Communication data is encrypted in order to prevent bugging and tampering. In particular, since wireless communication is readily susceptible to bugging, assuring a secure communication path is important.
For example, in the infrastructure mode of a wireless LAN, communication terminals and devices at access points implement a standard referred to as WEP (Wired Equivalent Privacy). The WEP standard attempts to assure security by setting an encryption key for a communication terminal and access point in advance and using this encryption key each time communication is performed. With this scheme, however, the encryption key is always fixed and the robustness of the encryption algorithm employed by the WEP standard is not that great. For this reason, various occasions where security cannot be assured have been pointed out.
In order to solve this problem, a standard referred to as WPA (Wi-Fi Protected Access) has been established. The WPA scheme enhances security by improving the robustness of the encryption algorithm and generating an encryption key for every session in which a communication terminal participates in a network.
In the infrastructure mode, a communication terminal transmits data to another communication terminal via an access point. In other words, the communication terminal communicates directly only with the access point. This means that it will suffice if only the security of communication with the access point is assured. In an ad-hoc mode, on the other hand, no access point exists and the communication terminal communicates with the communication terminal of the desired party directly. That is, in order for a terminal to perform encrypted communication with other terminals, it is necessary that the terminal possess the encryption key of every one of the other terminals or that use be made of an encryption key that is common for all communication terminals.
In a case where a terminal possesses the encryption key of every one of other terminals, the more the number of terminals, the more difficult management of the encryption keys becomes.
In a case where use is made of an encryption key that is common on the entire network, the load of key management of every terminal is alleviated.
For example, the specification of Japanese Patent Application Laid-Open No. 2006-332895 describes a method of using an encryption key in the ad-hoc mode.
In the case where the common encryption key is utilized, however, a problem is that it is difficult to assign the same encryption key to a new terminal, namely a terminal that participates in the network anew.
The WPA standard for wireless LANs employs a group key as an encryption key shared by a plurality of terminals. By implementing 4-way handshake (4-Way HS) and group key handshake (GKHS), the group key is sent from the terminal that initiates 4-way handshake to another terminal. In the ad-hoc mode, however, the terminal that initiates 4-way handshake is undetermined.
Further, in the ad-hoc mode, there is no mechanism whereby the terminals that exist on the network are managed centrally. As a result, a terminal already participating in the network does not keep track of terminals that do not possess a group key. Consequently, it is difficult for a terminal already participating in the network to find a terminal that does not possess the group key and to initiate the 4-way handshake.
In addition, when a terminal that participates in the network anew initiates the 4-way handshake, the new terminal distributes the group key and the group key that was being utilized on the network thus far cannot be distributed to new terminals.
The present invention seeks to make it possible to share an encryption key by distributing the encryption key to a communication apparatus that participates in a network anew, even in an ad-hoc-mode type of environment.