[go: up one dir, main page]

WO2007088671A1 - Système lan, dispositif d'établissement de lan et procédé d'établissement de lan - Google Patents

Système lan, dispositif d'établissement de lan et procédé d'établissement de lan Download PDF

Info

Publication number
WO2007088671A1
WO2007088671A1 PCT/JP2006/323816 JP2006323816W WO2007088671A1 WO 2007088671 A1 WO2007088671 A1 WO 2007088671A1 JP 2006323816 W JP2006323816 W JP 2006323816W WO 2007088671 A1 WO2007088671 A1 WO 2007088671A1
Authority
WO
WIPO (PCT)
Prior art keywords
shared key
receiving
encrypted
lan setting
lan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2006/323816
Other languages
English (en)
Japanese (ja)
Inventor
Hiromi Kondo
Masami Suzuki
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pioneer Corp
Original Assignee
Pioneer Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pioneer Corp filed Critical Pioneer Corp
Publication of WO2007088671A1 publication Critical patent/WO2007088671A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Definitions

  • the present invention relates to a LAN system that encrypts and communicates information between a plurality of devices, and in particular, a LAN setting device that sets setting information such as a shared key necessary for encryption and decryption of information in each device. And LAN setting method.
  • LAN local area network
  • Patent Document 1 In the technique of Patent Document 1, only a specific administrator manages a predetermined recording medium (memory card or the like), and when an access point and a device on the terminal side are connected via a network via a wireless LAN. The following operations are to be performed.
  • a predetermined recording medium memory card or the like
  • an administrator attaches a recording medium to a slot provided in a parent device (such as a personal computer) as an access point, and performs keyboard input and mouse operation.
  • a parent device such as a personal computer
  • the access point automatically generates setting information such as a WEP (Wired Equivalent Privicy) key that is a shared key based on the password and saves it as internal information
  • WEP Wired Equivalent Privicy
  • the device automatically records the recording medium force WEP key. Is read and saved as internal information.
  • the setting information such as the WEP key that is the shared key is stored in the access point. Therefore, encryption communication can be performed between the access point and the device using a common WEP key.
  • an administrator or the like can easily set up a LAN between an access point and a terminal device using a recording medium, and only a specific administrator can However, it is said that security can be ensured by appropriately managing the recording media.
  • Patent Document 1 Japanese Patent Application Laid-Open No. 2005-191989
  • family members other than the administrator can easily perform setting operations even if they try to update the setting information such as shared keys as appropriate. It is inconvenient because you cannot.
  • the present invention has been made in view of such a conventional problem, and provides a LAN system, a LAN setting device, and a LAN setting method capable of more easily performing LAN settings and ensuring security.
  • the purpose is to provide.
  • the invention described in claim 1 is configured by connecting one or more devices including a transmission-side LAN unit and one or more devices including a reception-side LAN setting unit by wire or wirelessly.
  • the transmission-side LAN setting means detects shared key generation means for generating a shared key, and physical characteristics of one or more users as unique information, and transmits the transmission-side identification information from the unique information.
  • a transmission side unique information input means for generating the encryption key and the transmission side identification information to encrypt the shared key to generate an encryption key and configure the generated one or more encryption key sharing keys
  • Cryptographic key sharing key generation means for generating a cryptographic key sharing key ring as an element, and transmission for transmitting the encrypted shared key ring to one or more devices comprising the receiving LAN setting means
  • the receiving side LAN setting means detects the physical characteristics of one or more users as unique information, and generates receiving side identification information from the unique information.
  • the transmitter of the device comprising the transmission side LAN setting means
  • a shared key decrypting unit that reproduces the shared key generated by one or more devices including the transmission side LAN setting unit by decrypting with information.
  • the invention described in claim 3 is a LAN setting device provided in a plurality of devices for constructing a wired or wireless LAN system, and includes a shared key generating means for generating a shared key, and one or more users
  • a transmitting-side unique information input unit that detects physical characteristics as unique information and generates transmitting-side identification information from the unique information, and encrypts the shared key with the transmitting-side identification information to obtain an encrypted shared key.
  • Generate one or more generated encrypted shared keys An encrypted shared key ring generating unit that generates an encrypted shared key ring as a constituent element, and a transmitting unit that transmits the encrypted shared key ring to a device on the receiving side. .
  • the invention according to claim 5 is a LAN setting device provided in a plurality of devices that construct a wired or wireless LAN system, and detects physical characteristics of one or more users as unique information,
