JP2015186215A - Communication system, communication apparatus and communication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication system etc. capable of performing mutual communication between a first communication apparatus and a second communication apparatus without the need of an input of setting information.SOLUTION: In a communication system 1000, a first communication apparatus 100 includes: a first cipher key table 110 for storing a cipher key and cipher key identification information for identifying the cipher key in association with each other; and a notification unit 120 for notifying information indicative of the cipher key identification information. A second communication apparatus 200 includes: a second cipher key table 210 for storing the same information as the cipher key and the cipher key identification information which are stored in the first cipher key table 110; and an extraction unit 231 for extracting a cipher key from the second cipher key table 210, on the basis of the cipher key identification information notified by the notification unit 120.

Description

  The present invention relates to a communication system or the like, for example, a communication system or the like in which communication apparatuses communicate with each other using mutually common encryption keys.

  In recent years, a wireless LAN connection between a communication device having a wireless LAN base unit function such as a wireless LAN (Local Area Network) access point and a communication device having a wireless LAN handset function such as a game machine, a personal computer, a smartphone, or a tablet terminal The technology to do is widely known.

  In addition, the technique relevant to the technique of wireless LAN connection is described in patent documents 1-2, for example.

JP 2006-285826 A JP 2013-034693 A

  However, in order to establish a wireless LAN connection between a communication device such as an access point and a communication device such as a tablet terminal, various setting information such as the SSID (Service Set Identifier) and encryption key of the communication partner is individually assigned to each communication device. There was a problem that it was necessary to input and set. Therefore, for example, a user who is not familiar with the operation of the communication device may input incorrect setting information.

  The present invention has been made in view of such circumstances, and an object thereof is to provide a communication system or the like that allows the first and second communication devices to communicate with each other without requiring input of setting information. There is to do.

  The communication system according to the present invention is a communication system including a first communication device and a second communication device that communicates with the first communication device, wherein the first communication device includes an encryption key. A first encryption key table for storing the encryption key identification information for identifying the encryption key in association with each other, and a notification unit for notifying information indicating the encryption key identification information, The second communication device is notified by the notification unit, the second encryption key table storing the same information as the encryption key and the encryption key identification information stored in the first encryption key table. An extraction unit that extracts the encryption key from the second encryption key table based on the encryption key identification information.

  The communication device of the present invention includes an encryption key table that stores an encryption key and encryption key identification information for identifying the encryption key in association with each other, and the encryption key identification information notified from the other communication device. And an extraction unit that extracts the encryption key from the encryption key table, and communicates with the other communication device using the encryption key extracted by the extraction unit.

  The communication method of the present invention is a communication method performed between a first communication device and a second communication device that communicates with the first communication device, wherein the first communication device includes: A notification step of notifying information indicating the encryption key identification information using a first encryption key table storing the encryption key and encryption key identification information for identifying the encryption key in association with each other; Based on the encryption key identification information notified by the notification step, the second communication device stores the same information as the encryption key and the encryption key identification information stored in the first encryption key table. An extraction step of extracting the encryption key from the stored second encryption key table.

  According to the communication system and the like of the present invention, the first and second communication devices can communicate with each other without requiring input of setting information.

It is a block diagram which shows the structure of the communication system in the 1st Embodiment of this invention. It is a figure which shows an example of the correspondence of the encryption key memorize | stored in a 1st encryption key table, and encryption key identification information. It is a sequence diagram which shows the operation | movement flow of the communication system in the 1st Embodiment of this invention. It is a block diagram which shows the structure of the communication system in the 2nd Embodiment of this invention. It is a figure which shows an example of the corresponding | compatible relationship between the encryption key memorize | stored in a 1st encryption key table, and encryption key identification information, and the notification means of encryption key identification information. It is a figure for demonstrating a Beacon frame. It is a figure for demonstrating a Probe Request frame. It is a sequence diagram which shows the operation | movement flow of the communication system in the 2nd Embodiment of this invention. It is a sequence diagram which shows the operation | movement flow of the communication system in the 2nd Embodiment of this invention. It is a figure which shows the exchange of the signal between an access point and a smart phone. It is a block diagram which shows the structure of the communication system in the 3rd Embodiment of this invention. It is a sequence diagram which shows the operation | movement flow of the communication system in the 3rd Embodiment of this invention.

<First Embodiment>
The detailed configuration of the communication system 1000 according to the first embodiment of the present invention will be described with reference to FIG. FIG. 1 is a block diagram showing a configuration of the communication system 1000.

  As shown in FIG. 1, the communication system 1000 includes a first communication device 100 and a second communication device 200.

  First, the detailed configuration of the first communication device 100 will be described with reference to FIG.

  The first communication device 100 communicates with the second communication device. As shown in FIG. 1, the first communication device 100 includes a first encryption key table 110, a notification unit 120, and a first control unit 130.

  As shown in FIG. 1, the first encryption key table 110 is connected to the first control unit 130. The first encryption key table 110 stores an encryption key and encryption key identification information for identifying the encryption key in association with each other.

  Here, the correspondence between the encryption key stored in the first encryption key table 110 and the encryption key identification information will be described with reference to FIG. FIG. 2 is a diagram illustrating an example of a correspondence relationship between encryption keys stored in the first encryption key table and encryption key identification information.

  In (1) shown in FIG. 2, the encryption key “encryption key 1” and the encryption key identification information “1” for identifying the encryption key “encryption key 1” are associated with each other and the first encryption key A case where it is stored in the table 110 is shown.

  Since (2) to (4) shown in FIG. 2 are the same as (1) described above, description thereof is omitted.

  The correspondence relationship between the encryption key and the encryption key identification information illustrated in FIG. 2 is set in advance, for example, at the manufacturing stage. However, the correspondence between the encryption key and the encryption key identification information may be rewritten by the user, for example.

  Here, the first encryption key table 110 stores a plurality (here, four) of encryption keys and a plurality (here, four) of encryption key identification information in association with each other. Show. However, the first encryption key table 110 may store a single encryption key and a single encryption key identification information in association with each other.

  Returning to FIG. 1, the notification unit 120 is connected to the first control unit 130. The notification unit 120 notifies information indicating the encryption key identification information stored in the first encryption key table 110.

  For example, the notification unit 120 may notify the information indicating the encryption key identification information using a voice, or notify the encryption key identification information by providing display to the user. More specifically, for example, when notifying the information indicating the encryption key identification information “1” shown in (1) of FIG. 2, the notifying unit 120 utters “1 (one)” or outputs a signal sound. Information indicating the encryption key identification information “1” may be notified by ringing once (for example, a beep sound).

  Similarly, in the case of the encryption key identification information “2”, the notification unit 120 notifies, for example, by uttering “2 (d)” or by making a signal sound twice (for example, “beep” signal sound). May be.

  More specifically, the notification unit 120 may notify the information indicating the encryption key identification information “1” by, for example, displaying and providing “1” to the user. Similarly, in the case of the encryption key identification information “2”, the notification unit 120 may notify by providing “2” to the user, for example.

  In addition, the notification unit 120 may notify the encryption key identification information using, for example, the vibration time or the number of vibrations of the vibrator mounted on the first communication device 100. More specifically, the notification unit 120 may notify the information indicating the encryption key identification information “1” by, for example, vibrating the vibrator once or vibrating the vibrator for 1 second. Similarly, in the case of the encryption key identification information “2”, the notification unit 120 may notify by vibrating the vibrator twice, or vibrating the vibrator for 2 seconds, for example.

  In addition, the notification unit 120 transmits the first and second trigger signals, and changes the time difference between the transmission time of the first trigger signal and the transmission time of the second trigger signal in the encryption key identification information. Depending on the situation, notification may be made separately.

  The notification unit 120 is, for example, a light emitting element, and the encryption key identification information may be distinguished and notified by changing a light emission pattern set by the number of light emission blinks of the light emitting element. A notification method using these two notification means will be described in detail in a second embodiment to be described later.

  As shown in FIG. 1, the first control unit 130 is connected to the first encryption key table 110 and the notification unit 120. The first control unit 130 controls the entire first communication device 100. Further, the first control unit 130 acquires the correspondence relationship between the encryption key stored in the first encryption key table 110 and the encryption key identification information, and outputs the acquired information to the notification unit 120.

  Next, the detailed configuration of the second communication apparatus 200 will be described using FIG.

  As shown in FIG. 1, the second communication device 200 includes a second encryption key table 210, an input unit 220, and a second control unit 230.

  As shown in FIG. 1, the second encryption key table 210 is connected to the second control unit 230. The second encryption key table 210 stores the same information as the encryption key and encryption key identification information stored in the first encryption key table 110. Here, it is assumed that the second encryption key table 210 stores the same contents as those of the first encryption key table 110 described above with reference to FIG.

