をアクセスポイントに装着してパスワードを入力した 後、その記録媒体を端末側の機器に装着すると、共有鍵である WEPキー等の設定 情報がアクセスポイントと機器との両方に設定されることとなるため、共通の WEPキー 等を用いてアクセスポイントと機器との間で暗号ィ匕通信を行えるようになる。 [0006] Next, as shown in Fig. 1 (b), when the administrator removes the recording medium from the access point and inserts it into the slot of the terminal device, the device automatically records the recording medium force WEP key. Is read and saved as internal information. [0007] As described above, when the administrator inserts the recording medium into the access point and inputs the password, and then attaches the recording medium to the terminal device, the setting information such as the WEP key that is the shared key is stored in the access point. Therefore, encryption communication can be performed between the access point and the device using a common WEP key.
[0008] 力かる従来の技術によれば、管理者等が記録媒体を利用して簡易にアクセスボイ ントと端末側の機器との間を LAN設定することができ、また、特定の管理者のみが記 録媒体を適正に管理することでセキュリティの確保を図ることができるとされている。  [0008] According to the conventional technology that can be used, an administrator or the like can easily set up a LAN between an access point and a terminal device using a recording medium, and only a specific administrator can However, it is said that security can be ensured by appropriately managing the recording media.
[0009] 特許文献 1 :特開 2005— 191989号公報  Patent Document 1: Japanese Patent Application Laid-Open No. 2005-191989
発明の開示  Disclosure of the invention
発明が解決しょうとする課題  Problems to be solved by the invention
[0010] ところが、上記従来の技術では、特定の管理者のみが記録媒体を管理し、更に、管 理者のみがアクセスポイントと端末側の機器との間の LAN設定を行う必要があるため[0010] However, in the above conventional technique, only a specific administrator needs to manage the recording medium, and furthermore, only the administrator needs to perform LAN setting between the access point and the device on the terminal side.
、他の LANユーザーにとつて不便となる等の問題がある。 There are problems such as inconvenience for other LAN users.
[0011] 例えば、限られた宅内でオーディオ機器やビデオ機器等の機器をネットワーク接続 し、家族人だけが利用する家庭内 LAN等の場合、家族人の特定者だけが管理者と なって記録媒体を管理したのでは、家族人の誰もが LAN設定を行うことができな ヽ ため、記録媒体を管理する特定者にとっても不便であるし、残りの家族人にとっても 不便である。 [0011] For example, in the case of a home LAN that is used only by family members when devices such as audio devices and video devices are connected to a network in a limited house, only a specific family member becomes an administrator and becomes a recording medium. Since no one in the family can set up the LAN, it is inconvenient for the specific person who manages the recording medium, and inconvenient for the rest of the family.
[0012] より具体的な事例を述べれば、記録媒体を管理して!/、な 、家族人が、新たな機器 を増設しょうとした場合、自ら LAN設定をすることができないため不便である。  [0012] To give a more specific example, it is inconvenient if a family member tries to add a new device by managing the recording media!
[0013] また、家族人以外の第三者への秘密漏洩等を防止するために、管理者以外の家 族人が、共有鍵等の設定情報を適宜更新しょうとしても簡単に設定操作をすることが できないため不便である。  [0013] In addition, in order to prevent secret leaks to third parties other than family members, family members other than the administrator can easily perform setting operations even if they try to update the setting information such as shared keys as appropriate. It is inconvenient because you cannot.
[0014] また、アクセスポイントを経由してオーディオ機器やビデオ機器等の機器間で暗号 化通信を行おうとする場合に、管理者に限らず各家族人がその機器に、例えばリモ コン等を操作して識別情報としてパスワードを入力する必要があるが、パスワードを忘 れてしまった場合には所望の操作ができなくなり、アクセスポイントと機器と間を LAN 設定し直さなければならないことから不便である。 [0015] また、文字や記号力もなるパスワードを入力して共有鍵等の設定や更新を行うこと はユーザーにとって煩雑な作業であり、良好な操作性が得られないという問題がある [0014] Also, when performing encrypted communication between devices such as audio devices and video devices via an access point, not only the administrator but also each family member operates the device, for example, a remote control It is necessary to enter the password as identification information, but if the password is forgotten, the desired operation cannot be performed and it is inconvenient because the LAN between the access point and the device must be set again. . [0015] In addition, it is troublesome for the user to input and set a shared key or the like by inputting a password having characters and symbol power, and there is a problem that good operability cannot be obtained.
[0016] 本発明はこうした従来の問題に鑑みてなされたものであり、より簡単に LAN設定を 行うことができると共にセキュリティの確保を図ることができる LANシステムと LAN設 定装置と LAN設定方法を提供することを目的とする。 [0016] The present invention has been made in view of such a conventional problem, and provides a LAN system, a LAN setting device, and a LAN setting method capable of more easily performing LAN settings and ensuring security. The purpose is to provide.
課題を解決するための手段  Means for solving the problem
[0017] 請求項 1に記載の発明は、送信側 LAN手段を備える 1以上の機器と、受信側 LAN 設定手段を備える 1以上の機器とを有線又は無線により接続されることで構成される [0017] The invention described in claim 1 is configured by connecting one or more devices including a transmission-side LAN unit and one or more devices including a reception-side LAN setting unit by wire or wirelessly.
LANシステムであって、前記送信側 LAN設定手段は、共有鍵を生成する共有鍵生 成手段と、 1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報 から送信側識別情報を生成する送信側固有情報入力手段と、前記送信側識別情報 により前記共有鍵を暗号ィ匕することで暗号ィ匕共有鍵を生成し、生成した 1以上の前 記暗号ィ匕共有鍵を構成要素とする暗号ィ匕共有鍵束を生成する暗号ィ匕共有鍵束生 成手段と、前記暗号化共有鍵束を、前記受信側 LAN設定手段を備える 1以上の機 器に対して送信する送信手段とを有し、前記受信側 LAN設定手段は、 1以上の各ュ 一ザ一の身体的特徴を固有情報として検出し、該固有情報から受信側識別情報を 生成する受信側固有情報入力手段と、前記送信側 LAN設定手段を備える機器の 前記送信手段から送信されてくる前記暗号化共有鍵束を受信する受信手段と、前記 受信手段で受信された前記暗号化共有鍵束に含まれている 1以上の前記暗号化共 有鍵を前記受信側識別情報により復号することにより、前記送信側 LAN設定手段を 備える 1以上の機器で生成された前記共有鍵を再生する共有鍵解読手段とを有する こと、を特徴とする。 In the LAN system, the transmission-side LAN setting means detects shared key generation means for generating a shared key, and physical characteristics of one or more users as unique information, and transmits the transmission-side identification information from the unique information. A transmission side unique information input means for generating the encryption key and the transmission side identification information to encrypt the shared key to generate an encryption key and configure the generated one or more encryption key sharing keys Cryptographic key sharing key generation means for generating a cryptographic key sharing key ring as an element, and transmission for transmitting the encrypted shared key ring to one or more devices comprising the receiving LAN setting means The receiving side LAN setting means detects the physical characteristics of one or more users as unique information, and generates receiving side identification information from the unique information. And the transmitter of the device comprising the transmission side LAN setting means Receiving means for receiving the encrypted shared key ring transmitted from the receiver, and one or more encrypted shared keys included in the encrypted shared key ring received by the receiving means for identifying the receiving side And a shared key decrypting unit that reproduces the shared key generated by one or more devices including the transmission side LAN setting unit by decrypting with information.
[0018] 請求項 3に記載の発明は、有線又は無線 LANシステムを構築する複数の機器に 設けられる LAN設定装置であって、共有鍵を生成する共有鍵生成手段と、 1以上の 各ユーザーの身体的特徴を固有情報として検出し、該固有情報から送信側識別情 報を生成する送信側固有情報入力手段と、前記送信側識別情報により前記共有鍵 を暗号化することで暗号化共有鍵を生成し、生成した 1以上の前記暗号化共有鍵を 構成要素とする暗号化共有鍵束を生成する暗号化共有鍵束生成手段と、前記暗号 化共有鍵束を、受信側の機器に対して送信する送信手段と、を有することを特徴とす る。 [0018] The invention described in claim 3 is a LAN setting device provided in a plurality of devices for constructing a wired or wireless LAN system, and includes a shared key generating means for generating a shared key, and one or more users A transmitting-side unique information input unit that detects physical characteristics as unique information and generates transmitting-side identification information from the unique information, and encrypts the shared key with the transmitting-side identification information to obtain an encrypted shared key. Generate one or more generated encrypted shared keys An encrypted shared key ring generating unit that generates an encrypted shared key ring as a constituent element, and a transmitting unit that transmits the encrypted shared key ring to a device on the receiving side. .
[0019] 請求項 5に記載の発明は、有線又は無線 LANシステムを構築する複数の機器に 設けられる LAN設定装置であって、 1以上の各ユーザーの身体的特徴を固有情報 として検出し、該固有情報から受信側識別情報を生成する受信側固有情報入力手 段と、他の機器から送信されてくる暗号化共有鍵束を受信する受信手段と、前記受 信手段で受信された前記暗号化共有鍵束に含まれている 1以上の前記暗号化共有 鍵を前記受信側識別情報により復号することにより、前記他の機器で生成された共 有鍵を再生する共有鍵解読手段とを有することを特徴とする。  [0019] The invention according to claim 5 is a LAN setting device provided in a plurality of devices that construct a wired or wireless LAN system, and detects physical characteristics of one or more users as unique information, Receiving-side unique information input means for generating receiving-side identification information from unique information; receiving means for receiving an encrypted shared key bundle transmitted from another device; and the encryption received by the receiving means Shared key decryption means for reproducing the shared key generated by the other device by decrypting one or more of the encrypted shared keys included in the shared key ring with the receiving side identification information It is characterized by.
[0020] 請求項 6に記載の発明は、送信側 LAN設定手段を備える 1以上の機器と、受信側 [0020] The invention according to claim 6 includes at least one device including a transmission-side LAN setting means, and a reception side.
