Security System for Wireless Networks

Abstract

The invention relates to a device (21) for managing guest key records (6) in wireless home networks (1), comprising at least one interface (211) for connecting a guest key transmitter (GKT) (5), a key generator (212) and a transmission unit (213) for transmitting a generated key record (6) to the GKT (5). The invention also relates to a security system for wireless networks, comprising a portable guest unit (5) for short-range transmission of a guest key record (GKT), at least one device (21) according to the invention and at least one receiving unit (31) for receiving the key record (6) in at least one wireless home apparatus (3) and/or access point (2) of the network (1). The invention further relates to a method of dynamic key management in wireless home networks (1), wherein at least one key record (6) is generated by a device (21) according to the invention; the key record (6) is subsequently transmitted to a GKT (5) via an interface (213); the key record (6) or a part of the key record (6) is transmitted from the GKT (5) to the guest apparatus (4) by way of short-range transmission; based on the key record (6), an encrypted connection is established between the guest apparatus (4) and the home network (1); at least one guest configuration is installed on at least one home apparatus (3) and/or access point (2) of the network (1), and the guest configuration is removed after terminating the guest apparatus (4) access by reconfiguring at least one home apparatus (3) and/or access point (2).

Description

In the drawing:

FIG. 1 shows diagrammatically a security system.

In this embodiment, the security system according to the invention comprises a wireless home network 1 consisting of an access point 2 and two home apparatuses 3.

The access point 2 corresponds to the IEEE 802.11 standard and has a corresponding radio interface 22. A device for guest key management in the form of a “GKT holder” 21 is integrated in the access point 2 and data-technically connected via an internal interface 214. The GKT holder 21 comprises an interface 211 for connecting a GKT 5. In this embodiment, the interface 211 is formed as a card slot and the GKT 5 is formed as a corresponding card on which an RF tag 51 is arranged. The GKT holder 21 comprises a processing unit 212 and a tag writer 213. The processing unit 212 comprises, inter alia, a key generator. Instead of using the independent processing unit 212, it is also possible to use the processing unit of the access point 2 (shared processing). Alternatively, the GKT 5 may be designed as a two-way infrared system in which the GKT holder 21 has a corresponding infrared lens. The home apparatuses 3 as well as the guest apparatus 4 comprise a receiving unit 31, 41 for short-range transmission of a key record 6 transmitted by a GKT 5. Furthermore, the apparatuses 3, 4 comprise a radio interface 32, 42, operating in accordance with the IEEE 802.11 standard, for transmitting useful data streams within the home network.

The GKT 5 is inserted into the slot 211 of the GKT holder 21. The processing unit 212 of the access point 2 generates a random key record 6 which is written on the RF tag 51 of the GKT 5 via the tag writer 213 of the GKT holder 21. When a guest apparatus 4 wants to be connected to the home network 1, the guest apparatus 4 is configured by means of the key record 6 transmitted from the transmission unit 52 of the GKT 5 to the receiving units 31, 41 in such a way that it is connected to the network 1.

After ending the access by the guest apparatus 4, the GKT 5 is re-inserted into the GKT holder 21 so that the RF tag 51 of the GKT 5 is rewritten via the tag writer 213 with a new key record 6 generated by the processing unit 212. Simultaneously, the detection unit (not shown) of the GKT holder 21 detects the insertion of the GKT 5 in the slot 211 and passes on this information via the interface 214 to the access point 2 which reconfigures itself and, if necessary, signalizes to the home apparatuses 3 that a reconfiguration is to be performed so that the guest settings on these apparatuses are removed. It may be sufficient to only reconfigure the access point 2 (for example, an access point in accordance with the IEEE 802.11i standard). Alternatively, the reconfiguration of the apparatuses 3 can be triggered by removing the GKT 5 from the GKT holder 21. The original data required for the reconfiguration are either permanently stored in the home apparatuses 3 or are determined, via short-range transmission, by means of an SKT (not shown) in which these data are permanently stored.