  As shown in FIG. 1, the input unit 220 is connected to the second control unit 230. The input unit 220 accepts input of encryption key identification information notified by the notification unit 120.

  As shown in FIG. 1, the second control unit 230 is connected to the second encryption key table 210 and the input unit 220, respectively. The second control unit 230 controls the entire second communication device 200. The second control unit 230 acquires the input result of the input unit 220. In addition, the second control unit 230 acquires the correspondence relationship between the encryption key stored in the second encryption key table 210 and the encryption key identification information.

  As shown in FIG. 1, the second control unit 230 includes an extraction unit 231. The extraction unit 231 extracts the encryption key from the second encryption key table 210 based on the encryption key identification information notified by the notification unit 120.

  Next, the operation of the communication system 1000 will be described with reference to FIG. FIG. 3 is a sequence diagram showing an operation flow of the communication system 1000.

  Here, it is assumed that the notification unit 120 notifies information indicating the encryption key identification information “1” associated with the encryption key “encryption key 1” illustrated in (1) of FIG.

  First, as shown in FIG. 3, the notification unit 120 of the first communication device 100 selects the encryption key “encryption key 1” from the first encryption key table 110 (step (hereinafter referred to as S) 110. ). As described above with reference to FIG. 2, when the first encryption key table 110 stores a single encryption key and a single encryption key identification information in association with each other, the processing of S110 is omitted. can do.

  The encryption key selected by the notification unit 120 may be determined at random each time, for example.

  Next, the notification unit 120 notifies the second communication device 200 of the encryption key identification information “1” associated with the encryption key “encryption key 1” (S120). Here, it is assumed that the notification unit 120 displays and provides the encryption key identification information “1” to the user.

  And the input part 220 of the 2nd communication apparatus 200 receives the input of encryption key identification information (S130). Here, it is assumed that the user of the second communication device 200 inputs the encryption key identification information “1” displayed and provided by the notification unit 120 by operating the input unit 220.

  However, the input unit 220, for example, captures the encryption key identification information “1” displayed and provided by the notification unit 120 by using a camera (not shown), thereby identifying the encryption key without performing a user input operation. Information input may be accepted.

  Finally, the extraction unit 231 receives the input result of the input unit 220 and extracts the encryption key “encryption key 1” corresponding to the encryption key identification information “1” from the second encryption key table 210 (S140).

  As described above, the communication system 1000 according to the first embodiment of the present invention includes the first communication device 100 and the second communication device 200 that communicates with the first communication device 100. In the communication system 1000, the first communication device 100 includes a first encryption key table 110 that stores an encryption key and encryption key identification information for identifying the encryption key in association with each other, and an encryption key. The second communication device 200 stores the same information as the encryption key and the encryption key identification information stored in the first encryption key table 110. The notification unit 120 notifies the information indicating the identification information. The second encryption key table 210 and an extraction unit 231 that extracts an encryption key from the second encryption key table 210 based on the encryption key identification information notified by the notification unit 120.

  As described above, in the communication system 1000 according to the first embodiment of the present invention, the first communication device 100 and the second communication device 200 have encryption key tables that store at least the same contents. Then, the second communication device 200 extracts the corresponding encryption key from the encryption key identification information notified from the first communication device 100.

  Thereby, the 1st and 2nd communication apparatuses 100 and 200 can set the encryption key at the time of communicating mutually common. As a result, the communication system 1000 can set the setting information without requiring input of setting information such as an encryption key. As a result, the first and second communication devices 100 and 200 can communicate with each other.

  In the communication system 1000 according to the first embodiment of the present invention, the first communication device 100 does not transmit the encryption key itself to the second communication device 200. Therefore, the communication system 1000 can prevent the encryption key from leaking to a third party that is not intended by the user.

  The communication method according to the first embodiment of the present invention is a communication method performed between the first communication device 100 and the second communication device 200 that communicates with the first communication device 100. Then, the first communication device 100 uses the first encryption key table 110 that stores the encryption key and the encryption key information for identifying the encryption key in association with each other, and stores the encryption key identification information. A notification step for notifying the information to be indicated, and the second communication device 200 based on the encryption key identification information notified in the notification step, and the encryption key and the encryption key identification information stored in the first encryption key table 110 And an extraction step of extracting an encryption key from the second encryption key table 210 that stores the same information.

  Since this communication method is based on the invention of the system of the communication system 1000 described above, the same effect as the communication system 1000 described above can be obtained.

  The communication device 100 according to the first embodiment of the present invention includes an encryption key table 110 that stores an encryption key and encryption key identification information for identifying the encryption key in association with each other, and an encryption key identification. A notification unit 120 that notifies the other communication device 200 of information indicating the information, and communicates with the other communication device 200 using the encryption key associated with the encryption key identification information notified by the notification unit 120. To do.

  In this way, the communication device 100 notifies the other communication device 200 of the encryption identification information of the encryption key table 110, and uses the encryption key associated with the notified encryption identification information to communicate with the other communication device 200. connect. As a result, the communication device 100 has the same effects as the communication system 1000 described above.

  In addition, the communication device 200 according to the first embodiment of the present invention has the same information as the encryption key and the encryption key identification information for identifying the encryption key stored in the encryption key table 110 of the other communication device 100. The encryption key table 210 for storing the encryption key and the encryption key identification information in association with each other, and the encryption key identification information notified from the other communication device 100 An extraction unit 231 that extracts an encryption key from the encryption key table 210. In this way, the communication device 200 extracts the encryption key from the encryption key table 210 based on the encryption key identification information notified from the other communication device 100, and thus has the same operational effects as the communication system 1000 described above. .

<Second Embodiment>
The detailed configuration of the communication system 1000A according to the second embodiment of the present invention will be described with reference to FIG. FIG. 4 is a block diagram showing a configuration of a communication system 1000A according to the second embodiment of the present invention. In FIG. 4, constituent elements that are equivalent to the constituent elements shown in FIGS. 1 to 3 are given the same reference numerals as those shown in FIGS. In the following description, the description of the same configuration as that shown in FIGS.

  As illustrated in FIG. 4, the communication system 1000A includes an access point 100A and a smartphone 200A.

  First, a detailed configuration of the access point 100A will be described with reference to FIG.

  The access point 100A is connected to a network (not shown) such as the Internet, for example. The access point 100A is a communication device conforming to, for example, IEEE (The Institute of Electrical and Electronics Engineers, Inc.) 802.11, and is a communication device having a wireless LAN function such as a router installed indoors or outdoors. The access point 100A corresponds to the first communication device of the present invention.

  As shown in FIG. 4, the access point 100A includes a first encryption key table 110A, a notification unit 120A, a trigger signal reception unit 121, a first control unit 130A, an encrypted signal transmission unit 140, A first communication unit 150 and a first timer 160 are provided.

  The first encryption key table 110A corresponds to the first encryption key table of the present invention.

  Here, the correspondence relationship between the encryption key and the encryption key identification information stored in the first encryption key table 110A and the encryption key identification information notifying means will be described with reference to FIG. FIGS. 5A and 5B are diagrams showing an example of the correspondence between the encryption key stored in the first encryption key table 110A and the encryption key identification information, and the encryption key identification information notifying means. .

  In (1) shown in FIG. 5A, as in (1) shown in FIG. 2, the encryption key “encryption key 1” and the encryption key identification information “1” are associated with each other. Show. Further, in (1) shown in FIG. 5A, as a notification means of the encryption key identification information “1”, a light emission pattern set by the number of light emission blinks of the light emission unit 120A described later (here, the light emission unit 120A blinks). 1 times) is associated with the encryption key identification information “1”.

  About (2)-(4) shown to Fig.5 (a), since it is the same as that of (1) mentioned above, description is abbreviate | omitted.

  (5) shown in FIG. 5B shows a case where the encryption key “encryption key i” and the encryption key identification information “i” are associated with each other. Also, in (5) shown in FIG. 5B, as notification means for the encryption key identification information “i”, timer values (here, 1 second) of first and second timers 160 and 260 described later are encrypted. It is associated with the key identification information “i”. The timer value corresponds to the time between the time when the first and second timers 160 and 260 start counting and the time when the first and second timers 160 and 260 stop counting.

  About (6)-(8) shown in FIG.5 (b), since it is the same as that of (5) mentioned above, description is abbreviate | omitted.

  Returning to FIG. 4, the light emitting unit 120A corresponds to the notification unit of the present invention. The light emitting unit 120A is a light emitting element such as an LED (Light Emitting Diode). The light emitting unit 120A has a light emission pattern (here, the number of blinking of the light emitting unit 120A) set by the number of times of light emission blinking of the light emitting element, and encryption key identification information corresponding to an encryption key used by the encryption unit 131 described later. Notification is made by distinguishing by changing.