LAN設定手段を備える 1以上の機器とを有線又は無線により接続されることで構成 される LANシステムにおける LAN設定方法であって、前記送信側 LAN設定手段に は、共有鍵を生成する共有鍵生成工程と、 1以上の各ユーザーの身体的特徴を固有 情報として検出し、該固有情報力 送信側識別情報を生成する送信側固有情報入 力工程と、前記送信側識別情報により前記共有鍵を暗号化することで暗号化共有鍵 を生成し、生成した 1以上の前記暗号化共有鍵を構成要素とする暗号化共有鍵束を 生成する暗号化共有鍵束生成工程と、前記暗号化共有鍵束を受信側の機器に対し て送信する送信工程とが備えられ、前記受信側 LAN設定手段には、 1以上の各ュ 一ザ一の身体的特徴を固有情報として検出し、該固有情報から受信側識別情報を 生成する受信側固有情報入力工程と、送信側の機器から送信されてくる前記暗号化 共有鍵束を受信する受信工程と、前記受信工程で受信した前記暗号化共有鍵束に 含まれている 1以上の前記暗号化共有鍵を前記受信側識別情報により復号すること により、前記送信側の機器で生成された前記共有鍵を再生する共有鍵解読工程とが 備えられることを特徴とする。 A LAN setting method in a LAN system configured by connecting one or more devices having a LAN setting means by wire or wirelessly, wherein the transmitting side LAN setting means generates a shared key for generating a shared key. A step of detecting the physical characteristics of each of the one or more users as unique information, generating the unique information power transmitting side identification information, and encrypting the shared key by the transmitting side identification information. Generating an encrypted shared key, generating an encrypted shared key bundle having one or more of the generated encrypted shared keys as components, and the encrypted shared key bundle Transmitting to the receiving device, and the receiving LAN setting means detects physical characteristics of one or more users as unique information and receives from the unique information. Side identification information is generated. An information input step, a reception step of receiving the encrypted shared key ring transmitted from the device on the transmission side, and one or more of the ciphers included in the encrypted shared key ring received in the reception step And a shared key decrypting step of reproducing the shared key generated by the device on the transmitting side by decrypting the encrypted shared key with the receiving side identification information.
[0021] 請求項 7に記載の発明は、有線又は無線 LANシステムを構築する複数の機器を L AN設定する LAN設定方法であって、 1以上の各ユーザーの身体的特徴を固有情 報として検出し、該固有情報力 送信側識別情報を生成する送信側固有情報入力 工程と、前記送信側識別情報により前記共有鍵を暗号化することで暗号化共有鍵を 生成し、生成した 1以上の前記暗号化共有鍵を構成要素とする暗号化共有鍵束を生 成する暗号化共有鍵束生成工程と、前記暗号化共有鍵束を受信側の機器に対して 送信する送信工程とを有すること、を特徴とする。 [0021] The invention described in claim 7 is a LAN setting method for setting a plurality of devices that construct a wired or wireless LAN system, and detects physical characteristics of one or more users as specific information. And transmitting side unique information input for generating the transmitting side identification information. Generating an encrypted shared key by encrypting the shared key using the transmitting side identification information and generating one or more generated encrypted shared keys as a constituent element An encrypted shared key bundle generating step; and a transmitting step of transmitting the encrypted shared key bundle to a receiving device.
[0022] 請求項 8に記載の発明は、有線又は無線 LANシステムを構築する複数の機器を L AN設定する LAN設定方法であって、 1以上の各ユーザーの身体的特徴を固有情 報として検出し、該固有情報から受信側識別情報を生成する受信側固有情報入力 工程と、他の機器から送信されてくる暗号化共有鍵束を受信する受信工程と、前記 受信工程で受信した前記暗号化共有鍵束に含まれている 1以上の暗号化共有鍵を 前記受信側識別情報により復号することにより、前記他の機器で生成された共有鍵 を再生する共有鍵解読工程とを有すること、を特徴とする。  [0022] The invention according to claim 8 is a LAN setting method for setting a plurality of devices for constructing a wired or wireless LAN system, and detects physical characteristics of one or more users as specific information. A receiving-side unique information input step for generating receiving-side identification information from the unique information, a receiving step for receiving an encrypted shared key bundle transmitted from another device, and the encryption received in the receiving step. Having a shared key decryption step of reproducing the shared key generated by the other device by decrypting one or more encrypted shared keys included in the shared key ring with the receiving side identification information. Features.
図面の簡単な説明  Brief Description of Drawings
[0023] [図 1]従来の LANシステムの構成を概説するための説明図である。 [0023] FIG. 1 is an explanatory diagram for outlining the configuration of a conventional LAN system.
[図 2]本発明の実施の形態に係る LANシステムの構成を概説するための説明図であ る。  FIG. 2 is an explanatory diagram outlining the configuration of the LAN system according to the embodiment of the present invention.
[図 3]本発明の実施の形態に係る送信側 LAN設定装置と受信側 LAN設定装置の 構成を表したブロック図である。  FIG. 3 is a block diagram showing configurations of a transmission side LAN setting device and a reception side LAN setting device according to an embodiment of the present invention.
圆 4]実施例に係る送信側 LAN設定装置と受信側 LAN設定装置の構成を表したブ ロック図である。  圆 4] It is a block diagram showing the configuration of the transmission side LAN setting device and the reception side LAN setting device according to the embodiment.
[図 5]図 4に示した送信側 LAN設定装置と受信側 LAN設定装置の動作例を説明す るためのフローチャートである。  FIG. 5 is a flowchart for explaining an operation example of the transmission side LAN setting device and the reception side LAN setting device shown in FIG. 4.
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0024] 本発明の好適な実施形態について図 2及び図 3を参照して説明する。 A preferred embodiment of the present invention will be described with reference to FIGS. 2 and 3.
まず、図 2を参照して、本実施形態における LANシステムの概要について説明す る。  First, an overview of the LAN system in this embodiment will be described with reference to FIG.
[0025] 図 2において、この LANシステム 1では、有線 LAN又は無線 LANによる通信機能 を有する例えばパーソナルコンピュータ 2、テレビジョン放送を受信するチューナ 3、 プリンタ 4、 DVD (Digital Versatile Disk)やハードディスク等のストレージ媒体に録音 や録画等を行う記録再生装置 5, 6等々の複数の機器間で有線 LAN又は無線 LAN を構築することが可能となって 、る。 In FIG. 2, the LAN system 1 includes a personal computer 2 having a communication function using a wired LAN or a wireless LAN, a tuner 3 that receives a television broadcast, a printer 4, a DVD (Digital Versatile Disk), a hard disk, and the like. Record on storage media It is possible to construct a wired LAN or wireless LAN between multiple devices such as recording and playback devices 5 and 6 that perform video recording and the like.
[0026] 無線 LANシステムとした場合には、無線 LANシステムを構成する機器の内の少な くとも一つをアクセスポイントもしくは無線通信制御のマスター機器として動作させ、残 りの機器を端末側の機器 (ステーション)として機能させることが可能であり、更に、 IE EE802.11準拠の無線 LAN、 IEEE802.15準拠の無線 PAN(Personal Area Network), UWB(Ultra-WideBand) , Bluetoothやその他、無線を介して複数の機器をネットヮー ク接続することが可能である。  [0026] In the case of a wireless LAN system, at least one of the devices constituting the wireless LAN system is operated as an access point or a master device for wireless communication control, and the remaining devices are used as devices on the terminal side. It is possible to function as a (station). Multiple devices can be connected to the network.
[0027] また、有線 LANシステムとした場合にも、有線 LANシステムを構成する機器の内 の少なくとも一つを通信制御のマスター機器として動作させることが可能であり、ィー サネットで接続された LANシステム、電力線で接続された LANシステム、アンテナ同 軸線で接続された LANシステムやその他、有線接続を介して複数の機器をネットヮ ーク接続することが可能である。  [0027] Also, in the case of a wired LAN system, it is possible to operate at least one of the devices constituting the wired LAN system as a master device for communication control, and a LAN connected via Ethernet. Multiple devices can be connected to the network via a wired connection, such as a system, a LAN system connected by a power line, a LAN system connected by an antenna coaxial line, and the like.
[0028] 各機器には、各機器の機能に応じて、図 3に示す送信側 LAN設定装置 TX又は受 信側 LAN設定装置 RXが設けられて ヽる。  Each device may be provided with a transmission side LAN setting device TX or a reception side LAN setting device RX shown in FIG. 3 according to the function of each device.
[0029] 例えば、他の機器からの情報を受信して印刷を行うプリンタ 4のような専ら受動的な 動作だけを行う機器には、少なくともステーションとしての機能を発揮させることを可 能とするため、受信側 LAN設定装置 RXが設けられている。また、専ら他の機器へ情 報を送信するチューナ 3等の機器には、送信側 LAN設定装置 TXが設けられて ヽる 。また、パーソナルコンピュータ 2や記録再生装置 5, 6等の、他の機器力も情報を受 信したり、他の機器へ情報を送信する機能を有する機器には、アクセスポイントやマ スター機器としての機能を発揮させることを可能にする送信側 LAN設定装置 TXに カロえて、受信側 LAN設定装置 RXが設けられている。また、アクセスポイントやマスタ 一機器として機能する専用機には、送信側 LAN設定装置 TXと受信側 LAN設定装 置 RXが設けられている。  [0029] For example, a device that performs only passive operations, such as the printer 4 that receives information from other devices and performs printing, can at least function as a station. A receiving side LAN setting device RX is provided. In addition, a transmitter-side LAN setting device TX is provided for devices such as tuner 3 that exclusively transmit information to other devices. In addition, devices that have the function of receiving information from other devices such as personal computers 2 and recording / reproducing devices 5 and 6 and transmitting information to other devices also function as access points and master devices. The receiving side LAN setting device RX is provided in addition to the transmitting side LAN setting device TX that makes it possible to demonstrate the above. In addition, a dedicated machine that functions as an access point or a master device is equipped with a sending LAN setting device TX and a receiving LAN setting device RX.
[0030] そして、少なくとも送信側 LAN設定装置 TXを備えた機器が、アクセスポイントもしく はマスター機器として機能することが可能となっている。  [0030] A device including at least the transmission-side LAN setting device TX can function as an access point or a master device.
[0031] ただし、こうした構成はあくまでも一例であり、各機器を製品化等する場合に送信側 LAN設定装置 TX又は受信側 LAN設定装置 RXを様々に組み合わせることが可能 であり、少なくとも送信側 LAN設定装置 TXを備えた機器をアクセスポイントもしくは マスター機器として機能させることが可能となって 、る。 [0031] However, such a configuration is merely an example, and when each device is commercialized, the transmission side The LAN setting device TX or the receiving side LAN setting device RX can be combined in various ways, and at least a device including the transmitting side LAN setting device TX can function as an access point or a master device.
[0032] 次に、図 3を参照して送信側 LAN設定装置 TXの構成を説明する。 Next, the configuration of the transmission-side LAN setting device TX will be described with reference to FIG.
[0033] 送信側 LAN設定装置 TXは、固有情報入力部 10と、共有鍵生成部 11と、暗号ィ匕 共有鍵束生成部 12と、送信部 13とを備えて構成され、後述の暗号化共有鍵束 KEY Tを有線又は無線によって、少なくとも受信側 LAN設定装置 RXが設けられステーシ ヨンとしての機能を発揮することが可能な他の機器へブロードキャスト送信する。 [0033] The transmission-side LAN setting device TX is configured to include a unique information input unit 10, a shared key generation unit 11, an encryption key sharing key bundle generation unit 12, and a transmission unit 13. The shared key bundle KEY T is broadcast or transmitted by wire or wireless to another device that is provided with at least the receiving-side LAN setting device RX and can function as a station.
[0034] ここで、固有情報入力部 (以下、「送信側固有情報入力部」と称する) 10は、ユーザ 一力ゝら提示されたその人間の身体的特徴 (例えば、指紋、虹彩、署名、顔、発話音声 等の何れかの情報)を光学的に検出あるいは音声検出する検出センサと、その検出 センサの検出出力カゝら特徴情報を抽出して識別情報 IDtxとする特徴抽出部とを備え て構成されている。 [0034] Here, the unique information input unit (hereinafter referred to as "transmitter-specific information input unit") 10 is a human physical feature (for example, fingerprint, iris, signature, A detection sensor that optically detects or detects voice (information such as a face, speech voice, etc.) and a feature extraction unit that extracts feature information from the detection output of the detection sensor and uses it as identification information IDtx Configured.
