1. Field of the Invention
The present invention is related to a method for updating a ciphering key used in a network, and more particularly, to a method for updating a ciphering key by way of a wireless network.
2. Description of the Prior Art
A network connects together stations in various locations so that digital data is quickly transmitted between the stations. In this manner, multiple users can share information with each other over the network. With special regard to the development of wireless networks over the recent years, because a physical network transmission line is not required, the ability to connect a station to a wireless network has brought the characteristics of portability and mobility to a user so that the user may access network resources at any place and at any time.
Please refer to FIG. 1. FIG. 1 is a block diagram of a prior art wireless network system 10. The network system 10 complies with IEEE 802.11 specifications. The network system 10 comprises a server S1, a plurality of access points (two representative access points AP1 and AP2 are shown in FIG. 1), and a plurality of stations (four representative stations STA1, STA2, STA3 and STA4 are indicated in FIG. 1). The stations STA1 to STA4 and access points AP1 and AP2 all provide functionality for connecting to the wireless network 10. In other words, each of the stations and access points can send and receive wireless signals so as to transmit data. All transmitted data complies with a unified network protocol. Each of the access points AP1 and AP2 is separately connected to the server S1 so that data can be exchanged between the access point and server S1. Generally, when a station transmits wireless signals (such as radio waves or infrared radiation) with an access point, the effective transmission range is limited. An area R1, marked by a dotted line in FIG. 1, is representative of the area within which the access point AP1 and the stations STA1 and STA2 can effectively exchange wireless signals. Outside the area R1, the wireless signals transmitted from the access point AP1, station STA1 and station STA2 cannot be adequately received. Similarly, an area R2 is representative of the area within which the access point AP2, station STA3 and station STA4 can effectively exchange wireless signals. In order to expand the effective range of the stations in the wireless network 10, the server S1 is used to relay signal transmissions among the access points. For example, because the areaR1 does not overlap the areaR2, the station STA1 cannot effectively exchange wireless data with the station STA4. If the station STA1 wants to exchange data with the station STA4 via wireless transmissions, the station STA1 will first transmit data to the access point AP1 via a wireless transmission, and the server S1 will forward the data to the access point AP2. Finally, the data is wirelessly transmitted to the station STA4. When the station STA4 wants to transmit information to the station STA1, data is transmitted to the station STA1 through the access point AP2, server S1, and access point AP1. In other words, within the effective transmission range of the wireless signals, each of the stations in the wireless network has a corresponding access point, exchanges wireless signals with that access point, and accesses network resources through the access point. As mentioned above, one station can exchange data with another station by using the access point and server to relay the signals. Under this allocation scheme, not only can the wireless functionality of the stations be retained, but the accessing range of the wireless network system 10 is further extended.
Although it is convenient to connect to a wireless network, the security of signal transmissions is a great issue of concern. Unlike the wired signals, which are physically confined by the network transmission line, with wireless signals, within the effective range any wireless receiver can receive the wireless signals. When confidential data is transmitted over a wireless network, it is easy for a third party to eavesdrop and hence steal the confidential data. In order to avoid this situation, wireless signals are encrypted so that a third party cannot read the contents of the signals, even when the third party has illegally intercepted the encrypted signals. This assures the security of data transmission over a wireless network. With regards to FIG. 1, assume that the stations STA1 to STA4 are legal stations in the network 10. In order to ensure that only legal stations can receive wireless signals transmitted in the network 10, the wireless signals transmitted between the legal stations and access points in the network 10 are encrypted by way of a predetermined encryption algorithm and a ciphering key. The legal stations and access points are all provided the functionality to encrypt/decrypt the wireless signals, and therefore a unified ciphering key is stored in each of the legal stations and its corresponding access point. As shown in FIG. 1, a ciphering key Ka is stored in the legal stations STA1 and STA2 and the corresponding access point AP1, and a ciphering key Kb is stored in the legal stations STA3 and STA4 and the corresponding access point AP2. The wireless signals transmitted among the station STA1, STA2 and access point AP1 are encrypted using the ciphering key Ka so that an illegal third party cannot obtain the contents of the wireless signals. After the encrypted wireless signals are received, the station STA1, STA2 and access point AP1 will decrypt the encrypted wireless signals by using the ciphering key Ka to correctly obtain the contents of the wireless signals. Similarly, the access point AP2, and stations STA3 and STA4 encrypt/decrypt the wireless signals by using the ciphering key Kb so as to assure the content security of their network transmissions. The ciphering key Kb may be identical to the ciphering key Ka. With the enciphering/deciphering process, the wireless signals transmitted between the legal stations in the network 10 are incomprehensible to an illegal third party, and thus to achieve the Wired Equivalent Privacy (WEP) of the wireless network. In other words, each of the stations and the corresponding access points under protection of WEP encrypts/decrypts the wireless signals by using a common ciphering key so that an illegal third party cannot read the information carried by the wireless signals.
The network system 10 provides different access services to different stations. However, to provide access services to, and control the accesses of, the legal stations under WEP protection is another issue related to access control, which is not covered by WEP. For example, to prevent the signals transmitted between the legal stations STA1 and STA4 from being stolen by the station STA3, or to ensure that data in the server S1 is accessed only by certain stations, is a type of access control. In order to control access among the legal stations, the server S1 further comprises registration data, such as an address, identification data, confidential ranking, and so on, which correspond exclusively to each of the stations. The identification data comprises a user identification code and a login password. As shown in FIG. 1, an address Add1, user identification code ID1 and login password Pss1 are stored in the server S1,which correspond to the station STA1. Similarly, addresses Add2–Add4, user identification codes ID2–ID4 and login passwords Pss2 to Pss4 respectively correspond to the legal stations STA2 to STA4. The user identification code and login password of each of the legal stations are different from those for the others. The user of a legal station logs into the network system 10 by using an associated user identification code and login password under the protection of WEP. The network system 10 recognizes the identity of each of the stations, and controls access among the legal stations under the protection of WEP so as to provide a specific access service to each of the legal stations. For example, when two of the legal stations exchange data with each other, the signals transmitted between the two stations will include the address of the other station. Even if a third station receives this signal, the third station cannot read this signal because the address is incorrect. As well, the two stations can encrypt their transmitted signals so that only the two stations can read the signals. In addition, after the identity of each of the stations is recognized, the server S1 will determine which network resource can be accessed by a specific station.
In order to achieve the WEP conditions mentioned above, each of the legal stations must share a unified ciphering key. As shown in FIG. 1, a ciphering key Ka is shared by the stations STA1 and STA2 and the access point AP1. In the prior art, the ciphering key is manually input to each of the legal stations via an input device, such as a keyboard, by the station network staff. The ciphering key is required for ensuring WEP, and the ciphering key is automatically used for encryption/decryption when the station is operating. In order to prevent the ciphering key from being leaked by users of the station, it is better to conceal this ciphering key from the users. Therefore, the ciphering key is manually input by the network staff in the prior art. When one station is withdrawn from the access service provided by the wireless network and there are no more a legal stations in the wireless network, in order to assure the WEP compliance of the other legal stations in the wireless network, the ciphering key must be updated so that the station withdrawn from the access service is precluded from illegally reading wireless signals transmitted in the wireless network by using a previously obtained ciphering key. In the prior art, the ciphering key has to be updated manually, which is inefficient and time-consuming. Obviously, the more legal stations present, the more time that must be spent on manually inputting a new ciphering key into each of the stations. Furthermore, the ciphering key may be leaked by the network staff.