  For example, when the encryption key used by the encryption unit 131 is the encryption key “1” shown in (1) of FIG. 5A, the light emitting unit 120A blinks once to change the encryption key “1”. Corresponding encryption key identification information “1” is notified.

  The light emitting unit 120A indicates the encryption key identification information when the first communication unit 150 receives a detection signal (Probe Request (A) in FIG. 8) transmitted from the second communication unit 250 described later. Notify information. The light emitting unit 120A corresponds to the notification unit of the present invention.

  As shown in FIG. 4, the trigger signal receiving unit 121 is connected to the first control unit 130A. The trigger signal receiving unit 121 receives a first trigger signal (Probe Request (B) in FIG. 9) and a second trigger signal (Probe Request (C) in FIG. 9) transmitted by a trigger signal transmitting unit 221 to be described later. Receive.

  As shown in FIG. 4, the first control unit 130A includes a first encryption key table 110, a light emitting unit 120A, a trigger signal receiving unit 121, an encrypted signal transmitting unit 140, and a first communication unit. 150 and the first timer 160 are connected to each other. The first control unit 130A controls the entire access point 100A. The first control unit 130A corresponds to the first control unit of the present invention.

  The first controller 130A acquires the first and second trigger signals received by the trigger signal receiver 121, and turns on the first timer 160 in accordance with the acquired first and second trigger signals. Or turn it off.

  The first controller 130A outputs the encrypted signal generated by the generator 132 to the encrypted signal transmitter 140. The first control unit 130 </ b> A acquires the detection signal received by the first communication unit 150.

  In addition, the first control unit 130A acquires a detection signal (Probe Request (A) in FIG. 8) and a request signal (Probe Request (α) in FIG. 9) received by the first communication unit 150.

  As shown in FIG. 4, the first control unit 130 </ b> A includes an encryption unit 131, a generation unit 132, and an AP side extraction unit 133.

  The encryption unit 131 encrypts connection identification information used for connection with the smartphone 200A using an encryption key. Here, it is assumed that the connection identification information is an SSID standardized by IEEE 802.11. This connection identification information (SSID) is preset in the access point 100A, for example.

  In addition to the connection identification information, the encryption unit 131 encrypts the second communication device-side unique identification information for identifying the smartphone 200A using an encryption key. Here, it is assumed that the second communication device side unique identification information is a Mac (Media Access Control) address.

  The second communication device side unique identification information is, for example, when the first communication unit 150 receives a detection signal transmitted from a smartphone 200A described later, and the second communication device side unique identification information. It is assumed that the access point 100A is set based on the information.

  The second communication device side unique identification information (Mac address) may be set in advance in the access point 100A.

  The generation unit 132 generates a signal including both the encrypted connection identification information (SSID) and the encrypted second communication device side unique identification information (Mac address) as an encrypted signal.

  Here, it is assumed that the encrypted signal is a Beacon frame (Beacon (α) in FIG. 8) transmitted using a Mac frame standardized by IEEE 802.11.

  Here, Beacon (α) will be described with reference to FIG. FIG. 6 is a diagram for explaining the Beacon frame.

  As shown in FIG. 6, the Mac frame includes a Mac frame header, a Mac frame body, and a Mac frame error detection.

  As shown in FIG. 6, the Mac frame header includes 2 bytes of frame control, 2 bytes of duration / ID, 6 bytes of destination Mac address 1, 6 bytes of source Mac address 2, 6 bytes of Mac address 3, It consists of a 2-byte sequence control and a 6-byte Mac address 4.

  As shown in FIG. 6, the Mac frame body is composed of a variable-length frame body of 0 to 2312 bytes. The encrypted signal (Beacon (α)) described above corresponds to this variable-length Mac frame body.

  As shown in FIG. 6, the Mac frame body includes a Timestamp area, a Beacon interval area, a Capability Information area, a Service Set ID area, a Supported Rates area, an FH Parameter set area, a DS Parameter set area, a CF Parameter set area, a CF Parameter set area, a CF Parameter set area, and a CF Parameter set area. It includes a set area and a TIM area.

  The encrypted connection identification information (SSID) and the encrypted second communication device side unique identification information (Mac address) described above are the Service Set ID (SSID) in the variable-length Mac frame body shown in FIG. Set to area.

  As shown in FIG. 6, Mac frame error detection is composed of 4-byte FCS (Frame Check Sequence).

  Returning to FIG. 4, the AP-side extraction unit 133 extracts an encryption key from the first encryption key table 110 </ b> A based on encryption key identification information notified by a trigger signal transmission unit 221 described later. The specific operation of the AP side extraction unit 133 will be described later.

  As shown in FIG. 4, the encrypted signal transmission unit 140 is connected to the first control unit 130A.

  When the first communication unit 150 receives the detection signal (Probe Request (A) in FIG. 8) transmitted from the second communication unit 250, the encrypted signal transmission unit 140 receives the encrypted signal (in FIG. 8). Transmit Beacon (α)).

  As shown in FIG. 4, the first communication unit 150 is connected to the first control unit 130A. The first communication unit 150 is a communication unit compliant with, for example, IEEE 802.11. The first communication unit 150 receives a detection signal (Probe Request (A) in FIG. 8) transmitted from the second communication unit 250 described later.

  When the first communication unit 150 receives the detection signal (Probe Request (A) in FIG. 8) transmitted from the second communication unit 250, the first communication unit 150 transmits the detection signal using a Mac frame standardized by IEEE 802.11. A Beacon frame (Beacon (A) in FIG. 8) is transmitted. This Beacon (A) corresponds to the variable-length Mac frame body shown in FIG. 6, similarly to the above-described encrypted signal (Beacon (α) in FIG. 8).

  Beacon (A) includes a detection identifier described later. That is, a detection identifier is set in the SSID area shown in FIG. 6 of Beacon (A).

  Further, the first communication unit 150 receives a request signal (Probe Request (α) in FIG. 9) including connection information after decryption transmitted from the second communication unit 250 described later. The first communication unit 150, when the connection identification information after decoding in the request signal (Probe Request (α) in FIG. 9) matches the connection identification information set in advance in the access point 100A, A response signal (Probe Response in FIG. 9) is transmitted.

  As shown in FIG. 4, the first timer 160 is connected to the first control unit 130A. The first timer 160 is a timer device mounted on the access point 100A.

  When the first trigger signal (Probe Request (B) in FIG. 9) is received by the trigger signal receiving unit 121, the first timer 160 turns on the timer and starts counting. On the other hand, when the second trigger signal (Probe Request (C) in FIG. 9) is received by the trigger signal receiving unit 121, the first timer 160 turns off the timer and stops counting.

  Next, the detailed configuration of the smartphone 200A will be described with reference to FIG. The smartphone 200A corresponds to the second communication device of the present invention.

  The smartphone 200A is, for example, a communication device that conforms to IEEE 802.11, and wirelessly connects (wireless LAN connection) to the access point 100A. The smartphone 200A corresponds to the second communication device of the present invention.

  As shown in FIG. 4, the smartphone 200A includes a second encryption key table 210A, an input unit 220A, a trigger signal transmission unit 221, a second control unit 230A, an encrypted signal reception unit 240, 2 communication units 250 and a second timer 260.

  The second encryption key table 210A corresponds to the second encryption key table of the present invention. The second encryption key table 210A stores the same information as the encryption key and encryption key identification information stored in the first encryption key table 110A.

  The input unit 220A corresponds to the input unit 220 in the first embodiment described above. The input unit 220 is, for example, an input key and is operated by the user.

  As shown in FIG. 4, the trigger signal transmission unit 221 is connected to the second control unit 230A. The trigger signal transmission unit 221 transmits the first and second trigger signals, and changes the time difference between the transmission time of the first trigger signal and the transmission time of the second trigger signal by using the encryption key identification information. Notifications are made by distinguishing them. The trigger signal transmission unit 221 corresponds to a notification unit of the present invention.

  The first trigger signal is a control signal that turns on the first timer 160. Here, the first trigger signal is assumed to be a Probe Request frame (Probe Request (B) in FIG. 9) transmitted using a Mac frame standardized by IEEE 802.11.

  The second trigger signal is a control signal that turns off the first timer 160. Here, the second trigger signal is assumed to be a Probe Request frame (Probe Request (C) in FIG. 9) transmitted using a Mac frame standardized by IEEE 802.11.

  Here, Probe Requests (B) and (C) will be described with reference to FIG. FIG. 7 is a diagram for explaining the Probe Request frame.

  Since the Mac frame header and the Mac frame error detection shown in FIG. 7 have been described above with reference to FIG.

  As shown in FIG. 7, the Mac frame body is composed of a variable-length frame body of 0 to 2312 bytes. The above-mentioned Probe Requests (B) and (C) correspond to the variable-length Mac frame body.

  As shown in FIG. 7, the Mac frame body includes a Capability Information area, a Service Set ID area, and a Supported Rates area.

  In the first trigger signal (Probe Request (B) in FIG. 9), a predetermined code (for example, a character string of Start) for turning on the first timer 160 is a variable length Mac shown in FIG. It is set in the SSID area in the frame body.

  A predetermined code (Start) for turning on the first timer 160 is recognized by the first controller 130A of the access point 100A.

  In the second trigger signal (Probe Request (C) in FIG. 9), a predetermined code (for example, a character string of Stop) for turning off the first timer 160 is a Service Set ID (FIG. 7). SSID) area.

  A predetermined code (Stop) for turning off the first timer 160 is recognized by the first controller 130A of the access point 100A.

  Returning to FIG. 4, the second control unit 230 </ b> A corresponds to the second control unit 230 in the first embodiment described above. The second control unit 230A controls the entire smartphone 200A.

  The second control unit 230A acquires the input result of the input unit 220A. The second control unit 230A turns the second timer 260 on or off according to the first and second trigger signals transmitted from the trigger signal transmission unit 221.

  Also, the second control unit 230A acquires the encrypted signal (Beacon (α) in FIG. 8) received by the encrypted signal receiving unit 240. The second control unit 230 </ b> A outputs the identification result of the identification unit 233 to the second communication unit 250.

  The second controller 230A acquires the beacon (A) and the response signal (Probe Response in FIG. 9) received by the second communication unit 250.

  As shown in FIG. 4, the second control unit 230 </ b> A includes a terminal-side extraction unit 231 </ b> A, a decoding unit 232, and a specifying unit 233.

  The terminal-side extraction unit 231A corresponds to the extraction unit 231 in the first embodiment described above. The terminal-side extraction unit 231A extracts the encryption key from the second encryption key table 210A based on the encryption key identification information notified by the light emitting unit 120A. The terminal side extraction unit 231A corresponds to the extraction unit of the present invention. The detailed operation of the terminal side extraction unit 231A will be described later.

  The decryption unit 232 uses the encryption key extracted by the terminal-side extraction unit 231A, the encrypted connection identification information (SSID) and the encrypted information in the encrypted signal (Beacon (α) in FIG. 8) The second communication device side unique identification information (Mac address) is decrypted.

  The identifying unit 233 includes the second communication device-side unique identification information (Mac address) decrypted by the decryption unit 232 and the second communication device-side unique identification information (Mac) set in the smartphone 200A. Address) and the access point 100A as the connection destination is specified based on the comparison result. A specific operation in which the specifying unit 233 specifies the access point 100A as a connection destination will be described later.

  As shown in FIG. 4, the encrypted signal receiving unit 240 is connected to the second control unit 230A. The encrypted signal receiving unit 240 receives the encrypted signal (Beacon (α) in FIG. 8) transmitted from the encrypted signal transmitting unit 140.

  As shown in FIG. 4, the second communication unit 250 is connected to the second control unit 230A. The second communication unit 250 is a communication unit compliant with, for example, IEEE 802.11. The second communication unit 250 transmits a detection signal including a detection identifier for the access point 100A to detect the smartphone 200A.

  The detection identifier is, for example, a predetermined character string (for example, a Mac address) preset by the system implementer.

  Further, the detection signal is assumed to be a Probe Request frame (Probe Request (A) in FIG. 8) transmitted using a Mac frame standardized by IEEE 802.11.

  The detection signal (Probe Request (A) in FIG. 8) corresponds to the variable-length Mac frame body shown in FIG. 7, similarly to the above-described Probe Requests (B) and (C). The detection identifier (for example, Mac address) is set in the SSID area of the variable-length Mac frame body shown in FIG.

  Further, the second communication unit 250 receives Beacon (A) transmitted from the first communication unit 150.

  The second communication unit 250 requests the access point 100A, which is the connection destination specified by the specifying unit 233, to include the connection identification information (SSID) after decoding decoded by the decoding unit 232 (Probe Request (α) in FIG. 9) is transmitted. Further, the second communication unit 250 receives a response signal (Probe Response in FIG. 9).

  As shown in FIG. 4, the second timer 260 is connected to the second control unit 230A. The second timer 260 is a timer device mounted on the smartphone 200A.

  When the first trigger signal (Probe Request (B) in FIG. 9) is transmitted by the trigger signal transmission unit 221, the second timer 260 turns on the timer and starts counting. On the other hand, when the second trigger signal (Probe Request (C) in FIG. 9) is transmitted by the trigger signal transmission unit 221, the second timer 260 turns off the timer and stops counting.

  Next, the operation of the communication system 1000A will be described with reference to FIGS. 8 and 9 are sequence diagrams showing an operation flow of the communication system 1000A.

  Here, it is assumed that the access point 100A and the smartphone 200A are connected to each other via a wireless LAN by an active scan method.

  It is assumed that connection identification information (SSID = 100A) is preset in the access point 100A. It is assumed that the second communication device side unique identification information (Mac address = 200A) is preset in the smartphone 200A.

  Further, it is assumed that detection identifiers are set in advance in the access point 100A and the smartphone 200A by the system implementer.

  As illustrated in FIG. 8, the second communication unit 250 transmits a detection signal (Probe Request (A)) including a detection identifier in the “SSID” area illustrated in FIG. 7 (S210).

  Note that the process of S210 may be executed by operation information of the user of the smartphone 200A (for example, pressing of a start button (not shown) mounted on the smartphone 200A).

  In the detection signal (Probe Request (A)), in the “source Mac address” area shown in FIG. 7, the second communication device side unique identification information (Mac address = 200A) of the smartphone 200A that is the source. ) Is set.

  Next, the first communication unit 150 receives a detection signal (Probe Request (A)) (S220).

  After the process of S220, the first control unit 130A matches the detection identifier in the detection signal (Probe Request (A)) with the detection identifier set in advance in the access point 100A. Determine whether. If the two do not match, the first control unit 130A may end without executing the processing after S220.

  Then, the encryption unit 131 obtains the transmission source Mac address (second communication device side unique identification information (Mac address = 200A)) from the “transmission source Mac address” area of the detection signal (Probe Request (A)). Obtain (S230).

  The first communication unit 150 transmits Beacon (A) including the detection identifier in the “SSID” area shown in FIG. 6 (S240).

  The second communication unit 250 receives Beacon (A) (S250). The second control unit 230A recognizes from the detection identifier included in the “SSID” area of Beacon (A) that the access point 100A is a communication device that can communicate using the communication method of the present invention.

  Next, the encryption unit 131 selects an encryption key used for encrypting the connection identification information (SSID = 100A) from the first encryption key table 110A (S260). The method for selecting the encryption key is not limited. Here, it is assumed that the encryption unit 131 selects the encryption key 1 shown in (1) of FIG.

  The encryption unit 131 encrypts the connection identification information (SSID = 100A) and the second communication device side unique identification information (Mac address = 200A) acquired in the processing of S230 using the encryption key 1. (S270).

  The generation unit 132 includes an encrypted signal (Beacon (α)) that includes both the encrypted connection identification information (SSID = 100A) and the encrypted second communication device side unique identification information (Mac address = 200A). Is generated (S280).

  As described above, the encrypted connection identification information (SSID = 100A) and the encrypted second communication device side unique identification information (Mac address = 200A) are set in the “SSID” area shown in FIG. Is done.

  Next, the encrypted signal transmission unit 140 transmits the encrypted signal (Beacon (α)) generated by the generation unit 132 (S290).

  The encrypted signal receiving unit 240 receives the encrypted signal (Beacon (α)) transmitted from the encrypted signal transmitting unit 140 (S300).

  The decryption unit 232 acquires the encrypted connection identification information (SSID = 100A) from the “SSID” area of the encrypted signal (Beacon (α)) (S310).

  Next, as described above with reference to FIG. 5A, the light emitting unit 120 </ b> A blinks once for the number of blinks associated with the encryption key identification information “1” corresponding to the encryption key 1 (S <b> 320). As a result, the light emitting unit 120A notifies information indicating the encryption key identification information “1” corresponding to the encryption key 1 used by the encryption unit 131.

  Note that a plurality of light emitting units 120A may be provided in the access point 100A when the number of blinks is relatively large. For example, three light emitting units 120A may be provided, each indicating the 100th place, the 10th place and the 1st place.

  Then, the first control unit 130A validates the connection identification information (SSID = 100A) (S330).

  The input unit 220A receives an input of the number of blinks of the light emitting unit 120A (S340). The user of the smartphone 200A inputs the number of blinks of the light emitting unit 120A by operating the input unit 220A.

