JP2005045582A - Radio data communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a radio data communication system which has high safety though being inexpensive and having a simple constitution. <P>SOLUTION: In the radio data communication system, a single base station arranged in a bus office and a plurality of terminals corresponding to a plurality of busses communicate enciphered data through a wireless LAN. The radio data communication system has; an encryption key generation means which is mounted on the base station and generates a terminal-side encryption key corresponding to an encryption key for use in the base station, at a prescribed timing; an output means which outputs the terminal-side encryption key to the outside; and a plurality of transmission means which are connected to the plurality of terminals respectively and transmit the terminal-side encryption key outputted from the output means to terminals, and each terminal acquires the terminal-side encryption key transmitted by the transmission means and uses it for communication. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a wireless data communication system in which a single base station and one or a plurality of terminals, for example, a route bus office and a plurality of route buses, communicate wirelessly encrypted data.

In recent years, with the rapid progress of digital wireless technology, it is possible to perform data communication between a base station and one or a plurality of terminals using a wireless LAN everywhere. An example of such a data communication system using a wireless LAN is disclosed in Patent Document 1 listed below.
JP 2001-345819 A

  In the wireless data communication system as described above, data can be transmitted / received to / from the base station regardless of where the terminal is located as long as the terminal is within a certain range where wireless communication can be performed with reference to the base station. Thus, it can be said that the wireless data communication system is superior to the communication system (wired data communication system) constructed by wire in the feature that there are few place restrictions. Further, recent wireless data communication systems can be made compatible by performing predetermined settings even for terminals of different manufacturers.

  Here, the above-described feature also has a drawback that data can be easily transmitted and received even if the terminal is an illegal or illegal terminal that should not be interposed in the system. For this reason, conventionally, in a wireless data communication system, ensuring safety has been a more important issue than a wired data communication system. In order to solve this problem, for example, a technique for encrypting data communicated between a base station and each terminal has been put into practical use. When data is encrypted, an encryption key is given in advance to the base station and each terminal. Of the base station and each terminal, the transmitting side encrypts and transmits data using the encryption key, and the receiving side decrypts (decrypts) the encrypted data using the encryption key. Thereby, even in a wireless data communication system, safety has been ensured.

  However, in the above method, if the same encryption key is used for a long time, there arises a problem that the encryption pattern is read or the encryption key is stolen. If this state is left unattended, data encrypted by a malicious third party may be decrypted or the system may be illegally accessed. Therefore, it is conceivable to periodically change the encryption key, but the work of changing the encryption key for each of the base station and each terminal is not cumbersome.

  In order to solve the above problem, a technique for performing authentication using a so-called digital certificate has been proposed. However, in order to employ this method, existing wireless communication facilities are not sufficient, and an authentication server or the like must be newly installed. Furthermore, since a digital certificate generally has an expiration date, it must be renewed periodically in order to continue using it. In this way, authentication using a digital certificate requires new costs for new capital investment or certificate renewal. For example, a business operator who performs wireless data communication between a bus office having a base station and a plurality of buses equipped with terminals requires issuing a digital certificate for each terminal, which requires enormous costs. End up. In reality, it is extremely difficult for a person who handles a large number of terminals to introduce authentication using a digital certificate.

  Therefore, in view of the above circumstances, an object of the present invention is to provide a highly secure wireless data communication system while having an inexpensive and simple configuration.

  In order to solve the above-mentioned problem, a wireless data communication system according to claim 1 is provided, wherein a single base station disposed in a bus office and a plurality of terminals corresponding to a plurality of buses are connected via a wireless LAN. A wireless data communication system for communicating encrypted data, an encryption key generating means mounted on a base station and generating a terminal side encryption key corresponding to an encryption key used in the base station at a predetermined timing, and a terminal Output means for outputting the side encryption key to the outside, and a plurality of transmission means that are connectable to a plurality of terminals and that transmit the terminal side encryption key output from the output means to the terminal, and each terminal The terminal-side encryption key transmitted by the transmission means is acquired and used for communication.

