WO2017038179A1

WO2017038179A1 - Device, system and method

Info

Publication number: WO2017038179A1
Application number: PCT/JP2016/066292
Authority: WO
Inventors: 大介川上; 伊東　克俊; 鈴木　英之
Original assignee: ソニー株式会社
Priority date: 2015-09-03
Filing date: 2016-06-01
Publication date: 2017-03-09
Also published as: JP2017050764A

Abstract

[Problem] To provide a mechanism for enabling easy authentication into an appropriate network. [Solution] A device provided with a processing unit that performs a process of authentication, into a wireless station as a connection destination selected on the basis of one or more pieces of network information which is acquired from each of one or more wireless stations and which relates to a wireless network operated by each wireless station, by an authentication method selected on the basis of the network information of the wireless station as the connection destination, and using authentication information of another device.

Description

Apparatus, system and method

The present disclosure relates to an apparatus, a system, and a method.

In recent years, various services using the Internet have appeared, and there is a demand for means for easily accessing the Internet even when away from home. For example, a terminal having a WWAN (Wireless Wide Area Network) communication function, such as a smartphone and a mobile phone, can access the Internet via a mobile communication network even when the user is away from home. On the other hand, a terminal that does not have a WWAN communication function is required to access the Internet by using another communication method such as a wireless LAN (WLAN). When connecting to a network such as a WLAN, processing such as searching for an access point, inputting an ID (identifier) and a password may be required, and a technique for making such processing easier is required. Yes.

For example, in Patent Document 1 below, a communication terminal that indirectly communicates with a service providing apparatus that provides a service via another communication terminal seamlessly receives a service provided by the service providing apparatus. Techniques for enabling are disclosed.

Moreover, in the following Patent Document 2, a device that does not perform mobile communication using a mobile communication service acquires authentication information from another device that performs mobile communication using a mobile communication service. A technique for connecting to a network through different wireless communication is disclosed.

JP 2009-253752 A JP 2014-143632 A

However, further performance improvement is desired in this technical field. For example, an improvement in convenience related to network authentication is one of the demands. In addition, it is also desired to select a more appropriate network as a connection destination from a plurality of networks. Therefore, the present disclosure proposes a mechanism that enables easy authentication to an appropriate network.

According to the present disclosure, the connection destination to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations. An apparatus is provided that includes a processing unit that performs an authentication process using authentication information of another apparatus according to an authentication method selected based on network information of the wireless station.

Further, according to the present disclosure, the connection to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations An apparatus is provided that includes a processing unit that provides authentication information used in the authentication process to another apparatus that performs an authentication process using an authentication method selected based on the network information of the wireless station.

Further, according to the present disclosure, the connection to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations There is provided a method including performing an authentication process using authentication information of another device by a processor according to an authentication method selected based on network information of the wireless station.

Further, according to the present disclosure, the connection to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations Providing the authentication information used in the authentication process to another device that performs the authentication process by the authentication method selected based on the network information of the wireless station is provided by the processor. .

In addition, according to the present disclosure, an authentication information providing source terminal and an authentication information providing destination terminal are provided, and the authentication information providing destination terminal is operated by the radio station acquired from each of one or more radio stations. Authentication of the authentication information providing source terminal by the authentication method selected based on the network information of the wireless station of the connection destination to the wireless station of the connection destination selected based on one or more network information related to the wireless network A system is provided that includes a processing unit that performs authentication processing using information, and wherein the authentication information providing source terminal includes a processing unit that provides the authentication information to the authentication information providing destination terminal.

Further, according to the present disclosure, the authentication information providing destination terminal is a connection destination selected based on one or more network information about the wireless network operated by the wireless station, acquired from each of the one or more wireless stations. Performing an authentication process using authentication information of an authentication information providing source terminal according to an authentication method selected based on network information of the wireless station to which the wireless station is connected to the wireless station; and Providing the authentication information to the authentication information providing destination terminal.

As described above, according to the present disclosure, a mechanism that enables easy authentication to an appropriate network is provided. Note that the above effects are not necessarily limited, and any of the effects shown in the present specification, or other effects that can be grasped from the present specification, together with or in place of the above effects. May be played.

1 is a diagram for describing an overview of a wireless communication system according to an embodiment of the present disclosure. FIG. It is a figure for demonstrating the outline | summary of the radio | wireless communications system which concerns on the embodiment. It is a block diagram showing an example of composition of a radio communications system concerning the embodiment. It is a block diagram which shows an example of a logical structure of the WLAN terminal which concerns on the same embodiment. It is a block diagram which shows an example of a logical structure of the WWAN terminal which concerns on the embodiment. It is a figure which shows an example of the user interface which concerns on the embodiment. It is a figure which shows an example of the user interface which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the connection process performed in the radio | wireless communications system which concerns on 1st Embodiment. It is a sequence diagram which shows an example of the flow of the connection process performed in the radio | wireless communications system which concerns on the same embodiment. It is a sequence diagram which shows an example of the flow of the connection process performed in the radio | wireless communications system which concerns on the same embodiment. It is a sequence diagram which shows an example of the flow of the connection process performed in the radio | wireless communications system which concerns on the same embodiment. It is a sequence diagram which shows an example of the flow of the connection process performed in the radio | wireless communications system which concerns on the same embodiment. It is a sequence diagram which shows an example of the flow of the connection process performed in the radio | wireless communications system which concerns on the same embodiment. It is a sequence diagram which shows an example of the flow of the connection process performed in the radio | wireless communications system which concerns on the same embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a sequence diagram which shows an example of the flow of the authentication process performed in the radio | wireless communications system which concerns on the embodiment. It is a flowchart which shows an example of the flow of the connection destination selection process performed in the WLAN terminal which concerns on the same embodiment. It is a block diagram which shows an example of a schematic structure of a smart phone. It is a block diagram which shows an example of a schematic structure of a car navigation apparatus.

Hereinafter, preferred embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, duplication description is abbreviate | omitted by attaching | subjecting the same code | symbol.

In the present specification and drawings, elements having substantially the same functional configuration may be distinguished by adding different alphabets after the same reference numerals. For example, a plurality of elements having substantially the same functional configuration are distinguished as the

base stations

510A, 510B, and 510C as necessary. However, when there is no need to particularly distinguish each of a plurality of elements having substantially the same functional configuration, only the same reference numerals are given. For example, the

base stations

510A, 510B, and 510C are simply referred to as the base station 510 when it is not necessary to distinguish them.

The description will be made in the following order.
1. Overview 2. Configuration example 2.1. Configuration example of wireless communication system 2.2. Configuration example of WLAN terminal 2.3. 2. Configuration example of WWAN terminal First embodiment 3.1. Technical features 3.2. Flow of processing Application example 5. Summary

<< 1. Overview >>
First, an overview of a wireless communication system 1 according to an embodiment of the present disclosure will be described with reference to FIGS. 1 and 2.

FIG.1 and FIG.2 is a figure for demonstrating the outline | summary of the radio | wireless communications system 1 which concerns on one Embodiment of this indication. In the example illustrated in FIG. 1, the wireless communication system 1 includes a wireless communication device 100. In the example illustrated in FIG. 2, the wireless communication system 1 includes a wireless communication device 100 and a wireless communication device 200.

The wireless communication device 100 is a wireless terminal capable of wireless communication with other devices. In the example of FIG. 1, the wireless communication device 100 is a notebook PC. The wireless communication device 100 is a WLAN terminal that can be connected to a WLAN according to a communication method such as IEEE (Institute of Electrical and Electronics Engineers) 802.11a, 11b, 11g, 11n, 11ac, or 11ad. As shown in FIG. 1, the WLAN terminal 100 can connect to a wireless network 500 via a base station 510 and use a service provided by the service network 400. Further, the WLAN terminal 100 can form a wireless connection with the wireless communication device 200. This wireless connection can be formed according to an arbitrary communication method such as Bluetooth (registered trademark) or NFC (Near field communication). The WLAN terminal 100 can be connected to a WLAN whose network information is known, such as a WLAN that is operated at the user's home, for example, but is difficult to connect to a WLAN whose network information such as whereabouts is unknown. In addition to the notebook PC, the wireless communication device 100 includes a PC, a tablet terminal, a PDA (Personal Digital Assistant), an HMD (Head Mounted Display), a headset, a digital camera, a digital video camera, a smartphone, a mobile phone terminal, a mobile phone, and the like. It may be realized as a music playback device, a portable video processing device, a portable game device, or the like.

The wireless communication device 200 is a wireless terminal capable of wireless communication with other devices. The wireless communication apparatus 200 has authentication information for performing authentication to the network, and can be connected to the network independently. In the example of FIG. 2, the wireless communication device 200 is a smartphone. The wireless communication apparatus 200 can form a wireless connection with the WLAN terminal 100, for example. The wireless communication apparatus 200 is a WWAN terminal that has a WWAN communication function and can be connected to the WWAN. The WWAN terminal 200 has subscriber identification information for connecting to a mobile communication network, performs authentication processing using the subscriber identification information, and establishes wireless connection with a wireless network 300 such as a mobile communication network. Can be formed. The subscriber identification information is, for example, an IMSI (International Mobile Subscriber Identity) stored in a SIM card (Subscriber Identity Module Card). The WWAN terminal 200 can use the service provided by the service network 400 by connecting to the wireless network 300 using the WWAN communication function. Here, the subscriber identification information is an example of authentication information that the WWAN terminal 200 has, and the WWAN terminal 200 may have other arbitrary information as the authentication information. The wireless communication device 200 is not only a smartphone but also a notebook PC, PC, tablet terminal, PDA, HMD, headset, digital camera, digital video camera, mobile phone terminal, portable music player, portable video processing device. Alternatively, it may be realized as a portable game device or the like.

The wireless network 300 is a WWAN (first network) such as a mobile communication network. For example, the WWAN 300 is operated according to an arbitrary wireless communication system such as LTE (Long Term Evolution), LTE-A (LTE-Advanced), GSM (registered trademark), UMTS, W-CDMA, or CDMA2000. For example, the WWAN 300 is connected from the wireless communication device 200 located within the range of the cell operated by the base station 310.

The service network 400 is a public network such as the Internet. The WWAN terminal 200 can access the service network 400 via the WWAN 300.

Here, it is difficult for a terminal having no WWAN communication function to access the Internet via the WWAN 300. Even in such a case, examples of means for realizing access to the Internet while away from home include tethering by a terminal capable of WWAN communication or use of a public WLAN.

Tethering is a technology for connecting other communication terminals to the WWAN 300 via a terminal having a WWAN communication function such as a smartphone. For example, since the WWAN terminal 200 can be connected to the WWAN 300 and the WLAN terminal 100, the WWAN terminal 200 can function as an access point that relays communication between the WWAN 300 and the WLAN terminal 100, and can realize tethering. As a result, the WLAN terminal 100 can use the service provided by the service network 400.

Tethering can be used wherever the WWAN terminal 200 is located in an area where WWAN communication is possible. However, since it is necessary to perform terminal setting for tethering use in both the WWAN terminal 200 and the WLAN terminal 100, the convenience of the user is impaired. Further, during tethering, the power consumption of the WWAN terminal 200 functioning as an access point is large.

