1. Field of the Invention
The present invention relates to a wireless communication system capable of wirelessly communicating via a wireless communication network.
Priority is claimed on Japanese Patent Application No. 2012-088653, filed Apr. 9, 2012, the content of which is incorporated herein by reference.
2. Description of the Related Art
All patents, patent applications, patent publications, scientific articles, and the like, which will hereinafter be cited or identified in the present application, will hereby be incorporated by reference in their entirety in order to describe more fully the state of the art to which the present invention pertains.
Recently, wireless field devices (measuring devices, operating devices) capable of wireless communication are installed at plants, factories, and such like, and a wireless communication system that communicates control signals for controlling these wireless field devices, measurement signals obtained from them, and such like, via a wireless communication network, is implemented. One example of a communication standard used in such wireless communication systems is ISA 100.11a, a wireless communication standard for industrial automation developed by the International Society of Automation (ISA).
To allow a wireless device such as one of these wireless field devices to join the wireless communication network, the wireless device must be subjected to a procedure known as ‘provisioning’, in which information it needs when joining the wireless communication network is set beforehand. Information set during provisioning includes, for example, the ID of the wireless communication network that the wireless device is joining, a join key corresponding to a password needed when joining, etc.
Provisioning methods broadly divide into over-the-air (OTA) provisioning and out-of-band (OOB) provisioning. OTA provisioning is a method of performing provisioning via the wireless communication network that the wireless device is attempting to join. In contrast, OOB provisioning is a method of performing provisioning using a different communication means from the wireless communication network that the wireless device is attempting to join (e.g. infrared communication or serial communication such as RS-232C).
OTA provisioning methods are categorized as ‘OTA symmetric’ provisioning, performed by transmitting information encrypted with a symmetric key encryption scheme to the wireless device, and ‘OTA public key infrastructure (PKI)’ provisioning, performed by transmitting information encrypted with a public key encryption scheme to the wireless device. Specifically, in ‘OTA symmetric’, the provisioning device (the device that provisions the wireless device) uses a symmetric key to encrypt the information to be set in the wireless device, and the wireless device uses a symmetric key to decrypt the information from the provisioning device. In contrast, in ‘OTA PKI’, the provisioning device uses a public key to encrypt the information to be set in the wireless device, and the wireless device uses a secret key to decrypt the information from the provisioning device.
“Field Wireless Solution Based on ISA100.11a to Innovate Instrumentation”, Shuji Yamamoto et al., Yokogawa Technical Report English Edition Vol. 53, No. 2, 2010 (also published in Yokogawa Technical Report Vol. 53, No. 2, 2010, in Japanese) and “World's First Wireless Field Instruments Based on ISA100.11a”, Shuji Yamamoto et al., Yokogawa Technical Report English Edition Vol. 53, No. 2, 2010 (also published in Yokogawa Technical Report Vol. 53, No. 2, 2010, in Japanese) disclose examples of wireless communication systems wherein a control signal for controlling the wireless field devices, measurement signals obtained by the wireless field devices, and other such signals, are transmitted and received via a wireless communication network compliant with the ISA100.11a communication standard mentioned above, and a provisioning device (device parameter-setting tool) that provisions a wireless field device allowed to join a wireless communication network.
However, since reliability and safety are important at plants, factories, and such like, a wireless communication system realized at such facilities must maintain adequate security. The OTA provisioning mentioned above is performed via the wireless communication network that the wireless device is attempting to join, and there is a possibility that a malicious person will intercept the communication content and wrongly provision the wireless device. Therefore, in OTA provisioning, security is maintained by encrypting the information transmitted to the wireless device in the manner described above.
In contrast, the OOB provisioning mentioned above is performed using a serial communication such as infrared communication or RS-232C, and it is thought that the communication content will not be intercepted by a malicious person. Therefore, in OOB provisioning, unless a malicious person actually enters the plant, factory, or such like, goes to the place where the wireless device is installed, and wrongly provisions it, it is inconceivable that the wireless device will be wrongly provisioned. Thus, in OOB provisioning, security is maintained by performing provisioning using a different communication means from the wireless communication network.
However, while the ‘OTA PKI’ method of OTA provisioning can maintain security unless the secret key set in the wireless device is leaked, the ‘OTA symmetric’ method encrypts using an existing symmetric key, and thus there is a possibility that the communication content will be intercepted during provisioning. If that happens, there is a possibility that the wireless device will be wrongly provisioned and security will deteriorate.
At plants, factories, and such like, a plurality of operators alternate as they perform operations, and thus there is a possibility that a malicious person may sneak in. If a malicious person sneaks in, since he has easy access to the places where wireless devices are installed, there is a possibility that a wireless device will be wrongly provisioned and security will deteriorate.