  The terminal-side extraction unit 231A extracts the encryption key 1 from the second encryption key table 210A based on the encryption key identification information “1” notified by the light emitting unit 120A (S350).

  More specifically, the extraction unit 231A detects from the input result of the input unit 220A that the number of blinks of the light emitting unit 120A is one. Then, the extraction unit 231A refers to the second encryption key table 210A and extracts the encryption key 1 associated with the encryption key identification information “1” corresponding to the number of blinks of the light emitting unit 120A once.

  Next, the decryption unit 232 uses the encryption key 1 extracted by the terminal side extraction unit 231A to identify the connection for encryption after being set in the “SSID” area of the encrypted signal (Beacon (α)). The information (SSID = 100A) and the encrypted second communication apparatus side unique identification information (Mac address = 200A) are decrypted (S360).

  As illustrated in FIG. 9, after the process of S360, the specifying unit 233 includes the second communication device-side unique identification information (Mac address = 200A) after decryption and the second preset in the smartphone 200A. The unique identification information (Mac address = 200A) is compared, and the access point 100A as the connection destination is specified based on the comparison result (S370).

  Here, a specific operation in which the specifying unit 233 specifies the access point 100A as a connection destination will be described.

  The second communication device side unique identification information (Mac address = 200A) encrypted by using the encryption key 1 in the encryption unit 131 is the same as the encryption key used in the encryption unit 131 in the decryption unit 232. Decrypted with the encryption key 1.

  Therefore, since the second communication device side unique identification information (Mac address = 200A) is correctly decoded, the second communication device side unique identification information (Mac address = 200A) after decryption and the smartphone 200A The preset second unique identification information (Mac address = 200A) matches.

  As a result, it can be seen that the identification unit 233 correctly decodes the connection identification information (SSID = 100A) as well as the second communication device side unique identification information (Mac address = 200A). Therefore, it can be understood that the specifying unit 233 can use the connection identification information (SSID = 100A) to establish a wireless LAN connection with the access point 100A that has transmitted the connection identification information (SSID = 100A). In this way, the specifying unit 233 specifies the access point 100A that is the connection destination.

  Next, the second communication unit 250, for the access point 100A that is the connection destination specified by the specifying unit 233, decrypted connection identification information (SSID = 100A) decoded by the decoding unit 232. ) Including a request signal (Probe Request (α)) is transmitted (S380).

  The first communication unit 150 receives the request signal (Probe Request (α)) including the connection identification information (SSID = 100A) after decryption (S390).

  Then, the first communication unit 150 uses the connection identification information (SSID = 100A) after decryption in the request signal (Probe Request (α)) and the connection identification information (SSID) set in advance in the access point 100A. = 100A) match, a response signal (Probe Response) is transmitted (S400).

  The second communication unit 250 receives a response signal (Probe Response) (S410).

  Next, the trigger signal transmission unit 221 selects an encryption key from the second encryption key table 210A (S420). Here, it is assumed that the trigger signal transmission unit 221 selects the encryption key i shown in (5) of FIG.

  The trigger signal transmitting unit 221 transmits the first trigger signal (Probe Request (B)) (S430). At this time, the second control unit 230A turns on the second timer 260. The second timer 260 is turned on and starts counting.

  The trigger signal receiving unit 121 receives the first trigger signal (Probe Request (B)) (S440). At this time, the first controller 130A turns on the first timer 160. The first timer 160 is turned on and starts counting.

  Then, the trigger signal transmission unit 221 receives the second trigger signal when the timer value corresponding to the encryption key i selected in the process of S420 has elapsed for one second from the time when the second timer 260 starts counting. (Probe Request (C)) is transmitted (S450).

  At this time, the second control unit 230A turns off the second timer 260. The second timer 260 is turned off and stops counting.

  The trigger signal receiving unit 121 receives the second trigger signal (Probe Request (C)) (S460). At this time, the first control unit 130A turns off the first timer 160. The first timer 160 is turned off and stops counting.

  Finally, the AP-side extraction unit 133 determines the first encryption key table 110A based on the time between the time when the first timer 160 starts counting and the time when the first timer 160 stops counting. The encryption key is extracted from (S470).

  Here, the time between the time when the first timer 160 starts counting and the time when the first timer 160 stops counting is one second. Therefore, the AP-side extraction unit 133 extracts the encryption key i corresponding to the encryption key identification information “i” associated with the timer value: 1 second from the first encryption key table 110A.

  After the process of S470, the access point 100A and the smartphone 200A authenticate using the encryption key i and then connect to each other via a wireless LAN. Here, with reference to FIG. 10, the operation of the access point 100A and the smartphone 200A exchanging signals with each other after the processing of S470 and establishing a wireless LAN connection with each other will be described.

  FIG. 10 is a diagram illustrating exchange of signals between the access point 100A and the smartphone 200A.

  As illustrated in FIG. 10, after the processing of S470, the second communication unit 250 of the smartphone 200A transmits Authentication (Unicast) (S500).

  The first communication unit 150 of the access point 100A returns ACK (Unicast) (S510).

  Then, the first communication unit 150 transmits Authentication (Unicast) (S520).

  The second communication unit 250 transmits ACK (Unicast). Thereby, the smartphone 200A and the access point 100A authenticate each other using the encryption key i.

  Next, the second communication unit 250 transmits an Association Request (Unicast) (S540).

  The first communication unit 150 transmits ACK (Unicast) (S550).

  Also, the first communication unit 150 transmits an Association Request (Unicast) (S560).

  The second communication unit 250 transmits ACK (Unicast) (S560).

  Thereby, the access point 100A and the smartphone 200A are connected to each other via a wireless LAN.

  As described above, in the communication system 1000A according to the second embodiment of the present invention, the access point 100A uses the encryption key to identify the connection identification information (SSID = 100A) used for connection with the smartphone 200A. An encryption unit 131 for encryption, a generation unit 132 for generating an encrypted signal including connection identification information (SSID = 100A) after encryption, and an encrypted signal for transmitting the encrypted signal (Beacon (α)) The light emitting unit 120A notifies the information indicating the encryption key identification information corresponding to the encryption key used by the encryption unit 131.

  The smartphone 200A uses the encrypted signal receiving unit 240 that receives the encrypted signal (Beacon (α)) and the encryption key extracted by the terminal-side extracting unit 231A to store the encrypted signal (Beacon (α)). And a decryption unit 232 for decrypting the encrypted connection identification information (SSID = 100A).

  The connection after encryption in the encrypted signal (Beacon (α)) transmitted from the encrypted signal transmission unit 140 by the decryption unit 232 of the smartphone 200A using the encryption key extracted by the terminal-side extraction unit 231A The identification information (SSID = 100A) is decrypted. Accordingly, setting information such as connection identification information (SSID = 100A) is not input to the smartphone 200A. As a result, the smartphone 200A and the access point 100A can communicate with each other. It can be set without.

  The smartphone 200 </ b> A and the access point 100 </ b> A can connect to each other via a wireless LAN more easily by using connection identification information (SSID = 100 </ b> A) common to each other.

  In the communication system 1000A according to the second embodiment of the present invention, the smartphone 200A includes the second communication device-side unique identification information (Mac address = 200A) after decryption and the second set in the smartphone 200A. The communication device side unique identification information (Mac address = 200A) is compared, and based on the comparison result, a specifying unit 233 that specifies the access point 100A as the connection destination is provided.

  Accordingly, since the smartphone 200A can specify the access point 100A that is the connection destination, the smartphone 200A can connect to the access point 100A intended by the user via a wireless LAN.

  In the communication system 1000A according to the second embodiment of the present invention, the smartphone 200A transmits a detection signal (Probe Request (A)) including a detection identifier for the access point 100A to detect the smartphone 200A. The access point 100A includes a first communication unit 150 that receives a detection signal (Probe Request (A)), and the light emitting unit 120A includes a detection signal (Probe Request (A)). ) Is received, information indicating the encryption key identification information is notified.

  Accordingly, the light emitting unit 120A notifies the information indicating the encryption key identification information only when the detection signal (Probe Request (A)) is received, and therefore notifies the third party unintended by the user of the encryption key identification information. The possibility can be reduced.

  In the communication system 1000A according to the second embodiment of the present invention, the smartphone 200A transmits a detection signal (Probe Request (A)) including a detection identifier for the access point 100A to detect the smartphone 200A. The access point 100A includes a first communication unit 150 that receives a detection signal (Probe Request (A)), and the encrypted signal transmission unit 140 includes a detection signal (Probe Request). When (A)) is received, an encrypted signal (Beacon (α)) is transmitted.

  As a result, the encrypted signal transmission unit 140 transmits the encrypted signal (Beacon (α)) only when the detection signal (Probe Request (A)) is received. The possibility of receiving the signal (Beacon (α)) can be reduced.