On the other hand, a public WLAN is a service that provides a connection to the Internet using a WLAN. Hereinafter, communication using a public WLAN will be described with reference to FIG. A wireless network 500 shown in FIG. 2 is a public network (second network) operated by a WLAN, for example. The WLAN terminal 100 can connect to the WLAN 500 to access the service network 400 or further access the service network 400 via the WWAN 300. As a result, the WLAN terminal 100 can use the service provided by the service network 400.

Here, a wireless terminal having a WWAN communication function such as a smartphone is an ANDSF (Access Network Discovery and Selection Function) proposed by 3GPP (Third Generation Partnership Project), or Wi-Fi CERTIFIED proposed by Wi-Fi Alliance. Using Passpoint technology, it is possible to connect to the surrounding public WLAN and perform user authentication using the subscriber identification information possessed by itself. However, in a wireless terminal that does not have a WWAN communication function and does not have subscriber identification information like a notebook PC, it may be necessary to select a public WLAN that can be used by the user and perform an authentication procedure. Convenience was impaired.

Further, when there is no public WLAN that can be connected to the WLAN terminal 100 in the vicinity, the WLAN terminal 100 can be connected to the Internet by operating the WWAN terminal 200 as a tethering AP (Access Point). However, manual settings such as connection setting to the tethering AP and tethering ON / OFF in the WWAN terminal 200 have occurred, and convenience has been impaired.

Furthermore, if the WLAN terminal 100 is not compatible with Wi-Fi CERTIFIED Passpoint, it will connect without confirming the safety of the WLAN 500, which may lead to the risk of connecting to the WLAN 500 with a high security risk and damage such as eavesdropping. There was a risk of encounter.

Accordingly, the wireless communication system according to an embodiment of the present disclosure has been created with the above circumstances in mind. The wireless communication system according to an embodiment of the present disclosure enables the WLAN terminal 100 to perform easy authentication to an appropriate network. Hereinafter, a wireless communication system including the wireless communication device according to an embodiment of the present disclosure will be described in detail with reference to FIGS.

The WWAN terminal 200 is an example of a terminal that functions as a provider of authentication information. The authentication information providing source terminal 200 does not necessarily have to be capable of WWAN communication, and may have authentication information for the network. Similarly, the WLAN terminal 100 is an example of a terminal that functions as a provision destination of authentication information. The authentication information providing destination terminal 100 may not necessarily be capable of WLAN communication, and may be connected to a network of an arbitrary communication method using the authentication information provided from the authentication information providing source terminal 200.

<< 2. Configuration example >>
<2.1. Configuration example of wireless communication system>
FIG. 3 is a block diagram illustrating an example of a configuration of the wireless communication system 1 according to the present embodiment. As shown in FIG. 3, the wireless communication system 1 includes a WLAN terminal 100 and a WWAN terminal 200, and provides wireless connection to the WWAN 300, the WLAN 500, and the service network 400.

(1) WWAN300
As shown in FIG. 3, the WWAN 300 is operated by a base station 310, a gateway 320, a subscriber information server 330, an authentication server 340, and a network information providing server 350.

(1-1) Base station 310
The base station 310 is a device that serves as a contact point when a wireless terminal having a WWAN communication function is connected to the WWAN 300. For example, the base station 310 accepts a connection from the WWAN terminal 200. In LTE, the base station 310 corresponds to an eNB.

(1-2) Gateway 320
The gateway 320 is a device that relays communication between the WWAN 300 and another network. For example, the gateway 320 relays communication between the WWAN 300 and the service network 400 and communication between the WWAN 300 and the WLAN 500. In LTE, the gateway 320 corresponds to a P-GW (Packet Data Network Gateway).

(1-3) Subscriber information server 330
The subscriber information server 330 is a device that holds subscriber information for the WWAN 300. The subscriber information server 330 also holds information used for authentication processing when a wireless terminal connects to the WWAN 300. In LTE, the subscriber information server 330 corresponds to an HSS (Home Subscriber Server).

(1-4) Authentication server 340
The authentication server 340 is a device that authenticates that the connection to the WWAN 300 is a connection by a WWAN 300 subscriber. The authentication server 340 can perform this authentication process with reference to the subscriber information server 330. In LTE, the authentication server 340 corresponds to an AAA (Authentication, Authorization and Accounting) server.

The authentication server 340 has a function of authenticating connection to the WLAN 500. For example, as an authentication protocol for the WLAN 500, an authentication protocol using a certificate such as EAP (Extensible Authentication Protocol) -TLS (Transport Layer Security) or EAP-TTLS (Tunneled Transport Layer Security) can be adopted. In that case, the authentication server 340 issues an electronic certificate, an ID, a password, and the like, and performs an authentication process related to a terminal that connects to the WLAN 500. In addition, as an authentication protocol for the WLAN 500, EAP-AKA (EAP Method for UMTS Authentication and Key Agreement), EAP-SIM (EAP Method for GSM Subscriber Identity Modules), or EAP-AKA 'and other subscriber identification to WWAN300 An authentication protocol using information may be employed. In that case, the authentication server 340 performs authentication processing with reference to the subscriber information server 330. A terminal that has a WWAN communication function and can be connected to the WWAN 300 through authentication processing using subscriber identification information can be connected to the WLAN 500 through authentication processing using subscriber identification information. . In addition, IMS-AKA, Security Token, a digital certificate (Credential, Certificate), a public key, or the like may be used as an authentication protocol for the WLAN 500.

(1-5) Network information providing server 350
The network information providing server 350 is a device that provides information on a connection destination wireless network, which is necessary when the connection destination is switched from the wireless network to which the wireless terminal is currently connected to another wireless network. For example, the network information providing server 350 can provide network information for connecting to the WLAN 500 to the WWAN terminal 200. In LTE, the network information providing server 350 corresponds to an ANDSF server.

(1-6) TLS server 360
The TLS server 360 is a server that performs authentication by EAP-TTLS among TLS that is one of EAP authentication protocols. Specifically, the TLS server 360 performs authentication using a user name and password protected by key encryption. Note that the verification of the user name and password is performed by the authentication server 340.

(2) WLAN500
As shown in FIG. 3, the WLAN 500 is a public network operated by the base station 510. In the present specification, the communication system of the public network is described as being WLAN, but may be operated according to any other communication system such as Bluetooth.

The base station 510 is a device that serves as a contact point when a wireless terminal having a WLAN communication function connects to the WLAN 500. For example, the base station 510 receives a connection from the WLAN terminal 100. When the communication method of the public network is WLAN, the base station 510 corresponds to an access point. Note that the base station 510 can support one or more authentication protocols. Although omitted in FIG. 3, a plurality of base stations 510 may exist in the wireless communication system 1. For example, the BSSID (Basic Service Set Identifier) and the operating frequency may be different among the plurality of base stations 510.

(3) Supplement Although not shown in FIG. 3, a certificate authority may exist outside the wireless communication system 1. The certificate authority issues an electronic certificate for EAP-TLS.

<2.2. Configuration example of WLAN terminal>
FIG. 4 is a block diagram illustrating an example of a logical configuration of the WLAN terminal 100 according to the present embodiment. As illustrated in FIG. 4, the WLAN terminal 100 includes a wireless communication unit 110, an output unit 120, a storage unit 130, and a processing unit 140.

(1) Wireless communication unit 110
The wireless communication unit 110 is a communication module that transmits / receives data to / from an external device. The wireless communication unit 110 can perform wireless communication using various communication methods. For example, the wireless communication unit 110 includes a WLAN module 112 and can perform wireless communication using Wi-Fi (registered trademark) or WLAN. The wireless communication unit 110 includes a BT (Bluetooth) module 114 and can perform wireless communication using Bluetooth. The wireless communication unit 110 includes an NFC module 116 and can perform wireless communication using NFC.

For example, the wireless communication unit 110 can function as a first wireless communication unit that performs pairing and wireless communication with the WWAN terminal 200. For example, the wireless communication unit 110 performs pairing and wireless communication with the WWAN terminal 200 using a near field communication method such as NFC, Bluetooth, Bluetooth Low Energy, Wi-Fi Direct (registered trademark), or WLAN. In addition, the wireless communication unit 110 may perform pairing and wireless communication with the WWAN terminal 200 using a short-range wireless communication method such as ZigBee (registered trademark) or IrDA (Infrared Data Association).

For example, the wireless communication unit 110 can function as a second wireless communication unit that performs wireless communication by connecting to a public network. For example, the wireless communication unit 110 connects to the WLAN 500 using a wireless communication method such as WLAN. The public network may support any wireless communication method other than WLAN, and in that case, the wireless communication unit 110 can connect to the public network using a wireless communication method according to the public network. Further, the wireless communication unit 110 may perform measurement processing such as measuring RSSI (Received Signal Strength Indicator) from the strength of the signal received from the WLAN 500.

The wireless communication unit 110 may perform wireless communication using the same communication method for wireless communication with the WWAN terminal 200 and wireless communication with the public network. For example, the wireless communication unit 110 may connect to the WLAN 500 while communicating with the WWAN terminal 200 using WLAN.

The wireless communication unit 110 includes ZigBee (registered trademark, IEEE 802.15.4), Z-Wave (registered trademark), ANT (registered trademark), ANT + (registered trademark), WiSUN (registered trademark, IEEE 802.15). .4g), wireless communication may be performed using other communication methods such as Wi-Fi Direct (registered trademark). Further, the wireless communication unit 110 may function as a mesh network node, and may perform wireless communication using, for example, IEEE 802.11s. Of course, the mesh network may be formed using other communication methods such as Bluetooth or ZigBee.

(2) Output unit 120
The output unit 120 has a function of outputting information by video, image, audio, or the like. The output unit 120 is realized by, for example, a CRT (Cathode Ray Tube) display device, a liquid crystal display (Liquid Crystal Display) device, a speaker, or the like.

(3) Storage unit 130
The storage unit 130 is a part that records and reproduces data on a predetermined recording medium. For example, the storage unit 130 may store information received from the WWAN terminal 200 by the wireless communication unit 110.

(4) Processing unit 140
The processing unit 140 functions as an arithmetic processing device and a control device, and controls the overall operation within the WLAN terminal 100 according to various programs. As illustrated in FIG. 4, the processing unit 140 includes an acquisition unit 142, a selection unit 144, a notification unit 146, and an authentication processing unit 148. The processing unit 140 may further include other components other than these components. That is, the processing unit 140 can have functions other than the functions of these components.

The functions of the acquisition unit 142, the selection unit 144, the notification unit 146, and the authentication processing unit 148 will be described in detail later.

<2.3. Configuration example of WWAN terminal>
FIG. 5 is a block diagram illustrating an example of a logical configuration of the WWAN terminal 200 according to the present embodiment. As illustrated in FIG. 5, the WWAN terminal 200 includes a wireless communication unit 210, a storage unit 220, an authentication information storage unit 230, and a processing unit 240.

