Access point, terminal, encryption key configuration system, encryption key configuration method, and program

US 20050160138A1
Filed: 11/05/2004
Published: 07/21/2005
Est. Priority Date: 11/07/2003
Status: Active Grant

First Claim

Patent Images

1. An access point that connects to terminals to network through a wireless LAN connection device equipped on said terminals, said access point comprising:

an operation receiving unit that receives a prescribed operation;

a detection unit that detects a status of a connection configuration required for connection to the network, when said prescribed operation is received by said operation receiving unit;

a mode activation unit that, when the detected status of the connection configuration indicates that the connection configuration remain to be performed, activates a restricted receiving mode in which only a packet including information specific to one of said terminals is accepted as an initial configuration packet;

a terminal identification unit that, when said initial configuration packet sent from a first terminal among said terminals is received while the restricted receiving mode is active, identifies the first terminal that sent the initial configuration packet based on said terminal-specific information;

an encryption key setting unit that, prior to the commencement of subsequent communications with said first terminal identified by said terminal identification unit, sets a first encryption key to be used for communications with said first terminal to a value corresponding to an encryption key set in said first terminal, using said terminal-specific information; and

a communication unit that performs wireless communication with said first terminal while decoding wireless communication data using said first encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An object of the present invention is to enable the configuration tasks needed to form a wireless LAN to be performed using a simple method while increasing security during such configuration. In a wireless network configuration system GH1 including an encryption key setting system LH1, where an access point 20 determines after the power thereto is turned ON that configuration for connection to a wireless LAN has not yet be carried out, the access point 20 activates a restricted receiving mode in which only an initial configuration packet is accepted. A terminal 50 that has sent an initial configuration packet and the access point 20 that has received such initial configuration packet while the restricted receiving mode is active each create an identical WEP key with reference to the data on a CD-ROM 51 or the data in a ROM 12, respectively, and set and register the created WEP key in itself.

Citations

21 Claims

1. An access point that connects to terminals to network through a wireless LAN connection device equipped on said terminals, said access point comprising:
- an operation receiving unit that receives a prescribed operation;
  
  a detection unit that detects a status of a connection configuration required for connection to the network, when said prescribed operation is received by said operation receiving unit;
  
  a mode activation unit that, when the detected status of the connection configuration indicates that the connection configuration remain to be performed, activates a restricted receiving mode in which only a packet including information specific to one of said terminals is accepted as an initial configuration packet;
  
  a terminal identification unit that, when said initial configuration packet sent from a first terminal among said terminals is received while the restricted receiving mode is active, identifies the first terminal that sent the initial configuration packet based on said terminal-specific information;
  
  an encryption key setting unit that, prior to the commencement of subsequent communications with said first terminal identified by said terminal identification unit, sets a first encryption key to be used for communications with said first terminal to a value corresponding to an encryption key set in said first terminal, using said terminal-specific information; and
  
  a communication unit that performs wireless communication with said first terminal while decoding wireless communication data using said first encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The access point according to claim 1, wherein said restricted receiving mode is a mode in which said access point stands by for the initial configuration packet without issuing beacon signals used for position confirmation.
  - 3. The access point according to claim 1 further comprising a display unit that provides a visual display that said restricted receiving mode is active.
  - 4. The access point according to claim 1 further comprising:
    - a mode switching unit that, following the encryption key setting, switches the active mode from said restricted receiving mode to a wireless communication mode that said access point communicates with said first terminal; and
      
      a connection configuration unit that, following switching to said wireless communication mode, when connection configuration data pertaining to the settings for connection to the network is transmitted while encoded using the encryption key set in said first terminal, receives said connection configuration data, decodes said connection configuration data using the first encryption key set by said encryption key setting unit and configures the network connection for said first terminal based on the decoded connection configuration data.
  - 5. The access point according to claim 1 further comprising:
    - an encoded data receiving unit that, following the setting of the first encryption key, when an initial configuration packet that includes a second information specific to a second terminal among said terminals is sent from said second terminal for which an encryption key used for communications with said access point has not yet been set, receives additional registration data that includes said second terminal-specific information for said second terminal is sent from said first terminal that received said initial configuration packet, after being encoded using the first encryption key that is already set and used for communications between said access point and said first terminal, receives this additional registration data;
      
      an additional terminal identification unit that decodes the received additional registration data using the encryption key set by said encryption key setting unit and identifies said second terminal that sent said initial configuration packet based on said second terminal-specific information included in the decoded additional registration data; and
      
