Field of the Invention
The present disclosure relates to an information processing apparatus and information processing method which establishes communication via a communication relay device such as an access point (AP).
Description of the Related Art
As to an information device which is connected to an in-house network etc., it is desirable to operate it in accordance with predetermined information security policy. The information security policy is a basic policy with regard to information security of an entire company, in which the policy of how to handle information, the policy of how to prevent invasion from outside, and the policy of how to prevent leak of information are put together. The information security policy is developed by a manager who handles security.
One security policy for enhancing security includes restricting using an encryption which does not satisfy predetermined encryption strength. For example, the security policy includes “restricting using a weak encryption”. National Institute of Standards and Technology (NIST) issues SP800-57 as a series of Special Publication (SP). To satisfy a security standard defined by the SP800-57, in the policy of “restricting using a weak encryption”, using a vulnerable encryption is restricted. It is noted that, in this specification, an encryption method for communication having a key length of less than or equal to 1024 bits is simply described as “weak encryption”. By adapting the security policy, in internal processing of the information device, use of the weak encryption is restricted.
In the information device, encryption communication is used in wired or wireless communication. In the following, a description is provided in case of the wireless communication. One method of using the encryption communication in the wireless communication includes a wireless LAN (Local Area Network). There are one or more protocols defined by Wi-Fi Alliance in the wireless LAN. Security strength and the encryption used vary with the protocol. Most of the information devices or APs having the wireless LAN function support one or more protocols. The protocols are differently used depending on the purpose of utilization or required security.
The wireless LAN protocol includes WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), and WPA2 (Wi-Fi Protected Access 2). WPA and WPA2 can choose the encryption method used. As the encryption method, one of the followings is used, i.e., TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard). For example, when AES is used by WPA2, it is noted as WPA2-AES and used as the wireless LAN security setting.
Further, when using the wireless LAN by WEP from the information device, it is required to enter WEP key which is previously set in a communication relay device. Usually, the communication relay device is called an access point (hereinafter described as AP). It is noted that the WEP key is an alphanumeric string which is used as an encryption key for communication. Similarly, when using the wireless LAN by WPA or WPA2 from the information device, it is required to enter PSK (Pre-Shared Key) which is previously set in the AP. The PSK is an alphanumeric string which is used as an encryption key for communication. Among the above, only WPA-AES and WPA2-AES are the settings in which the weak encryption are not used.
“Wireless group policy setting for Windows (Registered Trade Mark) Vista Microsoft, 2008” In the following site, to allow establishing connection to the appropriate AP without any need of user's determination, a method using a whitelist and a blacklist SSID is disclosed. “http://technet.microsoft.com/en-us/magazine/2007.04.cableguy.aspx”
In this method, a network manager distributes blacklist or whitelist. Then, only the appropriate AP is displayed. As a result, a user is not allowed to use the wireless LAN in which SSID is not displayed.
When the blacklist is adopted, the blacklisted SSID cannot establish the wireless LAN connection. Thereby, by blacklisting the SSID which corresponds to the AP using the weak encryption, the AP using the weak encryption is no longer displayed on the selection screen. This results in preventing a situation in which the user selects the AP using the weak encryption. When the whitelist is adopted, only the whitelisted SSID is displayed on the AP selection screen. Thereby, by only whitelisting the AP not using the weak encryption, the AP using the weak encryption is no longer displayed on the selection screen. This results in preventing a situation in which the user selects the AP using the weak encryption. Thereby, by using the blacklist or the whitelist, when using the wireless LAN, the security policy of “restricting using the weak encryption” is steadily adapted.
In a method of using the blacklist, when the AP using the weak encryption is added, the list needs to be updated. Also, in a method of using the whitelist, when the AP not using the weak encryption is added, the list needs to be updated.
When the added AP is the one using the weak encryption, in the method of using the blacklist, a problem may be caused. In the method of using the blacklist, the AP using the weak encryption is displayed on the selection screen until the blacklist is updated. In this case, if the user selects the AP using the weak encryption, the security may be decreased. Further, when the added AP is the one not using the weak encryption, in the method of using the whitelist, a problem may be caused. This is because, in the method using the whitelist, until the whitelist is updated, the added AP cannot be used so that utility may be reduced.
Further, in either the blacklist or the whitelist, when updating the list, it is a human that determines whether the communication method in the AP uses the weak encryption. Thereby, when the communication method to be listed is wrongly set, the security may be decreased. Then, as a method to realize the security policy of “restricting using the weak encryption”, a method to determine, by the information device, content of the security setting for the wireless LAN of the AP can be considered. In this method, the information device determines the content of the security setting for the wireless LAN of the AP. Then, if it is determined that it is the security setting using the weak encryption, the communication is made an error and is disconnected from a network.
In this method, even the AP is added, the information device automatically determines whether the communication method in the added AP is the weak encryption or not. Thereby, the above problem associated with the update of the blacklist or the whitelist does not occur.
On the other hand, in this method, a problem occurs when a state is changed from a state in which the security policy of “restricting using the weak encryption” is not adapted to a state in which the policy is adapted. In a state in which the policy is not adapted, the AP using the weak encryption can also be connected to the network. When the security policy of “restricting using the weak encryption” is adapted to the information device from this state, it is determined that the AP which is establishing the wireless LAN communication using the weak encryption is in the security setting using the weak encryption. Then, the AP is automatically disconnected from the network.
To reconnect the AP having disconnected from the network to the network, it is required to reset the disconnected AP or the above mentioned information device. This largely affects when “restricting using the weak encryption” is wrongly adapted while using the wireless LAN using the weak encryption.
In particular, if the AP is disconnected from the network while remotely operating the information device, to allow re-establishing network connection, an operator of the information device needs to move to the information device to reset. In this case, to ensure the security, usability is considerably reduced.