(1) Wireless communication unit 210
The wireless communication unit 210 is a communication module that transmits / receives data to / from an external device. The wireless communication unit 210 can perform wireless communication using various communication methods. For example, the wireless communication unit 210 includes a WWAN module 212 and can perform wireless communication using the WWAN 300. The wireless communication unit 210 includes a WLAN module 214 and can perform wireless communication using Wi-Fi or WLAN. The wireless communication unit 210 includes a BT module 216 and can perform wireless communication using Bluetooth. The wireless communication unit 210 includes an NFC module 218 and can perform wireless communication using NFC.

For example, the wireless communication unit 210 can function as a fourth wireless communication unit that performs pairing and wireless communication with the WLAN terminal 100. For example, the wireless communication unit 210 performs pairing and wireless communication with the WLAN terminal 100 using a short-range wireless communication method such as NFC, Bluetooth, Bluetooth Low Energy, Wi-Fi Direct, or WLAN. In addition, the wireless communication unit 210 may perform pairing and wireless communication with the WLAN terminal 100 using a short-range wireless communication method such as ZigBee or IrDA (Infrared Data Association). Further, the wireless communication unit 210 can function as a third wireless communication unit that performs wireless communication by connecting to the WWAN 300 using the WWAN module 212. For example, the wireless communication unit 210 communicates with the authentication server 340 via the WWAN module 212. In addition, the wireless communication unit 210 can function as a fifth wireless communication unit that performs wireless communication by connecting to the WLAN 500 using the WLAN module 214. For example, the wireless communication unit 210 communicates with the base station 510 via the WLAN module 214.

The wireless communication unit 210 wirelessly uses other communication methods such as ZigBee (IEEE 802.15.4), Z-Wave, ANT, ANT +, WiSUN (IEEE 802.15.4g), Wi-Fi Direct, and the like. Communication may be performed. Further, the wireless communication unit 210 may function as a mesh network node, and may perform wireless communication using, for example, IEEE 802.11s. Of course, the mesh network may be formed using other communication methods such as Bluetooth or ZigBee.

(2) Storage unit 220
The storage unit 220 is a part that records and reproduces data on a predetermined recording medium. For example, the storage unit 220 may store information received from the WWAN 300 by the wireless communication unit 210. For example, the storage unit 220 may store device information of the WLAN terminal 100 with which pairing has been established, capability information, or information indicating the purpose of wireless communication with the WLAN 500.

(3) Authentication information storage unit 230
The authentication information storage unit 230 has a function of storing authentication information for the network. For example, the authentication information storage unit 230 is realized by a SIM card that stores subscriber identification information for the WWAN 300. In addition, the authentication information storage unit 230 may be realized as a storage medium that stores an electronic certificate for EAP-TLS or a user name and password for EAP-TTLS. Further, the authentication information storage unit 230 may be realized as a storage medium that stores a pre-shared key (PSK: Phase Shift Keying) or a passphrase for WPA2-PSK or WPA-PSK.

(4) Processing unit 240
The processing unit 240 functions as an arithmetic processing device and a control device, and controls the overall operation within the WWAN terminal 200 according to various programs. As illustrated in FIG. 5, the processing unit 240 includes a selection unit 242, an authentication processing unit 244, and a tethering processing unit 246. Note that the processing unit 240 may further include other components other than these components. That is, the processing unit 240 can have functions other than the functions of these components.

The functions of the selection unit 242, the authentication processing unit 244, and the tethering processing unit 246 will be described in detail later.

<< 3. First Embodiment >>
<3.1. Technical features>
(1) Acquisition of Network Information The WLAN terminal 100 (for example, the acquisition unit 142) acquires network information related to a wireless network operated by the wireless station from each of one or more wireless stations. For example, the WLAN terminal 100 causes the wireless communication unit 110 to receive a notification signal (for example, a beacon) issued by a wireless station and transmit a network information request (for example, a probe request) to the wireless station that is the notification source of the notification signal. Then, network information is acquired based on the result. The network information may include, for example, radio station identification information, channel information, RSSI information, communication method information, authentication method information, and the like. The identification information may be, for example, an SSID (Service Set Identifier), a BSSID (Basic Service Set Identifier), or an ESSID (Extended Service Set Identifier). The communication method information is information indicating a communication method supported by the wireless station, and may include, for example, information indicating whether each of 802.11a, 11b, 11g, 11n, and 11ac is supported. The authentication method information is information indicating an authentication method supported by the wireless station, and may include, for example, information indicating whether or not 802.1X authentication is supported.

The wireless station from which network information is acquired as a connection destination candidate may be the base station 510 or the WWAN terminal 200 operable as a tethering AP. In the latter case, the network information may be acquired from the WWAN terminal 200 that is operating as a tethering AP, or may be acquired from the WWAN terminal 200 that is not operating as a tethering AP.

Further, the acquisition of network information may be performed by the WWAN terminal 200. In that case, even if the WWAN terminal 200 is not operating as a tethering AP, the WWAN terminal 200 can acquire information known to itself such as its communication method information.

(2) Connection destination selection The WLAN terminal 100 (for example, the selection unit 144) selects a connection destination radio station based on one or more acquired networks.

For example, the WLAN terminal 100 selects a wireless station based on information indicating the state of the wireless communication environment between the WLAN terminal 100 and the wireless station, such as RSSI information and channel information. Specifically, the WLAN terminal 100 may preferentially select a radio station that has good RSSI and is not congested. As a result, a more suitable connection destination can be selected.

For example, the WLAN terminal 100 selects a radio station based on the communication method information. Specifically, the WLAN terminal 100 may preferentially select a radio station that supports a communication method with a higher transmission speed. As a result, a more suitable connection destination can be selected.

For example, the WLAN terminal 100 selects a radio station based on the authentication method information. Specifically, the WLAN terminal 100 may preferentially select a radio station that is compatible with an authentication method with higher security and higher usability. As a result, a more suitable connection destination can be selected.

For example, the WLAN terminal 100 may select a connection destination radio station based on the connection history of the WWAN terminal 200. Specifically, the WLAN terminal 100 refers to the connection history of the WWAN terminal 200 and prioritizes a wireless station connected in the past or a wireless station connected more recently when there are a plurality of wireless stations connected in the past. May be selected. Based on the connection history, it is possible to select a connection destination with a connection history in the past. In addition, since a connection destination that has generated authentication information in the past is selected, generation of authentication information by the WWAN terminal 200 can be omitted. Note that the WLAN terminal 100 may also be used for selecting a connection-destination radio station with reference to its own connection history.

For example, the WLAN terminal 100 may select a connection destination radio station based on a network selection policy. The network selection policy is information including information relating to a network communication method, network priority, and network identification information. Based on the network selection policy, a more appropriate connection destination can be selected.

As an example, for an ANDSF Management Object with the name NetworkSelectionPolicy, there are two types of Policy, Set_1 and Set_2, and the priority is defined by Rule Priority. Note that Set_1 includes information regarding the three networks, and the priority order is set by AccessNetworkPriority.

./ANDSF/Name=NetworkSelectionPolicy
./ANDSF/Policy/Set_1/RulePriority=1
./ANDSF/Policy/Set_1/PrioritizedAccess/1/AccessTechnology=WLAN
./ANDSF/Policy/Set_1/PrioritizedAccess/1/AccessID=HotSpotSSID1
./ANDSF/Policy/Set_1/PrioritizedAccess/1/AccessNetworkPriority=10
./ANDSF/Policy/Set_1/PrioritizedAccess/2/AccessTechnology=WLAN
./ANDSF/Policy/Set_1/PrioritizedAccess/2/AccessID=HotSpotSSID2
./ANDSF/Policy/Set_1/PrioritizedAccess/2/AccessNetworkPriority=20
./ANDSF/Policy/Set_1/PrioritizedAccess/3/AccessTechnology=WLAN
./ANDSF/Policy/Set_1/PrioritizedAccess/3/AccessID=HotSpotSSID3
./ANDSF/Policy/Set_1/PrioritizedAccess/3/AccessNetworkPriority=30
./ANDSF/Policy/Set_2/RulePriority=2
./ANDSF/Policy/Set_2/PrioritizedAccess/1/AccessTechnology=WLAN
./ANDSF/Policy/Set_2/PrioritizedAccess/1/AccessID=HomeSSID
./ANDSF/Policy/Set_2/PrioritizedAccess/1/AccessNetworkPriority=10

The connection destination may be selected by the WWAN terminal 200 (for example, the selection unit 242).

(3) Authentication Method Selection The WLAN terminal 100 (for example, the selection unit 144) selects an authentication method based on network information of a connection destination wireless station.

For example, the WLAN terminal 100 may select an authentication method based on the strength of security. Specifically, the WLAN terminal 100 preferentially selects an authentication method with high security strength. This makes it possible to connect to a more secure network.

For example, the WLAN terminal 100 may select an authentication method based on high usability. Specifically, the WLAN terminal 100 preferentially selects an authentication method that does not require manual operation such as password entry by the user or installation of an electronic certificate. As a result, it is possible to improve convenience related to authentication to the network.

Specifically, when an authentication method having a higher priority is arranged in the order of lower priority, for example, EAP-AKA ′, EAP-AKA, EAP-SIM, EAP-TLS, EAP-TTLS, WPA2-PSK, and WPA-PSK are obtained. . The higher the priority, the higher the security strength and the higher usability. Also, the lower the priority, the lower the security strength and the lower the usability.

Here, if there is only one authentication method supported by the wireless station selected as the connection destination, the authentication method is uniquely determined and the selection of the authentication method is omitted.

Further, the WLAN terminal 100 may select an authentication method after selecting a connection-destination wireless station, or may select a connection-destination wireless station after selecting an authentication method. For example, for devices with poor input means such as HMD (Head Mounted Display), the latter selection order in which an authentication method such as EAP-AKA that does not require user input is preferentially selected is desirable. In addition, the WLAN terminal 100 may simultaneously select a connection destination wireless station and an authentication method.

Note that the selection of the authentication method may be performed by the WWAN terminal 200 (for example, the selection unit 242).

(4) Determination of selection subject As described above, either the WLAN terminal 100 or the WWAN terminal 200 may perform selection of a connection destination radio station and selection of an authentication method. Therefore, the WLAN terminal 100 (for example, the selection unit 144) determines whether the wireless terminal and the authentication method of the connection destination are selected by the WLAN terminal 100 or the WWAN terminal 200. For example, the WLAN terminal 100 may select a person who has a network selection policy as a selection subject, and if both have a selection subject, may have a more recent one as a selection subject. Further, the WLAN terminal 100 may use the WLAN terminal 100 as a selection subject by default. In addition, before the WWAN terminal 200 operates as a tethering AP, the WLAN terminal 100 is difficult to acquire network information when the WWAN terminal 200 operates as a tethering AP. Good. As described above, the WLAN terminal 100 can flexibly change the connection-destination radio station and the authentication method selection subject according to the situation.

Note that if the device that acquired the network information is different from the selected entity, the network information is notified to the selected entity. For example, when the selection subject is the WWAN terminal 200, the WLAN terminal 100 (notification unit 146) notifies the acquired network information to the WWAN terminal 200. The reverse is also true.