      an additional setting unit that, prior to communication with said identified second terminal, sets a second encryption key to be used for communications with said second terminal to a value corresponding to an encryption key set in said second terminal using said terminal-specific.
  - 6. The access point according to claim 5 further comprising:
    - an additional connection configuration unit that, following the setting of the encryption key by said additional setting unit, when connection configuration data pertaining to the settings for connection to the network is sent from said second terminal after being encoded using the encryption key set in said second terminal, receives this connection configuration data, decodes said connection configuration data using the second encryption key set by said additional setting unit and executes the connection configuration for said second terminal based on the decoded connection configuration data.
  - 7. The access point according to claim 1, wherein said initial configuration packet sent from a terminal has been encoded using a temporary encryption key used temporarily, and said terminal identification unit further comprising:
    - a storage unit that stores in advance a provisional key used to decode the encoded initial configuration packet, the provisional key corresponds to said temporary encryption key; and
      
      an information retrieval unit that receives an initial configuration packet from said first terminal that is encoded by a temporary key, retrieves said terminal-specific information contained said the initial configuration packet by decoding said initial configuration packet using the stored provisional key.
  - 8. The access point according to claim 1, wherein the value of the first encryption key set by said encryption key setting unit is determined in association with the time at which said initial configuration packet was sent from said first terminal.
  - 9. The access point according to claim 5, wherein the value of the second encryption key set by said additional setting unit is determined in association with the time at which said initial configuration packet was sent from said second terminal.
  - 10. A terminal that comprises a wireless LAN connection device and carries out wireless communication with said access point in accordance with anyone of claim 1, said access point uses wireless communication data encoded using a prescribed encryption key, said terminal further comprising:
    - a transmission unit that wirelessly transmits an initial configuration packet that includes information specific to said terminal based on a prescribed instruction; and
      
      a setting unit that, prior to the exchange of data via wireless communication with said access point that receives said terminal-specific information included in said initial configuration packet sent by said transmission unit, sets the encryption key used for communications with said access point using said terminal-specific information.
  - 11. The terminal according to claim 10, wherein the transmission of the initial configuration packet by said transmission unit is executed when a prescribed program is booted on said terminal.

12. An encryption key setting system that sets in an access point comprising a wireless LAN transponder and one terminal of terminals equipped a wireless LAN connection device an encryption key used for encoding in advance the wireless communication data transmitted wirelessly between said access point and said terminal, wherein:
- said terminal comprises;
  
  a transmission unit that wirelessly transmits an initial configuration packet including information specific to said terminal based on a prescribed instruction issued from said terminal; and
  
  a setting unit that, after the transmission of said initial configuration packet by said transmission unit but prior to communication with said access point, sets the encryption key to be used for communications with said access point to a prescribed value based on said terminal-specific information, and said access point comprises;
  
  an operation receiving unit that receives a prescribed operation;
  
  a detection unit that detects a status of a connection configuration required for connection to the network, when said prescribed operation is received by said operation receiving unit;
  
  a mode activation unit that, when the detected status of the connection configuration indicates that the connection configuration remain to be performed, activates a restricted receiving mode in which only a packet including information specific to a terminal is accepted as an initial configuration packet;
  
  a terminal identification unit that, when said initial configuration packet sent from a first terminal among said terminals is received while the restricted receiving mode is active, identifies the first terminal that sent the initial configuration packet based on said terminal-specific information; and
  
  an encryption key setting unit that, prior to the commencement of subsequent communications with said first terminal identified by said terminal identification unit, sets a first encryption key to be used for communications with said first terminal to a value corresponding to an encryption key set in said first terminal, using said terminal-specific information.
- View Dependent Claims (13, 14, 15)
- - 13. The encryption key setting system according to claim 12, wherein said first terminal further comprises a connection configuration data transmission unit that, following setting of the encryption key by said setting unit, transmits connection configuration data pertaining to the settings for connection to the network after encoding said data using the encryption key set in said terminal, and said access point comprises:
    - a mode switching unit that, after the first encryption key is set by said encryption key setting unit, switches the active mode from said restricted receiving mode to a wireless communication mode in which said access point can communicate wirelessly with said terminal; and
      
      a connection configuration unit that, when connection configuration data transmitted from said first terminal is received following the switching to said wireless communication mode, decodes said connection configuration data using the encryption key and configures the network connection for said first terminal based on the decoded connection configuration data.
  - 14. The encryption key setting system according to claim 12, wherein said terminals include a first terminal for which the first encryption key valid between said terminal and said access point is already set and a second terminal for which an encryption key valid between said terminal and said access point is not yet set, said first terminal further comprises:
    - a packet receiving unit that receives an initial configuration packet that was sent from said second terminal and includes information specific to said second terminal; and
      
      an additional registration data transmission unit that, following the receipt of said initial configuration packet, transmits to said access point additional registration data that includes said information specific to said second terminal after encoding said data using the encryption key valid between said first terminal and said access point, and said access point further comprises;
      
      an additional terminal identification unit that receives said additional registration data, decodes said data using the first encryption key, and identifies said second terminal that sent said initial configuration packet based on said terminal-specific information included in the decoded additional registration data; and
      
      an additional setting unit that, prior to communication with said identified second terminal, sets a second encryption key used for communications with said second terminal to a value corresponding to an encryption key set in said second terminal, using said second terminal-specific information.
  - 15. The encryption key setting system according to claim 14, wherein said second terminal comprises an additional connection configuration data transmission unit that, after said additional setting unit in said second terminal sets the second encryption key for communication with said second terminal, transmits connection configuration data pertaining to the network connection settings while encoding the data using the encryption key set in said second terminal and, said access point further comprises an additional connection configuration unit that receives said connection configuration data sent from said second terminal, decodes said connection configuration data using the second encryption key set by said additional setting unit and executes the connection configuration for said second terminal based on the decoded connection configuration data.

16. A method for setting in an access point comprising a wireless LAN transponder and one terminal of terminals equipped a wireless LAN connection device an encryption key used to encode in advance the wireless communication data transmitted wirelessly between said access point and said terminal, the method comprising:
- on the side of said terminal, wirelessly transmitting an initial configuration packet that includes information specific to said terminal based on a prescribed instruction; and
  
  setting the encryption key to be used for communications with said access point to a prescribed value based on said terminal-specific information, after the transmission of said initial configuration packet but prior to communication with said access point, and on the side of said access point, detecting a status of a connection configuration required for connection to the network, when a prescribed operation is received;
  
  activating a restricted receiving mode in which only a packet including information specific to a terminal is accepted as an initial configuration packet, when the detected status of the connection configuration indicates that the connection configuration remain to be performed;
  
  identifying the first terminal that sent the initial configuration packet based on said terminal-specific information, when said initial configuration packet sent from a first terminal among said terminals is received while the restricted receiving mode is active; and
  
  setting a first encryption key to be used for communications with said first terminal to a value corresponding to an encryption key set in said first terminal, using said terminal-specific information prior to the commencement of subsequent communications with said first terminal identified by said terminal identification unit.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The encryption key setting method according to claim 16, wherein following setting of the encryption key, said terminal transmits connection configuration data pertaining to the settings for connection to the network while encoding said data using the encryption key set in said terminal;
    - the access point switches, after the first encryption key is set therein, the active mode from said restricted receiving mode to a wireless communication mode in which said access point communicates wirelessly with said first terminal; and
      
      using the first encryption key, the access point decodes said encoded connection configuration data transmitted from said first terminal and configures the network connection for said first terminal based on the decoded connection configuration data, following the switching to said wireless communication mode.
  - 18. The encryption key setting method according to claim 16 further comprising:
    - providing the first terminal for which the first encryption key valid between said terminal and said access point is already set and a second terminal for which a second encryption key valid between said terminal and said access point is not yet set;
      
      sending an initial configuration packet included information specific to said second terminal from said second terminal to said first terminal;
      
      transmitting an additional registration data that includes said information specific to said second terminal to said access point using said initial configuration packet, after encoding said data using the first encryption key valid between said first terminal and said access point;
      
      decoding said additional registration data using the first encryption key set in said access point, and identifying said second terminal that sent said initial configuration packet based on said terminal-specific information included in the decoded additional registration data; and
      
      in said access point, setting second encryption key used for communications with said second terminal to a value corresponding to an encryption key set in said second terminal using said second terminal-specific information, prior to communication with said identified second terminal.
  - 19. The encryption key setting method according to claim 18, wherein the second terminal transmits, following the setting of the second encryption key in said access point, connection configuration data pertaining to the network connection settings while encoding the data using the encryption key set in said second terminal, and said access point receives this connection configuration data, decodes said connection configuration data using the encryption key set in said access point and executes the connection configuration for said second terminal based on the decoded connection configuration data.
  - 20. A program product comprising program codes and a medium that stores said program codes, wherein said program codes are executed by each computer included in an access point and a terminal to actualize said method in accordance with claim 16.

21. An encryption key setting system that sets in an access point that comprises a wireless LAN transponder and in a terminal that includes a wireless LAN connection device an encryption key used for encoding wireless communication data that is exchanged wirelessly between said access point and said terminal, said system comprising:
- an RFID tag that includes an RFID chip having a communication range that is narrower than the wireless communication range for the wireless communication data, and that stores information pertaining to the encryption key valid between said terminal and said access point;
  
  wherein said access point and said terminal each comprise;
  
  an information retrieval unit that retrieves the encryption key information stored in said RFID tag; and
  
  an setting unit that sets in its own device the encryption key valid between said terminal and said access point based on said information retrieved by said information retrieval unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Buffalo Incorporated (Melco Holdings Incorporated)
Original Assignee
Buffalo Incorporated (Melco Holdings Incorporated)
Inventors
Ishidoshiro, Takashi

Granted Patent

US 8,205,073 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/20   for managing network securi...

H04W 12/03   Protecting confidentiality,...

H04W 12/80   Arrangements enabling lawfu...

H04W 76/10   Connection setup

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

Access point, terminal, encryption key configuration system, encryption key configuration method, and program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Access point, terminal, encryption key configuration system, encryption key configuration method, and program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links