  • Receiving-side unique information input means for generating receiving-side identification information from unique information; receiving means for receiving an encrypted shared key bundle transmitted from another device; and the encryption received by the receiving means
  • Shared key decryption means for reproducing the shared key generated by the other device by decrypting one or more of the encrypted shared keys included in the shared key ring with the receiving side identification information It is characterized by.
  • the invention according to claim 6 includes at least one device including a transmission-side LAN setting means, and a reception side.
  • a LAN setting method in a LAN system configured by connecting one or more devices having a LAN setting means by wire or wirelessly, wherein the transmitting side LAN setting means generates a shared key for generating a shared key.
  • Generating an encrypted shared key generating an encrypted shared key bundle having one or more of the generated encrypted shared keys as components, and the encrypted shared key bundle Transmitting to the receiving device, and the receiving LAN setting means detects physical characteristics of one or more users as unique information and receives from the unique information.
  • Side identification information is generated.
  • An information input step a reception step of receiving the encrypted shared key ring transmitted from the device on the transmission side, and one or more of the ciphers included in the encrypted shared key ring received in the reception step And a shared key decrypting step of reproducing the shared key generated by the device on the transmitting side by decrypting the encrypted shared key with the receiving side identification information.
  • the invention described in claim 7 is a LAN setting method for setting a plurality of devices that construct a wired or wireless LAN system, and detects physical characteristics of one or more users as specific information. And transmitting side unique information input for generating the transmitting side identification information. Generating an encrypted shared key by encrypting the shared key using the transmitting side identification information and generating one or more generated encrypted shared keys as a constituent element An encrypted shared key bundle generating step; and a transmitting step of transmitting the encrypted shared key bundle to a receiving device.
  • the invention according to claim 8 is a LAN setting method for setting a plurality of devices for constructing a wired or wireless LAN system, and detects physical characteristics of one or more users as specific information.
  • a receiving-side unique information input step for generating receiving-side identification information from the unique information, a receiving step for receiving an encrypted shared key bundle transmitted from another device, and the encryption received in the receiving step.
  • FIG. 1 is an explanatory diagram for outlining the configuration of a conventional LAN system.
  • FIG. 2 is an explanatory diagram outlining the configuration of the LAN system according to the embodiment of the present invention.
  • FIG. 3 is a block diagram showing configurations of a transmission side LAN setting device and a reception side LAN setting device according to an embodiment of the present invention.
  • ⁇ 4 It is a block diagram showing the configuration of the transmission side LAN setting device and the reception side LAN setting device according to the embodiment.
  • FIG. 5 is a flowchart for explaining an operation example of the transmission side LAN setting device and the reception side LAN setting device shown in FIG. 4.
  • the LAN system 1 includes a personal computer 2 having a communication function using a wired LAN or a wireless LAN, a tuner 3 that receives a television broadcast, a printer 4, a DVD (Digital Versatile Disk), a hard disk, and the like. Record on storage media It is possible to construct a wired LAN or wireless LAN between multiple devices such as recording and playback devices 5 and 6 that perform video recording and the like.
  • At least one of the devices constituting the wireless LAN system is operated as an access point or a master device for wireless communication control, and the remaining devices are used as devices on the terminal side. It is possible to function as a (station). Multiple devices can be connected to the network.
  • wired LAN system it is possible to operate at least one of the devices constituting the wired LAN system as a master device for communication control, and a LAN connected via Ethernet. Multiple devices can be connected to the network via a wired connection, such as a system, a LAN system connected by a power line, a LAN system connected by an antenna coaxial line, and the like.
  • Each device may be provided with a transmission side LAN setting device TX or a reception side LAN setting device RX shown in FIG. 3 according to the function of each device.
  • a device that performs only passive operations can at least function as a station.
  • a receiving side LAN setting device RX is provided.
  • a transmitter-side LAN setting device TX is provided for devices such as tuner 3 that exclusively transmit information to other devices.
  • devices that have the function of receiving information from other devices such as personal computers 2 and recording / reproducing devices 5 and 6 and transmitting information to other devices also function as access points and master devices.
  • the receiving side LAN setting device RX is provided in addition to the transmitting side LAN setting device TX that makes it possible to demonstrate the above.
  • a dedicated machine that functions as an access point or a master device is equipped with a sending LAN setting device TX and a receiving LAN setting device RX.
  • a device including at least the transmission-side LAN setting device TX can function as an access point or a master device.