When a plurality of home apparatuses 3 is to be configured for connection of a guest apparatus 4, the key record 6 may be distributed on the home apparatuses 3 via the access point 2. For reconfiguring the apparatuses, the original configuration data may be transmitted accordingly to the home apparatuses 3 via the access point 2. In this embodiment, the reconfiguration is performed by means of corresponding procedures used for the home apparatuses 3. When the GKT 5 is re-inserted into the slot 211, the reconfiguration of all home apparatuses 3 can be triggered automatically in this way so that the network 1 is closed.

As long as the GKT 5 is connected to the GKT holder 21, which is integrated in the access point 2, the home network is situated in its “home configuration”. When the GKT 5 is removed from the GKT holder 21, the access point 2 internally changes to the guest configuration. The key record 6 is transmitted to the guest apparatus 4 which thus gains access to the home network. When the access by the guest apparatus 4 has ended, the GKT 5 is re-inserted into the GKT holder 21, which is detected by the access point 2. The access point changes back to the home configuration (the network 1 is closed) and the GKT holder 21 writes a new (random) key record 6 on the GKT 5.

Claims

1. A device (21) for managing guest key records (6) in wireless home networks (1), comprising at least one interface (211) for connecting a guest key transmitter (GKT) (5), a key generator (212) and a transmission unit (213) for transmitting a generated key record (6) to the GKT (5).

2. A device as claimed in claim 1, characterized in that the device (21) comprises a detection unit detecting the connection to and disconnection of a GKT (5) from the interface (211).

3. A device as claimed in claim 1, characterized in that the detection unit is formed in such a way that, after detection of the connection of the GKT (5) to the interface (211), the generation of a new key record (6) by the key generator (212) as well as the transmission of the new key record (6) to the GKT (5) is triggered.

4. A device as claimed in claim 1, characterized in that the interface (211) comprises holding elements for fixing a GKT (5).

5. A device as claimed in claim 1, characterized in that the device (21) comprises a further interface (214) via which it is connectable to an apparatus (2, 3) of the network (1).

6. A device as claimed in claim 1, characterized in that it can be integrated in an apparatus (2, 3) of the network (1).

7. A device as claimed in claim 5, characterized in that the apparatus (2) is an access point.

8. A security system for wireless networks, comprising a portable guest unit (5) for short-range transmission of a guest key record (GKT), at least one device (21) as claimed in claim 1 and at least one receiving unit (31) for receiving the key record (6) in at least one wireless home apparatus (3) and/or access point (2) of the network (1).

9. A security system as claimed in claim 8, characterized in that at least one wireless apparatus (3) and/or access point (2) of the network (1) comprises a module for installing and/or removing guest configurations.

10. A security system as claimed in claim 9, characterized in that the module is formed in such a way that the removal of the guest configuration is triggered whenever a GKT (5) is connected to the device (21).

11. A method of dynamic key management in wireless home networks (1), wherein: at least one key record (6) is generated by a device (21) as claimed in claim 1,the key record (6) is subsequently transmitted to a GKT (5) via an interface (213),the key record (6) or a part of the key record (6) is transmitted from the GKT (5) to the guest apparatus (4) by way of short-range transmission,based on the key record (6), an encrypted connection is established between the guest apparatus (4) and the home network (1) and at least one guest configuration is installed on at least one home apparatus (3) and/or access point (2) of the network (1), andthe guest configuration is removed after terminating the guest apparatus (4) access by reconfiguring at least one home apparatus (3) and/or access point (2).

12. A method as claimed in claim 11, characterized in that the installation of the guest configuration on the home apparatus (3) and/or access point (2) is triggered by removing the GKT (5) from the device (21).

13. A method as claimed in claim 11, characterized in that the reconfiguration of the home apparatus (3) and/or access point (2) is triggered by connecting the GKT (5) to the device (21).

14. A method as claimed in claim 11, characterized in that the home apparatus (3) is reconfigured by a short-key transmitter (SKT).

15. A method as claimed in claim 11, characterized in that the reconfiguration of the home apparatus (3) is triggered by activating a switch provided on said apparatus.

16. A method as claimed in claim 11, characterized in that the reconfiguration of the home apparatus (3) is triggered by distributing the required configuration information from an access point (2) with the integrated device (21).