(5) Authentication Process The WLAN terminal 100 (for example, the authentication processing unit 148) performs an authentication process using the authentication information of the WWAN terminal 200. For example, the WLAN terminal 100 authenticates to the network by EAP-AKA ′, EAP-AKA, or EAP-SIM using the subscriber identification information of the WWAN terminal 200. Further, the WLAN terminal 100 may authenticate to the network by EAP-TLS using the electronic certificate of the WWAN terminal 200. Also, the WLAN terminal 100 may authenticate to the network by EAP-TTLS using the user name and password of the WWAN terminal 200. Further, the WLAN terminal 100 may authenticate to the network using WPA2-PSK or WPA-PSK using the PSK or passphrase of the WWAN terminal 200. As described above, the WLAN terminal 100 can use the authentication information of the WWAN terminal 200 to authenticate to a network that is difficult to authenticate by itself and connect to the Internet.

The WWAN terminal 200 (for example, the authentication processing unit 244) provides authentication information used in authentication processing by the WLAN terminal 100. As a result, the WLAN terminal 100 can authenticate to the network. Note that the WWAN terminal 200 may provide authentication information based on a request from the WLAN terminal 100 when the selection subject of the connection destination wireless station is the WLAN terminal 100. Further, when the selection subject of the connection destination wireless station is itself, the WWAN terminal 200 may provide authentication information together with information indicating the connection destination wireless station.

Here, the authentication information provided may not be the information itself stored in the authentication information storage unit 230. For example, the WWAN terminal 200 provides authentication information generated based on at least one of subscriber identification information, electronic certificate, user name and password, PSK or passphrase stored in the authentication information storage unit 230. May be. Thereby, the confidential information of the WWAN terminal 200 is prevented from being leaked, and security can be ensured.

For providing authentication information, a short-range wireless communication system such as Bluetooth or NFC can be used. Of course, Wi-Fi Direct or the like may be used to provide authentication information. Regardless of which communication standard is used, it is desirable that a direct communication path be established between the WLAN terminal 100 and the WWAN terminal 200.

(6) Tethering The WWAN terminal 200 (for example, the tethering processing unit 246) may perform processing for functioning as a wireless station. More simply, the WWAN terminal 200 may operate as a tethering AP.

The WWAN terminal 200 (for example, the tethering processing unit 246) may perform processing for functioning as a tethering AP with a request from the WLAN terminal 100 as a trigger. Specifically, the WWAN terminal 200 may perform processing for functioning as a tethering AP with the reception of a request for authentication information from the WLAN terminal 100 as a trigger. For example, the WWAN terminal 200 may be triggered by reception of a request for authentication information from the WLAN terminal 100 to the tethering AP (that is, a request for authentication information specifying identification information of the WWAN terminal 200 itself). Further, the WWAN terminal 200 may be triggered by the reception of a request for authentication information related to the base station 510 that does not have authentication information. In this way, the WWAN terminal 200 can start (that is, can be activated) as a tethering AP with the reception of a signal from the WLAN terminal 100 as a trigger. This eliminates the need for manual operation such as connection setting to the tethering AP and tethering ON / OFF in the WWAN terminal 200, thereby improving convenience.

(7) User Interface The WLAN terminal 100 (for example, the acquisition unit 142, the selection unit 144, the notification unit 146, and the authentication processing unit 148) can output information indicating the processing content. 6 and 7 show examples of user interfaces that can be output to the output unit 120. FIG. For example, when obtaining network information or selecting a connection destination, the user interface 11 is displayed. In addition, when an authentication process for a specific wireless station is performed, the user interface 12 is displayed. Note that “AP_NAME” in the figure is the name of the wireless station. Further, when the authentication to the wireless station is successful and the wireless connection is established, the user interface 13 is displayed. On the other hand, if the authentication to the wireless station fails, a user interface 14 is displayed to search for another connection destination and connect again. When the connection (that is, authentication) is successful again, the user interface 13 is displayed. Note that the user can interrupt the connection process at any time by pressing a cancel button.

The technical features of the wireless communication system 1 according to this embodiment have been described above. Next, an example of a processing flow in the wireless communication system 1 according to the present embodiment will be described with reference to FIGS.

<3.2. Flow of processing>
(1) First Connection Processing Example First, a case where the selection subject is the WLAN terminal 100 and the connection destination is the base station 510 will be described with reference to FIGS.

FIG. 8 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 8, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.

In addition, regarding the WLAN terminal 100 and the WWAN terminal 200, the communication module used for message exchange is illustrated with the word “module” omitted. For example, a message having a WLAN (Wi-Fi) module 112 as a starting point or an ending point indicates that the WLAN module 112 transmits and receives. The same applies to the BT module 114, the WWAN module 212, and the BT module 216. In addition, it is assumed that the WLAN terminal 100 and the WWAN terminal 200 have been previously paired by near field communication (for example, Bluetooth) and a communication path has been established. In the following description, it is omitted which communication module is sending and receiving messages. These points are the same in other sequences after FIG.

As shown in FIG. 8, first, the WLAN terminal 100 transmits a network information request to the base station 510 (step S102), and receives network information from the base station 510 (step S104). This series of procedures is, for example, a probe process.

Next, the WLAN terminal 100 performs a selection process (step S106). For example, the WLAN terminal 100 selects a connection destination radio station based on the acquired network information, connection history, and network selection policy, and selects an authentication method. In this sequence, it is assumed that the base station 510 is selected as the connection destination.

Next, the WLAN terminal 100 performs an authentication process (step S108). For example, the WLAN terminal 100 uses the authentication information provided from the WWAN terminal 200 to perform an authentication process for a connection destination wireless station (that is, the base station 510 in this sequence). The authentication process will be described in detail later with reference to FIGS.

Next, the WLAN terminal 100 establishes a security session (step S110). For example, the WLAN terminal 100 performs 4-Way Handshake with the connected wireless station. In 4-Way Handshake, the WLAN terminal 100 generates key information by exchanging random numbers and MAC addresses with a connected wireless station, and establishes a security session.

Then, the WLAN terminal 100 establishes an IP session with the connection destination wireless station (step S112). For example, the WLAN terminal 100 receives an IP address assignment by DHCP (Dynamic Host Configuration Protocol) or the like and establishes an IP session.

This completes the process.

FIG. 9 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 9, the WWAN terminal 200, the WLAN terminal 100, and a plurality of base stations 510 (that is, 510A, 510B, and 510C) are involved in this sequence.

As shown in FIG. 9, first, the WLAN terminal 100 transmits a network information request to the base station 510A (step S102A) and receives network information from the base station 510A (step S104A). Similarly, the WLAN terminal 100 transmits a network information request to the base station 510B (step S102B) and receives network information from the base station 510B (step S104B). Further, the WLAN terminal 100 transmits a network information request to the base station 510C (step S102C) and receives network information from the base station 510C (step S104C).

Next, the WLAN terminal 100 performs a selection process (step S106). For example, the WLAN terminal 100 selects a connection destination wireless station based on the acquired three pieces of network information, and selects an authentication method. In this sequence, it is assumed that the base station 510C is selected as the connection destination. Note that the WLAN terminal 100 may perform the selection process after the network information from all the base stations 510 (that is, 510A, 510B, and 510C) that requested the network information has been prepared, or each time it is received. A selection process may be performed.

Next, the WLAN terminal 100 performs an authentication process for the base station 510C (step S108), establishes a security session with the base station 510C (step S110), and establishes an IP session (step S112).

This completes the process.

(2) Second Connection Processing Example Next, a case where the selection subject is the WLAN terminal 100 and the connection destination is the WWAN terminal 200 operating as a tethering AP will be described with reference to FIGS. 10 and 11.

FIG. 10 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 10, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence. It is assumed that the WWAN terminal 200 is not operating as a tethering AP at the start of this sequence.

As shown in FIG. 10, first, the WLAN terminal 100 transmits a network information request to the base station 510 (step S202), and receives network information from the base station 510 (step S204).

Next, the WLAN terminal 100 performs a selection process (step S206). In this sequence, it is assumed that the WWAN terminal 200 is selected as the connection destination.

Next, the WLAN terminal 100 performs an authentication process (step S208). In this authentication process, the WLAN terminal 100 activates the WWAN terminal 200 as a tethering AP by transmitting a request for authentication information to the tethering AP to the WWAN terminal 200.

Next, the WLAN terminal 100 establishes a security session with the WWAN terminal 200 (step S210) and establishes an IP session (step S212).

This completes the process.

In the above description, as an example, an example has been described in which the WWAN terminal 200 is activated as a tethering AP when the WWAN terminal 200 is selected as a connection destination in step S208. As another example, the WWAN terminal 200 can be activated as a tethering AP even when a base station 510 to which the WWAN terminal 200 does not have authentication information is selected as a connection destination in step S208. This point will be described in detail later with reference to FIG.

In the above description, as an example, the example in which the WWAN terminal 200 not operating as the tethering AP is selected as the connection destination in step S206 has been described. As another example, in step S206, the WLAN terminal 100 may once activate the WWAN terminal 200 as a tethering AP, acquire network information, perform a selection process, and select a connection destination.

FIG. 11 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 11, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence. It is assumed that the WWAN terminal 200 is operating as a tethering AP at the start of this sequence.

As shown in FIG. 11, first, the WLAN terminal 100 transmits a network information request to the base station 510 (step S202A) and receives network information from the base station 510 (step S204A). Similarly, the WLAN terminal 100 transmits a network information request to the WWAN terminal 200 that operates as a tethering AP (step S202B), and receives network information from the WWAN terminal 200 (step S204B).

Next, the WLAN terminal 100 performs an authentication process for the WWAN terminal 200 (step S208), establishes a security session with the WWAN terminal 200 (step S210), and establishes an IP session (step S212).

This completes the process.

(3) Third Connection Processing Example Next, a case where the selection subject is the WWAN terminal 200 and the connection destination is the base station 510 will be described with reference to FIGS. 12 and 13.

FIG. 12 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 12, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.

As shown in FIG. 12, first, the WLAN terminal 100 transmits a network information request to the base station 510 (step S302), and receives network information from the base station 510 (step S304).

Next, the WLAN terminal 100 notifies the WWAN terminal 200 of the network information acquired from the base station 510 (step S306). Specifically, the WLAN terminal 100 determines that the connection-target radio station and authentication method selection entity is the WWAN terminal 200 and notifies the WWAN terminal 200 of network information.

Next, the WWAN terminal 200 performs a selection process (step S308). For example, the WWAN terminal 200 selects a connection-destination radio station based on the acquired network information, connection history, and network selection policy, and selects an authentication method. In this sequence, it is assumed that the base station 510 is selected as the connection destination.

Next, the WWAN terminal 200 notifies the WLAN terminal 100 of information indicating the selection result (step S310). For example, the WWAN terminal 200 notifies the WLAN terminal 100 of identification information of the selected base station 510, information indicating the selected communication method, information indicating the selected authentication method, and the like.

Next, the WLAN terminal 100 performs an authentication process (step S312). For example, the WLAN terminal 100 performs an authentication process to the base station 510 according to information indicating the selection result notified from the WWAN terminal 200.

Next, the WLAN terminal 100 establishes a security session with the base station 510C (step S314) and establishes an IP session (step S316).

This completes the process.

FIG. 13 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 13, the WWAN terminal 200, the WLAN terminal 100, and a plurality of base stations 510 (that is, 510A, 510B, and 510C) are involved in this sequence.