  • the transmission side The LAN setting device TX or the receiving side LAN setting device RX can be combined in various ways, and at least a device including the transmitting side LAN setting device TX can function as an access point or a master device.
  • the transmission-side LAN setting device TX is configured to include a unique information input unit 10, a shared key generation unit 11, an encryption key sharing key bundle generation unit 12, and a transmission unit 13.
  • the shared key bundle KEY T is broadcast or transmitted by wire or wireless to another device that is provided with at least the receiving-side LAN setting device RX and can function as a station.
  • the unique information input unit 10 is a human physical feature (for example, fingerprint, iris, signature, A detection sensor that optically detects or detects voice (information such as a face, speech voice, etc.) and a feature extraction unit that extracts feature information from the detection output of the detection sensor and uses it as identification information IDtx Configured.
  • the transmission side unique information input unit 10 detects physical feature information that is unique information of each person, and the feature of the detected unique information is a predetermined feature extraction algorithm (in other words, For example, identification information (hereinafter referred to as “transmission side identification information”) IDtx for identifying each person who has operated the device is generated by performing extraction according to feature extraction calculation processing.
  • transmission side identification information identification information
  • the sender-specific information input unit 10 receives the physical characteristics of each human being. Each time a sender identification information IDtx is generated.
  • Shared key generation unit 11 generates a random number when the power is turned on and becomes operable, and generates a shared key WEP based on the generated random number. That is, the shared key generation unit 11 includes an “encryption key” for the encryption unit 100 to encrypt a so-called plaintext into a ciphertext and a “decryption key” for the other device to receive and decrypt the ciphertext.
  • the shared key WEP used as The generated random number may be used as it is as the shared key WEP, or the shared key WEP may be generated by processing the random number based on a predetermined algorithm.
  • the encrypted shared key ring generation unit 12 encrypts the shared key WEP generated by the shared key generation unit 11 with the transmission side identification information IDtx generated by the transmission side unique information input unit 10.
  • the encryption key KEY corresponding to the number of sender identification information IDtx generated so far is generated, and the set of the generated encryption key KEY is an electronic key ring.
  • Shared key ring KEYT is an electronic key ring.
  • the physical characteristics of one or more users are presented (input) one or more times, and the sender-side identification information corresponding to the number of pieces presented in the sender-specific information input unit 10 is provided.
  • IDtx is generated, the encrypted shared key bundle generation unit 12 encrypts the shared key WEP generated by the shared key generation unit 11 with each of the transmission side identification information IDtx, thereby Generate as many encrypted shared keys KEY as possible and increase it as a component of the encrypted shared key bundle KE YT.
  • the encrypted shared key The bundle generation unit 12 generates the encryption key shared key KEYa (l) by encrypting the shared key WEP generated by the shared key generation unit 11 with the transmission side identification information IDtxa (l).
  • a single encryption shared key KEYa (l) is a component of the encryption key KEYT.
  • the encrypted shared key ring generation unit 12 further generates the encryption key shared key KEYa (2) by encrypting the shared key WEP with the sender identification information IDtxa (2), and the components of the encryption key shared key bundle KEYT are The number of encryption keys is increased to two, the shared key KEYa (l) and the new encrypted shared key KEYa (2). Even when the same user (a) makes a third or more presentation, a new encryption key ring is generated and added to the key key KEYT each time the user is presented. Increase it.
  • the transmission side identification information IDtx, shared key WEP, encryption key shared key KEY, and encryption key shared key ring KEYT related to one user ( a ).
  • Sender side identification information IDtx, shared key WEP, encryption key shared key KEY, and encryption key shared key ring KEYT are generated in the same way .
  • the transmission side unique information input unit 10 transmits the transmission side identification information IDtxa (l) to IDt xa (n), IDtxb (l) to IDtxb (m), IDtxc (l) to IDtxc (k)
  • the bundle generation unit 12 converts the shared key WEP generated by the shared key generation unit 11 into identification information IDtxa (l) to IDtxa (n), IDtxb (l) to IDtxb (m), IDtxc (l ) ⁇ IDtxc (k) based on!
  • the encrypted shared key ring generation unit 12 increases the encryption key shared key KEY that is a constituent element of the encrypted key shared key bundle KEYT as the transmission side identification information IDtx increases.
  • the transmission unit 13 has a communication function for performing wired or wireless communication with the reception unit 21 in each reception-side LAN setting device RX provided in one or more other devices.
  • the encryption key shared key ring KEYT is broadcasted as a broadcast packet (that is, widely distributed to devices equipped with the receiving LAN setting device RX) and wirelessly transmitted.
  • the encrypted key-sharing KEYT is broadcast on the beacon.
  • the reception-side LAN setting device RX includes a unique information input unit 20, a reception unit 21, and a shared key decryption unit 22.
  • the unique information input unit (hereinafter referred to as “reception-side unique information input unit”) 20 is similar to the transmission-side unique information input unit 10 provided in the transmission-side LAN setting device TX described above.
  • the detection sensor that detects the human physical feature presented from and the feature information extracted from the detection output of the detection sensor to identify the identification information (hereinafter referred to as "reception side identification information") I Drx feature extraction It is comprised with the part. That is, the receiving side unique information input unit 20 also detects the physical characteristic information that is unique information of each person, and, similarly to the transmitting side unique information input unit 10, Receiving side identification information IDrx for identifying each person who has operated the device is generated by extracting according to a predetermined feature extraction algorithm.
  • the fingerprint is displayed on the unique information input unit 20.
  • the receiving side identification information IDrx is generated by inputting physical feature information such as the iris and iris.
  • the receiving unit 21 communicates with the transmitting unit 13 in the transmission side LAN setting device TX provided in another device having a function as an access point or a master device by wire or wirelessly. Has a communication function.
  • the shared key decryption unit 22 inputs the reception side identification information IDr X generated by the reception side unique information input unit 20 and the latest encryption key shared key ring KEYT received by the reception unit 21.
  • the encrypted shared key ring KEYT contains each encrypted shared key KEY with the receiving side identification information IDrx, so that it can be installed on other devices that become access points and master devices.
  • the transmitting side LAN setting device reproduces the same shared key WEP as the shared key WEP generated by the shared key generation unit 11 in the TX.
  • the physical feature information is input to 20 and the encrypted identification key KEY is encrypted by the same transmission side identification information IDtx as the reception side identification information IDrx generated based on the physical feature information.
  • the shared key decryption unit 22 decrypts the encrypted shared key KEY based on the receiving side identification information IDrx, so that it can be Therefore, the same shared key WEP as the shared key WEP set in the device is properly decrypted.
  • the encryption that has been transmitted as the access point or the master device is transmitted. Try to decrypt the sentence into plaintext.
  • the user can send the transmission-side LAN setting device.
  • Select a desired device equipped with TX and send information on one or more physical features (in other words, unique to the sending side LAN setting device TX to the sending side unique information input unit 10 Just enter (Information) and the shared key WEP is encrypted.
  • information on at least one or more physical characteristics is transmitted to one or more users each of the transmission side LAN setting device TX provided in the device that should be the access point or the master device.
  • the cipher key-sharing KEYT consisting of a set of cipher key-sharing keys corresponding to the number of physical feature information that has been input is the station with the receiving LAN setting device RX. Because it is broadcasted to the other device, the same physical features information entered by any of the above-mentioned users for the access point or master device's sending LAN setting device TX is entered.
  • the receiving side LAN setting device RX provided in the station side device, it is easy to share the same access point / master device side device with the station side device. It is possible to set the WEP.
  • the user has to set the necessary shared key for the device (station) on the terminal side by using a remote controller or the like, and using the means, the method is very large.
  • the devices on the access point and master device side must be re-set by entering a new password for all the devices Just enter at least one physical feature information that is the same as at least one physical feature you entered in Since the common shared key WEP can be set for the point or master device and the station device, encrypted communication can be performed, so which part of the physical characteristics to be input to the station device The burden of memorizing whether or not there is can be greatly reduced, and excellent operability can be provided.
  • the communication power between the device provided with the transmission side LAN setting device TX and the device provided with the reception side LAN setting device RX is formed by a shared key WEP, it is secure. A LAN environment can be secured.
  • the encryption key sharing key bundle is transferred from the access point or master device side device provided with the transmission side LAN setting device TX to the station side device provided with the reception side LAN setting device RX. Since KEYT is broadcast, the station side device has the same shared key WEP as the access point or master device side device. A simple configuration without the need to implement the protocol can be achieved.
  • FIG. 4 is a block diagram showing the configurations of the transmission-side LAN setting device TX and the reception-side LAN setting device RX of the present embodiment, and the same or corresponding parts as those in FIG. 3 are denoted by the same reference numerals.
  • FIG. 5 is a flowchart for explaining an operation example of the transmission side LAN setting device TX and the reception side LAN setting device RX.
  • the transmission side LAN setting device TX is provided in a device for performing the function as an access point or a master device
  • the reception side LAN setting device RX is provided in a device for exhibiting at least the function as a station.
  • a device for functioning as an access point or a master device is provided together with the transmission side RAN setting device TX.
  • the transmission side LAN setting device TX is formed by a processor, a digital signal processor (DSP), an electronic circuit, a semiconductor memory, etc. that perform arithmetic and control functions according to a predetermined computer program.
  • a shared key generation unit 11 an encrypted shared key generation unit 12 a, an encrypted shared key bundle storage unit 12 b, a transmission unit 13, and a shared key storage unit 14.
  • the encrypted shared key generation unit 12a and the encrypted shared key bundle storage unit 12b realize a configuration corresponding to the encrypted shared key generation unit 12 shown in FIG.
  • the shared key storage unit 14 is formed of a semiconductor memory or the like, and the random number generated by the shared key generation unit 11 that is operable when the power is turned on, that is, the latest random number is shared key.
  • the latest shared key WEP stored therein is supplied to the encryption key generation unit 12a, and the transmission side LAN
  • the latest shared key WEP stored therein is supplied to the encryption key unit 100.
  • the transmission-side specific information input unit 10 detects an optical sensor that detects the human-specific physical characteristics (for example, any information such as fingerprints, irises, signatures, faces, speech sounds, etc.) for which user power is also presented. It is configured to include a detection sensor formed by a voice detection sensor and a feature extraction unit that extracts feature information from the detection output of the detection sensor and identifies it as identification information (transmission side identification information) IDtx .
  • identification information transmission side identification information
  • the transmission side unique information input unit 10 is configured to generate the transmission side identification information IDtx based on the fingerprint information, an optical detection sensor that optically detects the fingerprint, and its detection And a feature extraction unit for extracting feature information by image processing the output. ing.
  • the optical detection sensor for optically detecting the iris and the detection output thereof are subjected to image processing.
  • a feature extraction unit for extracting feature information.
  • the optical detection sensor for optically detecting the signed pattern, or the writing pressure of the signed pattern
  • a feature extraction unit that extracts feature information by performing image processing, pattern recognition processing, and the like on the detection output.
  • the optical detection sensor that optically detects the face and the detection output are subjected to image processing.
  • a feature extraction unit for extracting feature information.
  • a voice detection sensor such as a microphone that detects the uttered voice, and its detection output It is configured to include a feature extraction unit that extracts features by analyzing the frequency characteristics and so on.
  • the information can identify an individual person, not only a fingerprint, an iris, a signature, a face, and a speech voice, but also other physical features may be detected and feature extraction may be performed. .
  • the following description will be given on the assumption that the transmission side unique information input unit 10 generates the transmission side identification information IDtx based on the above-described fingerprint information.
  • the encryption key shared key generation unit 12a of the present embodiment stores the shared key storage unit 14 in the shared key storage unit 14.
  • an encrypted shared key KEY is generated and supplied to the encrypted shared key bundle storage unit 12b.
  • the encryption key sharing unit 12a encrypts the latest shared key WEP with the sender identification information IDtx each time the user presents a fingerprint, thereby obtaining the encryption key shared key KEY. Generated and supplied to the encrypted shared key ring storage unit 12b. In addition, there is already one or more sender identification information. When the IDtx is generated, the latest shared key WEP is encrypted with each of the transmission side identification information IDtx, so that the number of encryption key shared keys corresponding to the respective transmission side identification information IDtx is obtained. Generate KEY.
  • the encryption key sharing key storage unit 12b is formed of a semiconductor memory or the like.
  • the encryption key sharing key KEY generated by the encryption key sharing key generation unit 12a up to now is encrypted. It is stored as a shared key ring KEY T.
  • the transmission unit 13 has a communication function of performing wired or wireless communication with the reception unit 21 in each reception-side LAN setting device RX provided in one or more other devices.
  • the encryption key shared key ring KEYT is broadcasted as a broadcast packet (that is, widely distributed to devices equipped with the receiving LAN setting device RX) and wirelessly transmitted.
  • the encrypted key-sharing KEYT is broadcast on the beacon.
  • the receiving side LAN setting device RX is composed of a processor, digital signal processor (DSP), electronic circuit, semiconductor memory, etc. that perform arithmetic and control functions according to a predetermined computer program.
  • Side unique information input unit) 20 a receiving unit 21, a shared key decryption unit 22a, and a shared key storage unit 22b.
  • the receiving-side unique information input unit 20 is similar to the transmitting-side unique information input unit 10, for example, human physical characteristics (for example, any information such as fingerprints, irises, signatures, faces, speech sounds, etc.) ) And a feature extraction unit that extracts the detection output force characteristic information of the detection sensor and obtains identification information (reception side identification information) IDrx. That is, as described above, if the transmission side unique information input unit 10 is configured to generate the transmission side identification information IDtx based on the fingerprint information, the reception side unique information input unit 20 is also based on the fingerprint information. Receiving side identification information IDrx is generated.
  • the receiving unit 21 communicates with the transmitting unit 13 in the transmission-side LAN setting device TX provided in another device having a function as an access point or a master device by wire or wirelessly. Has a communication function.
  • a wired connection is made (in the case of a wired LAN)
  • the encryption key transmitted as a broadcast packet is shared.
  • keyed key bundle KEYT is received and wireless connection is established (in the case of wireless LAN), the encrypted key shared key bundle KEYT transmitted on the beacon is received.
  • the shared key decryption unit 22 of the present embodiment uses the latest reception side identification information IDrx generated by the reception side unique information input unit 20 and the encryption key shared key bundle KEYT received by the reception unit 21. Input and decrypt each encrypted shared key KEY included in the encrypted key shared key ring KEYT with the latest receiving side identification information IDrx, so that it is provided in the device on the access point or master device side.
  • the same shared key WEP as the latest shared key WEP generated by the shared key generator 11 in the transmitting LAN setting device TX is properly played back.
  • the shared key storage unit 22b is formed of a semiconductor memory or the like, and stores the latest shared key WEP decrypted (reproduced) by the shared key decryption unit 22. Then, by supplying the latest shared key WEP to the decryption unit 200 in the device provided with the receiving side LAN setting device RX, it has been transmitted from the access point or the device device on the master device side. Enables decryption of ciphertext into plaintext.
  • FIG. Figure 5 shows the settings of the sending LAN setting device TX and the receiving LAN setting when the user constructs a new LAN system or when a device as a station is newly added in the already constructed LAN system. This shows the operation of the device RX. In addition, the operation when the user constructs a wireless LAN system will be described.
  • step S1 when the user turns on the power of the device provided with the transmission side LAN setting device TX, the shared key generation unit 11 in the transmission side LAN setting device TX is set to a random number. And a shared key WEP is generated and stored in the shared key storage unit 14.
  • step S2 the display means provided in the transmission-side LAN setting device TX
  • step S3 when a fingerprint is input to the optical sensor provided in the transmission side unique information input unit 10, the transmission side unique information input unit 10 also transmits the fingerprint power.
  • Side identification information IDtx is generated, and the encryption key generation unit 12a encrypts the shared key storage unit 14 by encrypting the latest shared key WEP stored with the transmission side identification information IDtx.
  • ⁇ ⁇ shared key KEY is generated and stored in the encrypted shared key bundle storage unit 12b as a component of the encrypted shared key bundle KEYT.
  • the transmission side unique information input unit 10 displays a plurality of transmission sides related to each fingerprint.
  • the identification information IDtx is generated, and the encrypted shared key generation unit 12a encrypts the shared key WEP based on each of the transmission side identification information IDtx, thereby generating a plurality of encrypted shared keys KEY. It is generated and stored in the encryption key sharing key storage unit 12b as a constituent element of the encryption key sharing key KEYT.
  • step S4 the transmission unit 13 broadcasts and transmits the encrypted key shared key bundle KEYT stored in the encrypted shared key bundle storage unit 12b to other devices on a beacon.
  • the transmission unit 13 continuously transmits a beacon to other devices in a preset cycle. Therefore, the encrypted shared key ring KEYT is also broadcast to other devices according to the beacon transmission cycle.
  • step S5 when the receiving side LAN setting device RX provided in the station side device receives the beacon by the receiving unit 21, in step S5, the encrypted sharing transmitted on the beacon is transmitted. Receive the key ring KEYT and enter it. In step S6, the display means (not shown) provided in the receiving-side LAN setting device RX suggests that information on the fingerprint, which is a user-specific physical feature, is input.
  • step S7 when the user inputs a fingerprint to the optical sensor provided in the receiving side unique information input unit 20, the receiving side unique information input unit 20 recognizes the fingerprint force receiving side identification.
  • Information IDtx is generated.
  • the shared key decryption unit 22a receives the receiving side identification information. Based on IDtx, the decryption process is applied to the encryption key shared key KEY in the encryption key shared key KEYT, so that the shared key WEP can be decrypted properly. Decrypt The shared key WEP is stored in the shared key storage unit 33b.
  • the reception side LAN setting device RX performs the processing of steps S5 to S8 described above, the device as the access point or master device provided with the transmission side LAN setting device TX and the reception side
  • the same shared key WEP is set in the device as a station provided with the LAN setting device RX, and encrypted communication can be performed between both devices.
  • the user selects a desired device provided with the transmission-side LAN setting device TX, and is provided in the transmission-side LAN setting device TX. Just enter one or more physical feature information (in other words, unique information) into the sender's unique information input unit 10, and the encrypted key EP the shared key WEP is encrypted.
  • An encryption key KEYT can be transmitted to another device, and the user selects a desired device provided with the receiving LAN setting device RX, The same body as the one input to the receiving side unique information input unit 20 provided in the receiving side LAN setting device RX to the transmitting side unique information input unit 10 provided in the transmission side LAN setting device TX described above.
  • the shared key WEP can be set.
  • the cipher key-sharing KEYT consisting of a set of cipher key-sharing keys corresponding to the number of physical feature information that has been input is the station with the receiving LAN setting device RX. Because it is broadcasted to the other device, the same physical features information entered by any of the above-mentioned users for the access point or master device's sending LAN setting device TX is entered. By simply inputting to the receiving side LAN setting device RX provided in the station side device, it is easy to share the same access point / master device side device with the station side device. It is possible to set the WEP.
  • one or more users can connect with an access point or a master device. At least one physical feature information is input to the transmitter LAN setting device TX provided in the device to be received, and the receiver side LAN provided in the device on the station side.
  • the setting device RX can be reconfigured or updated simply by inputting at least one physical feature that is the same as the physical feature entered for the transmission side LAN setting device TX on the access point or master device side. Therefore, it is possible to provide excellent operability for the user.
  • the communication power between the device provided with the transmission-side LAN setting device TX and the device provided with the reception-side LAN setting device RX is formed by the shared key WEP, it is secure. A LAN environment can be secured.
  • the encryption key sharing key bundle is transferred from the access point provided with the transmission side LAN setting device TX or the device on the master device side to the device on the station side provided with the reception side LAN setting device RX. Since KEYT is broadcast, the station side device has the same shared key WEP as the access point or master device side device. A simple configuration without the need to implement the protocol can be achieved.
  • each of the transmission side LAN setting devices TX provided in the access point and the master device side has each If each family member has entered information on one or more physical characteristics, at least one receiving LAN setting device RX is installed in each family member station device. By entering physical feature information, you can set the LAN settings for each family member, and eliminate the inconvenience that only a specific family member can set the LAN settings. All the family members will be able to set up the LAN.
  • each family member cannot use the LAN easily, but in this example, each family member can access it. If the information on one or more physical features is input to the transmitter LAN setting device TX provided on the point or master device side, the receiving side provided on the station side device By entering at least one physical feature information into the LAN setting device RX, each person can easily use the LAN. For this reason, this example demonstrates an excellent effect when constructing a home LAN system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un dispositif d'établissement de LAN qui permet d'effectuer plus facilement l'établissement d'un LAN. Un dispositif d'établissement de LAN côté émission (TX) est prévu sur le dispositif sur le côté point d'accès; un dispositif d'établissement de LAN côté réception (RX) est prévu sur le dispositif sur le côté station. Le dispositif d'établissement de LAN côté émission (TX) génère au moins une clé partagée chiffrée (KEY) par chiffrement d'une clé partagée (WEP) en fonction des informations d'identification du côté émission (IDtx) créées à partir des informations portant sur la caractéristique physique présentée par l'utilisateur; envoie (distribue) les clés partagées chiffrées en tant que trousseau de clés chiffrées (KEYT) au dispositif côté station. Le dispositif d'établissement de LAN côté réception (RX) déchiffre les clés partagées chiffrées (KEY) inclues dans le trousseau de clés partagées chiffrées reçues (KEYT) en fonction des informations d'identification du côté réception (IDrx) créées à partir des informations portant sur la caractéristique physique présentée par l'utilisateur et reproduit ainsi la clé partagée (WEP). Avec cette invention, la même clé partagée (WEP) au niveau du côté point d'accès et du côté station est établie et l'utilisateur peut facilement effectuer l'établissement de LAN.
PCT/JP2006/323816 2006-01-31 2006-11-29 Système lan, dispositif d'établissement de lan et procédé d'établissement de lan Ceased WO2007088671A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006022289 2006-01-31
JP2006-022289 2006-01-31

Publications (1)

Publication Number Publication Date
WO2007088671A1 true WO2007088671A1 (fr) 2007-08-09

Family

ID=38327255

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/323816 Ceased WO2007088671A1 (fr) 2006-01-31 2006-11-29 Système lan, dispositif d'établissement de lan et procédé d'établissement de lan

Country Status (1)

Country Link
WO (1) WO2007088671A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014192706A (ja) * 2013-03-27 2014-10-06 Nec Platforms Ltd 無線lan接続装置、方法及びプログラム

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10224340A (ja) * 1997-02-07 1998-08-21 Brother Ind Ltd 無線通信方法及び無線通信システム
JP2004153843A (ja) * 2003-12-15 2004-05-27 Nec Corp 情報処理方法、情報処理装置及び情報処理プログラムを記憶した記録媒体

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10224340A (ja) * 1997-02-07 1998-08-21 Brother Ind Ltd 無線通信方法及び無線通信システム
JP2004153843A (ja) * 2003-12-15 2004-05-27 Nec Corp 情報処理方法、情報処理装置及び情報処理プログラムを記憶した記録媒体

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014192706A (ja) * 2013-03-27 2014-10-06 Nec Platforms Ltd 無線lan接続装置、方法及びプログラム

Similar Documents

Publication Publication Date Title
CN202738112U (zh) 附件、控制器以及在其间建立无线通信链路的系统
JP2020144873A (ja) 通信保護を備えた聴覚装置および関連する方法
US20090097672A1 (en) Apparatus and method for sharing contents via headphone set
JPWO2008117556A1 (ja) ログ取得システム、ログ収集端末、ログ取得端末、それらを用いたログ取得方法及びプログラム
CN106164922A (zh) 使用在线音频指纹的远程设备的自组织一次性配对
KR102666331B1 (ko) 메시지 암호화를 위한 방법 및 단말 장치
CN100471081C (zh) 提供输电线调制解调器网络安全的装置
JP4156770B2 (ja) 通信装置およびその通信方法
CN104393994B (zh) 一种音频数据安全传递方法、系统及终端
US20030165239A1 (en) Decryption system for encrypted audio
WO2003067811A1 (fr) Terminal de communication mobile, procede de traitement d'informations, programme de traitement de donnees et support d'enregistrement
CN106549939B (zh) 智能门禁系统数据处理方法及装置
WO2014117429A1 (fr) Procédé d'interaction d'informations de sécurité et dispositif associé
US20080133919A1 (en) Method and apparatus for performing authentication
CN107404720A (zh) 一种无线设置信息重置的方法及相关设备
JP2004080663A (ja) 暗号化/復号鍵の鍵生成方法、暗号化/復号鍵の鍵生成装置、暗号化/復号鍵の鍵生成プログラムならびにコンピュータで読取可能な記録媒体
JP2003506919A (ja) 無線通信システムにおける保全データ転送のためのシステムおよび方法
JP4489601B2 (ja) セキュリティ情報の交換方法およびレコーダ装置ならびにテレビ受像機
CN101242453B (zh) 一种双音多频信号的传输方法和系统
WO2007088671A1 (fr) Système lan, dispositif d'établissement de lan et procédé d'établissement de lan
CN203537408U (zh) 一种可指定密钥的端到端语音通信保密装置
JP3975364B2 (ja) ホームネットワークシステム
JP4586692B2 (ja) 鍵共有システム,鍵共有装置,鍵共有方法
US20070113082A1 (en) Login method for a wireless network with security settings, and wireless network system with security settings
CN101483640A (zh) 加密认证处理方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06833620

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP