Cipher key setting system, access point, wireless LAN terminal, and cipher key setting method
First Claim
1. A cipher key setting system, comprising:
- a wireless LAN access point that includes;
a register mode setting mechanism set by a user that sets an operation mode of the wireless LAN access point to a register mode of operation, modifies a station Identification (ID) of the wireless LAN access point into a specified station ID, and enables the wireless LAN access point to wirelessly transmit the specified station ID;
a communication area delimiter that modifies an actual physical wireless communication area of the wireless LAN access point in the register mode of operation from a wireless LAN communication area AR1 to a smaller physical wireless LAN security communication area MR1, physically limiting a physical range of the transmitted specified station ID to the smaller, physical wireless LAN security communication area MR1;
a security policy selection mechanism that allows the user to select a security policy from a plurality of security policies included in the wireless LAN access point, and enables the user to change a previously set security policy;
a plurality of terminals that include;
a wireless LAN interface device;
a terminal registration mode mechanism that is set by the user to set a terminal operation mode of a terminal to a terminal register mode of operation, which enables the terminal to search for and directly, wirelessly connect with the wireless LAN access point that has the specified station ID;
wherein;
the plurality of terminals transmit to the wireless LAN access point a set of cipher systems used by the plurality of terminals;
the wireless LAN access point detects the set of cipher systems transmitted from the plurality of terminals, determines corresponding cipher keys based on the user modified security policy of the wireless LAN access point, and transmits selected cipher systems and cipher keys to the plurality of terminals based on the user modifiable security policy of the wireless LAN access point;
the wireless LAN access point in the register mode of operation associates different station IDs with different usable cipher systems, and transmits one or more selected station IDs from the different station IDs and one or more usable selected cipher systems from different usable cipher systems with corresponding cipher keys to the plurality of terminals;
the plurality of terminals acquire the one or more selected station IDs from the wireless LAN access point, and when there is a coincident station ID between the one or more selected station IDs acquired from the wireless LAN access point and previously stored station IDs stored in each terminal of the plurality of terminals, each terminal selects the coincident station ID and an associated cipher system with corresponding cipher keys;
when communication is not maintained with the wireless LAN access point based on already acquired station ID, the terminal of the plurality of terminals acquires anew the one or more selected station IDs from the wireless LAN access point and when there is coincident station ID between the one or more selected station IDs acquired anew and previously stored station IDs stored within the terminal, the terminal selects the coincident station ID and the associated cipher systems with corresponding cipher keys;
with the plurality of terminals and any newly added terminal being informed about which cipher system is used by the wireless LAN access point, and induced to select the associated cipher system and to set corresponding cipher keys for each selected associated cipher systems without the wireless LAN access point transmitting a new cipher key and a new cipher system each time the wireless LAN access point changes the cipher system.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention intends to achieve new additions of terminals that use a wireless LAN with a simple process, while preventing leakage of data indicating cipher keys. The access point is notified of the cipher systems adaptable to the terminals. The access point narrows the cipher systems adaptable to itself, sets the cipher keys and notifies them, and also determines the station IDs for the cipher keys each. Thereafter, when the access point modifies the cipher systems based on the security policy, the access point adopts the station IDs corresponding to the cipher systems each. Therefore, the terminals specify the cipher systems based on the station IDs, and perform wireless communications by using the cipher keys notified in advance.