  As described above, the wireless data communication system according to claim 1 is generated by providing an encryption key generating means to a computer existing for holding data communicated between a base station and a terminal. The encryption key is set in each terminal by the encryption key setting means. Therefore, the encryption key generated by the base station can be set in each terminal while utilizing the existing system. Further, since the wireless data communication system according to claim 1 can generate and set the encryption key periodically and automatically, the business operator and the employee can use one encryption key for each on-vehicle device. This eliminates the need for manual changes and helps the operator. Moreover, since the encryption key can be changed at an arbitrary timing or periodically, the possibility of the encryption key being stolen is reduced as much as possible to ensure high security. Further, unlike the case where an authentication method using a digital certificate is employed, the cost can be suppressed.

  A plurality of terminals corresponding to a plurality of buses means that one terminal is always mounted on each bus. That is, the wireless data communication system according to the present invention is in a state where all the buses and the base station can communicate. However, the terminal and the transmission means do not necessarily correspond one-on-one. That is, one transmission means may transmit the terminal side encryption key to a plurality of terminals.

  Specifically, the encryption key generation means can generate the encryption key every predetermined period (claim 2). For example, it may be configured to generate an encryption key every day.

  The encryption key setting means includes a portable recording medium, a writing means provided in the base station for writing the encryption key into the recording medium, and a setting means provided in the terminal for reading the encryption key from the recording medium and setting it in the terminal. (Claim 3). As a portable recording medium, for example, an IC card can be considered.

  In this case, the terminal includes authentication means for authenticating the bus driver, and a recording medium that stores information for identifying the bus driver necessary for authentication by the authentication means can be used ( Claim 4). As described above, by storing information for authenticating the bus driver in the recording medium for storing the encryption key, the system configuration can be further simplified.

  Generally, each bus owned by a bus operator is already equipped with a facility (authentication means) for authenticating a bus driver from the viewpoint of crime prevention and the like. The driver receives an ID card in which information for identifying himself / herself is input from the bus office when starting a day of work. The in-vehicle device authenticates that the vehicle-mounted device is a legitimate driver (that is, an employee of a business operator) based on information read from the ID card inserted by the driver. An authenticated driver can operate the entire bus including the vehicle-mounted device. By storing the encryption key in such an ID card, the process of changing the encryption key is executed on all buses without causing the driver to feel any burden. Further, by using the ID card as the encryption key setting means in this way, the driver cannot know when the encryption key has been changed, so there is a risk that information on encryption will leak from inside, for example. It can be avoided.

  According to the invention described in claim 5, it is desirable that the setting means reads the encryption key from the recording medium and sets it in the terminal only when the authentication by the authentication means is completed. According to the invention as set forth in claim 6, when the setting means reads the encryption key from the recording medium, it is desirable to delete the encryption key written in the recording medium. By configuring as in the inventions according to claims 5 and 6, the safety can be further enhanced.

  According to another aspect of the present invention, in the wireless data communication system according to claim 7, the encryption key setting means is provided in the terminal, and communication means for transmitting the encryption key generated by the computer to the terminal. And setting means for setting the encryption key transmitted by the communication means in the terminal.

  As described in claim 7, by setting the encryption key in each terminal via the communication means, the computer can further generate the encryption key at an arbitrary timing (claim 8). That is, in the case where the encryption key is set using the recording medium, when changing the encryption key, the recording medium must be connected to the writing means again. On the other hand, according to the invention described in claim 7, for example, it is possible to newly set an encryption key even for a bus in operation.

  According to another aspect of the present invention, the terminal can include an authentication unit that authenticates the bus driver. In this case, when the authentication of the bus driver by the authentication means is completed, the setting means preferably receives the encryption key via the communication means and sets it in the terminal (claim 9).

  Further, when the terminal accesses the base station to perform wireless data communication and cannot decrypt the data, the terminal may acquire the encryption key generated by the computer using the communication means. (Claim 10). As described above, when the encryption key is set using the communication means, the encryption key can be set at a more flexible timing than the configuration where the encryption key is set using the recording medium. For example, when a bus operator uses a wireless data communication system, the on-board unit of the bus uses a communication means to access a new encryption key from the base station when the access fails as a result of accessing the base station via the wireless LAN. Can be obtained. Therefore, even when the bus is in operation, a new encryption key can be unilaterally generated and set by the base station.

  Note that it is desirable to use a highly confidential mobile phone network as the communication means (claim 11).

  As described above, according to the present invention, by providing the encryption key setting means such as the recording medium and the communication means, the encryption key can be changed periodically and simultaneously for a plurality of terminals. Therefore, it is possible to easily change the encryption key used in the wireless data communication system, and the safety can be improved. In addition, since the existing equipment can be used as it is, the cost required for ensuring safety can be minimized.

  Hereinafter, two types of embodiments of a wireless data communication system equipped with a wireless data communication system according to the present invention will be described in detail with reference to the drawings. The wireless data communication system of the present embodiment is a system used by a bus operator having a plurality of route buses operating on a predetermined route for passenger transportation. Note that the encryption method used in the wireless data communication system of this embodiment described below assumes a secret key method. That is, the encryption key for encrypting data and the encryption key for decrypting the encrypted data are the same. However, the wireless data communication system according to the present invention can adopt a public key system.

  FIG. 1 is a diagram showing a schematic configuration of a wireless data communication system 100 according to the first embodiment of the present invention. As shown in FIG. 1, the wireless data communication system 100 includes a base station 1 and a terminal 4. The base station 1 is installed in a bus office that supervises and manages the buses in operation, and the terminal 4 is mounted on the bus. Actually, the terminal 4 is mounted on all buses owned by the bus operator. That is, the wireless data communication system 100 is configured to perform data communication between the base station 1 and a plurality of terminals. However, since the relationship between the base station 1 and each terminal is the same, only the relationship between the base station 1 and a specific terminal (terminal 4) will be described in the following description.

  The base station 1 includes a computer 2, a wireless LAN access point 3, a first input unit 4, and a first card slot 9. The terminal 5 includes an in-vehicle device 6, a wireless LAN adapter 7, a second input unit 8, and a second card slot 10.

  The ID card 11 is a portable recording medium in which data can be read or written by being inserted into the card slots 9 and 10. The ID card 11 is handed to each driver from the office at the start of a day's business, and an ID and a password for identifying each driver are recorded in advance.

  Wireless data communication between the base station 1 and the terminal 5 is performed using the access point 3 and the adapter 7. Data transmitted from the access point 3 is mainly provided from the computer 2. That is, the computer 2 functions as a data server that holds communication data in the access point 3. Here, as data transmitted from the access point 3, for example, schedule data (staff data) related to operation such as which bus stop of which system departs at what hour and minute, text data for in-car broadcast, and the like can be mentioned. Data transmitted from the adapter 7 is mainly provided from the vehicle-mounted device 6. The vehicle-mounted device 6 is a control device for executing processing necessary during bus operation. And the onboard equipment 6 provides the adapter 7 with the data produced | generated with each process. Here, the data transmitted from the adapter 7 includes, for example, data related to operation history, passenger boarding / exiting history, sales data, and the like. During communication, the access point 3 and the adapter 7 transmit and receive data encrypted according to a predetermined encryption method.

  The computer 2 has a function of generating an encryption key (a base station side encryption key and a terminal side encryption key) necessary for determining the above encryption method and for decrypting data encrypted by the method. Also have. Specifically, the computer 2 automatically generates an encryption key periodically. In the present embodiment, the computer 2 generates an encryption key every day. Here, the computer 2 may generate a new encryption key each time, or may select one of a plurality of preset encryption keys randomly or in accordance with a predetermined rule.

  The computer 2 sets the generated or selected terminal-side encryption key in the access point 3 and writes it in the ID card 11 via the first card slot 8. The ID card 11 is handed over to a driver who has worked at the office to start business.