[0035] すなわち、送信側固有情報入力部 10は、人間一人一人の固有情報である身体的 特徴の情報を検出して、その検出した固有情報の特徴を所定の特徴抽出ァルゴリズ ム (別言すれば、特徴抽出演算処理)に従って抽出することにより、機器を操作した 人間一人一人を識別するための識別情報 (以下、「送信側識別情報」と称する) IDtx を生成する。また、一人のユーザーや複数のユーザーからそれらの人間の身体的特 徴が 1回以上提示 (入力)されると、送信側固有情報入力部 10は、夫々の人間の身 体的特徴が入力される毎に送信側識別情報 IDtxを生成する。  That is, the transmission side unique information input unit 10 detects physical feature information that is unique information of each person, and the feature of the detected unique information is a predetermined feature extraction algorithm (in other words, For example, identification information (hereinafter referred to as “transmission side identification information”) IDtx for identifying each person who has operated the device is generated by performing extraction according to feature extraction calculation processing. In addition, when one or more users present (input) the physical characteristics of one or more people, the sender-specific information input unit 10 receives the physical characteristics of each human being. Each time a sender identification information IDtx is generated.
[0036] 共有鍵生成部 11は、電源投入がなされて動作可能となると乱数を発生し、その発 生した乱数をもとに共有鍵 WEPを生成する。すなわち、共有鍵生成部 11は、暗号ィ匕 部 100がいわゆる平文を暗号文に暗号化するための「暗号鍵」と、その暗号文を他の 機器が受信して復号するための「復号鍵」として利用される共有鍵 WEPを生成する。 なお、発生した乱数をそのまま共有鍵 WEPとしてもよいし、所定アルゴリズムに基づ Vヽて乱数を加工処理することで共有鍵 WEPを生成してもよ ヽ。  [0036] Shared key generation unit 11 generates a random number when the power is turned on and becomes operable, and generates a shared key WEP based on the generated random number. That is, the shared key generation unit 11 includes an “encryption key” for the encryption unit 100 to encrypt a so-called plaintext into a ciphertext and a “decryption key” for the other device to receive and decrypt the ciphertext. The shared key WEP used as The generated random number may be used as it is as the shared key WEP, or the shared key WEP may be generated by processing the random number based on a predetermined algorithm.
[0037] 暗号化共有鍵束生成部 12は、共有鍵生成部 11で生成された共有鍵 WEPを、送 信側固有情報入力部 10で生成された送信側識別情報 IDtxによって暗号ィ匕すること で、今までに生成された送信側識別情報 IDtxの個数分に相当する暗号ィ匕共有鍵 K EYを生成し、それら生成した暗号ィ匕共有鍵 KEYの集合を電子的な鍵束である暗号 化共有鍵束 KEYTとする。 [0037] The encrypted shared key ring generation unit 12 encrypts the shared key WEP generated by the shared key generation unit 11 with the transmission side identification information IDtx generated by the transmission side unique information input unit 10. Thus, the encryption key KEY corresponding to the number of sender identification information IDtx generated so far is generated, and the set of the generated encryption key KEY is an electronic key ring. Shared key ring KEYT.
[0038] つまり、一人のユーザーや複数のユーザーからそれらの身体的特徴が 1回以上提 示 (入力)され、送信側固有情報入力部 10においてその提示された個数分だけの送 信側識別情報 IDtxが生成された場合には、暗号化共有鍵束生成部 12は、共有鍵 生成部 11で生成された共有鍵 WEPを、それらの各送信側識別情報 IDtxによって暗 号化することで、上述の個数分の暗号化共有鍵 KEYを生成し、暗号化共有鍵束 KE YTの構成要素として増やして 、く。  [0038] That is, the physical characteristics of one or more users are presented (input) one or more times, and the sender-side identification information corresponding to the number of pieces presented in the sender-specific information input unit 10 is provided. When IDtx is generated, the encrypted shared key bundle generation unit 12 encrypts the shared key WEP generated by the shared key generation unit 11 with each of the transmission side identification information IDtx, thereby Generate as many encrypted shared keys KEY as possible and increase it as a component of the encrypted shared key bundle KE YT.
[0039] 例えば、送信側固有情報入力部 10が、一人のユーザー(a)力も初回に提示された 身体的特徴に基づ ヽて送信側識別情報 IDtxa(l)を生成すると、暗号化共有鍵束生 成部 12は、共有鍵生成部 11で生成された共有鍵 WEPを送信側識別情報 IDtxa(l) により暗号ィ匕することで暗号ィ匕共有鍵 KEYa(l)を生成し、その 1個の暗号化共有鍵 KEYa(l)を暗号ィ匕共有鍵束 KEYTの構成要素とする。次に、送信側固有情報入力 部 10が、同じユーザー (a)から 2回目に提示された身体的特徴に基づいて送信側識 別情報 IDtxa(2)を生成すると、暗号化共有鍵束生成部 12は、更に共有鍵 WEPを送 信側識別情報 IDtxa(2)によって暗号ィ匕することで暗号ィ匕共有鍵 KEYa(2)を生成し、 暗号ィ匕共有鍵束 KEYTの構成要素を既存の暗号ィ匕共有鍵 KEYa(l)と新たな暗号 化共有鍵 KEYa(2)との 2個に増やす。そして、同じユーザー(a)から 3回目以上の提 示がなされた場合にも、その提示がなされる毎に新たな暗号ィ匕共有鍵束を生成して 暗号ィ匕共有鍵束 KEYTに追加し増やして 、く。 [0039] For example, when the transmission-side unique information input unit 10 generates the transmission-side identification information IDtxa (l) based on the physical characteristics that one user ( a ) is also presented for the first time, the encrypted shared key The bundle generation unit 12 generates the encryption key shared key KEYa (l) by encrypting the shared key WEP generated by the shared key generation unit 11 with the transmission side identification information IDtxa (l). A single encryption shared key KEYa (l) is a component of the encryption key KEYT. Next, when the transmission-side unique information input unit 10 generates the transmission-side identification information IDtxa (2) based on the physical characteristics presented for the second time by the same user (a), the encrypted shared key ring generation unit 12 further generates the encryption key shared key KEYa (2) by encrypting the shared key WEP with the sender identification information IDtxa (2), and the components of the encryption key shared key bundle KEYT are The number of encryption keys is increased to two, the shared key KEYa (l) and the new encrypted shared key KEYa (2). Even when the same user (a) makes a third or more presentation, a new encryption key ring is generated and added to the key key KEYT each time the user is presented. Increase it.
[0040] また、一人のユーザー (a)に関連する送信側識別情報 IDtxと共有鍵 WEPと暗号ィ匕 共有鍵 KEYと暗号ィ匕共有鍵束 KEYTとの関係にっ ヽて説明した力 複数人のユー ザ一 (a) , (b) , (c)等に関連する送信側識別情報 IDtxと共有鍵 WEPと暗号ィ匕共有 鍵 KEYと暗号ィ匕共有鍵束 KEYTについても同様に生成される。 [0040] In addition, the transmission side identification information IDtx, shared key WEP, encryption key shared key KEY, and encryption key shared key ring KEYT related to one user ( a ). User IDs of (a), (b), (c), etc. Sender side identification information IDtx, shared key WEP, encryption key shared key KEY, and encryption key shared key ring KEYT are generated in the same way .
[0041] つまり、例えば複数のユーザー(a) , (b) , (c)から夫々任意のときに提示された身 体的特徴に基づいて、送信側固有情報入力部 10が送信側識別情報 IDtxa(l)〜IDt xa(n), IDtxb(l)〜IDtxb(m), IDtxc(l)〜IDtxc(k)を次第に生成すると、暗号化共有鍵 束生成部 12は、共有鍵生成部 11で生成された共有鍵 WEPを、それらの各送信側 識別情報 IDtxa(l)〜IDtxa(n), IDtxb(l)〜IDtxb(m), IDtxc(l)〜IDtxc(k)に基づ!/、て 暗号化することで暗号化共有鍵 KEYa(l)〜KEYa(n), KEYb(l)〜KEYb(m), KEY c(l)〜KEYc(k)を生成し、暗号化共有鍵束 KEYTの構成要素として増やしていく。こ のように、暗号化共有鍵束生成部 12は、送信側識別情報 IDtxが増えるのに従って、 暗号ィ匕共有鍵束 KEYTの構成要素である暗号ィ匕共有鍵 KEYを増やしていく。 That is, for example, based on the physical characteristics presented at any time by a plurality of users (a), (b), (c), the transmission side unique information input unit 10 transmits the transmission side identification information IDtxa (l) to IDt xa (n), IDtxb (l) to IDtxb (m), IDtxc (l) to IDtxc (k) The bundle generation unit 12 converts the shared key WEP generated by the shared key generation unit 11 into identification information IDtxa (l) to IDtxa (n), IDtxb (l) to IDtxb (m), IDtxc (l ) ~ IDtxc (k) based on! /, And encrypted to encrypt encrypted shared keys KEYa (l) to KEYa (n), KEYb (l) to KEYb (m), KEY c (l) to KEYc ( k) is generated and increased as a component of the encrypted shared key ring KEYT. In this way, the encrypted shared key ring generation unit 12 increases the encryption key shared key KEY that is a constituent element of the encrypted key shared key bundle KEYT as the transmission side identification information IDtx increases.
[0042] 送信部 13は、他の 1つ又は複数の機器に設けられている夫々の受信側 LAN設定 装置 RX内の受信部 21と、有線又は無線によって通信を行う通信機能を有し、有線 接続された場合 (有線 LANの場合)には、暗号ィ匕共有鍵束 KEYTをブロードキャスト パケットとしてブロードキャスト送信 (すなわち、受信側 LAN設定装置 RXが設けられ ている機器に対して広く配信)し、無線により接続された場合 (無線 LANの場合)に は、暗号ィ匕共有鍵束 KEYTをビーコンに載せてブロードキャスト送信する。  [0042] The transmission unit 13 has a communication function for performing wired or wireless communication with the reception unit 21 in each reception-side LAN setting device RX provided in one or more other devices. When connected (in the case of wired LAN), the encryption key shared key ring KEYT is broadcasted as a broadcast packet (that is, widely distributed to devices equipped with the receiving LAN setting device RX) and wirelessly transmitted. When connected by (in the case of wireless LAN), the encrypted key-sharing KEYT is broadcast on the beacon.
[0043] 次に、受信側 LAN設定装置 RXの構成について説明する。  [0043] Next, the configuration of the receiving-side LAN setting device RX will be described.
受信側 LAN設定装置 RXは、固有情報入力部 20と、受信部 21と、共有鍵解読部 2 2とを備えて構成されている。  The reception-side LAN setting device RX includes a unique information input unit 20, a reception unit 21, and a shared key decryption unit 22.
[0044] 固有情報入力部 (以下、「受信側固有情報入力部」と称する) 20は、上述した送信 側 LAN設定装置 TXに設けられている送信側固有情報入力部 10と同様に、ユーザ 一から提示されたその人間の身体的特徴を検出する検出センサと、その検出センサ の検出出力から特徴情報を抽出して識別情報 (以下、「受信側識別情報」と称する) I Drxとする特徴抽出部を備えて構成されている。つまり、受信側固有情報入力部 20 も、送信側固有情報入力部 10と同様に、人間一人一人の固有情報である身体的特 徴の情報を検出して、その検出した固有情報の特徴を、所定の特徴抽出ァルゴリズ ムに従って抽出することにより、機器を操作した人間を一人一人識別するための受信 側識別情報 IDrxを生成する。  [0044] The unique information input unit (hereinafter referred to as "reception-side unique information input unit") 20 is similar to the transmission-side unique information input unit 10 provided in the transmission-side LAN setting device TX described above. The detection sensor that detects the human physical feature presented from and the feature information extracted from the detection output of the detection sensor to identify the identification information (hereinafter referred to as "reception side identification information") I Drx feature extraction It is comprised with the part. That is, the receiving side unique information input unit 20 also detects the physical characteristic information that is unique information of each person, and, similarly to the transmitting side unique information input unit 10, Receiving side identification information IDrx for identifying each person who has operated the device is generated by extracting according to a predetermined feature extraction algorithm.