12 Citations
5 Claims
-
1. A cipher key setting system, comprising:
-
a wireless LAN access point that includes; a register mode setting mechanism set by a user that sets an operation mode of the wireless LAN access point to a register mode of operation, modifies a station Identification (ID) of the wireless LAN access point into a specified station ID, and enables the wireless LAN access point to wirelessly transmit the specified station ID; a communication area delimiter that modifies an actual physical wireless communication area of the wireless LAN access point in the register mode of operation from a wireless LAN communication area AR1 to a smaller physical wireless LAN security communication area MR1, physically limiting a physical range of the transmitted specified station ID to the smaller, physical wireless LAN security communication area MR1; a security policy selection mechanism that allows the user to select a security policy from a plurality of security policies included in the wireless LAN access point, and enables the user to change a previously set security policy; a plurality of terminals that include; a wireless LAN interface device; a terminal registration mode mechanism that is set by the user to set a terminal operation mode of a terminal to a terminal register mode of operation, which enables the terminal to search for and directly, wirelessly connect with the wireless LAN access point that has the specified station ID; wherein; the plurality of terminals transmit to the wireless LAN access point a set of cipher systems used by the plurality of terminals; the wireless LAN access point detects the set of cipher systems transmitted from the plurality of terminals, determines corresponding cipher keys based on the user modified security policy of the wireless LAN access point, and transmits selected cipher systems and cipher keys to the plurality of terminals based on the user modifiable security policy of the wireless LAN access point; the wireless LAN access point in the register mode of operation associates different station IDs with different usable cipher systems, and transmits one or more selected station IDs from the different station IDs and one or more usable selected cipher systems from different usable cipher systems with corresponding cipher keys to the plurality of terminals; the plurality of terminals acquire the one or more selected station IDs from the wireless LAN access point, and when there is a coincident station ID between the one or more selected station IDs acquired from the wireless LAN access point and previously stored station IDs stored in each terminal of the plurality of terminals, each terminal selects the coincident station ID and an associated cipher system with corresponding cipher keys; when communication is not maintained with the wireless LAN access point based on already acquired station ID, the terminal of the plurality of terminals acquires anew the one or more selected station IDs from the wireless LAN access point and when there is coincident station ID between the one or more selected station IDs acquired anew and previously stored station IDs stored within the terminal, the terminal selects the coincident station ID and the associated cipher systems with corresponding cipher keys; with the plurality of terminals and any newly added terminal being informed about which cipher system is used by the wireless LAN access point, and induced to select the associated cipher system and to set corresponding cipher keys for each selected associated cipher systems without the wireless LAN access point transmitting a new cipher key and a new cipher system each time the wireless LAN access point changes the cipher system. - View Dependent Claims (2)
-
-
3. A wireless Local Area Network (LAN) access point that adapts itself to a plurality of cipher systems in the wireless LAN communication, comprising:
-
a register mode setting mechanism set by a user that sets an operation mode of the wireless LAN access point to a register mode of operation, modifies a station Identification (ID) of the wireless LAN access point into a specified station ID, and enables the wireless LAN access point to wirelessly transmit the specified station ID; a communication area delimiter that modifies an actual physical wireless communication area of the wireless LAN access point in the register mode of operation from a wireless LAN communication area AR1 to a smaller physical wireless LAN security communication area MR1, physically limiting a physical range of the transmitted specified station ID to the smaller, physical wireless LAN security communication area MR1; cipher systems and cipher keys used in enciphering communication data prior to performing wireless communications with a terminal that is provided with a wireless LAN interfacing device, a cipher key transmitter that narrows the plurality of cipher systems in the wireless LAN access point, which were transmitted from the terminal, and determines usable cipher keys in the cipher systems narrowed, and wirelessly transmits the determined cipher keys to the terminal, and a cipher system selector that selects cipher systems on the basis of a user modifiable security policy from among the narrowed cipher systems, and sets the selected cipher systems and the determined cipher keys with the wireless LAN access point communicating with a plurality of terminals using the set cipher systems and the cipher keys; wherein; the wireless LAN access point in the register mode of operation associates different station IDs with different usable cipher systems, and transmits one or more selected station IDs from the different station IDs and one or more usable selected cipher systems from different usable cipher systems with corresponding cipher keys to the plurality of terminals; the plurality of terminals acquire the one or more selected station IDs from the wireless LAN access point, and when there is a coincident station ID between the one or more selected station IDs acquired from the wireless LAN access point and previously stored station IDs stored in each terminal of the plurality of terminals, each terminal selects the coincident station ID and an associated cipher system with corresponding cipher keys; when communication is not maintained with the wireless LAN access point based on already acquired station ID, the terminal of the plurality of terminals acquires anew the one or more selected station IDs from the wireless LAN access point and when there is coincident station ID between the one or more selected station IDs acquired anew and previously stored station IDs stored within the terminal, the terminal selects the coincident station ID and the associated cipher systems with corresponding cipher keys; with the plurality of terminals and any newly added terminal being informed about which cipher system is used by the wireless LAN access point, and induced to select the associated cipher system and to set corresponding cipher keys for each selected associated cipher systems without the wireless LAN access point transmitting a new cipher key and a new cipher system each time the wireless LAN access point changes the cipher system.
-
-
4. A wireless Local Area Network (LAN) terminal to which is connected a wireless LAN interfacing device that adapts itself to a plurality of cipher systems in the wireless LAN communication, comprising:
-
a terminal registration mode mechanism that is set by the user to set a terminal operation mode of the terminal to a terminal register mode of operation, which enables the terminal to search for and directly, wirelessly connect with a wireless LAN access point with a specified station ID; the wireless LAN access point includes; a register mode setting mechanism set by a user that sets an operation mode of the wireless LAN access point to a register mode of operation, modifies a station Identification (ID) of the wireless LAN access point into a specified station ID, and enables the wireless LAN access point to wirelessly transmit the specified station ID; a communication area delimiter that modifies an actual physical wireless communication area of the wireless LAN access point in the register mode of operation from a wireless LAN communication area AR1 to a smaller physical wireless LAN security communication area MR1, physically limiting a physical range of the transmitted specified station ID to the smaller, physical wireless LAN security communication area MR1; the terminal, further includes; a cipher system and a corresponding cipher key used in enciphering communication data prior to performing wireless communications with the wireless LAN access point, a cipher system transmitter that wirelessly transmits cipher systems from the terminal to the wireless LAN access point, and wherein; the wireless LAN access point in the register mode of operation associates different station IDs with different usable cipher systems, and transmits one or more selected station IDs from the different station IDs and one or more usable selected cipher systems from different usable cipher systems with corresponding cipher keys to a plurality of terminals; the plurality of terminals acquire the one or more selected station IDs from the wireless LAN access point, and when there is a coincident station ID between the one or more selected station IDs acquired from the wireless LAN access point and previously stored station IDs stored in each terminal of the plurality of terminals, each terminal selects the coincident station ID and an associated cipher system with corresponding cipher keys; when communication is not maintained with the wireless LAN access point based on already acquired station ID, the terminal of the plurality of terminals acquires anew the one or more selected station IDs from the wireless LAN access point and when there is coincident station ID between the one or more selected station IDs acquired anew and previously stored station IDs stored within the terminal, the terminal selects the coincident station ID and the associated cipher systems with corresponding cipher keys; with the plurality of terminals and any newly added terminal being informed about which cipher system is used by the wireless LAN access point, and induced to select the associated cipher system and to set corresponding cipher keys for each selected associated cipher systems without the wireless LAN access point transmitting a new cipher key and a new cipher system each time the wireless LAN access point changes the cipher system.
-
-
5. A cipher key setting method that sets a cipher system and a cipher key used in enciphering communication data prior to wireless communications performed between a wireless Local Area Network (LAN) access point and a terminal with a wireless LAN interfacing device, comprising:
-
setting an operation mode of the wireless LAN access point to a register mode of operation, modifying a station Identification (ID) of the wireless LAN access point into a specified station ID, and wirelessly transmitting the specified station ID; modifying an actual physical wireless communication area of the wireless LAN access point in the register mode of operation from a wireless LAN communication area AR1 to a smaller physical wireless LAN security communication area MR1, physically limiting a physical range of the transmitted specified station ID to the smaller, physical wireless LAN security communication area MR1; selecting a security policy from a plurality of security policies included in the wireless LAN access point, and changing a previously set security policy; setting a terminal operation mode of the terminal to a terminal register mode of operation, searching for and directly, wirelessly connecting with the wireless LAN access point that has the specified station ID; wirelessly transmitting to the wireless LAN access point a set of cipher systems used by a plurality of terminals; communicating with the plurality of terminals using the set of cipher systems and cipher keys; selecting one or more cipher systems from the set of cipher systems transmitted from the terminal, determining a usable cipher key in the one or more cipher systems selected, and transmitting the determined cipher key to the terminal on a basis of a user modifiable security policy determined in advance, and setting the selected cipher system and the determined cipher key; and the terminal setting the cipher key of the cipher system transmitted from the wireless LAN access point; associating different station IDs with different usable cipher systems when the wireless LAN access point is in the register mode of operation; transmitting one or more selected station IDs from the different station IDs and one or more usable selected cipher systems from different usable cipher systems with corresponding cipher keys to the plurality of terminals; the plurality of terminals acquiring the one or more selected station IDs from the wireless LAN access point, and when there is a coincident station ID between the one or more selected station IDs acquired from the wireless LAN access point and previously stored station IDs stored in each terminal of the plurality of terminals, each terminal selecting the coincident station ID and an associated cipher system with corresponding cipher keys; when communication is not maintained with the wireless LAN access point based on already acquired station ID, the terminal of the plurality of terminals acquiring anew the one or more selected station IDs from the wireless LAN access point and when there is coincident station ID between the one or more selected station IDs acquired anew and previously stored station IDs stored within the terminal, the terminal selecting the coincident station ID and the associated cipher systems with corresponding cipher keys; with the plurality of terminals and any newly added terminal being informed about which cipher system is used by the wireless LAN access point, and induced to select the associated cipher system and to set corresponding cipher keys for each selected associated cipher systems without the wireless LAN access point transmitting a new cipher key and a new cipher system each time the wireless LAN access point changes the cipher system.
-
Specification