  In the communication system 1000A according to the second embodiment of the present invention, the light emitting unit 120A is a light emitting element, and the encryption key identification information is changed by changing the light emission pattern set by the number of times the light emitting element blinks. Distinguish and notify. Thereby, if an LED or the like is provided in advance in the access point 100A, the cost and size of the access point 100A can be reduced.

  In the communication system 1000A according to the second embodiment of the present invention, the trigger signal transmission unit 221 transmits the first and second trigger signals (Probe Request (B) and (C)) to identify the encryption key. Information is notified by changing the time difference between the transmission time of the first trigger signal (Probe Request (B)) and the transmission time of the second trigger signal (Probe Request (C)).

  Thereby, the information which shows encryption key identification information can be notified, without a user operating the access point 100A and the smart phone 200A. As a result, the access point 100A and the smartphone 200A can communicate with each other without the user inputting setting information such as encryption key identification information.

  The communication method according to the second embodiment of the present invention includes an encryption step in which the access point 100A encrypts connection identification information (SSID = 100A) used for connection with the smartphone 200A using an encryption key. The access point 100A transmits the encrypted signal (Beacon (α)) including the encrypted connection identification information (SSID = 100A), and the notification step is used in the encryption step. The encryption key identification information corresponding to the encrypted encryption key is notified, the smartphone 200A receives the encrypted signal (Beacon (α)), and the smartphone 200A extracts the encryption key extracted by the extraction step. Is used to identify connection identification information (SSID =) after encryption in the encrypted signal (Beacon (α)). And a decoding step for decoding 00A).

  Since this communication method is the invention of the system of the communication system 1000A described above, the same effect as the communication system 1000A described above can be obtained.

  Further, the access point 100A according to the second embodiment of the present invention includes an encryption unit 131 that encrypts connection identification information (SSID = 100A) used for connection with the smartphone 200A using an encryption key, A generation unit 132 that generates an encrypted signal including connection identification information (SSID = 100A) after conversion, and an encrypted signal transmission unit 140 that transmits an encrypted signal (Beacon (α)), and a light emitting unit 120A notifies information indicating encryption key identification information corresponding to the encryption key used by the encryption unit 131.

  The access point 100A transmits an encrypted signal (Beacon (α)) including connection identification information (SSID = 100A) after encryption, and an encryption key identification corresponding to the encryption key used by the encryption unit 131. Information indicating information is notified. As a result, the access point 100A has the same effects as the communication system 1000A described above.

  In addition, the smartphone 200A according to the second embodiment of the present invention uses the connection identification information (SSID = 100A) for connection with the access point 100A encrypted with the encryption key to be encrypted (SSID = 100A). The encrypted signal (Beacon (α)) including the SSID = 100A) is received using the encrypted signal receiving unit 240 for receiving the encrypted signal (Beacon (α)) and the encryption key extracted by the terminal-side extracting unit 231A. And a decryption unit 232 for decrypting the encrypted connection identification information (SSID = 100A).

  This smartphone 200A receives the encrypted signal (Beacon (α)) including the encrypted connection identification information (SSID = 100A) and encrypts it using the encryption key extracted by the terminal-side extraction unit 231A. The encrypted connection identification information (SSID = 100A) in the signal (Beacon (α)) is decrypted. As a result, the smartphone 200A has the same effects as the communication system 1000A described above.

<Third Embodiment>
The detailed configuration of the communication system 1000B according to the third embodiment of the present invention will be described with reference to FIG. FIG. 11 is a block diagram showing a configuration of a communication system 1000B according to the third embodiment of the present invention. In FIG. 11, constituent elements equivalent to those shown in FIGS. 1 to 10 are denoted by the same reference numerals as those shown in FIGS. In the following description, description of the configuration equivalent to the configuration shown in FIGS.

  As illustrated in FIG. 11, the communication system 1000B includes access points 100B-1 and 100B-2 and a smartphone 200B.

  Here, FIG. 4 and FIG. 11 are compared. In FIG. 11, the communication system 1000B is different from the communication system 1000A shown in FIG. 4 in that it has a plurality of access points 100B-1 and 100B-2. In the following description, the description of the same configuration as that shown in FIG. 4 is omitted.

  Here, in particular, access point 100B-1 will be described. Since the access point 100B-2 has the same configuration as the access point 100B-1, its description is omitted.

  The first communication unit 150A of the access point 100B-1 transmits first communication device side unique identification information for identifying each of the plurality of access points 100B-1 and 100B-2 to the access point 100B-2. Send and receive.

  The encryption unit 131A of the access point 100B-1 includes the first communication device side unique identification information set in the access point 100B-1 and the first communication device side unique identification information transmitted from the access point 100B-2. Based on the above, the encryption key is selected from the plurality of encryption keys stored in the first encryption key table 110A, and the connection identification information is encrypted using the selected encryption key.

  Next, the operation of the communication system 1000B will be described with reference to FIG. FIG. 12 is a sequence diagram showing an operation flow of the communication system 1000B.

  Here, it is assumed that the access point 100B-1 and the smartphone 200A are connected to each other via a wireless LAN by an active scan method.

  The access point 100B-1 has first communication device side unique identification information (Mac address = 100B-1), and the access point 100B-2 has first communication device side unique identification information (Mac address = 100B-2). Is assumed to be set in advance.

  Further, it is assumed that connection identification information (SSID = 100B-1) is set in advance in the access point 100B-1 and connection identification information (SSID = 100B-2) is set in the access point 100B-2. To do.

  As illustrated in FIG. 12, the second communication unit 250 transmits a detection signal (Probe Request (A)) (S610). The process of S610 corresponds to S210.

  The first communication unit 150A of the access point 100B-1 and the access point 100B-2 receives the detection signal (Probe Request (A)) (S620, S630). The processes of S620 and S630 correspond to S220.

  The encryption unit 131A of the access point 100B-1 and the access point 100B-2 acquires the source Mac address (second communication device side unique identification information (Mac address = 200A)) (S640, S650). The processes in S640 and S650 correspond to S230.

  The first communication unit 150A of the access point 100B-2 transmits Beacon (A) (S660). In the “source Mac address” area of this Beacon (A), first communication device side unique identification information (Mac address = 100B-2) is set. The process of S660 corresponds to S240.

  The first communication unit 150A of the access point 100B-1 receives Beacon (A) (S670). Thereby, the first communication unit 150A of the access point 100B-1 sets the first communication device side unique identification information (Mac address = 100B-2) set in the “source Mac address” area of Beacon (A). Receive.

  In the smartphone 200A, the second communication unit 250 receives Beacon (A) (S680). The process of S680 corresponds to S250.

  The first communication unit 150A of the access point 100B-1 transmits Beacon (A) (S690). The first communication device side unique identification information (Mac address = 100B-1) is set in the “source Mac address” area of Beacon (A). The process of S690 corresponds to S240.

  The first communication unit 150A of the access point 100B-2 receives Beacon (A) (S700). Thereby, the first communication unit 150A of the access point 100B-2 sets the first communication device side unique identification information (Mac address = 100B-1) set in the “source Mac address” area of Beacon (A). Receive.

  In the smartphone 200A, the second communication unit 250 receives Beacon (A) (S710). The process of S710 corresponds to S250.

  Next, the encryption unit 131A of the access point 100B-1 transmits the first communication device side unique identification information (Mac address = 100B-1) set in the access point 100B-1 and the access point 100B-2. An encryption key is selected from the plurality of encryption keys stored in the first encryption key table 110A based on the first unique identification information on the communication device side (Mac address = 100B-2) (S720). The process of S720 corresponds to S260.

  Similarly, the encryption unit 131A of the access point 100B-2 transmits the first communication device side unique identification information (Mac address = 100B-2) set in the access point 100B-2 and the access point 100B-1. An encryption key is selected from the plurality of encryption keys stored in the first encryption key table 110A based on the first communication device side unique identification information (Mac address = 100B-1) (S730). The process of S730 corresponds to S260.

  Here, an example of an operation in which each of the encryption units 131A of the access points 100B-1 and 100B-2 selects an encryption key will be described.

  Here, the encryption unit 131A includes the first communication device side unique identification information (Mac address = 100B-1) of the access point 100B-1 and the first communication device side unique identification information (Mac address = 100B-1) ( It is assumed that the encryption key is selected based on the numerical relationship with the Mac address = 100B-2).

  For example, when the Mac address is expressed as 01-02-03-04-05-06, for example, the numerical value of the portion corresponding to “06” at the end is compared.

  Here, the first communication device side unique identification information (Mac address = 100B-1) of the access point 100B-1 is the first communication device side unique identification information (Mac address = 100B-2) of the access point 100B-2. ) Shall be smaller.

  First, the encryption unit 131A includes the first communication device side unique identification information (Mac address = 100B-1) of the access point 100B-1 and the first communication device side unique identification information (Mac) of the access point 100B-2. The numerical value is compared with the address = 100B-2).

  For example, the encryption unit 131A divides the first encryption key table 110A into two based on the comparison result. Here, the first encryption key table 110A is divided into (1) to (2) and (3) to (4) shown in FIG.

  Then, the encryption unit 131A of the access point 100B-1 selects the encryption key 1 from (1) and (2) of the first encryption key table 110A, for example, based on the comparison result. On the other hand, the encryption unit 131A of the access point 100B-2 selects the encryption key 3 from (3) to (4) of the first encryption key table 110A, for example, based on the comparison result.

  By doing so, the encryption units 131A of the access points 100B-1 and 100B-2 select different encryption keys.

  Note that the encryption unit 131A may select encryption keys by associating encryption keys in ascending order of numerical values based on the comparison result, for example. In this case, the encryption unit 131A of the access point 100B-1 selects the encryption key 1. The encryption unit 131A of the access point 100B-2 selects the encryption key 2.

  Returning to FIG. 12, the encryption unit 131A of the access point 100B-1 encrypts the connection identification information (SSID = 100B-1) and the second communication device side unique identification information (Mac address = 200A). Encryption is performed using the key 1 (S740). The process of S740 corresponds to S270.

  The encryption unit 131A of the access point 100B-2 encrypts the connection identification information (SSID = 100B-2) and the second communication device side unique identification information (Mac address = 200A) using the encryption key 3. (S750). The process of S750 corresponds to S270.

  The generation unit 132 of the access point 100B-1 includes both encrypted identification information for connection (SSID = 100B-1) and encrypted second communication device side unique identification information (Mac address = 200A). The signal (Beacon (α)) is generated (S760). The process of S760 corresponds to S280.

  The generation unit 132 of the access point 100B-2 is a cipher including both the encrypted connection identification information (SSID = 100B-2) and the encrypted second communication device side unique identification information (Mac address = 200A). (Beacon (α)) is generated (S770). The process of S770 corresponds to S280.

  The encrypted signal transmission unit 140 of the access points 100B-1 and 100B-2 transmits the encrypted signal (Beacon (α)) (S780, S790). The processes in S780 and S790 correspond to S290.

  The encrypted signal receiving unit 240 receives each encrypted signal (Beacon (α)) (S800). The process of S800 corresponds to S300.

  The decryption unit 232 acquires the encrypted connection identification information (SSID = 100B-1 and SSID = 100B-2) from each encrypted signal (Beacon (α)) (S810). The process of S810 corresponds to S310.

  The light emitting unit 120A of the access point 100B-1 blinks once for the number of blinks associated with the encryption key identification information “1” corresponding to the encryption key 1 (S820). The process of S820 corresponds to S320.

  The light emitting unit 120A of the access point 100B-2 blinks for the number of blinks three times associated with the encryption key identification information “3” corresponding to the encryption key 3 (S830). The process of S830 corresponds to S320.

  The first control unit 130A of the access point 100-1 has connection identification information (SSID = 100B-1), and the first control unit 130A of the access point 100-2 has connection identification information (SSID = 100B-2). Are enabled (S840, S850). The processes in S840 and S850 correspond to S330.

  The input unit 220A receives an input of the number of blinks of the light emitting unit 120A (S850). Here, since the smartphone 200A and the access point 100B-1 are connected to each other via a wireless LAN, the user inputs the number of blinks once. The process of S850 corresponds to S340.

  The terminal-side extraction unit 231A extracts the encryption key 1 from the second encryption key table 210A (S860). The process of S860 corresponds to S350.

  Using the encryption key 1, the decryption unit 232 encrypts connection identification information (SSID = 100B) in each encrypted signal (Beacon (α)) transmitted from the access points 100B-1 and 100B-2. -1 and SSID = 100B-2) and the encrypted second communication apparatus side unique identification information (Mac address = 200A) are decrypted (S870). The process of S870 corresponds to S360.

  The specifying unit 233 uses the second communication device side unique identification information (Mac address = 200A) after decryption and the second communication device side unique identification information (Mac address = 200A) preset in the smartphone 200A. Based on the comparison result, the access point 100B-1 as the connection destination is specified (S880). The process of S880 corresponds to S370.

  The encryption key 1 used in the encryption unit 131A of the access point 100B-1 and the encryption key 1 used in the decryption unit 232 are the same.

  For this reason, the second communication device-side unique identification information (Mac address = 200A) obtained by decrypting the encrypted signal (Beacon (α)) of the access point 100B-1 is preset in the smartphone 200A. The communication device side unique identification information (Mac address = 200 A).

  Thereby, it can be understood that the specifying unit 233 can establish a wireless LAN connection with the access point 100B-1.

  Next, the second communication unit 250 transmits a request signal (Probe Request (α)) including connection identification information (SSID = 100B-1) of the access point 100B-1 that is the connection destination (S890). The process of S890 corresponds to S380.

  The first communication unit 150A of the access points 100B-1 and 100B-2 receives the request signal (Probe Request (α)) (S900, S910). The processes of S900 and S910 correspond to S390.

  The access point 100B-2 includes connection identification information (SSID = 100B-1) in the request signal (Probe Request (α)) and connection identification information (SSID = 100B-) set in advance in the access point 100B-2. Since 2) does not match, the connection identification information (SSID = 100B-2) is invalidated.

  On the other hand, the access point 100B-1 includes connection identification information (SSID = 100B-1) in the request signal (Probe Request (α)) and connection identification information (SSID = Since 100B-1) matches, a response signal (Probe Response) is transmitted.

  Thereafter, the smartphone 200A and the access point 100-1 perform the processing from S400 onward in FIG. Thereby, the smartphone 200A and the access point 100B-1 are connected to each other via a wireless LAN.

  Here, an example in which there is one smartphone 200A is shown. However, for example, when there are a plurality of smartphones 200A, in S740 and S750, the encryption units 131A of the access points 100B-1 and 100B-2 encrypt different connection identification information (SSID) for each of the plurality of smartphones 200A. You may encrypt using a key.

  As described above, the communication system 1000B according to the third embodiment of the present invention includes a plurality of access points 100B-1 and 100B-2, and the plurality of access points 100B-1 and 100B-2 include a plurality of access points. The first communication device side unique identification information (Mac address) for identifying each of the access points 100B-1 and 100B-2 is exchanged with the other access point 100B-1 (or 100B-2). 1 communication unit 150A, the first communication device side unique identification information set in the access point 100B-1 (or 100B-2), and the first transmitted from the access point 100B-2 (or 100B-1) From the plurality of encryption keys stored in the first encryption key table 110A based on the communication device side unique identification information. Select key, to encrypt the connection identification information using the encryption key selected.

  As a result, the smartphone 200A can connect to any one of the plurality of access points 100B-1 and 100B-2 via a wireless LAN, and can prevent interference.