  FIG. 2 is a flowchart showing processing related to terminal-side encryption key setting performed by the vehicle-mounted device 6. When the driver recognizes that the ID card 11 has been inserted into the second card slot 10 (S1: YES), the vehicle-mounted device 6 has information for identifying the driver from the ID card 9, here an ID and a password. Is read (S3). The vehicle-mounted device 6 refers to a table relating to an ID input in advance in a memory (not shown) and performs authentication to determine whether the ID acquired in S3 is an ID assigned to a regular driver (S5). .

  After inserting the ID card 11 into the second card slot 10, the driver inputs the password via the input unit 8. The in-vehicle device 6 determines whether or not the password input by the driver matches the password read in S3 (S7).

  It is determined that the ID acquired in S5 is an ID assigned to a regular driver (S5: YES), and it is determined that the password input in S7 matches the password read from the ID card 11 ( In the case of S7: YES), the vehicle-mounted device 6 reads the encryption key from the ID card 11 (S9).

  The vehicle-mounted device 6 sets the encryption key read in S9 to the adapter 7 (S11). Here, it is necessary to prevent the encryption key from leaking to a third party due to loss of the ID card or the like. Therefore, the onboard equipment 6 accesses the ID card 11 after the process of S11, and performs the process of deleting the encryption key written in the ID card 11 (S13).

  In addition, the process of S5 and S7 mentioned above is the authentication process regarding the driver of this embodiment. Therefore, when the ID read from the ID card 11 does not match any ID in the table (S5: NO), or when the password input by the driver is incorrect (S7: NO), the vehicle-mounted device 6 Performs error processing (S15). As the error processing, for example, it is assumed that the password is requested to be input again, the authentication processing is interrupted, or the office or the police is notified. After performing the error process, the vehicle-mounted device 6 performs the process of S13.

  Wireless data communication is performed between the access point 3 and the adapter 7 using the encryption key thus set. The above is the description of the wireless data communication system 100 of the first embodiment. The wireless data communication system 100 of the first embodiment mainly has the following features.

  First, the wireless data communication system 100 has been used for setting the encryption key in the adapter for the operation that the driver always performs when starting business, that is, the operation of inserting the IC card into the vehicle-mounted device for authentication processing. By using it, it becomes possible to update the encryption key at the same time in all bus terminals that operate. Second, by setting the interval at which the computer generates the encryption key to be short (for example, every day as described above), the possibility of theft of the encryption key is greatly reduced, and the safety is improved. . Thirdly, since the encryption key is updated only by the driver performing almost the same operation as before, no mental burden such as learning a new operation is given to the driver. In addition, since the operation method does not change as in the third feature, the driver himself cannot know when and what kind of encryption key has been changed. Therefore, fourthly, no information is leaked from the inside of the office. Fifth, the wireless data communication system 100 can be implemented simply by rewriting the software used in the existing wireless data communication system without providing new equipment and devices, thus ensuring high safety. However, it can be configured at low cost.

  Next, the wireless data communication system 200 of the second embodiment will be described. FIG. 3 is a diagram illustrating a schematic configuration of the wireless data communication system 200. In the wireless data communication system 200 shown in FIG. 3, the same components as those of the system 100 are denoted by the same reference numerals, and description thereof is omitted here. The wireless data communication system 200 sets the encryption key generated by the computer 2 in the terminal 5 using the mobile phone network 13. Therefore, the wireless data communication system 200 includes a dedicated line 12 laid from the mobile phone network 13 on the base station 1 side and a mobile phone 14 on the terminal 5 side. Note that the cellular phone network 13 has an advantage of high secrecy compared to other wireless communication networks.

  The computer 2 automatically generates an encryption key (base station side encryption key and terminal side encryption key) periodically (for example, every day) as in the first embodiment. Then, the generated encryption key is set in the access point 3. The computer 2 can also generate an encryption key at an arbitrary timing in accordance with the instruction input from the first input unit 4.

  FIG. 4 is a flowchart showing processing relating to setting of the terminal-side encryption key performed by the vehicle-mounted device 6. When starting the business, the driver uses the input unit 8 to input information that proves that the driver is a regular driver. When the information is input (S31: YES), the vehicle-mounted device 6 performs authentication related to the driver using the information (S33). In the present embodiment, all the information necessary for authentication is input from the input unit 8, but as in the first embodiment, it is necessary for authentication using an ID card given to each driver. You may take the structure which inputs information.

  When it is authenticated that the driver is a regular driver (S33: YES), the vehicle-mounted device 6 makes a call to the base station 1 using the mobile phone 14 (transmission process; S35). When connected to the base station 1 via the mobile phone network 13 and the dedicated line 12, the vehicle-mounted device 6 makes an encryption key transmission request to the computer 2 (S37). Next, the vehicle-mounted device 6 enters a standby state until receiving the encryption key automatically transmitted from the computer 2 that has received the transmission request (S39: NO).

  When receiving the encryption key from the computer 2 (S39: YES), the vehicle-mounted device 6 disconnects the line with the base station 1 (computer 2) (S41). Note that even if the line is always connected, the line disconnection process in S41 may not be performed if there is no problem including the cost. Next, the vehicle-mounted device 6 sets the encryption key transmitted from the computer 2 in the adapter 7 (S43).

  In addition, since the process which an onboard equipment performs when the authentication process by S33 fails (S33: NO) is substantially the same as S15 in said 1st embodiment, it does not demonstrate here.

  Wireless data communication is performed between the access point 3 and the adapter 7 using the encryption key thus set. As described above, the computer 2 can generate an encryption key at an arbitrary timing. Therefore, even when the bus is in operation, the computer 2 can newly generate an encryption key. In this case, the newly generated encryption key is set in each terminal as follows.

  The terminal 4 and the base station 1 mounted on the bus in operation communicate with each other as appropriate so that smooth operations are performed, and transmit and receive data. For this reason, if the computer 2 generates a new encryption key and sets it in the access point 3, communication cannot be performed. Examples of the state where communication cannot be performed at the terminal 4 include a state where the data transmitted from the base station 1 cannot be decoded and a state where an error signal is transmitted from the base station when the data transmitted from the terminal 4 cannot be decoded. The

  In such a case, the vehicle-mounted device 6 temporarily suspends the processing related to the wireless data communication and executes the processing from S35 to S43 shown in FIG. And the onboard equipment 6 restarts radio | wireless data communication using the encryption key newly set.

  The above is the description of the wireless data communication system 200 of the second embodiment. The wireless data communication system 200 of the second embodiment mainly has the following characteristics.

  First, since the wireless data communication system 200 is configured to set an encryption key using a mobile phone network when the driver-related authentication is completed, the encryption key is set at all bus terminals that operate. Can be updated all at once. Second, by setting the interval at which the computer generates the encryption key to be short (for example, every day as described above), the possibility of theft of the encryption key is greatly reduced, and the safety is improved. . Third, since the encryption key can be updated not only at the start of business but also during bus operation, higher security is ensured. According to the second and third characteristics, the driver himself does not know at all when and what kind of encryption key has been changed. Therefore, fourthly, no information is leaked from the inside of the office.

  The above is the description of the embodiment of the present invention. The present invention is not limited to the above-described embodiments, and the configuration can be changed as described below.

  The point that the computer 2 can generate the encryption key at an arbitrary timing has been described in the second embodiment, but it is also possible in the system 100 of the first embodiment. In the system 100, as a case where the computer 2 generates an encryption key at an arbitrary timing, for example, when a log such as unauthorized access is collected when the encryption key is set to be updated every two days, It may be possible to enhance the security by generating an encryption key on a date other than the scheduled update date of the encryption key.

