[go: up one dir, main page]

WO2017110969A1 - Système de communication sans fil, serveur, terminal, procédé de communication sans fil et programme - Google Patents

Système de communication sans fil, serveur, terminal, procédé de communication sans fil et programme Download PDF

Info

Publication number
WO2017110969A1
WO2017110969A1 PCT/JP2016/088287 JP2016088287W WO2017110969A1 WO 2017110969 A1 WO2017110969 A1 WO 2017110969A1 JP 2016088287 W JP2016088287 W JP 2016088287W WO 2017110969 A1 WO2017110969 A1 WO 2017110969A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
server
key
common key
packet
Prior art date
Application number
PCT/JP2016/088287
Other languages
English (en)
Japanese (ja)
Inventor
雅幸 佐藤
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2017110969A1 publication Critical patent/WO2017110969A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks

Definitions

  • the present invention is based on a Japanese patent application: Japanese Patent Application No. 2015-251471 (filed on Dec. 24, 2015), and the entire description of the application is incorporated herein by reference.
  • the present invention relates to a wireless communication system, a server, a terminal, a wireless communication method, and a program, and more particularly, wireless based on short-range wireless communication technology such as BLE (Bluetooth (registered trademark) Low Energy) capable of communication with extremely low power.
  • BLE Bluetooth (registered trademark) Low Energy) capable of communication with extremely low power.
  • the present invention relates to a communication system, a key server that provides a common key used in such wireless communication, a beacon terminal that transmits an advertisement packet, a receiving terminal that receives the advertisement packet, a wireless communication method, and a program.
  • beacon terminals have been increasingly installed as communication devices in stores and exhibition booths.
  • the beacon terminal transmits an advertisement packet including the identifier of the beacon terminal based on BLE (Bluetooth (registered trademark) Low Energy) technology that enables communication with extremely low power.
  • BLE Bluetooth (registered trademark) Low Energy
  • a terminal for example, a smartphone, tablet terminal, notebook PC (Personal Computer), etc., hereinafter referred to as “receiving terminal”
  • the application software installed in the receiving terminal in advance extracts the beacon terminal identifier from the advertisement packet, and sends the extracted identifier to a predetermined distribution server.
  • the distribution server transmits information such as store product information and exhibition booth product information to the receiving terminal according to the identifier received from the receiving terminal.
  • the receiving terminal displays the information received from the distribution server on the display. Thereby, for example, push-type advertisements related to store products, exhibition booth products, and the like are possible.
  • Patent Document 1 discloses a technique of communicating using a common key between a beacon device and a server.
  • Patent Document 2 in communication between a communication terminal and an electronic device (health device, housing facility, peripheral device) that is an operation target of the communication terminal, security is achieved by using BLE and encryption technology based on a common key. The technology to be secured is described.
  • Patent Document 3 describes a technique in which a service control device generates an authentication key used for communication between itself and a service using device every arbitrary period and distributes the authentication key to the service using device.
  • Non-Patent Document 1 describes a key derivation function (KDF, Key ⁇ Derivation Function) for generating a key.
  • KDF Key ⁇ Derivation Function
  • 3GPP TS 33.401 v13.0.02015 (2015-09): "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 13). ''
  • a technology is known in which a beacon terminal (hereinafter also referred to as “transmitting terminal”) encrypts information included in an advertisement packet using a common key method. Specifically, the transmitting terminal encrypts information such as the identifier of the transmitting terminal with a common key and then sends it out as an advertisement packet, and the receiving terminal decrypts it with the common key so that the information such as the identifier of the transmitting terminal is transmitted.
  • the common key is generally embedded in hardware in each of the transmission terminal and the reception terminal, and is difficult to change. In this case, when a malicious person obtains the common key, information such as the identifier of the transmitting terminal may be decrypted, and “spoofing” of the transmitting terminal may be possible.
  • Patent Document 3 discloses a technique for generating an authentication key used for communication between itself and another device for each arbitrary period.
  • this technology is applied to a transmission terminal (beacon terminal) and a reception terminal that perform communication based on BLE (Bluetooth (registered trademark) Low Energy)
  • the transmission terminal itself generates a common key.
  • BLE Bluetooth (registered trademark) Low Energy
  • a key generated or updated by the transmitting terminal is received from the transmitting terminal. There arises a problem that it cannot be safely distributed to terminals.
  • An object of the present invention is to provide a wireless communication system, a terminal, a server, a wireless communication method, and a program that contribute to solving such a problem.
  • the wireless communication system includes a server that updates a common key at a predetermined timing, and a packet that includes predetermined information encrypted using the common key updated by the server.
  • a first terminal that transmits to a second terminal based on a communication technology, the second terminal receives the packet from the first terminal, and the predetermined information included in the packet is Decrypt using the shared key updated by the server.
  • the server provides a key update unit that updates a common key at a predetermined timing, and a packet that includes predetermined information encrypted using the common key, based on the short-range wireless communication technology.