As shown in FIG. 13, first, the WLAN terminal 100 transmits a network information request to the base station 510A (step S302A) and receives network information from the base station 510A (step S304A). Similarly, the WLAN terminal 100 transmits a network information request to the base station 510B (step S302B) and receives network information from the base station 510B (step S304B). Also, the WLAN terminal 100 transmits a network information request to the base station 510C (step S302C) and receives network information from the base station 510C (step S304C).

Next, the WLAN terminal 100 notifies the WWAN terminal 200 of the network information acquired from the

base stations

510A, 510B and 510C (step S306).

Next, the WWAN terminal 200 performs a selection process (step S308). In this sequence, it is assumed that the base station 510A is selected as the connection destination.

Next, the WWAN terminal 200 notifies the WLAN terminal 100 of information indicating the selection result (step S310).

Next, the WLAN terminal 100 performs an authentication process for the base station 510A (step S312), establishes a security session with the base station 510A (step S314), and establishes an IP session (step S316).

This completes the process.

(4) Fourth Connection Processing Example Next, a case where a mesh network is formed between the WLAN terminal 100 and the WWAN terminal 200 will be described with reference to FIG. In this connection processing example, it is assumed that the selection subject is the WLAN terminal 100 and the connection destination is the base station 510.

FIG. 14 is a sequence diagram showing an example of the flow of connection processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 14, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.

In this connection processing example, it is assumed that a mesh network using a WLAN (for example, 802.11s) is formed between the WLAN terminal 100 and the WWAN terminal 200. For example, the WLAN module 214 of the WWAN terminal 200 and the WLAN module 112A of the WLAN terminal 100 function as a mesh station and can communicate with each other via a mesh network. On the other hand, the WLAN module 112B of the WLAN terminal 100 also functions as a station that performs communication with an AP (for example, the base station 510).

As shown in FIG. 14, first, the WLAN terminal 100 transmits a network information request to the base station 510 (step S402) and receives network information from the base station 510 (step S404).

Next, the WLAN terminal 100 performs a selection process (step S406). In this sequence, it is assumed that the base station 510 is selected as the connection destination.

Next, the WLAN terminal 100 performs an authentication process for the base station 510 (step S408), establishes a security session with the base station 510 (step S410), and establishes an IP session (step S412). Although the authentication process will be described in detail later with reference to FIGS. 15 to 22, communication between the WWAN terminal 200 and the WLAN terminal 100 is performed by a mesh network instead of Bluetooth.

This completes the process.

The first to fourth connection processing examples have been described above. In addition, although description is abbreviate | omitted in this specification, the selection main body may be the WWAN terminal 200 and the WWAN terminal 200 itself which operate | moves as a tethering AP may be sufficient as a connecting point. Next, the authentication process will be described in detail with reference to FIGS.

(4) First Authentication Processing Example First, referring to FIG. 15 and FIG. 16, processing when WPA2-PSK is selected as an authentication method and the WLAN terminal 100 uses the PSK or passphrase of the WWAN terminal 200 for authentication. The flow of will be described. 15 is an example in the case where the authentication destination is the base station 510, and FIG. 16 is an example in the case where the authentication destination is the WWAN terminal 200.

FIG. 15 is a sequence diagram showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 15, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.

As shown in FIG. 15, first, the WLAN terminal 100 transmits a request for authentication information to the WWAN terminal 200 (step S502). For example, the WLAN terminal 100 designates identification information of the connection destination base station 510 and transmits a request for authentication information.

Next, the WLAN terminal 100 receives authentication information from the WWAN terminal 200 (step S504). For example, the WLAN terminal 100 receives a PSK or a passphrase as authentication information.

Next, the WLAN terminal 100 performs association with the base station 510 using the received PSK or passphrase (step S506). When the association with the base station 510 is completed, Wi-Fi operation is started between the WLAN terminal 100 and the base station 510 (step S508).

This completes the process.

FIG. 16 is a sequence diagram showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 16, the WWAN terminal 200, the WLAN terminal 100, and the base station 510 are involved in this sequence.

As shown in FIG. 16, first, the WLAN terminal 100 transmits a request for authentication information to the WWAN terminal 200 (step S602). For example, the WLAN terminal 100 designates identification information of the connection destination base station 510 and transmits a request for authentication information.

Next, the WWAN terminal 200 starts tethering processing and starts up as a tethering AP (step S604). For example, the WWAN terminal 200 may be activated as a tethering AP when it does not have authentication information of the designated base station 510. Further, even if the WWAN terminal 200 has the authentication information of the designated base station 510, the WWAN terminal 200 may be activated as a tethering AP when it is determined that tethering is effective based on communication quality or the like. Further, the WWAN terminal 200 may be activated as a tethering AP when the WWAN terminal 200 itself is designated in the request for authentication information.

Next, the WLAN terminal 100 receives authentication information from the WWAN terminal 200 (step S606). For example, the WLAN terminal 100 receives a PSK or a passphrase as authentication information.

Next, the WLAN terminal 100 performs association with the WWAN terminal 200 using the received PSK or passphrase (step S608). When the association with the WWAN terminal 200 is completed, Wi-Fi operation is started between the WLAN terminal 100 and the WWAN terminal 200 (step S610).

This completes the process.

(5) Second Authentication Processing Example Next, with reference to FIG. 17 and FIG. 18, an authentication method using SIM information (for example, EAP-AKA) is selected, and the WLAN terminal 100 uses the SIM information of the WWAN terminal 200. The flow of processing when using the method for authentication will be described. 17 and 18, an example in which the authentication destination is the base station 510 will be described.

17 and 18 are sequence diagrams showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIGS. 17 and 18, the WWAN terminal 200, the WLAN terminal 100, the base station 510, the authentication server 340, and the subscriber information server 330 are involved in this sequence.

As shown in FIG. 17, first, the WLAN terminal 100 performs association with the base station 510 (step S702). The WLAN terminal 100 establishes a logical connection for authentication processing by association. The WLAN terminal 100 cannot perform data communication other than authentication processing, for example.

Next, the WLAN terminal 100 transmits EAPoL-Start to the base station 510 (step S704).

Next, the base station 510 transmits EAP-Request / Identity to the WLAN terminal 100 (step S706).

Next, the WLAN terminal 100 transmits the EAP-Request / Identity received in step S706 to the WWAN terminal 200 (step S708). This message is a message requesting the WWAN terminal 200 to generate an Identity required for EAP-AKA.

Next, the WWAN terminal 200 refers to the subscriber identification module 230 that the WWAN terminal 200 has and generates Identity (step S710). For example, the control unit 240 generates Identity based on information recorded on a SIM card that is the subscriber identification module 230. When the authentication protocol is EAP-AKA, Identity is generated based on IMSI.

The IMSI format is as follows.
<MCC: 3 digits><MNC: 2 or 3 digits><MSIN: Maximum 10 digits>

Here, MCC (Mobile Country Code) is information indicating the country, MNC (Mobile Network Code) is information indicating the operator, and MSIN (Mobile Subscriber Identification Number) is information indicating the subscriber identification code. It is.

Also, the format of Identity is as follows.
0 <IMSI> @wlan. mnc <MNC>. mcc <MCC>. 3gppnetwork. org

For example, it is assumed that the MNC is 3 digits and the IMSI is “1234560125345678”. In this case, Identity is “01234560125345678@wlan.mnc456.mcc123.3gppnetwork.org”. The identity generation processing in step S710 has been described above.

Next, the WWAN terminal 200 returns EAP-Response / Identity to the WLAN terminal 100 (step S712). This message stores the Identity generated in step S710.

Next, the WLAN terminal 100 transfers the received EAP-Response / Identity to the base station 510 (step S714).

Next, the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S716). In this message, the Identity generated by the WWAN terminal 200 is stored.

Next, the authentication server 340 transmits a Retrieval-Authentication-Vector to the subscriber information server 330 and requests an authentication vector for Identity (step S718). In this message, the Identity generated by the WWAN terminal 200 is stored. An authentication vector is a set of information required for authenticating a connected terminal. In the case of EAP-AKA, the authentication vector includes the following information.

RAND: random value. Used as a challenge.
AUTN: A value for the terminal to authenticate the network.
XRES: expected response value for challenge.
IK: Message integrity verification key.
CK: Key for message encryption.

Next, the subscriber information server 330 executes the AKA algorithm and generates an authentication vector corresponding to the Identity stored in the received message (step S720).

Next, as shown in FIG. 18, the subscriber information server 330 transmits the generated authentication vector to the authentication server 340 (step S722).

Next, the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S724). In this message, the authentication vector generated by the subscriber information server 330 is stored. Here, the authentication server 340 newly calculates a MAC (Message Authentication Code) and adds it to the message. This MAC is used by the WLAN terminal 100 to verify the integrity of this message.

Next, the base station 510 transmits EAP-Request / AKA-Challenge to the WLAN terminal 100 (step S726). This message includes authentication vectors RAND and AUTN, and MAC. The authentication vectors XRES, IK, and CK are held by the base station 510 and are not transmitted to the WLAN terminal 100.

Next, the WLAN terminal 100 transmits EAP-Request / AKA-Challenge to the WWAN terminal 200 (step S728). This message is a message requesting the WWAN terminal 200 to generate a response value (RES) and a session key (IK, CK).

Next, the WWAN terminal 200 executes the AKA algorithm to generate the RES, MAC, and session key (IK, CK) corresponding to the received EAP-Request / AKA-Challenge (step S730).

Next, the WWAN terminal 200 transmits EAP-Response / AKA-Challenge to the WLAN terminal 100 (step S732). In this message, the RES, MAC, and session key generated by the WWAN terminal 200 are stored.

Next, the WLAN terminal 100 transfers the received EAP-Response / AKA-Challenge to the base station 510 (step S734).

Next, the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S736). This message stores the RES, MAC, and session keys (IK, CK) generated by the WWAN terminal 200.

Next, the authentication server 340 verifies the received RES (step S738). Specifically, the authentication server 340 verifies that the RES generated by the WWAN terminal 200 matches the XRES generated by the subscriber information server 330 and the integrity of the message by MAC.

Next, the authentication server 340 transmits RADIUS-Access-Accept to the base station 510 (step S740). This message indicates that the connection is permitted.

Next, the base station 510 transmits EAP-Success to the WLAN terminal 100 (step S742). This message indicates that the authentication process has been successful for the WLAN terminal 100.

Next, the base station 510 transmits EAPoL-Key to the WLAN terminal 100 (step S744). This message sends a key for encrypted communication used between the WLAN terminal 100 and the base station 510.

Through the authentication process described above, the connection for WLAN communication is completed between the WLAN terminal 100 and the base station 510 (step S746). Thereby, for example, data communication using Wi-Fi is started between the WLAN terminal 100 and the base station 510.

This completes the process.

(6) Third Authentication Processing Example Next, with reference to FIG. 19 and FIG. 20, the processing when EAP-TLS is selected as the authentication method and the WLAN terminal 100 uses the TLS information of the WWAN terminal 200 for authentication. The flow will be described. 19 and 20, an example in which the authentication destination is the base station 510 will be described.

19 and 20 are sequence diagrams showing an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIG. 19 and FIG. 20, the WWAN terminal 200, the WLAN terminal 100, the base station 510, and the authentication server 340 are involved in this sequence.