[0045] そして、ユーザーが、受信側 LAN設定装置 RXが設けられて 、る機器を、アクセス ポイントやマスター機器側の機器と LAN接続して使用しょうとした場合に、固有情報 入力部 20に指紋や虹彩等の身体的特徴の情報を入力することで、受信側識別情報 IDrxが生成される。 [0046] 受信部 21は、アクセスポイントもしくはマスター機器としての機能を有している他の 機器に設けられている送信側 LAN設定装置 TX内の送信部 13と、有線又は無線に よって通信を行う通信機能を有している。そして、有線接続された場合 (有線 LANの 場合)には、ブロードキャストパケットとしてブロードキャスト送信されてきた暗号ィ匕共 有鍵束 KEYTを受信し、無線により接続された場合 (無線 LANの場合)には、ビーコ ンに載せて送信されてきた暗号ィ匕共有鍵束 KEYTを受信する。 [0045] Then, when the user tries to use the device provided with the receiving-side LAN setting device RX and connected to the access point or the master device side by LAN, the fingerprint is displayed on the unique information input unit 20. The receiving side identification information IDrx is generated by inputting physical feature information such as the iris and iris. [0046] The receiving unit 21 communicates with the transmitting unit 13 in the transmission side LAN setting device TX provided in another device having a function as an access point or a master device by wire or wirelessly. Has a communication function. And when wired connection (in case of wired LAN), it receives the encryption key shared key ring KEYT broadcasted as a broadcast packet, and when connected wirelessly (in case of wireless LAN) , Receive the encryption key shared key ring KEYT sent on the beacon.
[0047] 共有鍵解読部 22は、受信側固有情報入力部 20で生成された受信側識別情報 IDr Xと、受信部 21で受信された最新の暗号ィ匕共有鍵束 KEYTとを入力し、暗号化共有 鍵束 KEYTに含まれて 、る各々の暗号化共有鍵 KEYを受信側識別情報 IDrxによ つて復号することで、アクセスポイントやマスター機器となって 、る他の機器に設けら れて ヽる送信側 LAN設定装置 TX内の共有鍵生成部 11で生成された共有鍵 WEP と同じ共有鍵 WEPを再生する。  [0047] The shared key decryption unit 22 inputs the reception side identification information IDr X generated by the reception side unique information input unit 20 and the latest encryption key shared key ring KEYT received by the reception unit 21. The encrypted shared key ring KEYT contains each encrypted shared key KEY with the receiving side identification information IDrx, so that it can be installed on other devices that become access points and master devices. The transmitting side LAN setting device reproduces the same shared key WEP as the shared key WEP generated by the shared key generation unit 11 in the TX.
[0048] つまり、上述したように、ユーザーが受信側 LAN設定装置 RXが設けられている機 器を、アクセスポイントやマスター機器側の機器と LAN接続して使用しようと欲して固 有情報入力部 20に身体的特徴の情報を入力し、その身体的特徴の情報に基づい て生成された受信側識別情報 IDrxと同じ送信側識別情報 IDtxによって暗号化され て 、る暗号ィ匕共有鍵 KEYが暗号ィ匕共有鍵束 KEYTに含まれて 、る場合に、共有鍵 解読部 22は、その暗号化共有鍵 KEYを受信側識別情報 IDrxに基づ ヽて復号する ことで、アクセスポイントやマスター機器となって 、る機器に設定されて 、る共有鍵 W EPと同じ共有鍵 WEPを適正に復号する。そして、その共有鍵 WEPを、当該受信側 LAN設定装置 RXが設けられて 、る機器内の復号部 200に供給することで、ァクセ スポイントやマスター機器となっている機器力 送信されてきた暗号文を平文に復号 でさるよう〖こする。  In other words, as described above, the unique information input unit in which the user desires to use the device provided with the receiving-side LAN setting device RX by connecting to the access point or the master device side LAN. The physical feature information is input to 20 and the encrypted identification key KEY is encrypted by the same transmission side identification information IDtx as the reception side identification information IDrx generated based on the physical feature information. If the key is included in the shared key ring KEYT, the shared key decryption unit 22 decrypts the encrypted shared key KEY based on the receiving side identification information IDrx, so that it can be Therefore, the same shared key WEP as the shared key WEP set in the device is properly decrypted. Then, by supplying the shared key WEP to the decryption unit 200 in the device provided with the receiving LAN setting device RX, the encryption that has been transmitted as the access point or the master device is transmitted. Try to decrypt the sentence into plaintext.
[0049] 以上に説明した構成を有する本実施形態の送信側 LAN設定装置 TX又は受信側 LAN設定装置 RXを備えた複数の機器を有線又は無線によって LAN接続すると、 ユーザーは、送信側 LAN設定装置 TXが設けられている所望の機器を選択して、該 送信側 LAN設定装置 TXに設けられている送信側固有情報入力部 10に 1以上の身 体的特徴の情報 (別言すれば、固有情報)を入力するだけで、共有鍵 WEPが暗号 化された暗号ィ匕共有鍵 KEYの束である暗号ィ匕共有鍵束 KEYTを他の機器に対して 送信させることができ、更に、そのユーザーが、受信側 LAN設定装置 RXが設けられ て ヽる所望の機器を選択して、該受信側 LAN設定装置 RXに設けられて ヽる受信側 固有情報入力部 20に、上述の送信側 LAN設定装置 TXに設けられて ヽる送信側固 有情報入力部 10に入力したのと同じ身体的特徴の情報 (つまり、固有情報)を少なく とも 1つ入力するだけで、暗号ィ匕共有鍵 KEYを復号させて、共有鍵 WEPを設定させ ることがでさる。 [0049] When a plurality of devices including the transmission-side LAN setting device TX or the reception-side LAN setting device RX of the present embodiment having the above-described configuration are connected to each other by a wired or wireless LAN, the user can send the transmission-side LAN setting device. Select a desired device equipped with TX, and send information on one or more physical features (in other words, unique to the sending side LAN setting device TX to the sending side unique information input unit 10 Just enter (Information) and the shared key WEP is encrypted. It is possible to send the encrypted key-shared key bundle KEYT, which is a bundle of the encrypted key-shared key KEY, to another device, and the user is provided with the receiving side LAN setting device RX. To the receiving side unique information input unit 20 provided in the receiving side LAN setting device RX, and the transmitting side specific information provided in the transmitting side LAN setting device TX described above. It is possible to set the shared key WEP by decrypting the encryption key KEY by simply inputting at least one piece of physical characteristic information (that is, unique information) that is input to the input unit 10. I'll do it.
[0050] つまり、一人又は複数人の各ユーザーが、アクセスポイントやマスター機器とすべき 機器内に設けられている送信側 LAN設定装置 TXに対して、少なくとも 1つ以上の身 体的特徴の情報を入力すると、その入力した身体的特徴の情報の個数分に相当す る暗号ィ匕共有鍵 KEYの集合カゝら成る暗号ィ匕共有鍵束 KEYTが、受信側 LAN設定 装置 RXを備えたステーション側の機器へブロードキャスト送信されるため、上述の何 れかのユーザーがアクセスポイントやマスター機器側の送信側 LAN設定装置 TXに 対して入力しておいた身体的特徴と同じ身体的特徴の情報をそのステーション側の 機器内に設けられている受信側 LAN設定装置 RXに入力するだけで、簡単に、ァク セスポイントやマスター機器側の機器とそのステーション側の機器に、同一の共有鍵 WEPを設定することができる。  [0050] In other words, information on at least one or more physical characteristics is transmitted to one or more users each of the transmission side LAN setting device TX provided in the device that should be the access point or the master device. If the key is entered, the cipher key-sharing KEYT consisting of a set of cipher key-sharing keys corresponding to the number of physical feature information that has been input is the station with the receiving LAN setting device RX. Because it is broadcasted to the other device, the same physical features information entered by any of the above-mentioned users for the access point or master device's sending LAN setting device TX is entered. By simply inputting to the receiving side LAN setting device RX provided in the station side device, it is easy to share the same access point / master device side device with the station side device. It is possible to set the WEP.
[0051] したがって、従来の技術では、ユーザーが端末側の機器 (ステーション)に対し必要 な共有鍵の設定をリモコンなどの使 、勝手の悪 、手段を用いて行わなければならず 、非常に大きな負荷となっていたのに対し、本実施形態では、簡単にアクセスポイント やマスター機器の側の機器とステーション側の機器に共通の共有鍵 WEPを設定し て暗号ィ匕通信を行うことができるため、優れた操作性を提供することができる。  [0051] Therefore, in the conventional technology, the user has to set the necessary shared key for the device (station) on the terminal side by using a remote controller or the like, and using the means, the method is very large. In contrast to the load, in this embodiment, it is possible to easily perform encrypted communication by setting a common shared key WEP for the access point or master device and the station device. Can provide excellent operability.
[0052] また、従来の技術では、アクセスポイントやマスター機器と同じ共有鍵をステーショ ン側の機器に設定する際、ユーザーが識別情報としてのノ スワードを忘れてしまった 場合、無線 LANに接続されて ヽる全ての機器に対して新たなパスワードを入力して 、共有鍵を設定し直さなければならないという問題を招来していたのに対し、本実施 形態では、アクセスポイントやマスター機器側の機器に入力しておいた少なくとも 1以 上の身体的特徴と同じ身体的特徴の情報を少なくとも 1つ入力するだけで、アクセス ポイントやマスター機器の側の機器とステーション側の機器に共通の共有鍵 WEPを 設定して暗号ィ匕通信を行うことができるため、ステーション側の機器に入力すべき身 体的特徴がどの部分であるのかを記憶しておくための負担を大幅に低減することが でき、優れた操作性を提供することができる。 [0052] Further, in the conventional technology, when setting the same shared key as the access point or master device on the station side device, if the user forgets the password as identification information, it is connected to the wireless LAN. However, in this embodiment, the devices on the access point and master device side must be re-set by entering a new password for all the devices Just enter at least one physical feature information that is the same as at least one physical feature you entered in Since the common shared key WEP can be set for the point or master device and the station device, encrypted communication can be performed, so which part of the physical characteristics to be input to the station device The burden of memorizing whether or not there is can be greatly reduced, and excellent operability can be provided.
[0053] 例えば、あるユーザーが右手の複数本の指の指紋をアクセスポイントやマスター機 器側の送信側 LAN設定装置 TXに入力した後、 、ずれの指の指紋を入力したか忘 れた場合、ステーション側の機器に少なくともいずれ力 1つ指の指紋を入力するだけ で、アクセスポイントやマスター機器側の機器に設定されて ヽる共有鍵 WEPと同じ共 有鍵 WEPをステーション側の機器に設定することができるため、 V、ずれの指の指紋 をアクセスポイントやマスター機器側の機器に入力した力、また、ステーション側の機 器に入力べき指紋はどれであるかと言ったことを覚えておく必要性が確率的に大幅 に低減されることとなる。  [0053] For example, when a user inputs fingerprints of multiple fingers on the right hand to the access point or master device side transmitter LAN setting device TX, and then forgets or forgets the fingerprints of misplaced fingers Set the same shared key WEP as the shared key WEP set in the device on the access point or master device by entering at least one fingerprint of the device on the station side. V, remember that the fingerprint of the misplaced finger was input to the access point or master device, and what fingerprint should be input to the station device The necessity will be greatly reduced probabilistically.
[0054] また、送信側 LAN設定装置 TXが設けられて ヽる機器と、受信側 LAN設定装置 R Xが設けられている機器との間の通信力 共有鍵 WEPによって成されるため、セキュ ァな LAN環境を確保することができる。  [0054] Also, since the communication power between the device provided with the transmission side LAN setting device TX and the device provided with the reception side LAN setting device RX is formed by a shared key WEP, it is secure. A LAN environment can be secured.
