1. Field of the Invention
The present invention relates to a communication system, a wireless communication apparatus, and a communication method, and in particular, to a wireless communication system including wireless terminals and an access point or access points.
2. Description of the Related Art
As a wireless LAN, a wireless LAN system (ISO/IEC8802-11:1999(E)ANSI/IEEE Std 802.11, 1999 edition) is known which is based on the IEEE802.11 (an IEEE802.11 system also includes an IEEE802.11a system, an IEEE802.11b system and so on). This wireless LAN system employs, as an encryption method, a method called “WEP (Wired Equivalent Privacy)” and which enables privacy to be ensured as in the case with a wired system. Consequently, the security level of a wireless LAN based on the IEEE802.11 has a WEP mode in which the WEP is applied and a non-WEP mode in which the WEP is not applied.
Practical wireless LAN products according to the IEEE802.11 can communicate in either the WEP mode in which the encryption method “WEP” is applied or the non-WEP mode in which it is not applied. Further, the WEP mode, in which the WEP is applied, includes a 64-bit encryption mode and a 128-bit encryption mode which have different encryption levels. One of these modes is applied to each of the communication or connection links in the wireless LAN to realize communication. In this case, a higher encryption level means a higher security level and stronger encryption.
One form of a wireless LAN according to the IEEE802.11 is a system constructed using a plurality of constitutional units called “basic service sets (BSSs)” each composed of one access point and a plurality of wireless clients connected to this access point.
Structural elements that connect the BSSs together are called “distribution systems (DSs)”. The access point has a function of connecting to the DS. Information is transmitted between a BSS and a DS via the access point. Accordingly, a terminal can communicate with a terminal belonging to another BSS.
A terminal belongs to a BSS and requires an authentication and association procedures to be executed between itself and an access point in order to communicate with a terminal belonging to another BSS via the access point. Further, when the terminal attempts to reconnect to another access point, a reassociation procedure is executed.
For the wireless LAN specified in IEEE802.11, exchanged frames include control frames used for access control, management frames including a beacon or the like, and data frames for data communication.
Before a terminal can transmit or receive a data frame to or from an access point, an authentication and association processes must be executed.
In the wireless LAN specified in the IEEE802.11, a terminal inquires of an access point whether or not the WEP as an encryption method is used. That is, the terminal requests the access point to use the WEP. When the access point receives this request and if the WEP is available, authentication frames are transmitted between the access point and the terminal. The WEP can be used on the basis of such transmissions of authentication frames.
Another form of the wireless LAN specified in the IEEE802.11 is an independently existing BSS, which is called an “IBSS (Independent Basic Service Set)”. The IBSS corresponds to a communication form in which no access points are provided and in which terminals communicate directly with each other. Further, with the IBSS, neither the association process nor the reassociation process are executed. With the IBSS, data frames can be transmitted without executing any authentication processes between terminals.
In this manner, in the conventional wireless LANs, communication data are encrypted in order to ensure security. A connection request sender, e.g. a terminal, requests a connection request receiver, e.g. an access point to use an encryption function (WEP function) for communication. If it is possible to use the WEP function according to this request, the access point, receiving this request, accepts the request and encrypts data communication with the terminal. Further, the connection request sender can also take initiative in determining what security level is used for communication.
It is expected that wireless LANs will employ, besides the WEP, a plurality of types of encryption methods with different encryption levels, including those having higher security levels than the WEP. Accordingly, it will be desirable to be able to set detailed security levels according to encryption method types, encryption levels, and the like.
However, in the conventional wireless LANs, the minimum encryption level cannot be set for each BSS in order to ensure security. It is thus impossible to make a system that permits only communication based on encryption with a level equal to or higher than the minimum one. Furthermore, it is disadvantageously impossible to set, for communication, detailed security levels according to encryption method types, encryption strengths, and the like.
Moreover, the IBSS does not require authentication when a data frame is transmitted. Thus, disadvantageously, non-encrypted data frames may be transmitted within system, thus precluding the security in the system from being ensured.
Further, security levels preset for the respective BSSs cannot be individually ensured. Likewise, in DS communication executed among a plurality of BSSs, security levels specified for the respective BSSs cannot be individually ensured.