As shown in FIG. 19, first, the WLAN terminal 100 performs association with the base station 510 (step S802). The WLAN terminal 100 establishes a logical connection for authentication processing by association. The WLAN terminal 100 cannot perform data communication other than authentication processing, for example.

Next, the WLAN terminal 100 transmits EAPoL-Start to the base station 510 (step S804).

Next, the base station 510 transmits EAP-Request / Identity to the WLAN terminal 100 (step S806).

Next, the WLAN terminal 100 transmits EAP-Request / Identity to the WWAN terminal 200 (step S808). This message is a message requesting the WWAN terminal 200 to generate an Identity required for EAP-TLS.

Next, the WWAN terminal 200 transmits the generated Identity as EAP-Response / Identity to the WLAN terminal 100 (step S810).

Next, the WLAN terminal 100 transmits EAP-Response / Identity to the base station 510 (step S812).

Next, the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S814).

Next, the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S816). With this message, the authentication server 340 notifies the base station 510 of TLS Start.

Next, the base station 510 transmits EAP-Request / TLS Start to the WLAN terminal 100 (step S818). This message includes a notification of TLS Start.

Next, the WLAN terminal 100 transmits a Request / TLS Start to the WWAN terminal 200 (step S820). This message is a message for requesting the WWAN terminal 200 to start TLS.

Next, the WWAN terminal 200 transmits Response / TLS Client Hello to the WLAN terminal 100 (step S822). Transmission and reception of subsequent messages including this message are performed using the encryption key included in the electronic certificate.

Next, the WLAN terminal 100 transfers the message received in step S822 to the base station 510 as EAP-Response / TLS ClientHello (step S824).

Next, the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S826). This message includes the TLS Client Hello message received in step S824.

Next, as shown in FIG. 20, the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S828). This message includes Server Certificate. Specifically, this message includes messages such as TLS server_hello, TLS certificate, TLS server_key_change, TLS certificate_request, and TLS server_hello_done.

Next, the base station 510 transfers the message received in step S828 to the WLAN terminal 100 (step S830). Here, for simplicity, it is illustrated as EAP-Request / passthrough.

Next, the WLAN terminal 100 transfers the message received in step S830 to the WWAN terminal 200 (step S832). Here, for simplicity, it is illustrated as Request / passthrough.

Next, the WWAN terminal 200 transmits a response to the WLAN terminal 100 (step S834). This message includes Client Certificate. Specifically, this message includes messages such as TLS certificate, TLS client_key_exchange, TLS_certificate_verity, TLS change_cipher_spec, and TLS finished.

Next, the WLAN terminal 100 transmits an EAP-Response to the base station 510 (step S836). This message includes the message received in step S834.

Next, the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S838). This message includes the message received in step S836.

Next, the authentication server 340 transmits RADIUS-Access-Challenge to the base station 510 (step S840). This message includes messages such as TLS change_cipher_spec and TLS finished.

Next, the base station 510 transfers the message received in step S840 to the WLAN terminal 100 (step S842). Here, for simplicity, it is illustrated as EAP-Request / passthrough.

Next, the WLAN terminal 100 transfers the message received in step S842 to the WWAN terminal 200 (step S844). Here, for simplicity, it is illustrated as Request / passthrough.

Next, the WWAN terminal 200 transmits a response to the WLAN terminal 100 (step S846).

Next, the WLAN terminal 100 transmits an EAP-Response to the base station 510 (step S848).

Next, the base station 510 transmits RADIUS-Access-Request to the authentication server 340 (step S850).

Next, the authentication server 340 transmits RADIUS-Access-Accept to the base station 510 (step S852). This message indicates that the authenticating terminal is a valid user and the connection is permitted.

Next, the base station 510 transmits EAP-Success to the WLAN terminal 100 (step S854). This message indicates that the authentication process has been successful.

Next, the base station 510 transmits EAPoL-Key to the WLAN terminal 100 (step S856). This message sends a key for encrypted communication used between the WLAN terminal 100 and the base station 510.

Through the authentication process described above, the connection for WLAN communication is completed between the WLAN terminal 100 and the base station 510 (step S858). Thereby, for example, data communication using Wi-Fi is started between the WLAN terminal 100 and the base station 510.

This completes the process.

(7) Fourth Authentication Processing Example Next, referring to FIGS. 21 and 22, EAP-TTLS is selected as the authentication method, and the WLAN terminal 100 authenticates the certificate information, user name, and password of the WWAN terminal 200. The flow of processing when used in the above will be described. 21 and 22, an example in which the authentication destination is the base station 510 will be described.

21 and 22 are sequence diagrams illustrating an example of the flow of authentication processing executed in the wireless communication system 1 according to the present embodiment. As shown in FIGS. 21 and 22, the WWAN terminal 200, the WLAN terminal 100, the base station 510, the TLS server 360 and the authentication server 340 are involved in this sequence.

As shown in FIG. 21, first, the WLAN terminal 100 performs association with the base station 510 (step S902). The WLAN terminal 100 establishes a logical connection for authentication processing by association. The WLAN terminal 100 cannot perform data communication other than authentication processing, for example.

Next, the WLAN terminal 100 transmits EAPoL-Start to the base station 510 (step S904).

Next, the base station 510 transmits EAP-Request / Identity to the WLAN terminal 100 (step S906).

Next, the WLAN terminal 100 transmits EAP-Request / Identity to the WWAN terminal 200 (step S908). This message is a message for requesting the WWAN terminal 200 to generate an Identity required for EAP-TTLS.

Next, the WWAN terminal 200 transmits the generated Identity as EAP-Response / Identity to the WLAN terminal 100 (step S910).

Next, the WLAN terminal 100 transmits EAP-Response / Identity to the base station 510 (step S912).

Next, the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S914).

Next, the TLS server 360 transmits RADIUS-Access-Challenge to the base station 510 (step S916). With this message, the authentication server 340 notifies the base station 510 of TLS Start.

Next, the base station 510 transfers the message received in step S916 to the WLAN terminal 100 (step S918). Here, for simplicity, it is illustrated as EAP-Request / passthrough.

Next, the WLAN terminal 100 transfers the message received in step S918 to the WWAN terminal 200 (step S920). Here, for simplicity, it is illustrated as Request / passthrough. This message includes a TTL Start notification. That is, this message is a message for requesting the WWAN terminal 200 to start TLS.

Next, the WWAN terminal 200 transmits Response / TTL Client Hello to the WLAN terminal 100 (step S922). Transmission and reception of subsequent messages including this message are performed using the encryption key included in the electronic certificate.

Next, the WLAN terminal 100 transfers the message received in step S922 to the base station 510 (step S924). Here, for simplicity, EAP-Response / passthrough is illustrated.

Next, the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S926). This message includes the TLS Client Hello message received in step S924.

Next, as shown in FIG. 22, the TLS server 360 transmits RADIUS-Access-Challenge to the base station 510 (step S928). This message includes Server Certificate. Specifically, this message includes messages such as TLS ServerHello, Certificate, ServerKeyExchange, and ServerHelloDone.

Next, the base station 510 transfers the message received in step S928 to the WLAN terminal 100 (step S930). Here, for simplicity, it is illustrated as EAP-Request / passthrough.

Next, the WLAN terminal 100 transfers the message received in step S930 to the WWAN terminal 200 (step S932). Here, for simplicity, it is illustrated as Request / passthrough.

Next, the WWAN terminal 200 transmits a response to the WLAN terminal 100 (step S934). This message includes Client Key Exchange. Specifically, this message includes messages such as TTL ClientKeyExchange, ChangeCipherSpec, and Finished.

Next, the WLAN terminal 100 transfers the message received in step S934 to the base station 510 (step S936). Here, for simplicity, EAP-Response / passthrough is illustrated.

Next, the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S938). This message includes the message received in step S936.

Next, the TLS server 360 transmits RADIUS-Access-Challenge to the base station 510 (step S940). This message includes messages such as TTL ChangeCipherSpec and Finished.

Next, the base station 510 transfers the message received in step S940 to the WLAN terminal 100 (step S942). Here, for simplicity, it is illustrated as EAP-Request / passthrough.

Next, the WLAN terminal 100 transfers the message received in step S942 to the WWAN terminal 200 (step S944). Here, for simplicity, it is illustrated as Request / passthrough.

Next, the WWAN terminal 200 transmits a response to the WLAN terminal 100 (step S946). This message includes User-Name, CHAP-Challenge, CHAP-Password, etc. as authentication information for TLS.

Next, the WLAN terminal 100 transfers the message received in step S946 to the base station 510 (step S948). Here, for simplicity, EAP-Response / passthrough is illustrated.

Next, the base station 510 transmits a RADIUS-Access-Request to the TLS server 360 (step S950). This message includes the message received in step S948.

Next, the TLS server 360 transmits RADIUS-Access-Request to the authentication server 340 (step S952). This message includes authentication information for TLS such as User-Name, CHAP-Challenge, and CHAP-Password.

Next, the authentication server 340 verifies the authentication information for TLS such as User-Name, CHAP-Challenge, and CHAP-Password received in step S952, and if there is no problem, the authentication server 340 sends the RADIUS-Access- to the TTL server 360. “Accept” is transmitted (step S954). This message indicates that the authenticating terminal is a valid user and the connection is permitted.

Next, the TLS server 360 transmits RADIUS-Access-Accept to the base station 510 (step S956).

Next, the base station 510 transmits EAP-Success to the WLAN terminal 100 (step S958). This message indicates that the authentication process has been successful.

Next, the base station 510 transmits EAPoL-Key to the WLAN terminal 100 (step S960). This message sends a key for encrypted communication used between the WLAN terminal 100 and the base station 510.

Through the authentication process described above, the connection for WLAN communication is completed between the WLAN terminal 100 and the base station 510 (step S962). Thereby, for example, data communication using Wi-Fi is started between the WLAN terminal 100 and the base station 510.

This completes the process.

(8) Connection Destination Selection Processing Example Next, with reference to FIG. 23, a flow of processing for selecting a connection destination radio station based on network information will be described. FIG. 23 is a flowchart showing an example of the flow of a connection destination selection process executed in the WLAN terminal 100 according to the present embodiment.

23, first, the WLAN terminal 100 (for example, the selection unit 144) extracts connection destination candidates (step S1002). For example, the WLAN terminal 100 extracts connection destination candidates based on the acquired network information and the connection history of the WWAN terminal 200. There may be no extracted connection destination candidates or there may be a plurality of connection destination candidates.

Next, the WLAN terminal 100 (for example, the selection unit 144) determines whether or not there are unconsidered connection destination candidates (step S1004). The unconsidered connection destination candidates indicate connection destination candidates for which the condition determination according to step S1006 has not been performed.

When it is determined that there is an unconsidered connection destination candidate (step S1004 / YES), the WLAN terminal 100 (for example, the selection unit 144) determines whether the RSSI of the unconsidered connection destination candidate is higher than a threshold value. judge. The threshold value is arbitrary. The threshold value may be set to, for example, −60 dBm, may be set to −50 dBm in a situation where there are a plurality of APs in the surrounding area, or −70 dBm in a situation in which almost no AP exists in the surrounding area. May be set.

When it is determined that the RSSI is higher than the threshold (step S1006 / YES), the WLAN terminal 100 (for example, the selection unit 144) selects the connection destination candidate as the connection destination (step S1008).

On the other hand, if it is determined that the RSSI is lower than the threshold (step S1006 / NO), the WLAN terminal 100 (for example, the selection unit 144) excludes the connection destination candidate under consideration from the candidates (step S1010). Thereafter, the process returns to step S1004 again.

Further, when it is determined that there is no unconsidered connection destination candidate (step S1004 / NO), the WLAN terminal 100 (for example, the selection unit 144) selects the tethering AP as the connection destination (step S1012). Then, the WLAN terminal 100 (for example, the authentication processing unit 148 and the wireless communication unit 110) transmits a request for authentication information to the WWAN terminal 200 (step S1014). Thereby, the WWAN terminal 200 is activated as a tethering AP. Next, the WLAN terminal 100 (for example, the authentication processing unit 148 and the wireless communication unit 110) receives the authentication information from the WWAN terminal 200 (step S1016).

Then, the WLAN terminal 100 (for example, the authentication processing unit 148) performs an authentication process (step S1018). For example, if a connection destination is selected in step S1008, the WLAN terminal 100 performs an authentication process for the connection destination. If the tethering AP is selected as the connection destination in step S1012, the WLAN terminal 100 performs an authentication process on the WWAN terminal 200 that operates as the tethering AP. Here, when the connection destination supports the 802.1X authentication, the WLAN terminal 100 can select an optimum authentication method from any one of EAP-AKA ′, EAP-AKA, EAP-SIM, EAP-TLS, and EAP-TTLS. Select. If the connection destination does not support 802.1X authentication, the WLAN terminal 100 selects WPA-PSK or WPA2-PSK.

If it is determined that the authentication process is successful (step S1020 / YES), the process ends. On the other hand, when it is determined that the authentication process has failed (step S1020 / NO), the process returns to step S1004 again.

This completes the process.

<< 4. Application example >>
The technology according to the present disclosure can be applied to various products. For example, the WLAN terminal 100 and the WWAN terminal 200 are fixed to a mobile terminal such as a smartphone, a tablet PC (Personal Computer), a notebook PC, a portable game terminal or a digital camera, a television receiver, a printer, a digital scanner, or a network storage. It may be realized as a terminal or an in-vehicle terminal such as a car navigation device. The WLAN terminal 100 and the WWAN terminal 200 are terminals (MTC (Machine Type Communication) terminals that perform M2M (Machine To Machine) communication, such as smart meters, vending machines, remote monitoring devices, or POS (Point Of Sale) terminals). May also be realized. Further, the WLAN terminal 100 and the WWAN terminal 200 may be wireless communication modules (for example, integrated circuit modules configured by one die) mounted on these terminals.

<4.1. First application example>
FIG. 24 is a block diagram illustrating an example of a schematic configuration of a smartphone 900 to which the technology according to the present disclosure can be applied. The smartphone 900 includes a processor 901, a memory 902, a storage 903, an external connection interface 904, a camera 906, a sensor 907, a microphone 908, an input device 909, a display device 910, a speaker 911, a wireless communication interface 913, an antenna switch 914, an antenna 915, A bus 917, a battery 918, and an auxiliary controller 919 are provided.

The processor 901 may be, for example, a CPU (Central Processing Unit) or a SoC (System on Chip), and controls the functions of the application layer and other layers of the smartphone 900. The memory 902 includes a RAM (Random Access Memory) and a ROM (Read Only Memory), and stores programs and data executed by the processor 901. The storage 903 can include a storage medium such as a semiconductor memory or a hard disk. The external connection interface 904 is an interface for connecting an external device such as a memory card or a USB (Universal Serial Bus) device to the smartphone 900.

The camera 906 includes, for example, an image sensor such as a CCD (Charge Coupled Device) or a CMOS (Complementary Metal Oxide Semiconductor), and generates a captured image. The sensor 907 may include a sensor group such as a positioning sensor, a gyro sensor, a geomagnetic sensor, and an acceleration sensor. The microphone 908 converts sound input to the smartphone 900 into an audio signal. The input device 909 includes, for example, a touch sensor that detects a touch on the screen of the display device 910, a keypad, a keyboard, a button, or a switch, and receives an operation or information input from a user. The display device 910 has a screen such as a liquid crystal display (LCD) or an organic light emitting diode (OLED) display, and displays an output image of the smartphone 900. The speaker 911 converts an audio signal output from the smartphone 900 into audio.

The wireless communication interface 913 supports one or more wireless LAN standards such as IEEE802.11a, 11b, 11g, 11n, 11ac, and 11ad, and performs wireless communication. The wireless communication interface 913 can communicate with other devices via a wireless LAN access point in the infrastructure mode. In addition, the wireless communication interface 913 can directly communicate with other devices in an ad hoc mode or a direct communication mode such as Wi-Fi Direct (registered trademark). In Wi-Fi Direct, unlike the ad hoc mode, one of two terminals operates as an access point, but communication is performed directly between the terminals. The wireless communication interface 913 can typically include a baseband processor, an RF (Radio Frequency) circuit, a power amplifier, and the like. The wireless communication interface 913 may be a one-chip module in which a memory that stores a communication control program, a processor that executes the program, and related circuits are integrated. The wireless communication interface 913 may support other types of wireless communication methods such as a short-range wireless communication method, a proximity wireless communication method, or a cellular communication method in addition to the wireless LAN method. The antenna switch 914 switches the connection destination of the antenna 915 among a plurality of circuits (for example, circuits for different wireless communication schemes) included in the wireless communication interface 913. The antenna 915 includes a single antenna element or a plurality of antenna elements (for example, a plurality of antenna elements constituting a MIMO antenna), and is used for transmission and reception of radio signals by the radio communication interface 913.

Note that the smartphone 900 is not limited to the example of FIG. 24, and may include a plurality of antennas (for example, an antenna for a wireless LAN and an antenna for a proximity wireless communication method). In that case, the antenna switch 914 may be omitted from the configuration of the smartphone 900.

The bus 917 connects the processor 901, memory 902, storage 903, external connection interface 904, camera 906, sensor 907, microphone 908, input device 909, display device 910, speaker 911, wireless communication interface 913, and auxiliary controller 919 to each other. . The battery 918 supplies electric power to each block of the smartphone 900 shown in FIG. 24 through a power supply line partially shown by a broken line in the drawing. For example, the auxiliary controller 919 operates the minimum necessary functions of the smartphone 900 in the sleep mode.

In the smartphone 900 shown in FIG. 24, at least one of one or more components (for example, the wireless communication unit 110, the output unit 120, the storage unit 130, or the processing unit 140) included in the WLAN terminal 100 described with reference to FIG. ) May be implemented in the wireless communication interface 913. In addition, at least some of these components may be implemented in the processor 901 or the auxiliary controller 919. As an example, the smartphone 900 may include a module including the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919, and the one or more components may be mounted on the module. In this case, the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed. As another example, a program for causing a processor to function as one or more components may be installed in the smartphone 900, and the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919 may execute the program. As described above, the smartphone 900 or the module may be provided as a device including the one or more components, and a program for causing a processor to function as the one or more components may be provided. In addition, a readable recording medium in which the program is recorded may be provided.

Further, in the smartphone 900 shown in FIG. 24, one or more components (for example, the wireless communication unit 210, the storage unit 220, the authentication information storage unit 230, or the processing unit 240) included in the WWAN terminal 200 described with reference to FIG. At least one of them) may be implemented in the wireless communication interface 913. In addition, at least some of these components may be implemented in the processor 901 or the auxiliary controller 919. As an example, the smartphone 900 may include a module including the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919, and the one or more components may be mounted on the module. In this case, the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed. As another example, a program for causing a processor to function as one or more components may be installed in the smartphone 900, and the wireless communication interface 913, the processor 901, and / or the auxiliary controller 919 may execute the program. As described above, the smartphone 900 or the module may be provided as a device including the one or more components, and a program for causing a processor to function as the one or more components may be provided. In addition, a readable recording medium in which the program is recorded may be provided.

Note that the smartphone 900 may operate as a wireless access point (software AP) when the processor 901 executes the access point function at the application level. Further, the wireless communication interface 913 may have a wireless access point function.

<4.2. Second application example>
FIG. 25 is a block diagram illustrating an example of a schematic configuration of a car navigation device 920 to which the technology according to the present disclosure can be applied. The car navigation device 920 includes a processor 921, a memory 922, a GPS (Global Positioning System) module 924, a sensor 925, a data interface 926, a content player 927, a storage medium interface 928, an input device 929, a display device 930, a speaker 931, and wireless communication. An interface 933, an antenna switch 934, an antenna 935, and a battery 938 are provided.

The processor 921 may be a CPU or SoC, for example, and controls the navigation function and other functions of the car navigation device 920. The memory 922 includes RAM and ROM, and stores programs and data executed by the processor 921.

The GPS module 924 measures the position (for example, latitude, longitude, and altitude) of the car navigation device 920 using GPS signals received from GPS satellites. The sensor 925 may include a sensor group such as a gyro sensor, a geomagnetic sensor, and an atmospheric pressure sensor. The data interface 926 is connected to the in-vehicle network 941 through a terminal (not shown), for example, and acquires data generated on the vehicle side such as vehicle speed data.

The content player 927 reproduces content stored in a storage medium (for example, CD or DVD) inserted into the storage medium interface 928. The input device 929 includes, for example, a touch sensor, a button, or a switch that detects a touch on the screen of the display device 930, and receives an operation or information input from the user. The display device 930 has a screen such as an LCD or an OLED display, and displays a navigation function or an image of content to be reproduced. The speaker 931 outputs the navigation function or the audio of the content to be played back.

The wireless communication interface 933 supports one or more wireless LAN standards such as IEEE802.11a, 11b, 11g, 11n, 11ac, and 11ad, and executes wireless communication. The wireless communication interface 933 can communicate with other devices via a wireless LAN access point in the infrastructure mode. In addition, the wireless communication interface 933 can directly communicate with other devices in an ad hoc mode or a direct communication mode such as Wi-Fi Direct. The wireless communication interface 933 may typically include a baseband processor, an RF circuit, a power amplifier, and the like. The wireless communication interface 933 may be a one-chip module in which a memory that stores a communication control program, a processor that executes the program, and related circuits are integrated. In addition to the wireless LAN system, the wireless communication interface 933 may support other types of wireless communication systems such as a short-range wireless communication system, a proximity wireless communication system, or a cellular communication system. The antenna switch 934 switches the connection destination of the antenna 935 among a plurality of circuits included in the wireless communication interface 933. The antenna 935 includes a single antenna element or a plurality of antenna elements, and is used for transmission and reception of a radio signal by the radio communication interface 933.

Note that the car navigation device 920 is not limited to the example of FIG. 25, and may include a plurality of antennas. In that case, the antenna switch 934 may be omitted from the configuration of the car navigation device 920.

The battery 938 supplies power to each block of the car navigation apparatus 920 shown in FIG. 25 through a power supply line partially shown by broken lines in the drawing. Further, the battery 938 stores electric power supplied from the vehicle side.