[0055] また、送信側 LAN設定装置 TXが設けられているアクセスポイントやマスター機器 側の機器から、受信側 LAN設定装置 RXが設けられて ヽるステーション側の機器へ 、暗号ィ匕共有鍵束 KEYTをブロードキャスト送信するので、ステーション側の機器に アクセスポイントやマスター機器側の機器と同じ共有鍵 WEPを設定させるために、ス テーシヨン側の機器に鍵交換や共有を達成するための複雑な双方向プロトコルを実 装する必要がなぐ簡素な構成とすることができる。  [0055] Further, the encryption key sharing key bundle is transferred from the access point or master device side device provided with the transmission side LAN setting device TX to the station side device provided with the reception side LAN setting device RX. Since KEYT is broadcast, the station side device has the same shared key WEP as the access point or master device side device. A simple configuration without the need to implement the protocol can be achieved.
実施例  Example
[0056] 次に、図 4及び図 5を参照して、より具体的な実施例について説明する。  Next, a more specific example will be described with reference to FIGS. 4 and 5.
図 4は、本実施例の送信側 LAN設定装置 TXと受信側 LAN設定装置 RXの構成を 表したブロック図であり、図 3と同一又は相当する部分を同一符号で示している。図 5 は、送信側 LAN設定装置 TXと受信側 LAN設定装置 RXの動作例を説明するため のフローチャートである。  FIG. 4 is a block diagram showing the configurations of the transmission-side LAN setting device TX and the reception-side LAN setting device RX of the present embodiment, and the same or corresponding parts as those in FIG. 3 are denoted by the same reference numerals. FIG. 5 is a flowchart for explaining an operation example of the transmission side LAN setting device TX and the reception side LAN setting device RX.
[0057] まず、図 4を参照して、送信側 LAN設定装置 TXと受信側 LAN設定装置 RXの使 用形態について概説する。送信側 LAN設定装置 TXは、アクセスポイントやマスター 機器としての機能を発揮させるための機器に設けられ、受信側 LAN設定装置 RXは 、少なくともステーションとしての機能を発揮させるための機器に設けられたり、また、 アクセスポイントやマスター機器としての機能を発揮させるための機器に、送信側 LA N設定装置 TXと共に設けられるようになって 、る。 First, referring to FIG. 4, the use of the transmission side LAN setting device TX and the reception side LAN setting device RX The application form is outlined. The transmission side LAN setting device TX is provided in a device for performing the function as an access point or a master device, and the reception side LAN setting device RX is provided in a device for exhibiting at least the function as a station. In addition, a device for functioning as an access point or a master device is provided together with the transmission side RAN setting device TX.
[0058] 次に、本実施例の送信側 LAN設定装置 TXの構成を説明する。 Next, the configuration of the transmission side LAN setting device TX of the present embodiment will be described.
送信側 LAN設定装置 TXは、所定のコンピュータプログラムに従って演算機能と制 御機能を発揮するプロセッサやディジタルシグナルプロセッサ (DSP)、電子回路、半 導体メモリ等によって形成されており、送信側固有情報入力部 10と、共有鍵生成部 1 1と、暗号化共有鍵生成部 12a、暗号化共有鍵束格納部 12b、送信部 13、共有鍵格 納部 14を備えて構成されている。また、暗号化共有鍵生成部 12aと暗号化共有鍵束 格納部 12bによって、図 3に示した暗号化共有鍵生成部 12に相当する構成が実現さ れている。  The transmission side LAN setting device TX is formed by a processor, a digital signal processor (DSP), an electronic circuit, a semiconductor memory, etc. that perform arithmetic and control functions according to a predetermined computer program. 10, a shared key generation unit 11, an encrypted shared key generation unit 12 a, an encrypted shared key bundle storage unit 12 b, a transmission unit 13, and a shared key storage unit 14. Further, the encrypted shared key generation unit 12a and the encrypted shared key bundle storage unit 12b realize a configuration corresponding to the encrypted shared key generation unit 12 shown in FIG.
[0059] ここで、共有鍵格納部 14は、半導体メモリ等で形成されており、電源が投入されて 動作可能となった共有鍵生成部 11で生成される乱数、すなわち最新の乱数を共有 鍵 WEPとして記憶し、暗号ィ匕共有鍵生成部 12aからの読み出し要求に従って、その 記憶しておいた最新の共有鍵 WEPを暗号ィ匕共有鍵生成部 12aに供給し、また、当 該送信側 LAN設定装置 TXが設けられている機器内の暗号ィ匕部 100からの読み出 し要求に従って、その記憶しておいた最新の共有鍵 WEPを暗号ィ匕部 100に供給す る。  Here, the shared key storage unit 14 is formed of a semiconductor memory or the like, and the random number generated by the shared key generation unit 11 that is operable when the power is turned on, that is, the latest random number is shared key. In accordance with a read request from the encryption key generation unit 12a, the latest shared key WEP stored therein is supplied to the encryption key generation unit 12a, and the transmission side LAN In accordance with a read request from the encryption key unit 100 in the device provided with the setting device TX, the latest shared key WEP stored therein is supplied to the encryption key unit 100.
[0060] 送信側固有情報入力部 10は、ユーザー力も提示されたその人間固有の身体的特 徴 (例えば、指紋、虹彩、署名、顔、発話音声等の何れかの情報)を検出する光学セ ンサゃ音声検出センサで形成されている検出センサと、その検出センサの検出出力 カゝら特徴情報を抽出して識別情報 (送信側識別情報) IDtxとする特徴抽出部を備え て構成されている。  [0060] The transmission-side specific information input unit 10 detects an optical sensor that detects the human-specific physical characteristics (for example, any information such as fingerprints, irises, signatures, faces, speech sounds, etc.) for which user power is also presented. It is configured to include a detection sensor formed by a voice detection sensor and a feature extraction unit that extracts feature information from the detection output of the detection sensor and identifies it as identification information (transmission side identification information) IDtx .
[0061] すなわち、送信側固有情報入力部 10を、指紋の情報に基づいて送信側識別情報 I Dtxを生成する構成とする場合には、指紋を光学的に検出する光学検出センサと、 その検出出力を画像処理して特徴情報を抽出する特徴抽出部とを備えて構成され ている。 That is, when the transmission side unique information input unit 10 is configured to generate the transmission side identification information IDtx based on the fingerprint information, an optical detection sensor that optically detects the fingerprint, and its detection And a feature extraction unit for extracting feature information by image processing the output. ing.
[0062] また、虹彩の情報に基づ!/、て送信側識別情報 IDtxを生成する構成とする場合には 、虹彩を光学的に検出する光学検出センサと、その検出出力を画像処理して特徴情 報を抽出する特徴抽出部とを備えて構成されている。  [0062] Further, in the case where the transmission side identification information IDtx is generated based on the iris information! /, The optical detection sensor for optically detecting the iris and the detection output thereof are subjected to image processing. And a feature extraction unit for extracting feature information.
[0063] また、署名の情報に基づ 、て送信側識別情報 IDtxを生成する構成とする場合には 、署名されたパターンを光学的に検出する光学検出センサや、署名されたパターン の筆圧を電気的に検出する検出センサと、その検出出力を画像処理やパターン認 識処理等を行うことで特徴情報を抽出する特徴抽出部とを備えて構成されている。  [0063] Further, when the transmission side identification information IDtx is generated based on the signature information, the optical detection sensor for optically detecting the signed pattern, or the writing pressure of the signed pattern And a feature extraction unit that extracts feature information by performing image processing, pattern recognition processing, and the like on the detection output.
[0064] また、顔の情報に基づ!/、て送信側識別情報 IDtxを生成する構成とする場合には、 顔を光学的に検出する光学検出センサと、その検出出力を画像処理して特徴情報 を抽出する特徴抽出部とを備えて構成されている。  [0064] Also, in the case where the transmission side identification information IDtx is generated based on the face information, the optical detection sensor that optically detects the face and the detection output are subjected to image processing. And a feature extraction unit for extracting feature information.
[0065] また、発話音声の情報に基づ!/、て送信側識別情報 IDtxを生成する構成とする場合 には、発話された音声を検出するマイクロフォン等の音声検出センサと、その検出出 力の周波数特性等を解析することで特徴抽出を行う特徴抽出部を備えて構成されて いる。  [0065] Further, in the case where the transmission side identification information IDtx is generated based on the information of the uttered voice, a voice detection sensor such as a microphone that detects the uttered voice, and its detection output It is configured to include a feature extraction unit that extracts features by analyzing the frequency characteristics and so on.
[0066] ただし、個々の人間を識別することができる情報であれば、指紋、虹彩、署名、顔、 発話音声に限らず、他の身体的特徴を検出して特徴抽出を行う構成としてもよい。  [0066] However, as long as the information can identify an individual person, not only a fingerprint, an iris, a signature, a face, and a speech voice, but also other physical features may be detected and feature extraction may be performed. .
[0067] なお、代表例として、送信側固有情報入力部 10が上述の指紋の情報に基づいて 送信側識別情報 IDtxを生成する構成となって ヽるものとして、以下説明することとす る。  As a representative example, the following description will be given on the assumption that the transmission side unique information input unit 10 generates the transmission side identification information IDtx based on the above-described fingerprint information.
[0068] 本実施例の暗号ィ匕共有鍵生成部 12aは、ユーザーが指紋を提示することによって 送信側固有情報入力部 10から送信側識別情報 IDtxが供給されると、共有鍵格納部 14に記憶されて ヽる最新の共有鍵 WEPを、その送信側識別情報 IDtxによって暗号 ィ匕することにより、暗号ィ匕共有鍵 KEYを生成して暗号ィ匕共有鍵束格納部 12bに供給 する。  [0068] When the user presents the fingerprint and the transmission side identification information IDtx is supplied from the transmission side unique information input unit 10 by the user presenting the fingerprint, the encryption key shared key generation unit 12a of the present embodiment stores the shared key storage unit 14 in the shared key storage unit 14. By encrypting the latest shared key WEP stored in memory using the transmission side identification information IDtx, an encrypted shared key KEY is generated and supplied to the encrypted shared key bundle storage unit 12b.
[0069] つまり、暗号ィ匕共有鍵生成部 12aは、ユーザーが指紋を提示する度に、最新の共 有鍵 WEPを送信側識別情報 IDtxで暗号ィ匕することで暗号ィ匕共有鍵 KEYを生成し、 暗号化共有鍵束格納部 12bに供給する。更に、既に 1つ又は複数の送信側識別情 報 IDtxが生成されて ヽると、それら各々の送信側識別情報 IDtxによって最新の共有 鍵 WEPを暗号ィ匕することにより、各々の送信側識別情報 IDtxに対応する個数分の 暗号ィ匕共有鍵 KEYを生成する。 [0069] That is, the encryption key sharing unit 12a encrypts the latest shared key WEP with the sender identification information IDtx each time the user presents a fingerprint, thereby obtaining the encryption key shared key KEY. Generated and supplied to the encrypted shared key ring storage unit 12b. In addition, there is already one or more sender identification information. When the IDtx is generated, the latest shared key WEP is encrypted with each of the transmission side identification information IDtx, so that the number of encryption key shared keys corresponding to the respective transmission side identification information IDtx is obtained. Generate KEY.