  • the key update unit For the first terminal that transmits and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using a common key, the key update unit And a key providing unit that provides the updated common key.
  • the first terminal includes a key receiving unit that receives a common key updated by a server at a predetermined timing, and a packet that includes predetermined information encrypted using the common key.
  • a packet transmission unit that transmits the data based on the short-range wireless communication technology.
  • a second terminal includes a key receiving unit that receives a common key updated by a server at a predetermined timing, and a packet that includes predetermined information encrypted using the common key.
  • a packet receiving unit that receives the packet from a first terminal that transmits based on a short-range wireless communication technology; and a decrypting unit that decrypts predetermined information included in the packet using the common key.
  • the wireless communication method includes a step in which a server updates a common key at a predetermined timing, and a predetermined terminal encrypted by using the common key updated by the server.
  • the wireless communication method is a short-range wireless communication technique in which a server updates a common key at a predetermined timing, and a packet including predetermined information encrypted using the common key. Updating the first terminal that transmits based on the first terminal and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using a common key Providing a common key.
  • a wireless communication method in which a first terminal receives a common key updated by a server at a predetermined timing, and predetermined information encrypted using the common key. Generating a packet including, for the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using the common key generated by the server, Transmitting the packet based on short-range wireless communication technology.
  • a wireless communication method in which a second terminal receives a common key updated by a server at a predetermined timing; and predetermined information encrypted using the common key. Receiving the packet from a first terminal that transmits the packet containing the packet based on short-range wireless communication technology; and decrypting predetermined information included in the packet using the common key.
  • a program for updating a common key at a predetermined timing and a packet including predetermined information encrypted using the common key are transmitted based on a short-range wireless communication technique. Provide the updated common key to the first terminal and the second terminal that receives the packet from the first terminal and decrypts the predetermined information included in the packet using the common key Processing to be executed by the server.
  • a program according to a tenth aspect of the present invention is a process of accepting a common key updated by a server at a predetermined timing to a computer provided in a first terminal, and encrypted using the common key. Generating a packet including the predetermined information, receiving the packet from the first terminal, and decrypting the predetermined information included in the packet using a common key generated by the server And causing the terminal to execute processing for transmitting the packet based on a short-range wireless communication technology.
  • a program according to an eleventh aspect of the present invention is a process of accepting a common key updated by a server at a predetermined timing with respect to a computer provided in a second terminal, and encrypted using the common key. Processing for receiving the packet from the first terminal that transmits the packet including the predetermined information based on the near field communication technology, and processing for decrypting the predetermined information included in the packet using the common key And execute.
  • program can also be provided as a program product recorded in a non-transitory computer-readable storage medium.
  • the server According to the wireless communication system, the server, the terminal, the wireless communication method, and the program according to the present invention, it is possible to improve the security of communication between the transmitting terminal and the receiving terminal in the short-range wireless communication system.
  • FIG. 4 is a sequence diagram illustrating an operation of distributing a common key to a receiving terminal in the wireless communication system according to the first embodiment.
  • FIG. FIG. 5 is a sequence diagram illustrating an operation of authenticating a receiving terminal in the wireless communication system according to the first embodiment. It is a block diagram which illustrates the composition of the radio communications system concerning a 2nd embodiment. It is a sequence diagram which illustrates the operation
  • FIG. 10 is a sequence diagram illustrating an operation of distributing a common key to receiving terminals in a wireless communication system according to a third embodiment.
  • FIG. 1 is a diagram illustrating a configuration of a wireless communication system according to an embodiment.
  • the wireless communication system includes a server 2 (for example, a key server) that updates a common key at a predetermined timing, and predetermined information (for example, a beacon terminal) encrypted using the common key updated by the server 2.
  • Packet for example, an advertisement packet
  • a first terminal 4 for example, a beacon terminal
  • the second terminal 6 receives the packet from the first terminal 4, and decrypts the predetermined information included in the packet using the common key updated by the server 2.
  • FIG. 2 is a diagram illustrating another configuration of the wireless communication system according to the embodiment.
  • the wireless communication system further includes a relay station 8 that relays the common key updated by the server 2.
  • the first terminal 4 (for example, a beacon terminal) receives the common key updated by the server 2 via the relay station 8 (for example, connectable to a WAN (Wide-Area-Network)).
  • the first terminal 4 cannot communicate directly with the server 2 (for example, the terminal 4 as a beacon terminal cannot connect to a LAN (Local Area Network) / WAN (Wide Area Network)).
  • the common key used for encryption by the first terminal 4 can be updated.
  • the relay station 8 can receive the shared key updated by the server 2 from the server 2 via SSL (Secure Socket Layer) communication established between the server 2 and the relay station 8. Further, the relay station 8 may display the common key received from the server 2. Further, the first terminal 4 may accept manual input of the common key by the user with reference to the common key displayed by the relay station 8. According to such a wireless communication system, the shared key updated by the server 2 can be safely distributed to the first terminal 4 on the assumption that the user who inputs the shared key can be trusted.
  • SSL Secure Socket Layer
  • the second terminal 6 may receive the shared key updated by the server 2 from the server 2 via the SSL communication established between the server 2 and the second terminal 6. Good. According to such a wireless communication system, the shared key updated by the server 2 can be safely distributed to the second terminal 6.
  • FIG. 3 is a block diagram illustrating the configuration of the server 2 (for example, key server) according to an embodiment.
  • the server 2 has a key update unit 10 that updates a common key at a predetermined timing, and a packet (for example, an advertisement packet) that includes predetermined information encrypted using the common key.
  • a first terminal (terminal 4 in FIG. 1 or FIG. 2) that transmits based on a wireless communication technology (for example, BLE), and a packet received from the first terminal, and predetermined information included in the packet is transferred to the common key
  • a key providing unit 12 that provides a common key updated by the key updating unit 10 to a second terminal (terminal 6 in FIG. 1 or 2) that performs decryption using
  • FIG. 4 is a block diagram illustrating the configuration of the terminal 4 (for example, a beacon terminal) according to an embodiment.
  • the terminal 4 includes a key receiving unit 14 that receives a common key updated by a server (the server 2 in FIG. 1 or FIG. 2) at a predetermined timing, and a predetermined encrypted using the common key.
  • An encryption unit 16 that generates a packet (for example, an advertisement packet) including information (for example, an identifier of the terminal 4), and a server that receives the packet from the first terminal 4 and generates predetermined information included in the packet
  • a packet transmission unit 18 that transmits a packet to the second terminal (terminal 6 in FIG. 1 or FIG. 2) using the common key, based on a short-range wireless communication technology (for example, BLE). ing.
  • a short-range wireless communication technology for example, BLE
  • FIG. 5 is a block diagram illustrating the configuration of a terminal 6 (for example, a receiving terminal) according to an embodiment.
  • a key reception unit 20 that receives a common key updated by a server (server 2 in FIG. 1 or 2) at a predetermined timing, and a packet that includes predetermined information encrypted using the common key
  • a packet receiving unit 22 that receives a packet from a first terminal (terminal 4 in FIG. 1 or 2) that transmits a packet based on short-range wireless communication technology, and predetermined information included in the packet using a common key
  • a decoding unit 24 for decoding.
  • terminal 4 (FIG. 4), or terminal 6 (FIG. 5)
  • Security can be improved. This is because the common key used by the terminal 4 for encrypting the predetermined information included in the packet and the terminal 6 used for decryption by the terminal 6 is updated by the server 2 at a predetermined timing. Even so, the security problem only occurs temporarily.
  • information for example, an identifier of a beacon terminal
  • the common key is periodically updated to transmit a transmitter ( Distribution to a beacon terminal) and a receiver (BLE receiving terminal) makes it possible to enhance security.
  • the key can be safely distributed (for example, by SSL) between the server 2 that updates the key and the relay station 8 or the terminal 6. There is no problem that the generated key cannot be securely distributed as in the case of applying.
  • FIG. 6 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment.
  • the wireless communication system includes a key server 32, a relay station 38, a beacon terminal 34, and a receiving terminal 36.
  • the key server 32 and the relay station 38 are connected via a WAN (Wide Area Network).
  • the key server 32 and the receiving terminal 36 are also connected via the WAN.
  • the beacon terminal 34 and the receiving terminal 36 communicate based on short-range wireless communication technology (here, BLE (Bluetooth (registered trademark) Low Energy) technology is used as an example)).
  • BLE Bluetooth (registered trademark) Low Energy
  • the key server 32 updates the common key used in the BLE communication between the beacon terminal 34 and the receiving terminal 36 at a predetermined timing.
  • the relay station 38 relays the common key updated by the key server 32 to the beacon terminal 34.
  • the beacon terminal 34 receives the common key updated by the key server 32 via the relay station 38.
  • the beacon terminal 34 transmits an advertisement packet including the identifier of the beacon terminal 34 encrypted using the common key updated by the key server 32 based on BLE.
  • the receiving terminal 36 receives the advertisement packet from the beacon terminal 34, and decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the common key updated by the key server 32.
  • the application software preinstalled in the receiving terminal 36 sends the identifier of the beacon terminal 34 extracted from the advertisement packet to a predetermined distribution server (not shown), and the distribution server determines the merchandise of the store according to the identifier.
  • Receive information such as information and product information of exhibition booths.
  • FIG. 7 is a block diagram illustrating the configuration of each device included in the wireless communication system shown in FIG.
  • the key server 32 the relay station 38, the beacon terminal 34, and the receiving terminal 36 will be described with reference to the block diagram of FIG.
  • the key server 32 includes a key update unit 40 and a key provision unit 42.
  • the key update unit 40 updates the common key at a predetermined timing (for example, at a constant cycle).
  • the key update unit 40 may use, as the updated common key, the message digest obtained by inputting the code assigned to each provider and the pre-update common key to the one-way hash function as a message and a key, respectively.
  • the key update unit 40 can use the following function as the one-way hash function.
  • HMAC-SHA-256 is a one-way hash function for generating a hash message authentication code (HMAC: Hash Message Authentication Code).
  • HMAC Hash Message Authentication Code
  • a one-way hash function has a property (irreversibility) that an input cannot be read from a generated code.
  • the message digest (derived key) on the left side is the updated common key.
  • the input key on the right side is the previous common key.
  • the input S is a message for stirring the key, and here, it is a code (for example, 6 octets, that is, 48 bits) uniquely assigned to each operator.
  • the length of the common key can be, for example, 16, 24 or 32 octets, that is, 128, 192, or 256 bits.
  • the key update unit 40 generates an initial common key based on, for example, a pseudo random number.
  • the key updating unit 40 substitutes the previous common key for the input key on the right side of the above formula, and obtains the updated key as derived key.
  • the common key is generated based on the pseudo random number every time, there is a risk that a random key generation algorithm, a random number, and further a common key generated from the random number may be estimated.
  • a random key generation algorithm a random number, and further a common key generated from the random number may be estimated.
  • the frequency with which the key update unit 40 updates the common key (that is, the expiration date of the common key) can be set to several days as an example.
  • the time required for key renewal can be reduced by extending the validity period of the common key, there is a trade-off relationship in which the state in which the security is lost is prolonged when the common key is leaked.
  • the key providing unit 42 provides the common key updated by the key updating unit 40 to the beacon terminal 34 via the relay station 38 and also to the receiving terminal 36.
  • the key providing unit 42 may also notify the expiration date of the common key.
  • the key providing unit 42 may transmit the common key updated by the key updating unit 40 to the relay station 38 via SSL (Secure Socket Layer) communication established with the relay station 38.
  • the key providing unit 42 may transmit the common key updated by the key updating unit 40 to the receiving terminal 36 via SSL communication established with the receiving terminal 36.
  • the relay station 38 includes a key reception unit 56 and a display unit 58.
  • the key receiving unit 56 receives the common key from the key providing unit 42 of the key server 32.
  • the display unit 58 displays the common key received by the key receiving unit 56 on a display or the like.
  • the beacon terminal 34 includes a key reception unit 44, an encryption unit 46, and a packet transmission unit 48.
  • the key reception unit 44 receives the common key updated by the key server 32 via the relay station 38. Specifically, the key receiving unit 44 receives manual input (for example, keyboard input) of the common key by the user who refers to the common key displayed on the display unit 58 of the relay station 38.
  • manual input for example, keyboard input
  • the encryption unit 46 encrypts the identifier of the beacon terminal 34 using the common key received by the key reception unit 44, and generates an advertisement packet including the encrypted identifier.
  • the packet transmission unit 48 transmits the advertisement packet generated by the encryption unit 46 to the receiving terminal 36 based on a short-range wireless communication technology such as BLE.
  • the receiving terminal 36 includes a key receiving unit 50, a packet receiving unit 52, and a decrypting unit 54.
  • the key receiving unit 50 receives the common key updated by the key server 32 and its expiration date.
  • the key receiving unit 50 may receive the common key updated by the key server 32 from the key server 32 via SSL communication established between the key server 32 and the receiving terminal 36. Further, the key receiving unit 50 may acquire a new common key from the key server 32 when the expiration date given to the common key updated by the key server 32 has expired.
  • the packet receiving unit 52 receives an advertisement packet from the beacon terminal 34.
  • the decrypting unit 54 decrypts the identifier of the beacon terminal 34 included in the advertisement packet using the common key received by the key receiving unit 50.
  • FIG. 8 is a sequence diagram illustrating the common key distribution operation from the key server 32 to the beacon terminal 34.
  • the key update unit 40 of the key server 32 generates a common key using a pseudo random number (step A1).
  • step A2 the key providing unit 42 of the key server 32 and the key receiving unit 56 of the relay station 38 establish SSL communication.
  • a server certificate for the key server 32 and a client certificate for the relay station 38 are used. Since communication based on SSL is publicly known, detailed description is omitted.
  • the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 56 of the relay station 38 (step A3).
  • the display unit 58 of the relay station 38 displays the common key received by the key receiving unit 56 on a display or the like (step A4).
  • the key receiving unit 44 of the beacon terminal 34 receives the input of the common key from the user who refers to the common key displayed on the relay station 38 (for example, via the numeric keypad) (step A5).
  • step A5 The sequence in FIG. 8 (steps A1 to A5) is repeated each time the key update unit 40 of the key server 32 updates the common key at a predetermined timing (for example, a constant cycle).
  • FIG. 9 is a sequence diagram illustrating the common key distribution operation from the key server 32 to the receiving terminal 36.
  • the packet receiving unit 52 of the receiving terminal 36 receives an advertisement packet including the encrypted identifier of the beacon terminal 34 from the packet transmitting unit 48 of the beacon terminal 34 (step B1).
  • the decryption unit 54 of the receiving terminal 36 decrypts the identifier of the beacon terminal 34 using the common key (step B2).
  • step B3 When the expiration date given to the common key updated by the key server 32 has expired (step B3), the key receiving unit 50 newly obtains a common key from the key server 32 by the following operations (steps B4 to B6). get.
  • the key server 32 authenticates the receiving terminal 36 (step B4).
  • FIG. 10 is a sequence diagram illustrating the authentication operation of the receiving terminal 36.
  • RADIUS authentication IEEE 802.1X authentication
  • FIG. 10 is a sequence diagram illustrating the authentication operation of the receiving terminal 36.
  • RADIUS authentication IEEE 802.1X authentication
  • the receiving terminal 36 sends an authentication request to the key server 32 (step C1).
  • the key server 32 transmits an authentication request to an authentication server (also referred to as a RADIUS server; not shown in FIGS. 6 and 7) (step C2).
  • an authentication server also referred to as a RADIUS server; not shown in FIGS. 6 and 7)
  • the authentication server verifies whether or not the receiving terminal 36 belongs to a member registered in advance (step C3).
  • the authentication server transmits a notification of “authentication OK” to the key server 32 (step C4).
  • the key server 32 Upon receipt of the “authentication OK” notification, the key server 32 further transmits the notification to the receiving terminal 36 (step C5).
  • the key providing unit 42 of the key server 32 and the key receiving unit 50 of the receiving terminal 36 establish SSL communication (step B5).
  • a server certificate for the key server 32 and a client certificate for the receiving terminal 36 are used. Since communication based on SSL is publicly known, detailed description is omitted.
  • the key providing unit 42 of the key server 32 transmits the common key to the key receiving unit 50 of the receiving terminal 36 (step B6).
  • the decrypting unit 54 of the receiving terminal 36 decrypts the information included in the advertisement packet using the updated common key received by the key receiving unit 50 (step B7).
  • the security of communication between the beacon terminal 34 and the receiving terminal 36 that perform BLE communication can be improved. This is because the beacon terminal 34 is used for encrypting the identifier of the beacon terminal 34 included in the advertisement packet, and the common key used for the decryption by the receiving terminal 36 is updated by the key server 32 at a predetermined timing. For this reason, even if the common key is leaked, a security problem occurs only temporarily.
  • a relay station 38 that relays the updated common key is provided by the key server 32, and the beacon terminal 34 is connected to the WAN (Wide Area Network) via the relay station 38. Accept the updated common key. Thereby, even when the beacon terminal 34 cannot connect to a LAN (Local Area Network) / WAN or the like, the beacon terminal 34 can update the common key used for encryption.
  • WAN Wide Area Network
  • the relay station 38 can receive the common key from the key server 32 via SSL communication established between the key server 32 and the relay station 38. Further, the receiving terminal 36 receives the common key from the key server 32 via SSL communication established between the receiving terminal 36 and the key server 32. As a result, the shared key updated by the key server 32 can be safely distributed to the beacon terminal 34 and the receiving terminal 36.
  • FIG. 11 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment.
  • the wireless communication system includes a key server 32, a relay station 39, a beacon terminal 35, and a receiving terminal 36.
  • the configurations of the key server 32 and the receiving terminal 36 are the same as those in the first embodiment. Below, it demonstrates centering on the difference of this embodiment and 1st Embodiment.
  • the WiFi (Wireless Fidelity) connection setting based on the passphrase for example, WPA2 (WiFi Protected Access 2) encryption setting
  • WPA2 WiFi Protected Access 2
  • the relay station 39 of the present embodiment includes a key reception unit 56 and a key transmission unit 59.
  • the key receiving unit 56 receives the common key from the key server 32
  • the key transmitting unit 59 notifies the beacon terminal 35 to that effect.
  • the key transmission unit 59 receives a request for a common key from the beacon terminal 35
  • the key transmission unit 59 transmits the common key to the beacon terminal 35.
  • the beacon terminal 35 of this embodiment includes a key receiving unit 45, an encryption unit 46, and a packet transmission unit 48.
  • the key reception unit 45 requests the relay station 39 for the common key.
  • the key receiving unit 45 receives the common key transmitted from the relay station 39 in response to the request and provides it to the encryption unit 46.
  • FIG. 12 is a sequence diagram illustrating such an operation.
  • the key server 32 transmits the common key to the relay station 39 via the SSL communication path when the common key is generated (step A1) or updated due to the expiration of the common key (steps A2 and A3).
  • the key transmitting unit 59 of the relay station 39 notifies the beacon terminal 35 of the issuance of the common key via WiFi (step S31). A6).
  • the key receiving unit 45 of the beacon terminal 35 Upon receiving such notification, the key receiving unit 45 of the beacon terminal 35 requests a common key from the relay station 39 (step A7).
  • the key transmission unit 59 of the relay station 39 transmits the common key to the beacon terminal 35 via WiFi (for example, WPA2 encrypted), and the key reception unit 45 of the beacon terminal 35 receives the common key (step A8). .
  • the beacon terminal 35 When the beacon terminal 35 receives a new common key, the beacon terminal 35 starts using the received common key. Further, when there is a common key that is already in use, the beacon terminal updates the common key that is in use with the received common key.
  • the distribution of the common key to the beacon terminal 35 is automated. Therefore, as in the first embodiment, it is possible to save the user from manually inputting the common key to the beacon terminal by periodically referring to the display of the relay station.
  • the SSL communication is used between the key server and the relay station, and the WiFi communication encrypted with WPA2 or the like between the relay station and the beacon terminal. Is used. This makes it possible to distribute the common key safely.
  • a wireless communication system according to a third embodiment will be described in detail with reference to the drawings.
  • the receiving terminal detects that the common key issued or updated by the key server has expired (step B3 in FIG. 9)
  • it receives a new common key from the key server. (Steps B4 to B6).
  • the receiving terminal detects a common key mismatch between the beacon terminal and the receiving terminal
  • a new common key is acquired from the key server.
  • this function can be similarly applied to the first embodiment.
  • FIG. 13 is a diagram illustrating a configuration of the wireless communication system according to the present embodiment.
  • the wireless communication system includes a key server 32, a relay station 39, a beacon terminal 60, and a receiving terminal 37.
  • the configurations of the key server 32 and the relay station 39 are the same as those in the second embodiment. Below, it demonstrates centering on the difference of this embodiment and 2nd Embodiment.
  • the beacon terminal 60 of this embodiment includes a key reception unit 45, an encryption unit 47, and a packet transmission unit 48.
  • the encryption unit 47 encrypts the identifier of the beacon terminal 60 using the common key received by the key reception unit 45. Further, the encryption unit 47 obtains a hash value by applying a predetermined hash algorithm to the identifier of the beacon terminal 60. Further, the encryption unit 47 generates an advertisement packet including the encrypted identifier and the calculated hash value (for example, including the encrypted identifier added with the calculated hash value). To do.
  • the encryption unit 47 uses, for example, MD5 (Message Digest Algorithm 5), SHA1 (SecureHash Algorithm 1), SHA-256, SHA-384, SHA-512, RIPEMD-160 (RACE Integrity Primitives) as hash algorithms. Evaluation Message Digest 160) can be used.
  • MD5 Message Digest Algorithm 5
  • SHA1 SecureHash Algorithm 1
  • SHA-256 SHA-384
  • SHA-512 SHA-512
  • RIPEMD-160 RACE Integrity Primitives
  • the receiving terminal 37 of this embodiment includes a packet receiving unit 52, a decrypting unit 55, and a key receiving unit 50.
  • the decrypting unit 55 separates the hash value included in the advertisement packet received by the packet receiving unit 52 and the encrypted identifier.
  • the decrypting unit 55 decrypts the encrypted identifier using the common key.
  • the decryption unit 55 calculates a hash value by applying the same hash algorithm as that used by the encryption unit 47 of the beacon terminal 60 to the decrypted identifier.
  • the decoding unit 55 compares the calculated hash value with the hash value extracted from the advertisement packet.
  • the decrypting unit 55 recognizes that the common key held by the beacon terminal 60 matches the common key held by the receiving terminal 37. On the other hand, if the two hash values do not match, the decrypting unit 55 determines that the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37 do not match. If it is determined that they do not match, the decrypting unit 55 instructs the key receiving unit 50 to newly receive a common key from the key server 32. The key reception unit 50 receives the common key updated by the key server 32 in response to the instruction.
  • FIG. 14 is a sequence diagram illustrating such an operation.
  • beacon terminal 60 transmits an advertisement packet including the identifier of beacon terminal 60 encrypted using the common key and the hash value of the identifier (step B8).
  • the receiving terminal 37 separates the hash value included in the received advertisement packet and the encrypted identifier, and decrypts the encrypted identifier using the common key (step B9). Further, the receiving terminal 37 calculates a hash value by applying the same hash algorithm as the beacon terminal 60 to the decrypted identifier. Here, when the calculated hash value and the hash value included in the advertisement packet do not match, the receiving terminal 37 does not match the common key held by the beacon terminal 60 and the common key held by the receiving terminal 37. It determines with a thing (step B10). When such determination is made, the receiving terminal 37 receives a new common key from the key server 32 in the same manner as in the first embodiment (see FIG. 9) (steps B4 to B6).
  • the receiving terminal when the receiving terminal detects a match between the common key held by the beacon terminal and the common key held by the receiving terminal, the receiving terminal newly receives the common key from the key server. According to this configuration, it is possible to eliminate the mismatch between the two common keys.
  • the common key mismatch is detected based on the advertisement packet received from the beacon terminal by the receiving terminal. Therefore, when the key server distributes the common key, it is not necessary to notify the information regarding the expiration date.
  • the configuration via the relay station when distributing the common key to the beacon terminals has been described.
  • a specific receiving terminal for example, a receiving terminal of a business operator who has installed a beacon terminal
  • the relay station may be omitted.
  • the key server in the above embodiment can be shared among a plurality of beacon terminals installed by a plurality of operators. At this time, the key server may generate a separate common key for each different beacon terminal, or may distribute the same common key to a plurality of beacon terminals.
  • the key server may be omitted and the relay station may serve as the key server.
  • the relay station may serve as the key server.
  • the beacon terminal itself updates the common key, and the updated common key is received by the receiving terminal. It can also be distributed to.
  • the beacon terminal is an advertiser that generates an advertisement packet and also plays a role of a key update server.
  • the wireless communication system according to the first aspect is as described above.
  • [Form 2] A relay station that relays the shared key updated by the server;
  • the first terminal receives the shared key updated by the server via the relay station,
  • [Form 3] The relay station receives a shared key updated by the server from the server via SSL (Secure Socket Layer) communication established between the server and the relay station;
  • the relay station displays the common key received from the server,
  • the first terminal accepts an input of a common key by a user. 4.
  • the server uses the code assigned to each provider and the pre-update common key as a message and a key, respectively, and the message digest obtained by entering the one-way hash function as the post-update common key.
  • the wireless communication system according to any one of forms 1 to 7.
  • the second terminal acquires a new common key from the server when the expiration date given to the common key updated by the server has expired.
  • the wireless communication system according to any one of Forms 1 to 8.
  • the first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet, If the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decoding predetermined information included in the packet, the second terminal A new common key from The wireless communication system according to any one of Forms 1 to 9.
  • the first terminal transmits an advertisement packet including the identifier of the first terminal encrypted by using the common key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy).
  • BLE Bluetooth (registered trademark) Low Energy
  • a beacon terminal that The second terminal has an application that acquires and displays information from the distribution server using the identifier of the first terminal.
  • the wireless communication system according to any one of Forms 1 to 10.
  • [Form 12] As in the server according to the second aspect.
  • the key providing unit provides the first terminal via a relay station that relays the common key updated by the key updating unit; The server according to mode 12.
  • the key providing unit transmits the common key updated by the key updating unit to the relay station via SSL communication established with the relay station; The server according to Form 13.
  • the key providing unit transmits the common key updated by the key updating unit to the second terminal via SSL communication established with the second terminal; The server according to any one of forms 12 to 14.
  • the key update unit updates the common key at a predetermined cycle.
  • the key update unit uses a message digest obtained by inputting a code assigned to each provider and a common key before update as a message and a key to a one-way hash function, respectively, as a common key after update.
  • the server according to any one of forms 12 to 16.
  • [Form 18] As in the first terminal according to the third aspect.
  • the key receiving unit receives an input of a common key by a user;
  • the key accepting unit obtains a shared key updated by the server from the relay station upon receiving notification from the relay station that relays the shared key updated by the server that the shared key has been received from the server.
  • a beacon terminal that transmits an advertisement packet including the identifier of the first terminal encrypted by using the shared key updated by the server based on BLE (Bluetooth (registered trademark) Low Energy). 21.
  • the first terminal according to any one of forms 18 to 20.
  • the key receiving unit receives the shared key updated by the server from the server via SSL communication established between the server and the second terminal; The 2nd terminal of form 22.
  • the key reception unit acquires a new common key from the server when the expiration date given to the shared key updated by the server has expired.
  • the first terminal includes a hash value obtained by applying a predetermined hash algorithm to the predetermined information and transmits the packet, When the hash value included in the packet does not match the hash value obtained by applying the predetermined hash algorithm to a value obtained by decrypting the predetermined information included in the packet, the key receiving unit Obtain a new common key, 25.
  • the second terminal according to any one of forms 22 to 24.
  • the first terminal transmits an advertisement packet including the identifier of the first terminal encrypted using the common key updated by the server, based on BLE (Bluetooth (registered trademark) Low Energy).
  • BLE Bluetooth (registered trademark) Low Energy
  • the second terminal according to any one of forms 22 to 25 The second terminal according to any one of forms 22 to 25.
  • [Form 27] The wireless communication method according to the fifth aspect is as described above.
  • [Form 28] The wireless communication method according to the sixth aspect is as described above.
  • [Form 29] The wireless communication method according to the seventh aspect is as described above.
  • [Form 30] The wireless communication method according to the eighth aspect is as described above.
  • [Form 33] A program according to the eleventh aspect.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention améliore la sécurité de la communication entre un terminal d'émission et un terminal de réception dans un système de communication sans fil à courte portée. Un système de communication sans fil comprend un serveur pour mettre à jour une clé commune avec une temporisation prescrite, et un premier terminal pour transmettre un paquet qui comprend des informations prescrites chiffrées à l'aide d'une clé commune mise à jour par le serveur à un second terminal sur la base d'une technique de communication sans fil à courte portée. Un second terminal reçoit le paquet à partir du premier terminal, et déchiffre les informations prescrites incluses dans le paquet à l'aide d'une clé commune mise à jour par le serveur.
PCT/JP2016/088287 2015-12-24 2016-12-22 Système de communication sans fil, serveur, terminal, procédé de communication sans fil et programme WO2017110969A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-251471 2015-12-24
JP2015251471A JP2017118312A (ja) 2015-12-24 2015-12-24 無線通信システム、サーバ、端末、無線通信方法、および、プログラム

Publications (1)

Publication Number Publication Date
WO2017110969A1 true WO2017110969A1 (fr) 2017-06-29

Family

ID=59089516

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/088287 WO2017110969A1 (fr) 2015-12-24 2016-12-22 Système de communication sans fil, serveur, terminal, procédé de communication sans fil et programme

Country Status (2)

Country Link
JP (1) JP2017118312A (fr)
WO (1) WO2017110969A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6567600B2 (ja) 2017-06-16 2019-08-28 矢崎総業株式会社 コネクタ
JP6874042B2 (ja) * 2019-03-08 2021-05-19 華邦電子股▲ふん▼有限公司Winbond Electronics Corp. 不揮発性メモリに保存された暗号鍵の更新
JP2020170993A (ja) * 2019-04-05 2020-10-15 株式会社東海理化電機製作所 通信システム及び通信方法
JP7220132B2 (ja) * 2019-07-26 2023-02-09 エヌ・ティ・ティ・コムウェア株式会社 通信装置、通信システム、通信方法、およびプログラム
JP7413196B2 (ja) * 2020-08-06 2024-01-15 東芝三菱電機産業システム株式会社 通信システム

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11331150A (ja) * 1998-05-13 1999-11-30 Sony Corp 情報利用者についての認証・課金方法、情報利用者への情報復元用情報の配布方法及び無線呼び出し装置、並びに再生又は受信装置
JP2003101533A (ja) * 2001-09-25 2003-04-04 Toshiba Corp 機器認証管理システム及び機器認証管理方法
US20040008846A1 (en) * 2002-07-10 2004-01-15 Alexander Medvinsky Method of preventing unauthorized distribution and use of electronic keys using a key seed
WO2004105308A1 (fr) * 2003-05-22 2004-12-02 Fujitsu Limited Dispositif de reception de donnees chiffrees et procede de mise a jour de la cle de dechiffrement
JP2007287003A (ja) * 2006-04-19 2007-11-01 Cis Electronica Industria & Comercio Ltda 磁気カード読み取りシステム
JP5588060B1 (ja) * 2013-11-15 2014-09-10 ヤフー株式会社 ユーザ情報提供装置、ユーザ情報提供方法、ユーザ情報提供プログラムおよび広告配信システム

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3719090B2 (ja) * 1999-09-07 2005-11-24 日本電信電話株式会社 位置情報サービスシステム、並びに、位置情報サービスシステムにおける位置情報利用方法、発信端末、鍵更新センタ、及び、着信端末
JP2003032237A (ja) * 2001-07-12 2003-01-31 Mist Wireless Technology Kk 暗号鍵インジェクションシステム、暗号鍵インジェクション方法、暗証番号入力装置、取引端末、ホスト装置
JP4239802B2 (ja) * 2003-11-27 2009-03-18 株式会社日立製作所 マルチキャスト送信方法
JP2007199949A (ja) * 2006-01-25 2007-08-09 Mitsubishi Electric Corp 情報管理システムおよび情報処理装置
JP5311459B2 (ja) * 2008-08-19 2013-10-09 株式会社メガチップス 情報収集システムおよび外部アクセス装置
US8953794B1 (en) * 2013-08-01 2015-02-10 Cambridge Silicon Radio Limited Apparatus and method for securing beacons
JP2015222880A (ja) * 2014-05-23 2015-12-10 アプリックスIpホールディングス株式会社 情報通信システム、情報通信装置及びビーコン装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11331150A (ja) * 1998-05-13 1999-11-30 Sony Corp 情報利用者についての認証・課金方法、情報利用者への情報復元用情報の配布方法及び無線呼び出し装置、並びに再生又は受信装置
JP2003101533A (ja) * 2001-09-25 2003-04-04 Toshiba Corp 機器認証管理システム及び機器認証管理方法
US20040008846A1 (en) * 2002-07-10 2004-01-15 Alexander Medvinsky Method of preventing unauthorized distribution and use of electronic keys using a key seed
WO2004105308A1 (fr) * 2003-05-22 2004-12-02 Fujitsu Limited Dispositif de reception de donnees chiffrees et procede de mise a jour de la cle de dechiffrement
JP2007287003A (ja) * 2006-04-19 2007-11-01 Cis Electronica Industria & Comercio Ltda 磁気カード読み取りシステム
JP5588060B1 (ja) * 2013-11-15 2014-09-10 ヤフー株式会社 ユーザ情報提供装置、ユーザ情報提供方法、ユーザ情報提供プログラムおよび広告配信システム

Also Published As

Publication number Publication date
JP2017118312A (ja) 2017-06-29

Similar Documents

Publication Publication Date Title
US12086259B2 (en) Secure over-the-air firmware upgrade
US10601594B2 (en) End-to-end service layer authentication
KR102349605B1 (ko) 사용자 기기의 식별자에 기반하여 서비스를 제공하는 방법 및 장치
TWI581599B (zh) 金鑰生成系統、資料簽章與加密系統和方法
WO2017110969A1 (fr) Système de communication sans fil, serveur, terminal, procédé de communication sans fil et programme
US10680835B2 (en) Secure authentication of remote equipment
JP2014527379A (ja) 共有エフェメラル・キー・データのセットを用いるエクスチェンジを符号化するためのシステム及び方法
CN110192381A (zh) 密钥的传输方法及设备
CN102739642A (zh) 许可访问网络
KR101621044B1 (ko) IoT 환경에서 공개키 배포를 이용한 정보 보안 장치 및 방법
JP6807153B2 (ja) セキュアな聴覚装置の通信のための装置および関係する方法
Han et al. A novel secure key paring protocol for RF4CE ubiquitous smart home systems
CN110493272B (zh) 使用多重密钥的通信方法和通信系统
CN105554008A (zh) 用户终端、认证服务器、中间服务器、系统和传送方法
US20050086481A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
KR20190040443A (ko) 스마트미터의 보안 세션 생성 장치 및 방법
CN101483867B (zh) 无线应用协议业务中用户身份验证方法、相关设备及系统
JP7160443B2 (ja) 無線通信システム、サーバ、端末、無線通信方法、および、プログラム
Ortiz-Yepes Balsa: Bluetooth low energy application layer security add-on
EP3090522B1 (fr) Procédé de transmission securisée de messages push
JP2006197065A (ja) 端末装置および認証装置
CN113918971A (zh) 基于区块链的消息传输方法、装置、设备及可读存储介质
CN101990203A (zh) 基于通用自引导架构的密钥协商方法、装置及系统
JP5220625B2 (ja) 端末間ネゴシエーションにおける認証方法及びシステム
WO2021102023A1 (fr) Transmission d'informations sécurisées dans un réseau de distribution de contenu

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16878856

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16878856

Country of ref document: EP

Kind code of ref document: A1