In the car navigation device 920 shown in FIG. 25, at least one of the one or more components (for example, the wireless communication unit 110, the output unit 120, the storage unit 130, or the processing unit 140) included in the WLAN terminal 100 described with reference to FIG. Either) may be implemented in the wireless communication interface 933. Further, at least a part of these functions may be implemented in the processor 921. As an example, the car navigation device 920 may include a module including the wireless communication interface 933 and / or the processor 921, and the one or more components may be mounted on the module. In this case, the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed. As another example, a program for causing a processor to function as one or more components may be installed in the car navigation device 920, and the wireless communication interface 933 and / or the processor 921 may execute the program. As described above, the car navigation apparatus 920 or the module may be provided as an apparatus including the one or more components, and a program for causing a processor to function as the one or more components may be provided. In addition, a readable recording medium in which the program is recorded may be provided.

Further, in the car navigation device 920 shown in FIG. 25, one or more components (for example, the wireless communication unit 210, the storage unit 220, the authentication information storage unit 230, or the process included in the WWAN terminal 200 described with reference to FIG. 5). At least one of the units 240) may be implemented in the wireless communication interface 933. Further, at least a part of these functions may be implemented in the processor 921. As an example, the car navigation device 920 may include a module including the wireless communication interface 933 and / or the processor 921, and the one or more components may be mounted on the module. In this case, the module stores a program for causing the processor to function as the one or more components (in other words, a program for causing the processor to execute the operation of the one or more components), and stores the program. May be executed. As another example, a program for causing a processor to function as one or more components may be installed in the car navigation device 920, and the wireless communication interface 933 and / or the processor 921 may execute the program. As described above, the car navigation apparatus 920 or the module may be provided as an apparatus including the one or more components, and a program for causing a processor to function as the one or more components may be provided. In addition, a readable recording medium in which the program is recorded may be provided.

Also, the technology according to the present disclosure may be realized as an in-vehicle system (or vehicle) 940 including one or more blocks of the car navigation device 920 described above, an in-vehicle network 941, and a vehicle side module 942. The vehicle-side module 942 generates vehicle-side data such as vehicle speed, engine speed, or failure information, and outputs the generated data to the in-vehicle network 941.

<< 5. Summary >>
The embodiment of the present disclosure has been described in detail above with reference to FIGS. According to the embodiment described above, the WLAN terminal 100 is a connection-destination radio station selected based on one or more pieces of network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations. The authentication process using the authentication information of the WWAN terminal 200 is performed by the authentication method selected based on the network information of the connection destination wireless station. The WLAN terminal 100 can select a wireless station that can use the authentication information of the WWAN terminal 200 as a connection destination, and can easily perform an authentication process by using the authentication information of the WWAN terminal 200. It becomes possible. Therefore, for example, the WLAN terminal 100 can safely and easily connect to a wireless station that does not have a connection history and a connection right by using the authentication information of the WWAN terminal 200.

In addition, the WWAN terminal 200 is activated as a tethering AP with the reception of a request for authentication information from the WLAN terminal 100 as a trigger. For this reason, the WLAN terminal 100 can freely activate the WWAN terminal 200 as a tethering AP and connect to the Internet. Furthermore, connection settings to the tethering AP and manual work such as tethering ON / OFF in the WWAN terminal 200 are not required, and convenience can be improved.

Further, the WLAN terminal 100 and the WWAN terminal 200 can simultaneously connect to the same wireless station by sharing authentication information.

Furthermore, the WLAN terminal 100 and the WWAN terminal 200 can form a mesh network. That is, the present technology can be applied to IoT (Internet of Things) or M2M (Machine to Machine).

The preferred embodiments of the present disclosure have been described in detail above with reference to the accompanying drawings, but the technical scope of the present disclosure is not limited to such examples. It is obvious that a person having ordinary knowledge in the technical field of the present disclosure can come up with various changes or modifications within the scope of the technical idea described in the claims. Of course, it is understood that it belongs to the technical scope of the present disclosure.

In addition, the processes described using the flowcharts and sequence diagrams in this specification do not necessarily have to be executed in the order shown. Some processing steps may be performed in parallel. Further, additional processing steps may be employed, and some processing steps may be omitted.

In addition, the effects described in this specification are merely illustrative or illustrative, and are not limited. That is, the technology according to the present disclosure can exhibit other effects that are apparent to those skilled in the art from the description of the present specification in addition to or instead of the above effects.

The following configurations also belong to the technical scope of the present disclosure.
(1)
Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations A processing unit for performing an authentication process using authentication information of another device according to an authentication method selected based on
A device comprising:
(2)
The device according to (1), wherein the connection destination wireless station is selected based on information indicating a state of a wireless communication environment between the device and the wireless station.
(3)
The apparatus according to (1) or (2), wherein the wireless station to be connected is selected based on information indicating a communication method supported by the wireless station.
(4)
The apparatus according to any one of (1) to (3), wherein the wireless station to be connected is selected based on information indicating an authentication method supported by the wireless station.
(5)
The apparatus according to any one of (1) to (4), wherein the wireless station that is a connection destination is selected based on a connection history of the other apparatus.
(6)
The apparatus according to any one of (1) to (5), wherein the wireless station to be connected is selected based on a network selection policy.
(7)
The apparatus according to any one of (1) to (6), wherein the authentication method is selected based on security strength.
(8)
The apparatus according to any one of (1) to (7), wherein the authentication method is selected based on high usability.
(9)
The apparatus according to any one of (1) to (8), wherein the processing unit selects the wireless station as a connection destination.
(10)
The device according to any one of (1) to (8), wherein the wireless station to be connected is selected by the other device.
(11)
The apparatus according to any one of (1) to (10), wherein the processing unit determines whether the wireless station and the authentication method to be connected are selected by the processing unit or by the other apparatus. .
(12)
The device according to any one of (1) to (11), wherein the candidate for the wireless station to be connected to includes the other device operable as the wireless station.
(13)
The authentication information is generated based on at least one of subscriber identification information, electronic certificate, user name and password, pre-shared key or passphrase stored in the other device. The apparatus according to any one of 12).
(14)
Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations A processing unit that provides authentication information used in the authentication process to another device that performs the authentication process based on the authentication method selected based on
A device comprising:
(15)
The device according to (14), wherein the processing unit performs processing for the device to function as the wireless station.
(16)
The apparatus according to (15), wherein the processing unit performs processing for functioning as the wireless station triggered by reception of the authentication information request from the other apparatus.
(17)
Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations The processor performs authentication processing using authentication information of another device according to the authentication method selected based on
Including methods.
(18)
Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations Providing a processor with authentication information used in the authentication process to another device that performs an authentication process based on the authentication method selected based on
Including methods.
(19)
An authentication information providing source terminal and an authentication information providing destination terminal;
With
The authentication information providing destination terminal is connected to the wireless station of the connection destination selected based on one or more network information related to the wireless network operated by the wireless station acquired from each of the one or more wireless stations. A processing unit that performs an authentication process using the authentication information of the authentication information providing source terminal according to the authentication method selected based on the network information of the previous wireless station;
The authentication information providing source terminal includes a processing unit that provides the authentication information to the authentication information providing destination terminal.
(20)
Connection destination to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations by the authentication information providing destination terminal Performing authentication processing using authentication information of an authentication information providing source terminal according to an authentication method selected based on network information of the wireless station;
The authentication information providing source terminal providing the authentication information to the authentication information providing destination terminal;
Including methods.

1 wireless communication system 100 WLAN terminal 110 wireless communication unit 112 WLAN module 114 BT module 116 NFC module 120 output unit 130 storage unit 140 processing unit 142 acquisition unit 144 selection unit 146 notification unit 148 authentication processing unit 200 WWAN terminal 210 wireless communication unit 212 WWAN module 214 WLAN module 216 BT module 218 NFC module 220 storage unit 230 subscriber identification module 240 processing unit 242 selection unit 244 authentication processing unit 246 tethering processing unit 300 WWAN
310 base station 320 gateway 330 subscriber information server 340 authentication server 350 network information providing server 360 TTL server 400 service network 500 WLAN
510 base station

Claims

Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations A processing unit for performing an authentication process using authentication information of another device according to an authentication method selected based on
A device comprising:
The apparatus according to claim 1, wherein the wireless station to be connected is selected based on information indicating a state of a wireless communication environment between the apparatus and the wireless station.
The apparatus according to claim 1, wherein the wireless station to be connected is selected based on information indicating a communication method supported by the wireless station.
The apparatus according to claim 1, wherein the wireless station to be connected is selected based on information indicating an authentication method supported by the wireless station.
2. The apparatus according to claim 1, wherein the wireless station as a connection destination is selected based on a connection history of the other apparatus.
The apparatus according to claim 1, wherein the wireless station to be connected is selected based on a network selection policy.
The apparatus according to claim 1, wherein the authentication method is selected based on security strength.
The apparatus according to claim 1, wherein the authentication method is selected based on high usability.
The apparatus according to claim 1, wherein the processing unit selects the wireless station as a connection destination.
The apparatus according to claim 1, wherein the wireless station to be connected is selected by the other apparatus.
The apparatus according to claim 1, wherein the processing unit determines whether the wireless station and the authentication method of the connection destination are selected by itself or the other apparatus is selected.
The apparatus according to claim 1, wherein the candidate of the wireless station as a connection destination includes the other apparatus operable as the wireless station.
2. The authentication information according to claim 1, wherein the authentication information is generated based on at least one of subscriber identification information, an electronic certificate, a user name and password, a pre-shared key, or a passphrase stored in the other device. apparatus.
Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations A processing unit that provides authentication information used in the authentication process to another device that performs the authentication process based on the authentication method selected based on
A device comprising:
The apparatus according to claim 14, wherein the processing unit performs processing for the apparatus to function as the wireless station.
The apparatus according to claim 15, wherein the processing unit performs a process for functioning as the wireless station by receiving a request for the authentication information from the other apparatus as a trigger.
Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations The processor performs authentication processing using authentication information of another device according to the authentication method selected based on
Including methods.
Network information of the connection-destination radio station to the connection-destination radio station selected based on one or more network information related to the radio network operated by the radio station, acquired from each of the one or more radio stations Providing a processor with authentication information used in the authentication process to another device that performs an authentication process based on the authentication method selected based on
Including methods.
An authentication information providing source terminal and an authentication information providing destination terminal;
With
The authentication information providing destination terminal is connected to the wireless station of the connection destination selected based on one or more network information related to the wireless network operated by the wireless station acquired from each of the one or more wireless stations. A processing unit that performs an authentication process using the authentication information of the authentication information providing source terminal according to the authentication method selected based on the network information of the previous wireless station;
The authentication information providing source terminal includes a processing unit that provides the authentication information to the authentication information providing destination terminal.
Connection destination to the wireless station of the connection destination selected based on one or more network information about the wireless network operated by the wireless station acquired from each of the one or more wireless stations by the authentication information providing destination terminal Performing authentication processing using authentication information of an authentication information providing source terminal according to an authentication method selected based on network information of the wireless station;
The authentication information providing source terminal providing the authentication information to the authentication information providing destination terminal;
Including methods.