[0070] 暗号ィ匕共有鍵束格納部 12bは、半導体メモリ等で形成されており、今までに暗号ィ匕 共有鍵生成部 12aで生成された暗号ィ匕共有鍵 KEYの集合を暗号ィ匕共有鍵束 KEY Tとして記憶する。 [0070] The encryption key sharing key storage unit 12b is formed of a semiconductor memory or the like. The encryption key sharing key KEY generated by the encryption key sharing key generation unit 12a up to now is encrypted. It is stored as a shared key ring KEY T.
[0071] 送信部 13は、他の 1つ又は複数の機器に設けられている夫々の受信側 LAN設定 装置 RX内の受信部 21と、有線又は無線によって通信を行う通信機能を有し、有線 接続された場合 (有線 LANの場合)には、暗号ィ匕共有鍵束 KEYTをブロードキャスト パケットとしてブロードキャスト送信 (すなわち、受信側 LAN設定装置 RXが設けられ ている機器に対して広く配信)し、無線により接続された場合 (無線 LANの場合)に は、暗号ィ匕共有鍵束 KEYTをビーコンに載せてブロードキャスト送信する。  [0071] The transmission unit 13 has a communication function of performing wired or wireless communication with the reception unit 21 in each reception-side LAN setting device RX provided in one or more other devices. When connected (in the case of wired LAN), the encryption key shared key ring KEYT is broadcasted as a broadcast packet (that is, widely distributed to devices equipped with the receiving LAN setting device RX) and wirelessly transmitted. When connected by (in the case of wireless LAN), the encrypted key-sharing KEYT is broadcast on the beacon.
[0072] 次に、本実施例の受信側 LAN設定装置 RXの構成を説明する。  Next, the configuration of the reception side LAN setting device RX of the present embodiment will be described.
受信側 LAN設定装置 RXは、所定のコンピュータプログラムに従って演算機能と制 御機能を発揮するプロセッサやディジタルシグナルプロセッサ (DSP)、電子回路、半 導体メモリ等によって形成されており、固有情報入力部 (受信側固有情報入力部) 20 と、受信部 21と、共有鍵解読部 22a、共有鍵格納部 22bを備えて構成されている。  The receiving side LAN setting device RX is composed of a processor, digital signal processor (DSP), electronic circuit, semiconductor memory, etc. that perform arithmetic and control functions according to a predetermined computer program. Side unique information input unit) 20, a receiving unit 21, a shared key decryption unit 22a, and a shared key storage unit 22b.
[0073] ここで、受信側固有情報入力部 20は、送信側固有情報入力部 10と同様に、人間 の身体的特徴 (例えば、指紋、虹彩、署名、顔、発話音声等の何れかの情報)を検出 する検出センサと、その検出センサの検出出力力 特徴情報を抽出して識別情報( 受信側識別情報) IDrxとする特徴抽出部を備えて構成されている。つまり、上述した ように、送信側固有情報入力部 10が、指紋の情報に基づいて送信側識別情報 IDtx を生成する構成であれば、受信側固有情報入力部 20も、指紋の情報に基づいて受 信側識別情報 IDrxを生成する構成となって ヽる。  Here, the receiving-side unique information input unit 20 is similar to the transmitting-side unique information input unit 10, for example, human physical characteristics (for example, any information such as fingerprints, irises, signatures, faces, speech sounds, etc.) ) And a feature extraction unit that extracts the detection output force characteristic information of the detection sensor and obtains identification information (reception side identification information) IDrx. That is, as described above, if the transmission side unique information input unit 10 is configured to generate the transmission side identification information IDtx based on the fingerprint information, the reception side unique information input unit 20 is also based on the fingerprint information. Receiving side identification information IDrx is generated.
[0074] 受信部 21は、アクセスポイントもしくはマスター機器としての機能を有している他の 機器に設けられている送信側 LAN設定装置 TX内の送信部 13と、有線又は無線に よって通信を行う通信機能を有している。そして、有線接続された場合 (有線 LANの 場合)には、ブロードキャストパケットとしてブロードキャスト送信されてきた暗号ィ匕共 有鍵束 KEYTを受信し、無線により接続された場合 (無線 LANの場合)には、ビーコ ンに載せて送信されてきた暗号ィ匕共有鍵束 KEYTを受信する。 [0074] The receiving unit 21 communicates with the transmitting unit 13 in the transmission-side LAN setting device TX provided in another device having a function as an access point or a master device by wire or wirelessly. Has a communication function. When a wired connection is made (in the case of a wired LAN), the encryption key transmitted as a broadcast packet is shared. When keyed key bundle KEYT is received and wireless connection is established (in the case of wireless LAN), the encrypted key shared key bundle KEYT transmitted on the beacon is received.
[0075] 本実施例の共有鍵解読部 22は、受信側固有情報入力部 20で生成された最新の 受信側識別情報 IDrxと、受信部 21で受信された暗号ィ匕共有鍵束 KEYTとを入力し 、その暗号ィ匕共有鍵束 KEYTに含まれている各々の暗号化共有鍵 KEYを最新の 受信側識別情報 IDrxにより復号することで、アクセスポイントもしくはマスター機器側 の機器に設けられて ヽる送信側 LAN設定装置 TX内の共有鍵生成部 11で生成され ている最新の共有鍵 WEPと同じ共有鍵 WEPを適正に再生する。  [0075] The shared key decryption unit 22 of the present embodiment uses the latest reception side identification information IDrx generated by the reception side unique information input unit 20 and the encryption key shared key bundle KEYT received by the reception unit 21. Input and decrypt each encrypted shared key KEY included in the encrypted key shared key ring KEYT with the latest receiving side identification information IDrx, so that it is provided in the device on the access point or master device side. The same shared key WEP as the latest shared key WEP generated by the shared key generator 11 in the transmitting LAN setting device TX is properly played back.
[0076] 共有鍵格納部 22bは、半導体メモリ等で形成されており、共有鍵解読部 22で復号( 再生)された最新の共有鍵 WEPを記憶する。そして、その最新の共有鍵 WEPを、当 該受信側 LAN設定装置 RXが設けられている機器内の復号部 200に供給すること で、アクセスポイントもしくはマスター機器側の機器カゝら送信されてきた暗号文を平文 に復号できるようにする。  The shared key storage unit 22b is formed of a semiconductor memory or the like, and stores the latest shared key WEP decrypted (reproduced) by the shared key decryption unit 22. Then, by supplying the latest shared key WEP to the decryption unit 200 in the device provided with the receiving side LAN setting device RX, it has been transmitted from the access point or the device device on the master device side. Enables decryption of ciphertext into plaintext.
[0077] 次に、以上に説明した構成を有する本実施例の送信側 LAN設定装置 TXと受信 側 LAN設定装置 RXの動作例について、図 5のフローチャートを参照して説明する。 なお、図 5は、ユーザーが新たに LANシステムを構築する場合や、既に構築してある LANシステムにおいてステーションとしての機器を新たに追加する場合における、送 信側 LAN設定装置 TXと受信側 LAN設定装置 RXの動作にっ ヽて示して 、る。また 、ユーザーが無線 LANシステムを構築する場合の動作にっ 、て説明することとする  Next, an operation example of the transmission side LAN setting device TX and the reception side LAN setting device RX of the present embodiment having the configuration described above will be described with reference to the flowchart of FIG. Figure 5 shows the settings of the sending LAN setting device TX and the receiving LAN setting when the user constructs a new LAN system or when a device as a station is newly added in the already constructed LAN system. This shows the operation of the device RX. In addition, the operation when the user constructs a wireless LAN system will be described.
[0078] まず、ステップ S 1にお 、て、ユーザーが、送信側 LAN設定装置 TXが設けられて いる機器の電源を投入すると、その送信側 LAN設定装置 TX内の共有鍵生成部 11 が乱数を発生すると共に共有鍵 WEPを生成して、共有鍵格納部 14に記憶させる。 [0078] First, in step S1, when the user turns on the power of the device provided with the transmission side LAN setting device TX, the shared key generation unit 11 in the transmission side LAN setting device TX is set to a random number. And a shared key WEP is generated and stored in the shared key storage unit 14.
[0079] 次に、ステップ S 2にお 、て、送信側 LAN設定装置 TXに設けられて ヽる表示手段  [0079] Next, in step S2, the display means provided in the transmission-side LAN setting device TX
(図示略)によって、ユーザー固有の身体的特徴である指紋の情報を入力するように 示唆する。  (Not shown) Suggests to input fingerprint information, which is a physical feature unique to the user.
[0080] そして、ステップ S3において、送信側固有情報入力部 10に設けられている光学セ ンサに対して指紋が入力されると、送信側固有情報入力部 10がその指紋力も送信 側識別情報 IDtxを生成し、更に、暗号ィ匕共有鍵生成部 12aが、共有鍵格納部 14〖こ 記憶されている最新の共有鍵 WEPを送信側識別情報 IDtxによって暗号ィ匕すること で暗号ィ匕共有鍵 KEYを生成すると共に、暗号ィ匕共有鍵束 KEYTの構成要素として 暗号化共有鍵束格納部 12bに記憶させる。 [0080] In step S3, when a fingerprint is input to the optical sensor provided in the transmission side unique information input unit 10, the transmission side unique information input unit 10 also transmits the fingerprint power. Side identification information IDtx is generated, and the encryption key generation unit 12a encrypts the shared key storage unit 14 by encrypting the latest shared key WEP stored with the transmission side identification information IDtx.匕 匕 shared key KEY is generated and stored in the encrypted shared key bundle storage unit 12b as a component of the encrypted shared key bundle KEYT.
[0081] また、ユーザーが、 1つだけでなく複数の指紋を入力、例えば複数本の指の指紋を 入力すると、送信側固有情報入力部 10は、各々の指紋に関連する複数個の送信側 識別情報 IDtxを生成し、更に、暗号化共有鍵生成部 12aが、各々の送信側識別情 報 IDtxに基づ 、て共有鍵 WEPを暗号ィ匕することで、複数の暗号化共有鍵 KEYを 生成し、暗号ィ匕共有鍵束 KEYTの構成要素として暗号ィ匕共有鍵束格納部 12bに記 憶させる。 [0081] When the user inputs not only one but also a plurality of fingerprints, for example, the fingerprints of a plurality of fingers, the transmission side unique information input unit 10 displays a plurality of transmission sides related to each fingerprint. The identification information IDtx is generated, and the encrypted shared key generation unit 12a encrypts the shared key WEP based on each of the transmission side identification information IDtx, thereby generating a plurality of encrypted shared keys KEY. It is generated and stored in the encryption key sharing key storage unit 12b as a constituent element of the encryption key sharing key KEYT.
[0082] 次に、ステップ S4において、送信部 13が、暗号化共有鍵束格納部 12bに記憶され ている暗号ィ匕共有鍵束 KEYTをビーコンに載せて他の機器へブロードキャスト送信 する。  [0082] Next, in step S4, the transmission unit 13 broadcasts and transmits the encrypted key shared key bundle KEYT stored in the encrypted shared key bundle storage unit 12b to other devices on a beacon.
[0083] 以降、送信部 13は予め設定された周期でビーコンを他の機器に向けて継続的に 送信する。従って、暗号化共有鍵束 KEYTもビーコンの送信周期に合わせて他の機 器へブロードキャスト送信されることになる。  [0083] Thereafter, the transmission unit 13 continuously transmits a beacon to other devices in a preset cycle. Therefore, the encrypted shared key ring KEYT is also broadcast to other devices according to the beacon transmission cycle.
[0084] 一方、ステーション側の機器に設けられて!/ヽる受信側 LAN設定装置 RXが、受信 部 21によってビーコンを受信すると、ステップ S5において、ビーコンに載せて送信さ れてきた暗号化共有鍵束 KEYTを受信して入力する。そして、ステップ S6において 、受信側 LAN設定装置 RXに設けられている表示手段(図示略)が、ユーザー固有 の身体的特徴である指紋の情報を入力するように示唆する。  [0084] On the other hand, when the receiving side LAN setting device RX provided in the station side device receives the beacon by the receiving unit 21, in step S5, the encrypted sharing transmitted on the beacon is transmitted. Receive the key ring KEYT and enter it. In step S6, the display means (not shown) provided in the receiving-side LAN setting device RX suggests that information on the fingerprint, which is a user-specific physical feature, is input.