A part or all of the embodiment can be described as in the following supplementary notes, but is not limited thereto.
(Appendix 1)
A communication system having a first communication device and a second communication device that communicates with the first communication device,
The first communication device is:
A first encryption key table that stores an encryption key and encryption key identification information for identifying the encryption key in association with each other;
A notification unit for notifying information indicating the encryption key identification information,
The second communication device is:
A second encryption key table storing the same information as the encryption key and the encryption key identification information stored in the first encryption key table;
A communication system comprising: an extraction unit that extracts the encryption key from the second encryption key table based on the encryption key identification information notified by the notification unit.
(Appendix 2)
The first communication device is:
An encryption unit that encrypts connection identification information used for connection with the second communication device using the encryption key;
A generating unit for generating an encrypted signal including connection identification information after encryption;
An encrypted signal transmitting unit for transmitting the encrypted signal,
The notification unit notifies the encryption key identification information corresponding to the encryption key used by the encryption unit;
The second communication device is:
An encrypted signal receiving unit for receiving the encrypted signal;
The communication system according to appendix 1, further comprising: a decryption unit that decrypts the encrypted connection identification information in the encrypted signal using the encryption key extracted by the extraction unit.
(Appendix 3)
The encryption unit encrypts the connection identification information and the second communication device side unique identification information for identifying the second communication device using the encryption key,
The generating unit generates a signal including both the encrypted connection identification information and the encrypted second communication device side unique identification information as the encrypted signal;
The communication system according to attachment 2, wherein the decryption unit decrypts the encrypted connection identification information and the encrypted second communication device side unique identification information in the encrypted signal.
(Appendix 4)
The second communication device compares the second communication device side unique identification information after the decryption with the second communication device side unique identification information set in the second communication device, and compares the comparison. The communication system according to attachment 3, further comprising: a specifying unit that specifies the first communication device that is a connection destination based on the result.
(Appendix 5)
The second communication device includes a second communication unit that transmits a detection signal including a detection identifier for the first communication device to detect the second communication device,
The first communication device includes a first communication unit that receives the detection signal,
The communication system according to any one of appendices 1 to 4, wherein the notification unit notifies information indicating the encryption key identification information when receiving the detection signal.
(Appendix 6)
The second communication device includes a second communication unit that transmits a detection signal including a detection identifier for the first communication device to detect the second communication device,
The first communication device includes a first communication unit that receives the detection signal,
The communication system according to any one of appendices 2 to 5, wherein the encrypted signal transmission unit transmits the encrypted signal when the detection signal is received.
(Appendix 7)
A plurality of the first communication devices;
The plurality of first communication devices transmit / receive first communication device-side unique identification information for identifying each of the plurality of first communication devices to / from the other first communication device. With a communication unit,
The encryption unit includes: first communication device-side unique identification information set in the first communication device; and first communication device-side unique identification information transmitted from the other first communication device. Any one of appendices 2 to 6, wherein an encryption key is selected from the plurality of encryption keys stored in the first encryption key table, and the connection identification information is encrypted using the selected encryption key. The communication system according to claim 1.
(Appendix 8)
The communication system according to any one of appendices 2 to 7, wherein the encryption unit encrypts the connection identification information different for each of the plurality of second communication devices using the encryption key.
(Appendix 9)
The said notification part is a light emitting element, The said encryption key identification information is distinguished and notified by changing the light emission pattern set by the light emission blink frequency | count of the said light emitting element. Communication system.
(Appendix 10)
The notification unit transmits the first and second trigger signals, and changes the time difference between the transmission time of the first trigger signal and the transmission time of the second trigger signal in the encryption key identification information. 10. The communication system according to any one of appendices 1 to 9, wherein the notification is performed by distinguishing between them.
(Appendix 11)
A communication method performed between a first communication device and a second communication device that communicates with the first communication device,
The first communication device indicates the encryption key identification information using a first encryption key table that stores an encryption key and encryption key identification information for identifying the encryption key in association with each other. A notification step for notifying information;
Based on the encryption key identification information notified by the notification step, the second communication device stores the same information as the encryption key and the encryption key identification information stored in the first encryption key table. An extraction step of extracting the encryption key from the stored second encryption key table.
(Appendix 12)
An encryption step in which the first communication device encrypts connection identification information used for connection with the second communication device using the encryption key;
An encrypted signal transmission step in which the first communication device transmits an encrypted signal including connection identification information after encryption;
The notifying step notifies the encryption key identification information corresponding to the encryption key used in the encryption step;
An encrypted signal receiving step in which the second communication device receives the encrypted signal;
And a decryption step in which the second communication device decrypts the encrypted connection identification information in the encrypted signal using the encryption key extracted in the extraction step. 12. The communication method according to 12.
(Appendix 13)
An encryption key table for storing an encryption key and encryption key identification information for identifying the encryption key in association with each other;
A notification unit for notifying the other communication device of information indicating the encryption key identification information,
A communication device that communicates with the other communication device using the encryption key associated with the encryption key identification information notified by the notification unit.
(Appendix 14)
An encryption unit for encrypting connection identification information used for connection with the other communication device using the encryption key;
A generating unit for generating an encrypted signal including connection identification information after encryption;
An encrypted signal transmitting unit for transmitting the encrypted signal,
14. The communication apparatus according to appendix 13, wherein the notification unit notifies information indicating the encryption key identification information corresponding to the encryption key used by the encryption unit.
(Appendix 15)
An encryption key table storing the encryption key stored in the encryption key table of the other communication device and the same information as the encryption key identification information for identifying the encryption key, the encryption key and the encryption key An encryption key table for storing identification information in association with each other;
A communication device comprising: an extraction unit that extracts the encryption key from the encryption key table based on the encryption key identification information notified from the other communication device.
(Appendix 16)
An encrypted signal receiving unit that receives an encrypted signal including connection identification information after encryption in which the connection identification information used for connection with the other communication device is encrypted with the encryption key;
The communication apparatus according to supplementary note 15, further comprising: a decryption unit that decrypts the encrypted connection identification information in the encrypted signal using the encryption key extracted by the extraction unit.

  The present invention has been described above based on the embodiments. The embodiment is an exemplification, and various changes, increases / decreases, and combinations may be added to the above-described embodiment without departing from the gist of the present invention.

DESCRIPTION OF SYMBOLS 100 1st communication apparatus 100A Access point 110, 110A 1st encryption key table 120 Notification part 120A Light emission part 121 Trigger signal receiving part 130, 130A 1st control part 131, 131A Encryption part 132 Generation part 133 AP side extraction Unit 140 encrypted signal transmission unit 150, 150A first communication unit 160 first timer 200 second communication device 200A smartphone 210, 210A second encryption key table 220, 220A input unit 221 trigger signal transmission unit 230, 230A Second control unit 231 Extraction unit 231A Terminal side extraction unit 232 Decryption unit 233 Identification unit 240 Encrypted signal reception unit 250 Second communication unit 260 Second timer 1000, 1000A Communication system

Claims (10)

A communication system having a first communication device and a second communication device that communicates with the first communication device,
The first communication device is:
A first encryption key table that stores an encryption key and encryption key identification information for identifying the encryption key in association with each other;
A notification unit for notifying information indicating the encryption key identification information,
The second communication device is:
A second encryption key table storing the same information as the encryption key and the encryption key identification information stored in the first encryption key table;
A communication system comprising: an extraction unit that extracts the encryption key from the second encryption key table based on the encryption key identification information notified by the notification unit. The first communication device is:
An encryption unit that encrypts connection identification information used for connection with the second communication device using the encryption key;
A generating unit for generating an encrypted signal including connection identification information after encryption;
An encrypted signal transmitting unit for transmitting the encrypted signal,
The notification unit notifies the encryption key identification information corresponding to the encryption key used by the encryption unit;
The second communication device is:
An encrypted signal receiving unit for receiving the encrypted signal;
The communication system according to claim 1, further comprising: a decryption unit that decrypts the encrypted connection identification information in the encrypted signal using the encryption key extracted by the extraction unit. The encryption unit encrypts the connection identification information and the second communication device side unique identification information for identifying the second communication device using the encryption key,
The generating unit generates a signal including both the encrypted connection identification information and the encrypted second communication device side unique identification information as the encrypted signal;
The communication system according to claim 2, wherein the decryption unit decrypts the encrypted connection identification information and the encrypted second communication device side unique identification information in the encrypted signal. The second communication device includes a second communication unit that transmits a detection signal including a detection identifier for the first communication device to detect the second communication device,
The first communication device includes a first communication unit that receives the detection signal,
The communication system according to any one of claims 2 and 3, wherein the encrypted signal transmission unit transmits the encrypted signal when the detection signal is received. A plurality of the first communication devices;
The plurality of first communication devices transmit / receive first communication device-side unique identification information for identifying each of the plurality of first communication devices to / from the other first communication device. With a communication unit,
The encryption unit includes: first communication device-side unique identification information set in the first communication device; and first communication device-side unique identification information transmitted from the other first communication device. 5. The method according to claim 2, wherein an encryption key is selected from the plurality of encryption keys stored in the first encryption key table, and the connection identification information is encrypted using the selected encryption key. The communication system according to claim 1.   The communication system according to any one of claims 2 to 5, wherein the encryption unit encrypts the connection identification information that is different for each of the plurality of second communication devices by using the encryption key.   The said notification part is a light emitting element, The said encryption key identification information is distinguished and notified by changing the light emission pattern set by the light emission blink frequency | count of the said light emitting element. The communication system described.   The notification unit transmits the first and second trigger signals, and changes the time difference between the transmission time of the first trigger signal and the transmission time of the second trigger signal in the encryption key identification information. The communication system according to any one of claims 1 to 7, wherein the notification is performed by distinguishing between them. A communication method performed between a first communication device and a second communication device that communicates with the first communication device,
The first communication device indicates the encryption key identification information using a first encryption key table that stores an encryption key and encryption key identification information for identifying the encryption key in association with each other. A notification step for notifying information;
Based on the encryption key identification information notified by the notification step, the second communication device stores the same information as the encryption key and the encryption key identification information stored in the first encryption key table. An extraction step of extracting the encryption key from the stored second encryption key table. An encryption key table storing the encryption key stored in the encryption key table of the other communication device and the same information as the encryption key identification information for identifying the encryption key, the encryption key and the encryption key An encryption key table for storing identification information in association with each other;
A communication device comprising: an extraction unit that extracts the encryption key from the encryption key table based on the encryption key identification information notified from the other communication device.

Images