  In the first embodiment, the ID card 11 in which the driver authentication information is written is used as a recording medium used for setting the encryption key. However, it is not always necessary to use the ID card 11, and it is also possible to use a memory card dedicated to setting an encryption key or in which other information is written. For example, when a memory card dedicated to an encryption key is used, it is possible to set encryption keys for a plurality of terminals using the memory card.

  Furthermore, in the systems 100 and 200 of the respective embodiments, two-way communication between the base station 1 and the terminal 5 is assumed, and encryption is performed when any of them transmits data. However, the wireless data communication system according to the present invention is not limited to the communication form as described above. Therefore, the present invention can be implemented also in one-way communication such as communication from the base station 1 to the terminal 5 or communication from the terminal 5 to the base station 1. Furthermore, according to the present invention, it is possible to encrypt the data only when transmitting data in one direction, for example, when transmitting data from the base station 1 to the terminal 5 even in bidirectional communication. .

It is a figure showing schematic structure of the radio | wireless data communication system of 1st embodiment of this invention. It is a flowchart which shows the process regarding the setting of the encryption key which the onboard equipment of 1st embodiment performs. It is a figure showing schematic structure of the radio | wireless data communication system of 2nd embodiment of this invention. It is a flowchart which shows the process regarding the setting of the encryption key which the onboard equipment of 2nd embodiment performs.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Base station 2 Computer 3 Access point 5 Terminal 6 Onboard equipment 7 Adapter 11 ID card 13 Mobile telephone network 100, 200 Stop map preparation system

Claims (11)

A wireless data communication system in which a single base station disposed in a bus office and a plurality of terminals corresponding to a plurality of buses communicate encrypted data via a wireless LAN,
An encryption key generating means mounted on the base station and generating a terminal side encryption key corresponding to the encryption key used in the base station at a predetermined timing;
Output means for outputting the terminal side encryption key to the outside;
A plurality of transmission means that are connectable to the plurality of terminals and that transmit the terminal-side encryption key output from the output means to the terminals;
A wireless data communication system, wherein each terminal acquires the terminal-side encryption key transmitted by the transmission means and uses it for the communication.   The wireless data communication system, wherein the encryption key generation means generates the encryption key every predetermined period set in advance. The wireless data communication system according to claim 1 or 2,
The transmission means has a portable recording medium,
The wireless data communication system according to claim 1, wherein the output unit includes a writing unit that is mounted on the base station and writes the terminal-side encryption key to the recording medium. The wireless data communication system according to claim 3,
The terminal comprises authentication means for authenticating a driver driving a bus on which the terminal is mounted,
The wireless data communication system according to claim 1, wherein information for specifying the driver necessary for authentication by the authentication means is recorded on the recording medium. The wireless data communication system according to claim 4,
The wireless data communication, wherein the terminal performs authentication related to the driver based on the information, and acquires the terminal-side encryption key from the recording medium only when the authentication is completed system. The wireless data communication system according to claim 5,
When the terminal acquires the terminal-side encryption key from the recording medium, the terminal deletes the terminal-side encryption key written in the recording medium. The wireless data communication system according to claim 1 or 2,
The transmission means includes a wireless communication device,
The wireless data communication system characterized in that the output means outputs the terminal-side encryption key to the wireless communication device when the wireless communication device is connected. The wireless data communication system according to claim 7,
The base station further generates the terminal side encryption key at an arbitrary timing corresponding to an instruction from the outside. The wireless data communication system according to claim 7 or 8,
The terminal includes authentication means for authenticating a driver driving a bus on which the terminal is mounted, and when the authentication of the bus driver by the authentication means is completed, the terminal-side encryption key is transmitted via the wireless communication device. A wireless data communication system, characterized in that The wireless data communication system according to any one of claims 7 to 9,
When the terminal accesses the base station for wireless data communication and determines that the data cannot be decrypted, the terminal generates an encryption key generated by the computer using the communication means. A wireless data communication system, characterized in that   The wireless data communication system according to any one of claims 7 to 10, wherein the wireless communication device is a mobile phone.

Images