[0085] 次に、ステップ S7において、受信側固有情報入力部 20に設けられている光学セン サに対して、ユーザーが指紋を入力すると、受信側固有情報入力部 20がその指紋 力 受信側識別情報 IDtxを生成する。ここで、ユーザーが入力した指紋が、上述の アクセスポイントもしくはマスター機器側の機器に入力した 1つ又は複数の指紋のうち の 1つと同じであれば、共有鍵解読部 22aがその受信側識別情報 IDtxに基づいて、 暗号ィ匕共有鍵束 KEYT内の暗号ィ匕共有鍵 KEYに対して復号の処理を施すことで、 共有鍵 WEPを適正に復号することができ、ステップ S8において、その適正に復号し た共有鍵 WEPを共有鍵格納部 33bに記憶させる。 [0085] Next, in step S7, when the user inputs a fingerprint to the optical sensor provided in the receiving side unique information input unit 20, the receiving side unique information input unit 20 recognizes the fingerprint force receiving side identification. Information IDtx is generated. Here, if the fingerprint input by the user is the same as one or more of the fingerprints input to the access point or the master device, the shared key decryption unit 22a receives the receiving side identification information. Based on IDtx, the decryption process is applied to the encryption key shared key KEY in the encryption key shared key KEYT, so that the shared key WEP can be decrypted properly. Decrypt The shared key WEP is stored in the shared key storage unit 33b.
[0086] 以上に説明したステップ S5〜S8の処理を受信側 LAN設定装置 RXが行うことによ り、送信側 LAN設定装置 TXが設けられているアクセスポイントもしくはマスター機器 としての機器と、受信側 LAN設定装置 RXが設けられて ヽるステーションとしての機 器に、同じ共有鍵 WEPが設定されることとなり、両者の機器間で暗号ィ匕通信を行うこ とが可能となる。 [0086] When the reception side LAN setting device RX performs the processing of steps S5 to S8 described above, the device as the access point or master device provided with the transmission side LAN setting device TX and the reception side The same shared key WEP is set in the device as a station provided with the LAN setting device RX, and encrypted communication can be performed between both devices.
[0087] 以上に説明したように、本実施例によれば、ユーザーは、送信側 LAN設定装置 T Xが設けられて ヽる所望の機器を選択して、該送信側 LAN設定装置 TXに設けられ ている送信側固有情報入力部 10に 1以上の身体的特徴の情報 (別言すれば、固有 情報)を入力するだけで、共有鍵 WEPが暗号化された暗号ィ匕共有鍵 KEYの束であ る暗号ィ匕共有鍵束 KEYTを他の機器に対して送信させることができ、更に、そのュ 一ザ一が、受信側 LAN設定装置 RXが設けられている所望の機器を選択して、該受 信側 LAN設定装置 RXに設けられている受信側固有情報入力部 20に、上述の送信 側 LAN設定装置 TXに設けられている送信側固有情報入力部 10に入力したのと同 じ身体的特徴の情報 (つまり、固有情報)を少なくとも 1つ入力するだけで、暗号化共 有鍵 KEYを復号させて、共有鍵 WEPを設定させることができる。  [0087] As described above, according to this embodiment, the user selects a desired device provided with the transmission-side LAN setting device TX, and is provided in the transmission-side LAN setting device TX. Just enter one or more physical feature information (in other words, unique information) into the sender's unique information input unit 10, and the encrypted key EP the shared key WEP is encrypted. An encryption key KEYT can be transmitted to another device, and the user selects a desired device provided with the receiving LAN setting device RX, The same body as the one input to the receiving side unique information input unit 20 provided in the receiving side LAN setting device RX to the transmitting side unique information input unit 10 provided in the transmission side LAN setting device TX described above. Just enter at least one piece of characteristic information (that is, unique information) and decrypt the encrypted shared key KEY. , The shared key WEP can be set.
[0088] つまり、一人又は複数人の各ユーザーが、アクセスポイントやマスター機器とすべき 機器内に設けられている送信側 LAN設定装置 TXに対して、少なくとも 1つ以上の身 体的特徴の情報を入力すると、その入力した身体的特徴の情報の個数分に相当す る暗号ィ匕共有鍵 KEYの集合カゝら成る暗号ィ匕共有鍵束 KEYTが、受信側 LAN設定 装置 RXを備えたステーション側の機器へブロードキャスト送信されるため、上述の何 れかのユーザーがアクセスポイントやマスター機器側の送信側 LAN設定装置 TXに 対して入力しておいた身体的特徴と同じ身体的特徴の情報をそのステーション側の 機器内に設けられている受信側 LAN設定装置 RXに入力するだけで、簡単に、ァク セスポイントやマスター機器側の機器とそのステーション側の機器に、同一の共有鍵 WEPを設定することができる。  [0088] In other words, information on at least one or more physical features of each of one or more users with respect to the transmission-side LAN setting device TX provided in the device to be the access point or master device If the key is entered, the cipher key-sharing KEYT consisting of a set of cipher key-sharing keys corresponding to the number of physical feature information that has been input is the station with the receiving LAN setting device RX. Because it is broadcasted to the other device, the same physical features information entered by any of the above-mentioned users for the access point or master device's sending LAN setting device TX is entered. By simply inputting to the receiving side LAN setting device RX provided in the station side device, it is easy to share the same access point / master device side device with the station side device. It is possible to set the WEP.
[0089] したがって、簡単にアクセスポイントやマスター機器の側の機器とステーション側の 機器に共通の共有鍵 WEPを設定して暗号ィ匕通信を行うことができるため、ユーザー にとつて優れた操作性を提供することができる。 [0089] Therefore, since the common key WEP can be easily set for the access point or master device side device and the station side device for encrypted communication, the user can Therefore, it is possible to provide excellent operability.
[0090] また、既に LAN設定しておいた複数の機器に対して共通の共有鍵 WEPを再設定 したり更新する場合にも、一人又は複数人の各ユーザーが、アクセスポイントやマス ター機器とすべき機器内に設けられている送信側 LAN設定装置 TXに対して、少な くとも 1つ以上の身体的特徴の情報を入力して、ステーション側の機器に設けられて V、る受信側 LAN設定装置 RXに対して、アクセスポイントやマスター機器側の送信側 LAN設定装置 TXに対して入力した身体的特徴と同じ身体的特徴を少なくとも 1つ 入力するだけで再設定や更新を行うことができるため、ユーザーにとって優れた操作 性を提供することができる。  [0090] Also, when re-setting or updating a common shared key WEP for a plurality of devices that have already been set up with a LAN, one or more users can connect with an access point or a master device. At least one physical feature information is input to the transmitter LAN setting device TX provided in the device to be received, and the receiver side LAN provided in the device on the station side. The setting device RX can be reconfigured or updated simply by inputting at least one physical feature that is the same as the physical feature entered for the transmission side LAN setting device TX on the access point or master device side. Therefore, it is possible to provide excellent operability for the user.
[0091] また、ユーザーが LANシステムを構築した後、所望のステーション側の機器に識別 情報としての身体的特徴を入力しょうとした際、どの部分の身体的特徴であつたか忘 れてしまったような場合でも、アクセスポイントやマスター機器側の機器に入力してお いた少なくとも 1以上の身体的特徴と同じ身体的特徴の情報を少なくとも 1つ入力す るだけで、アクセスポイントやマスター機器の側の機器とステーション側の機器に共通 の共有鍵 WEPを設定して暗号ィ匕通信を行うことができるため、ステーション側の機器 に入力すべき身体的特徴がどの部分であるのかを記憶しておくための負担を大幅に 低減することができ、優れた操作性を提供することができる。  [0091] In addition, when a user tried to input physical characteristics as identification information to a device on the desired station side after constructing a LAN system, it was forgotten which part of the physical characteristics was forgotten. Even at this point, just enter at least one physical feature information that is the same as at least one physical feature entered on the access point or master device. Since it is possible to set the shared key WEP common to the device and the station side device and perform encrypted communication, it is necessary to memorize which part is the physical feature to be input to the station side device. Can be greatly reduced, and excellent operability can be provided.
[0092] また、送信側 LAN設定装置 TXが設けられて ヽる機器と、受信側 LAN設定装置 R Xが設けられている機器との間の通信力 共有鍵 WEPによって成されるため、セキュ ァな LAN環境を確保することができる。  [0092] Further, since the communication power between the device provided with the transmission-side LAN setting device TX and the device provided with the reception-side LAN setting device RX is formed by the shared key WEP, it is secure. A LAN environment can be secured.
[0093] また、送信側 LAN設定装置 TXが設けられているアクセスポイントやマスター機器 側の機器から、受信側 LAN設定装置 RXが設けられて ヽるステーション側の機器へ 、暗号ィ匕共有鍵束 KEYTをブロードキャスト送信するので、ステーション側の機器に アクセスポイントやマスター機器側の機器と同じ共有鍵 WEPを設定させるために、ス テーシヨン側の機器に鍵交換や共有を達成するための複雑な双方向プロトコルを実 装する必要がなぐ簡素な構成とすることができる。  [0093] Further, the encryption key sharing key bundle is transferred from the access point provided with the transmission side LAN setting device TX or the device on the master device side to the device on the station side provided with the reception side LAN setting device RX. Since KEYT is broadcast, the station side device has the same shared key WEP as the access point or master device side device. A simple configuration without the need to implement the protocol can be achieved.
[0094] また、特定の家族人だけが利用する家庭 LANを構築する場合、アクセスポイントや マスター機器側の機器に設けられている送信側 LAN設定装置 TXに対して、各々の 家族人が夫々 1つ又は複数の身体的特徴の情報を入力しておけば、各々の家族人 力 ステーション側の機器に設けられている受信側 LAN設定装置 RXに対して、少な くとも 1つの身体的特徴の情報を入力するだけで、各家族人毎の LAN設定を行うこと ができ、更に、家族人のうちの特定の者だけが LAN設定を行うことができるといった 不便さを解消して、家族人の皆が LAN設定を行うことが可能となる。 [0094] Further, when constructing a home LAN that is used only by a specific family member, each of the transmission side LAN setting devices TX provided in the access point and the master device side has each If each family member has entered information on one or more physical characteristics, at least one receiving LAN setting device RX is installed in each family member station device. By entering physical feature information, you can set the LAN settings for each family member, and eliminate the inconvenience that only a specific family member can set the LAN settings. All the family members will be able to set up the LAN.
つまり、家族人のうちの特定の者だけが LAN設定を行えるというのでは、家族人の 各人が手軽に LANを利用することができないが、本実施例では、家族人の各人が、 アクセスポイントやマスター機器側の機器に設けられている送信側 LAN設定装置 T Xに対して、 1つ又は複数の身体的特徴の情報を入力しておけば、ステーション側の 機器に設けられている受信側 LAN設定装置 RXに対して、少なくとも 1つの同じ身体 的特徴の情報を入力するだけで、各人が手軽に LANを利用することができる。この ため、本実施例は、家庭内 LANシステムを構築する場合に、優れた効果を発揮する  In other words, if only a specific member of the family can set up the LAN, each family member cannot use the LAN easily, but in this example, each family member can access it. If the information on one or more physical features is input to the transmitter LAN setting device TX provided on the point or master device side, the receiving side provided on the station side device By entering at least one physical feature information into the LAN setting device RX, each person can easily use the LAN. For this reason, this example demonstrates an excellent effect when constructing a home LAN system.

Claims

請求の範囲 The scope of the claims
[1] 送信側 LAN設定手段を備える 1以上の機器と、受信側 LAN設定手段を備える 1以 上の機器とを有線又は無線により接続されることで構成される LANシステムであって 前記送信側 LAN設定手段は、  [1] A LAN system configured by connecting one or more devices including a transmission-side LAN setting unit and one or more devices including a reception-side LAN setting unit by wire or wirelessly, LAN setting means
共有鍵を生成する共有鍵生成手段と、  A shared key generating means for generating a shared key;
1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 送信 側識別情報を生成する送信側固有情報入力手段と、  One or more physical features of each user are detected as unique information, and the unique information power transmitting side unique information input means for generating the transmitting side identification information;
前記送信側識別情報により前記共有鍵を暗号化することで暗号化共有鍵を生成し 、生成した 1以上の前記暗号ィ匕共有鍵を構成要素とする暗号ィ匕共有鍵束を生成する 暗号化共有鍵束生成手段と、  An encrypted shared key is generated by encrypting the shared key based on the transmission side identification information, and an encrypted key shared key bundle including the generated one or more encrypted key shared key as a constituent element is generated. A shared key ring generation means;
前記暗号化共有鍵束を、前記受信側 LAN設定手段を備える 1以上の機器に対し て送信する送信手段とを有し、  Transmitting means for transmitting the encrypted shared key ring to one or more devices comprising the receiving side LAN setting means,
前記受信側 LAN設定手段は、  The receiving LAN setting means includes:
1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 受信 側識別情報を生成する受信側固有情報入力手段と、  Receiving-side specific information input means for detecting physical characteristics of one or more users as specific information and generating the specific-information-receiving-side identification information;
前記送信側 LAN設定手段を備える機器の前記送信手段カゝら送信されてくる前記 暗号化共有鍵束を受信する受信手段と、  Receiving means for receiving the encrypted shared key ring transmitted from the transmitting means of a device comprising the transmitting side LAN setting means;
前記受信手段で受信された前記暗号化共有鍵束に含まれている 1以上の前記暗 号ィ匕共有鍵を前記受信側識別情報により復号することにより、前記送信側 LAN設定 手段を備える 1以上の機器で生成された前記共有鍵を再生する共有鍵解読手段とを 有すること、  The transmission side LAN setting means comprises the transmission side LAN setting means by decrypting the one or more encryption key shared keys included in the encrypted shared key ring received by the reception means with the reception side identification information. A shared key decryption means for reproducing the shared key generated by the device of
を特徴とする LANシステム。  LAN system characterized by
[2] 前記共有鍵生成手段は、発生する乱数を前記共有鍵とすることを特徴とする請求 項 1に記載の LANシステム。 2. The LAN system according to claim 1, wherein the shared key generation means uses a generated random number as the shared key.
[3] 有線又は無線 LANシステムを構築する複数の機器に設けられる LAN設定装置で あって、 [3] A LAN setting device provided in a plurality of devices for constructing a wired or wireless LAN system,
共有鍵を生成する共有鍵生成手段と、 1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 送信 側識別情報を生成する送信側固有情報入力手段と、 A shared key generating means for generating a shared key; One or more physical features of each user are detected as unique information, and the unique information power transmitting side unique information input means for generating the transmitting side identification information;
前記送信側識別情報により前記共有鍵を暗号化することで暗号化共有鍵を生成し An encrypted shared key is generated by encrypting the shared key with the sender identification information.
、生成した 1以上の前記暗号ィ匕共有鍵を構成要素とする暗号ィ匕共有鍵束を生成する 暗号化共有鍵束生成手段と、 An encrypted shared key bundle generating means for generating an encrypted shared key bundle having the generated one or more of the encrypted shared keys as constituent elements;
前記暗号化共有鍵束を、受信側の機器に対して送信する送信手段と、 を有することを特徴とする LAN設定装置。  A LAN setting device comprising: a transmission unit configured to transmit the encrypted shared key ring to a receiving device.
[4] 前記共有鍵生成手段は、発生する乱数を前記共有鍵とすることを特徴とする請求 項 3に記載の LAN設定装置。 4. The LAN setting device according to claim 3, wherein the shared key generating means uses a generated random number as the shared key.
[5] 有線又は無線 LANシステムを構築する複数の機器に設けられる LAN設定装置で あって、 [5] A LAN setting device provided in a plurality of devices for constructing a wired or wireless LAN system,
1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 受信 側識別情報を生成する受信側固有情報入力手段と、  Receiving-side specific information input means for detecting physical characteristics of one or more users as specific information and generating the specific-information-receiving-side identification information;
他の機器から送信されてくる暗号化共有鍵束を受信する受信手段と、  Receiving means for receiving an encrypted shared key ring transmitted from another device;
前記受信手段で受信された前記暗号化共有鍵束に含まれている 1以上の前記暗 号ィ匕共有鍵を前記受信側識別情報により復号することにより、前記他の機器で生成 された共有鍵を再生する共有鍵解読手段とを有すること、  The one or more encryption key shared keys included in the encrypted shared key ring received by the receiving unit are decrypted by the receiving side identification information, thereby generating a shared key generated by the other device. Having a shared key decryption means for reproducing
を特徴とする LAN設定装置。  A LAN setting device.
[6] 送信側 LAN設定手段を備える 1以上の機器と、受信側 LAN設定手段を備える 1以 上の機器とを有線又は無線により接続されることで構成される LANシステムにおける LAN設定方法であって、 [6] A LAN setting method in a LAN system configured by connecting one or more devices including a transmission-side LAN setting means and one or more devices including a reception-side LAN setting means by wired or wireless connection. And
前記送信側 LAN設定手段には、  In the transmission side LAN setting means,
共有鍵を生成する共有鍵生成工程と、  A shared key generation step for generating a shared key;
1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 送信 側識別情報を生成する送信側固有情報入力工程と、  One or more physical features of each user are detected as unique information, and the unique information power transmitting side identification information is generated,
前記送信側識別情報により前記共有鍵を暗号化することで暗号化共有鍵を生成し 、生成した 1以上の前記暗号ィ匕共有鍵を構成要素とする暗号ィ匕共有鍵束を生成する 暗号化共有鍵束生成工程と、 前記暗号化共有鍵束を受信側の機器に対して送信する送信工程とが備えられ、 前記受信側 LAN設定手段には、 An encrypted shared key is generated by encrypting the shared key based on the transmission side identification information, and an encrypted key shared key bundle including the generated one or more encrypted key shared key as a constituent element is generated. A shared key ring generation process; A transmission step of transmitting the encrypted shared key ring to a receiving device, and the receiving LAN setting means includes:
1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 受信 側識別情報を生成する受信側固有情報入力工程と、  A receiving-side unique information input step of detecting physical characteristics of one or more users as unique information and generating the unique-information-receiving-side identification information;
送信側の機器から送信されてくる前記暗号化共有鍵束を受信する受信工程と、 前記受信工程で受信した前記暗号化共有鍵束に含まれている 1以上の前記暗号 化共有鍵を前記受信側識別情報により復号することにより、前記送信側の機器で生 成された前記共有鍵を再生する共有鍵解読工程とが備えられること、  A receiving step of receiving the encrypted shared key ring transmitted from the device on the transmitting side; and the receiving of one or more of the encrypted shared key included in the encrypted shared key ring received in the receiving step A shared key decrypting step of reproducing the shared key generated by the device on the transmitting side by decrypting with the side identification information,
を特徴とする LAN設定方法。  LAN setting method characterized by.
[7] 有線又は無線 LANシステムを構築する複数の機器を LAN設定する LAN設定方 法であって、 [7] A LAN setting method for LAN setting of multiple devices that construct a wired or wireless LAN system,
1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 送信 側識別情報を生成する送信側固有情報入力工程と、  One or more physical features of each user are detected as unique information, and the unique information power transmitting side identification information is generated,
前記送信側識別情報により前記共有鍵を暗号化することで暗号化共有鍵を生成し 、生成した 1以上の前記暗号ィ匕共有鍵を構成要素とする暗号ィ匕共有鍵束を生成する 暗号化共有鍵束生成工程と、  An encrypted shared key is generated by encrypting the shared key based on the transmission side identification information, and an encrypted key shared key bundle including the generated one or more encrypted key shared key as a constituent element is generated. A shared key ring generation process;
前記暗号化共有鍵束を受信側の機器に対して送信する送信工程とを有すること、 を特徴とする LAN設定方法。  A LAN setting method comprising: a transmitting step of transmitting the encrypted shared key ring to a receiving device.
[8] 有線又は無線 LANシステムを構築する複数の機器を LAN設定する LAN設定方 法であって、 [8] A LAN setting method for LAN setting of multiple devices that construct a wired or wireless LAN system,
1以上の各ユーザーの身体的特徴を固有情報として検出し、該固有情報力 受信 側識別情報を生成する受信側固有情報入力工程と、  A receiving-side unique information input step of detecting physical characteristics of one or more users as unique information and generating the unique-information-receiving-side identification information;
他の機器から送信されてくる暗号化共有鍵束を受信する受信工程と、  A receiving step of receiving an encrypted shared key ring transmitted from another device;
前記受信工程で受信した前記暗号化共有鍵束に含まれている 1以上の暗号化共 有鍵を前記受信側識別情報により復号することにより、前記他の機器で生成された 共有鍵を再生する共有鍵解読工程とを有すること、  The one or more encrypted shared keys included in the encrypted shared key ring received in the receiving step are decrypted with the receiving side identification information to reproduce the shared key generated by the other device. Having a shared key decryption step,
を特徴とする LAN設定方法。  LAN setting method characterized by.
PCT/JP2006/323816 2006-01-31 2006-11-29 Lan system, lan setting device, and lan setting method WO2007088671A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006022289 2006-01-31
JP2006-022289 2006-01-31

Publications (1)

Publication Number Publication Date
WO2007088671A1 true WO2007088671A1 (en) 2007-08-09

Family

ID=38327255

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/323816 WO2007088671A1 (en) 2006-01-31 2006-11-29 Lan system, lan setting device, and lan setting method

Country Status (1)

Country Link
WO (1) WO2007088671A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014192706A (en) * 2013-03-27 2014-10-06 Nec Platforms Ltd Wireless lan connection device, method and program

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10224340A (en) * 1997-02-07 1998-08-21 Brother Ind Ltd Wireless communication method and wireless communication system
JP2004153843A (en) * 2003-12-15 2004-05-27 Nec Corp Information processing method, information processing apparatus and recording medium with information processing program stored therein

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10224340A (en) * 1997-02-07 1998-08-21 Brother Ind Ltd Wireless communication method and wireless communication system
JP2004153843A (en) * 2003-12-15 2004-05-27 Nec Corp Information processing method, information processing apparatus and recording medium with information processing program stored therein

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014192706A (en) * 2013-03-27 2014-10-06 Nec Platforms Ltd Wireless lan connection device, method and program

Similar Documents

Publication Publication Date Title
CN202738112U (en) Attachment, controller, and system for establishing wireless communication link therebetween
JP2020144873A (en) Hearing device with communication protection and related method
US20090097672A1 (en) Apparatus and method for sharing contents via headphone set
US7174017B2 (en) Decryption system for encrypted audio
JPWO2008117556A1 (en) Log acquisition system, log collection terminal, log acquisition terminal, log acquisition method and program using them
KR102666331B1 (en) A method and terminal device for encrypting a message
CN104393994B (en) Audio data secure transmission method, system and terminal
JP4156770B2 (en) Communication device and communication method thereof
CN104270517A (en) Information encryption method and mobile terminal
CN100471081C (en) Apparatus for providing security for powerline modem network
CN106549939B (en) Data processing method and device for intelligent access control system
US7916869B2 (en) System and method for automatic setup of a network device with secure network transmission of setup parameters using a standard remote control
WO2014117429A1 (en) Security information interaction method and related device
EP2062390A1 (en) Method and apparatus for performing authentication
JP2003506919A (en) System and method for secure data transfer in a wireless communication system
CN109246110A (en) data sharing method and device
US20070113082A1 (en) Login method for a wireless network with security settings, and wireless network system with security settings
AU753951B2 (en) Voice and data encryption method using a cryptographic key split combiner
JP4489601B2 (en) Security information exchange method, recorder apparatus, and television receiver
CN112214101A (en) Safety interaction system and communication display device
WO2007088671A1 (en) Lan system, lan setting device, and lan setting method
CN101242453B (en) A transmission method and system for dual-audio multi-frequency signal
JP3975364B2 (en) Home network system
JP4586692B2 (en) Key sharing system, key sharing device, and key sharing method
CN101483640B (en) Method and apparatus for encrypted authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06833620

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP