JP2022117043A - Communication system, communication device, and computer program for server - Google Patents

Abstract

To disclose a technique for making a server execute service provision without using a PIN code.SOLUTION: A terminal device obtains a public key of a communication device and transmits the public key to a server. The communication device transmits encrypted information to the server. The encrypted information is information that is obtained by encrypting registration information using a secret key corresponding to the public key as an encryption key. The registration information is information for registering identification information for identifying the communication device into the server. The server receives the public key from the terminal device; receives the encrypted information from the communication device; obtains the registration information by decrypting the encrypted information by using the public key; registers, when the registration information is obtained, the identification information into a predetermined area in a memory; and provides, when the identification information is registered into the predetermined area, a service related to the communication device.SELECTED DRAWING: Figure 3

Description

This specification discloses a technique of registering identification information for identifying a communication device in a server in order to receive services related to the communication device from the server.

Servers that provide services related to printers are known. In order to receive such services, the user accesses the server, receives a PIN (abbreviation for Personal Identification Number) code, and inputs the PIN code into the printer. In this case, the printer sends a registration request containing a PIN code to the server. As a result, the server registers information about the printer and starts providing services about the printer.

JP 2019-180041 A

With the above technology, the user needs to receive a PIN code issued and input the PIN code into the printer. This specification discloses a technique for causing a server to provide a service without using a PIN code.

A communication system disclosed by this specification may comprise a terminal device, a communication device, and a server. The terminal device may include a public key acquisition unit that acquires a public key of the communication device, and a public key transmission unit that transmits the public key to the server. The communication device is an encrypted information transmission unit that transmits encrypted information to the server, and the encrypted information is obtained by encrypting the registered information using a secret key corresponding to the public key as an encryption key. The encrypted information transmission unit may be provided, wherein the registration information is information to be obtained, and the registration information is information for registering identification information for identifying the communication device in the server. The server includes a memory, a public key receiving unit that receives the public key from the terminal device, an encrypted information receiving unit that receives the encrypted information from the communication device, and the encryption using the public key. a decoding unit that acquires the registration information by decoding the encryption information; a registration unit that registers the identification information in a predetermined area in the memory when the registration information is acquired; and a service providing unit that provides a service related to the communication device when registered in the area.

According to the above configuration, the public key of the communication device is transmitted from the terminal device to the server, and the encrypted information is transmitted from the communication device to the server. This allows the server to obtain the registration information by decrypting the encrypted information using the public key. The server can then register identification information that identifies the communication device and provide services related to the communication device. Therefore, it is possible to cause the server to provide the service without using the PIN code.

A communication device disclosed in this specification is an encrypted information transmission unit that transmits encrypted information to a server, and the encrypted information includes a private key corresponding to the public key of the communication device registered as an encryption key. The encrypted information transmission unit may be provided, wherein the information is information obtained by encrypting the information, and the registration information is information for registering identification information for identifying the communication device in the server. .

According to the above configuration, the communication device transmits encrypted information obtained by encrypting the registration information to the server. Thereby, the server can register the identification information for identifying the communication device and provide services related to the communication device. Therefore, it is possible to cause the server to provide the service without using the PIN code.

A computer program for a server is disclosed herein. The computer program causes the computer of the server to have the following parts: a public key receiving part that receives the public key of the communication device from the terminal device; and an encrypted information receiving part that receives encrypted information from the communication device. wherein the encrypted information is information obtained by encrypting registration information using a private key corresponding to the public key as an encryption key, and the registration information includes identification information for identifying the communication device. the encrypted information receiving unit, which is information for registration in the server; a decryption unit that obtains the registered information by decrypting the encrypted information using the public key; and the registered information is obtained. a registration unit for registering the identification information in a predetermined area in the memory of the server when the identification information is registered in the predetermined area; and a service providing unit for providing a service related to the communication device when the identification information is registered in the predetermined area. , may function as

According to the above configuration, the server receives the public key of the communication device from the terminal device and receives the encrypted information from the communication device. This allows the server to obtain the registration information by decrypting the encrypted information using the public key. The server can then register identification information that identifies the communication device and provide services related to the communication device. Therefore, it is possible to cause the server to provide the service without using the PIN code.

A computer program for the above terminal device, a computer readable recording medium storing the computer program, and a method performed by the above terminal device are also novel and useful. A computer program for the above communication device, a computer readable medium storing the computer program, and a method performed by the above communication device are also novel and useful. Also novel and useful are computer-readable media storing computer programs for such servers, the servers themselves, and methods performed by the servers.

1 shows the configuration of a communication system; FIG. 4 shows a sequence diagram of the first embodiment; FIG. 3 shows a sequence diagram of case A, which is a continuation of FIG. 2; 3 shows a sequence diagram for case B, which is a continuation of FIG. 2; FIG. FIG. 11 shows a sequence diagram of a second embodiment;

(First embodiment)
(Configuration of communication system; Fig. 1)
As shown in FIG. 1, the communication system 2 includes a printer 10, a mobile terminal 50, and a service providing server 100. FIG. The service providing server 100 is connected to the Internet 6 . In the state of FIG. 1, the printer 10 and the mobile terminal 50 are not connected to the access point 4 (hereinafter referred to as "AP (abbreviation of Access Point) 4"), and cannot access the Internet 6. . The printer 10 and the mobile terminal 50 can access the Internet 6 when connected to the AP 4 .

(Configuration of Printer 10)
The printer 10 is a peripheral device (for example, a peripheral device of the mobile terminal 50) capable of executing a printing function. Alternatively, the printer 10 may be a multi-function machine capable of performing scanning functions, FAX functions, and the like. A serial ID “ppp10” for identifying the printer 10 is assigned to the printer 10 . The printer 10 includes an operation section 12 , a display section 14 , a communication interface 16 , a print engine 18 and a control section 30 . Each unit 12 to 30 is connected to a bus line (reference numerals omitted).

The operation unit 12 has a plurality of keys. The display unit 14 is a display for displaying various information, and also functions as a touch panel (that is, an operation unit) for receiving instructions from the user. The communication interface 16 is a wireless interface for establishing a Wi-Fi connection with the AP 4 and executing wireless communication. The print engine 18 has a printing mechanism such as an inkjet system or a laser system.

The control unit 30 has a CPU 32 and a memory 34 . The CPU 32 executes various processes according to programs 36 stored in the memory 34 . The memory 34 is composed of a volatile memory, a nonvolatile memory, or the like. The memory 34 preliminarily stores a public key 40 of the printer 10 and a private key 42 corresponding to the public key 40 .

(Configuration of mobile terminal 50)
The portable terminal 50 is hereinafter referred to as a “terminal 50”. The terminal 50 is, for example, a portable terminal device such as a mobile phone, smart phone, PDA, notebook PC, tablet PC, or the like. Note that in a modification, the terminal 50 may be a stationary terminal device such as a desktop PC. The terminal 50 includes an operation unit 52 , a display unit 54 , a communication interface 56 and a control unit 70 . Each part 52 to 70 is connected to a bus line (reference numerals omitted).

The operation unit 52 has a plurality of keys. The display unit 54 is a display for displaying various information, and also functions as a touch panel (that is, an operation unit) for receiving instructions from the user. A communication interface 56 is a wireless interface for establishing a Wi-Fi connection with the AP 4 and performing wireless communication. Note that the terminal 50 may further include a wireless interface for performing mobile communications such as 4G and 5G. In this case, the terminal 50 can access the Internet 6 via the wireless interface.

The control unit 70 has a CPU 72 and a memory 74 . CPU 72 executes various processes according to programs 76 and 78 stored in memory 74 . The memory 74 is composed of a volatile memory, a nonvolatile memory, or the like. An OS (abbreviation for Operation System) program 76 is a program for realizing basic operations of the terminal 50 . The printer application 78 is a program for allowing the printer 10 to establish a Wi-Fi connection with the AP 4 and for receiving services related to the printer 10 from the service providing server 100 . The printer application 78 may be installed in the terminal 50 from a server (not shown) installed on the Internet 6 by the vendor of the printer 10 or may be installed in the terminal 50 from media shipped together with the printer 10 . The printer application 78 is hereinafter referred to as an "application 78".

(Configuration of service providing server 100)
The service providing server 100 is hereinafter referred to as an "SP (abbreviation for Service Providing) server 100". The SP server 100 is installed on the Internet 6 by the vendor of the printer 10 . In a modified example, the SP server 100 may be installed on the Internet 6 by a company different from the vendor of the printer 10 . The SP server 100 is a server that provides services related to various printers including the printer 10 . Specifically, in this embodiment, the SP server 100 provides a service of collecting status information of various printers and notifying the printer administrator of the status information.

The SP server 100 has a communication interface 116 and a control unit 130 . Each unit 116 and 130 is connected to a bus line (not numbered). Communication interface 116 is connected to Internet 6 .

Control unit 130 includes CPU 132 and memory 134 . CPU 132 executes various processes according to programs 136 stored in memory 134 . The memory 134 is composed of a volatile memory, a nonvolatile memory, or the like. Memory 134 also stores printer table 138 . The printer table 138 is hereinafter referred to as "table 138".

Table 138 is stored in non-volatile memory. The table 138 associates and stores account information, serial IDs, tokens, and status information. The account information is authentication information for authenticating the user of the printer, and includes a user ID and password. The serial ID is identification information that identifies the printer (for example, the serial ID “ppp10” of the printer 10). A token is authentication information for the printer to communicate with the SP server 100 . Status information is information indicating the current status of the printer.

(Processing executed by each device 10, 50, 100: FIG. 2)
Next, with reference to FIG. 2, processing performed by each device 10, 50, 100 will be described. In the initial state of FIG. 2, the printer 10 and the terminal 50 have not established a Wi-Fi connection with the AP4. In the following, for ease of understanding, the operations executed by the CPU (for example, the CPU 32) of each device will be described mainly for each device (for example, the printer 10) instead of mainly for the CPU. Also, all communications performed by each device 10 , 50 , 100 are performed via communication interfaces 16 , 56 , 116 . Therefore, hereinafter, the description of "via the communication interface 16 (or 56, 116)" is omitted.

The following processes T10 to T30 executed by the terminal 50 are realized by the OS 76 instead of the application 78. FIG. At T10, the terminal 50 receives an operation for searching AP4 from the user. In this case, the terminal 50 broadcasts a Probe request at T12 and receives a Probe response from the AP4 at T14. The Probe response includes an SSID (abbreviation for Service Set Identifier) “aaa” that identifies the wireless network in which AP 4 operates as a master station.

Upon receiving one or more Probe responses from one or more APs including AP4, the terminal 50 displays one or more SSIDs included in the one or more Probe responses. At T20, the terminal 50 accepts from the user the selection of the SSID "aaa" included in the displayed one or more SSIDs. At T20, the terminal 50 further receives from the user the input of the password "bbb" used in the wireless network in which AP4 operates as a master station. Then, at T22, the terminal 50 uses the SSID "aaa" and the password "bbb" to perform various communications (for example, Authentication, Association, 4-way handshake, etc.) with AP4. Establish a Wi-Fi connection.

Next, at T30, the terminal 50 receives an application activation operation from the user. In this case, the terminal 50 activates the application 78 and displays a home screen predetermined by the application 78 . Each of the following processes executed by the terminal 50 is implemented by the application 78 . At T32, the terminal 50 receives from the user a selection of "Printer Connection", which is a menu for establishing a Wi-Fi connection with the AP 4 to the printer 10, from among a plurality of menus on the home screen. In this case, at T34, the terminal 50 broadcasts a Probe request including the predetermined SSID "connect". The SSID “connect” is information for operating the printer 10 as a Wi-Fi Direct (registered trademark) Group Owner (hereinafter referred to as “G/O”).

Note that in this embodiment, the terminal 50 executes communication with the printer 10 at T34 and T42 to T46, which will be described later, while the Wi-Fi connection (see T22) is established with the AP4. In a modified example, after disconnecting the Wi-Fi connection with AP4, the terminal 50 executes communication with the printer 10 at T34 and T42 to T46, which will be described later, and then re-establishes the Wi-Fi connection with AP4. good too.

When the printer 10 receives a Probe request including the SSID “connect” from the terminal 50 at T34, the printer 10 shifts from a non-G/O state (for example, Wi-Fi Direct device state) to the G/O state at T40. . As a result, the printer 10 can operate as a master station (that is, G/O) of the wireless network and establish a Wi-Fi connection with the terminal 50 . In a modified example, the printer 10 may operate as a so-called Soft AP instead of the Wi-Fi Direct G/O. Also, in another modification, a Wi-Fi connection may be established between the printer 10 and the terminal 50 depending on whether the terminal 50 operates as a G/O or Soft AP.

At T42, the printer 10 and the terminal 50 use the predetermined SSID "connect" and the predetermined password to execute various communications (eg, Authentication, Association, 4-way handshake, etc.). to establish a Wi-Fi connection. As a result, the terminal 50 can participate as a slave station in a wireless network in which the printer 10 operates as a master station (that is, G/O). As a result, the printer 10 and the terminal 50 can directly perform wireless communication without going through the AP4.

At T44, the terminal 50 uses the Wi-Fi connection at T42 to transmit the SSID "aaa" and password "bbb" at T20 to the printer 10. FIG.

When the printer 10 receives the SSID "aaa" and the password "bbb" from the terminal 50 at T44, at T46 the serial ID "ppp10" and the public key 40 are sent to the terminal 50 using the Wi-Fi connection of T42. Send. In a variant, the communication of T46 may precede the communication of T44.

As described above, in response to the printer 10 outputting (transmitting in this embodiment) the serial ID "ppp10" and the public key 40 to the communication interface 16, the serial ID "ppp10" and the public key 40 are acquired by the terminal 50. be done. Then, in the process described later, the serial ID "ppp10" and the public key 40 are transmitted from the terminal 50 to the SP server 100, so the SP server 100 appropriately stores the serial ID "ppp10" and the public key 40 in association with each other. be able to. As a result, the SP server 100 can appropriately use the public key 40 to decrypt the encrypted information described later.

The printer 10 then transitions from the G/O state to a non-G/O state at T50. As a result, the Wi-Fi connection between the printer 10 and the terminal 50 is disconnected. Then, in T52, the printer 10 uses the SSID "aaa" and the password "bbb" of T44 to perform various communications (for example, Authentication, Association, 4-way handshake, etc.) to establish a Wi-Fi connection with AP4. - Establish a Fi connection. As a result, both the printer 10 and the terminal 50 enter a state of participating in the wireless network in which the AP 4 operates as a master station. Therefore, each of the printer 10 and the terminal 50 can access the Internet 6 via the AP4.

As described above, the printer 10 can receive the SSID "aaa" and the password "bbb" from the terminal 50 (T44) and use them to establish a Wi-Fi connection with the AP 4 (T52). For this reason, the printer 10 can appropriately transmit the serial ID “ppp10” and encryption information described later to the SP server 100 via the AP 4 using the Wi-Fi connection.

(Case A continued from Fig. 2: Fig. 3)
Next, with reference to FIG. 3, the processing of case A following FIG. 2 will be described. Case A is a case in which the terminal 50 transmits the serial ID “ppp10” to the SP server 100 before the printer 10 registers the serial ID “ppp10” of the printer 10 in the SP server 100 . In the initial state of FIG. 3, the account information AC1 has already been registered in the table 138 (see FIG. 1). However, the serial ID "ppp10" of the printer 10, the token, etc. are not yet stored in the table 138 in association with the account information AC1.

At T110, the terminal 50 receives input of the account information AC1 from the user. In this case, the terminal 50 transmits a login request including the account information AC1 to the SP server 100 at T112.

When the SP server 100 receives the login request from the terminal 50 at T112, the SP server 100 determines whether the account information AC1 included in the login request has been registered in the table 138 or not. In this case, the SP server 100 determines that the account information AC1 has been registered, that is, the login is successful, and transmits a success notification to the mobile terminal 50 in T114.

Upon receiving the success notification from the SP server 100 at T114, the terminal 50 transmits the serial ID "ppp10" of T46 in FIG. 2 and the public key 40 to the SP server 100 at T120.

The SP server 100 stores the serial ID "ppp10" and the public key 40 from the terminal 50 at T120, and then temporarily stores the serial ID "ppp10" and the public key 40 in the volatile memory in association with each other at T122. Here, "temporarily store" means that when the serial ID "ppp10" is registered in the table 138, the serial ID "ppp10" and the public key 40 are erased from the volatile memory.

When the Wi-Fi connection is established at T52 in FIG. 2, the printer 10 uses the private key 42 as an encryption key to encrypt a predetermined registration command at T130, thereby obtaining encrypted information. to generate The registration command is a command that instructs the SP server 100 to register the serial ID “ppp10” of the printer 10 in the table 138 . The printer 10 then transmits the serial ID “ppp10” and the encryption information to the SP server 100 at T132.

As described above, since the printer 10 transmits the serial ID "ppp10" to the SP server 100, the SP server 100 stores the serial ID "ppp10" in association with the serial ID "ppp10" in order to decrypt the encrypted information in the process described later. public key 40 can be properly identified. In addition, since the printer 10 transmits the serial ID "ppp10" to the SP server 100 without encrypting it, the SP server 100 can appropriately identify the public key 40 stored in association with the serial ID "ppp10". can be done.

When the SP server 100 receives the serial ID "ppp10" and the encryption information from the printer 10 at T132, it attempts to identify the public key associated with the serial ID "ppp10" from the volatile memory at T140. . In this case, the SP server 100 can identify the public key 40 (see T122). At T142, the SP server 100 attempts to decrypt the encrypted information using the specified public key 40 as the decryption key.

In this case, the SP server 100 can properly decrypt the encrypted information, so it can obtain the registration command. Therefore, at T144, the SP server 100 registers the serial ID "ppp10" in the table 138 in association with the logged-in account information AC1 (see T112) according to the registration command. The SP server 100 further generates a token T1 and registers the token T1 in the table 138 in association with the account information AC1 at T144. The SP server 100 then transmits the token T1 to the printer 10 at T150.

Here, for example, a third party different from the user of the printer 10 uses a device different from the printer 10 (hereinafter referred to as an "unauthorized device") to provide services related to the printer 10 from the SP server 100. Assume a situation where a user attempts to fraudulently receive (ie notification of status information). In this case, a third party uses an unauthorized device to transmit the serial ID "ppp10" of the printer 10 and encrypted information obtained by encrypting the registration command using some key to the SP server 100. Send to However, since a third party cannot know the private key 42 of the printer 10, the unauthorized device cannot use the private key 42 to generate encrypted information. When the SP server 100 receives the serial ID "ppp10" and the encrypted information from the unauthorized device, it attempts to decrypt the encrypted information using the public key 40 as the decryption key. However, since the encrypted information was not obtained using the private key 42, the SP server 100 cannot use the public key 40 to decrypt the encrypted information. As a result, the SP server 100 does not register the serial ID “ppp10” of the printer 10 in the table 138 and does not transmit the token T1 to the printer 10 . Therefore, even if the unauthorized device sends a status request including the serial ID "ppp10" to the SP server 100, the SP server 100 does not send the status information of the printer 10 to the unauthorized device. As described above, according to this embodiment, it is possible to prevent the status information of the printer 10 from being illegally acquired by a third party.

Upon receiving the token T1 from the SP server 100 at T150, the printer 10 transmits the status information S1 and the token T1 to the SP server 100 at T160. As described above, the printer 10 transmits the token T1, which is authentication information for executing communication with the SP server 100, to the SP server 100, so that the status information S1 can be appropriately stored in the table 138. FIG. Thereby, the SP server 100 can appropriately provide the service of notifying the status information S1. Although not shown, the printer 10 repeatedly transmits the status information S1 and the token T1 to the SP server 100. FIG.

At T160, the SP server 100 receives the status information S1 and the token T1 from the printer 10. At T162, the SP server 100 associates the status information S1 with the token T1 (that is, associates it with the account information AC1 and the serial ID "ppp10") and stores the status information S1 in the table. Register with 138. The SP server 100 registers the latest status information S1 in the table 138 every time it receives the status information S1 and the token T1 from the printer 10 .

When the terminal 50 receives an input of a status acquisition instruction (not shown) from the user while logged in to the SP server 100, the terminal 50 transmits a status request including the serial ID "ppp10" to the SP server 100 at T170.

Upon receiving the status request from the terminal 50 at T170, the SP server 100 identifies the status information S1 (see T162) associated with the serial ID "ppp10" included in the status request from the table 138. FIG. The SP server 100 then transmits the status information S1 to the terminal 50 at T172.

When the terminal 50 receives the status information S1 from the SP server 100 at T172, the terminal 50 displays the status information S1. Thereby, the user of the terminal 50 (that is, the administrator of the printer 10) can know the status of the printer 10. FIG.

(Case B continued from Fig. 2: Fig. 4)
Next, with reference to FIG. 4, the processing of case B following FIG. 2 will be described. Case B is a case in which the printer 10 transmits the serial ID “ppp10” to the SP server 100 before the terminal 50 when registering the serial ID “ppp10” of the printer 10 in the SP server 100 . The initial state in FIG. 4 is the same as the initial state in FIG.

Before the terminal 50 logs in to the SP server 100, that is, before the terminal 50 transmits the serial ID "ppp10" and the public key 40 to the SP server 100 (see T120 in FIG. 3), the printer 10 performs registration at T210. Encrypt commands. The processing at T210 is the same as the processing at T130 in FIG. The printer 10 then transmits the serial ID “ppp10” and the encryption information to the SP server 100 in T212. The printer 10 repeatedly executes the process of T212 until it receives the token T1 from the SP server 100. FIG. Therefore, the printer 10 can reliably transmit the serial ID “ppp10” and the encryption information to the SP server 100 after the terminal 50 transmits the serial ID “ppp10” and the public key 40 to the SP server 100 . For this reason, the printer 10 can cause the SP server 100 to properly register the serial ID “ppp10” in the table 138 .

When the SP server 100 receives the serial ID "ppp10" and the encryption information from the printer 10 at T212, it attempts to identify the public key associated with the serial ID "ppp10" from the volatile memory. At this point, the SP server 100 cannot identify the public key. This is because the public key 40 has not yet been transmitted from the terminal 50 to the SP server 100 . In this case, the SP server 100 does not execute processing for registering the serial ID “ppp10” in the table 138 .

After that, the terminal 50 logs into the SP server 100 at T220-T224 in the same manner as the processing at T110-T114 in FIG.

When the SP server 100 receives the serial ID "ppp10" and the public key 40 from the terminal 50 at T230, the SP server 100 associates the serial ID "ppp10" and the public key 40 and temporarily stores them in the volatile memory at T232. After that, the SP server 100 receives the serial ID "ppp10" and the encryption information from the printer 10 at T240. In this case, processing similar to T140 to T172 in FIG. 3 is executed.

(Effect of the first embodiment)
Assume the following comparative example for receiving service provision from the SP server 100 . In the comparative example, the user accesses the SP server 100 to receive a PIN (abbreviation for Personal Identification Number) code, and inputs the PIN code to the printer 10 . In this case, the printer 10 transmits to the SP server 100 a registration request containing the PIN code and the serial ID "ppp10". When the PIN code authentication succeeds, the SP server 100 registers the serial ID “ppp10” and starts providing services related to the printer 10 . According to such a comparative example, the user needs to be issued a PIN code and input the PIN code into the printer 10 .

In contrast, according to this embodiment, the public key 40 of the printer 10 is transmitted from the terminal 50 to the SP server 100 (T120 in FIG. 3, T230 in FIG. 4), and the encrypted information is transmitted from the printer 10 to the SP server 100. (T132 in FIG. 3, T240 in FIG. 4). As a result, the SP server 100 can acquire the registration command by decrypting the encrypted information using the public key 40 (T142 in FIG. 3). Then, the SP server 100 can register the serial ID "ppp10" of the printer 10 in the table 138 (T144) and provide a service of notifying the administrator of the status information S1 of the printer 10 (T172). Therefore, it is possible to cause the SP server 100 to provide the service without using the PIN code. Therefore, the user does not need to input the PIN code to the printer 10 after receiving the issued PIN code, thereby improving convenience for the user.

In particular, the printer 10 can register the serial ID “ppp10” in the SP server 100 at the same time as establishing a Wi-Fi connection with the AP4. For this reason, the user can register the serial ID "ppp10" in the SP server 100 as a series of processes following the process of connecting the printer 10 to the AP4. Therefore, after connecting the printer 10 to the Internet 6, the user can quickly receive services related to the printer 10. FIG.

(correspondence relationship)
The printer 10 and AP 4 are examples of the "communication device" and the "external device", respectively. The registration command, table 138, serial ID "ppp10", and token T1 are examples of "registration information,""predeterminedarea,""identificationinformation," and "authentication information," respectively. The SSID "aaa" and password "bbb" of AP4 are an example of "connection information". The communication interface 16 and the public key 40 themselves are examples of the "output unit" and "specific information", respectively.

The correspondence of "terminal device" is as follows. The process of T46 in FIG. 2 is an example of the process executed by the "public key obtaining unit". The processing of T120 in FIG. 3 and T230 in FIG. 4 is an example of processing executed by the 'public key transmission unit'.

The correspondence of "communication device" is as follows. The processing of T44 and the processing of T52 in FIG. 2 are examples of processing executed by the "connection information receiving unit" and the "establishing unit", respectively. The process of T46 is an example of the process executed by the "first output control section" and the "second output control section". The processes of T132 in FIG. 3 and T240 in FIG. 4 are examples of processes executed by the "encryption information transmission unit" and the "identification information transmission unit". The processing of T150 and the processing of T160 in FIG. 3 are examples of processing executed by the "authentication information reception unit" and the "status information transmission unit", respectively.

The correspondence of "server" is as follows. The processing of T120 in FIG. 3 and T230 in FIG. 4 is an example of processing executed by the 'public key receiving unit' and the 'first identification information receiving unit'. The processing of T132 in FIG. 3 and T240 in FIG. 4 are examples of processing executed by the "encrypted information receiving section" and the "second identification information receiving section". The processing of T142, the processing of T144, the processing of T150, the processing of T170, and the processing of T172 in FIG. It is an example of processing executed by a “service providing unit”. The processing of T122 in FIG. 3 and T232 in FIG. 4 is an example of processing executed by the 'storage control unit'.

(Second embodiment; FIG. 5)
A second embodiment will be described with reference to FIG. In the second embodiment, the process of FIG. 5 is executed instead of the process of FIG. In this embodiment, the printer 10 and the terminal 50 establish a Wi-Fi connection with the AP 4 according to the DPP (abbreviation of Device Provisioning Protocol) method.

At T300, the terminal 50 receives an application activation operation from the user. In this case, the terminal 50 activates the application 78 and displays the home screen. Each of the following processes executed by the terminal 50 is implemented by the application 78 . At T310, the terminal 50 receives from the user a selection of "QR code reading", which is a menu for reading the AP4 QR code (registered trademark), from among a plurality of menus on the home screen.

A QR code obtained by encoding information including the public key of AP4 is attached to the housing of AP4. In T310, the terminal 50 accepts an operation to read the AP4 QR code (for example, photographing the QR code) from the user, and in T312 reads the QR code using a camera (not shown) and decodes the QR code. By doing so, the public key of AP4 is obtained. The processing of T312 is bootstrapping according to the DPP method.

Next, the terminal 50 performs Authentication according to the DPP scheme with AP4 at T320. The authentication includes transmission of an authentication request using AP4's public key from terminal 50 to AP4.

At T322, the terminal 50 executes Configuration according to the DPP scheme with AP4. The Configuration includes transmission of a Signed Connector for AP (hereinafter referred to as “SC for AP”) from terminal 50 to AP 4 . The SC for AP is connection information for AP 4 to establish a Wi-Fi connection with other devices (eg, printer 10, terminal 50, etc.).

At T324, the terminal 50 uses the SC for AP to establish a Wi-Fi connection with AP4. The processing of T324 is Network Access according to the DPP method.

The user of the terminal 50 (ie, the administrator of the printer 10) then performs an operation to establish a Wi-Fi connection between the printer 10 and the AP4. When the printer 10 receives an operation for displaying the QR code of the printer 10 from the user at T330, the QR code is displayed at T332. The QR code is a code obtained by encoding information including the serial ID “ppp10” and public key 40 .

In T340, the terminal 50 accepts the operation of reading the QR code of the printer 10 (for example, photographing the QR code) from the user, and in T342 reads the QR code using a camera (not shown) and decodes the QR code. By doing so, the serial ID "ppp10" and the public key 40 are obtained. The processing of T342 is bootstrapping according to the DPP method.

Next, the terminal 50 performs authentication according to the DPP method with the printer 10 at T350. The authentication includes transmission of an authentication request using the public key 40 of the printer 10 from the terminal 50 to the printer 10 .

The terminal 50 executes configuration with the printer 10 according to the DPP method at T352. The Configuration includes transmission of a Signed Connector for the printer (hereinafter referred to as “SC for printer”) from the terminal 50 to the printer 10 . The printer SC is connection information for the printer 10 to establish a Wi-Fi connection with the AP 4 .

Next, when the printer 10 receives the printer SC from the terminal 50 at T352, it establishes a Wi-Fi connection with the AP 4 using the printer SC at T354. The processing of T354 is Network Access according to the DPP method. As a result, both the printer 10 and the terminal 50 participate in the wireless network formed by the AP4.

Each process executed after the process in FIG. 5 is the same as case A in FIG. 3 or case B in FIG. 4 of the first embodiment.

(Effect of the second embodiment)
According to this embodiment, the printer 10 can receive the printer SC from the terminal 50 (T352) and use it to establish a Wi-Fi connection with the AP 4 (T354). For this reason, the printer 10 can appropriately transmit the serial ID "ppp10" and the encryption information to the SP server 100 via the AP4 using the Wi-Fi connection (T132 in FIG. 3, T240 in FIG. 4).

Further, in response to the printer 10 outputting (displaying in this embodiment) the QR code obtained using the serial ID "ppp10" and the public key 40 to the display unit 14, the serial ID "ppp10" and the public key 40 are It is acquired by the terminal 50 (T342). Then, since the serial ID "ppp10" and the public key 40 are transmitted from the terminal 50 to the SP server 100 (T120 in FIG. 3, T230 in FIG. 4), the SP server 100 transmits the serial ID "ppp10" and the public key 40. It can be associated and stored appropriately (T122 in FIG. 3, T232 in FIG. 4). As a result, the SP server 100 can appropriately use the public key 40 to decrypt the encrypted information.

(correspondence relationship)
The SC for the printer, the QR code of the printer 10, and the display section 14 are examples of the "connection information,""specificinformation," and "output section," respectively. The processing of T332 is an example of processing executed by the “first output control unit” and the “second output control unit” of the “communication device”. The process of T342 is an example of the process executed by the ``public key obtaining unit'' of the ``terminal device''. The processing of T352 and the processing of T354 are examples of processing executed by the "connection information receiving unit" and the "establishing unit" of the "communication device", respectively.

Although specific examples of the technology disclosed in this specification have been described above in detail, these are merely examples and do not limit the scope of the claims. The technology described in the claims includes various modifications and changes of the specific examples illustrated above. Modifications of the above embodiment are listed below.

(Modification 1) A QR code obtained by encoding the public key 40 of the printer 10 and the serial ID "ppp10" may be attached to the housing of the printer 10 . In this case, the terminal 50 acquires the public key 40 and the serial ID "ppp10" by reading the QR code attached to the housing instead of T46 in FIG. 2 and T342 in FIG. good too. In another modification, the QR code may be printed on the printer 10 manual. In this case, the terminal 50 may acquire the public key 40 and the serial ID "ppp10" by reading the QR code in the manual. These modified examples are also examples of processing executed by the ``public key obtaining unit'' of the ``terminal device''. Further, in this modified example, the “first output control unit” and the “second output control unit” of the “communication device” can be omitted.

(Modification 2) At the shipping stage of the printer 10, the encryption information obtained by encrypting the registration command may be stored in the memory 34 of the printer 10 in advance. In this case, T130 in FIG. 3 and T210 in FIG. 4 can be omitted. That is, the ``encrypted information transmission unit'' of the ``communication device'' may generate encrypted information and send it to the server as in the above embodiment, or it may be stored in advance as in this modification. may be sent to the server.

(Modification 3) The services provided by the SP server 100 are not limited to the services of the above embodiments. For example, the SP server 100 may receive information indicating the remaining amount of consumables from the printer 10, and provide a service of shipping the consumables to the user when the remaining amount of consumables is less than a threshold. In this modified example, the remaining amount of consumables is an example of "status information." For example, if a scanner is an example of a "communication device", the SP server 100 receives image data from the scanner, processes the image data to generate processed data, and transmits the processed data to the user. You may provide a service to

(Modification 4) The terminal 50 may be capable of forming a wireless network operated by the terminal 50 as a master station. In this case, the printer 10 may receive the SSID and password of the wireless network from the terminal 50 and establish a Wi-Fi connection with the terminal 50 instead of establishing a Wi-Fi connection with the AP4. The printer 10 may then communicate with the SP server 100 via the terminal 50 . In this modified example, the terminal 50 is an example of an "external device".

(Variation 5) The printer 10 may receive the SSID and password input from the user via the operation unit 12 without receiving the AP4 SSID “aaa” and password “bbb” from the terminal 50 . In this case, the printer 10 can establish a Wi-Fi connection with the AP 4 using the SSID and password. In this modified example, the “connection information receiving unit” of the “communication device” can be omitted.

(Modification 6) The "identification information" is not limited to the serial ID "ppp10" of the printer 10, but may be the MAC address of the communication interface 16 of the printer 10 or the model name of the printer 10. . Also, the “identification information” may be the following information that can identify the printer 10 . That is, the "identification information" may be a public key unique to the printer 10, information obtained by hashing the public key, a certificate of the printer 10, an electronic signature of the printer 10, or the like.

(Modification 7) At T130 in FIG. 3, the printer 10 encrypts the serial ID "ppp10" using the secret key 42 to generate an encrypted serial ID, and at T132, encrypts the encrypted serial ID and the encrypted information. may be sent to the SP server 100. In this case, the SP server 100 may attempt to decrypt the encrypted serial ID and the encrypted information received from the printer 10 by sequentially using all temporarily stored public keys. The SP server 100 may register the serial ID “ppp10” in the table 138 when the decryption using any public key is successful. Generally speaking, the 'identification information transmitter' of the 'communication device' may transmit the identification information encrypted using a private key to the server.

(Modification 8) After transmitting the serial ID “ppp10” and the encryption information to the SP server 100 at T212 in FIG. ” may be repeatedly transmitted to the SP server 100 . In this case, the SP server 100 associates and temporarily stores the serial ID "ppp10" and the encryption information first received from the printer 10, and at T230 receives the serial ID "ppp10" and the public key 40 from the terminal 50. When receiving, the public key 40 is used to decrypt the encrypted information, and the serial ID “ppp10” is registered in the table 138 . After that, the printer 10 receives the token T1 from the SP server 100 in response to sending only the serial ID “ppp10” to the SP server 100 . Generally speaking, the 'encrypted information transmitter' of the 'communication device' does not have to repeatedly send the encrypted information to the server.

(Modification 9) The SP server 100 may provide services without receiving status information or image data from the printer 10, scanner, or the like. For example, the SP server 100 may be a server that provides a service of transmitting news information. In this case, when the serial ID "ppp10" is registered, the SP server 100 periodically transmits print data indicating news information to the printer 10 and causes the printer 10 to print the news information. In this modification, the printer 10 does not need to receive the token T1 from the SP server 100, and does not need to send status information to the SP server 100 together with the token T1. In this modified example, the “authentication information receiving unit” and the “status information transmitting unit” of the “communication device” can be omitted. Also, the "authentication information transmission unit" and the "status information reception unit" of the "server" can be omitted.

(Modification 10) The SP server 100 may receive the public key 40 without receiving the serial ID "ppp10" from the terminal 50 and temporarily store only the public key 40 at T120 in FIG. When the SP server 100 receives the serial ID "ppp10" and the encryption information from the printer 10 at T132, the SP server 100 sequentially uses all temporarily stored public keys to may attempt to decrypt encrypted information. The SP server 100 may register the serial ID “ppp10” in the table 138 when the decryption using any public key is successful. In this modified example, the "first identification information receiving unit" and the "storage control unit" of the "server" can be omitted. In another modification, the SP server 100 may perform the processes of T120 and T122 in FIG. 3 and receive only the encrypted information from the printer 10 without receiving the serial ID "ppp10" at T132. In this case, the SP server 100 may attempt to decrypt the encrypted information received from the printer 10 by sequentially using all temporarily stored public keys. The SP server 100 may register the serial ID “ppp10” in the table 138 when the decryption using any public key is successful. In this modified example, the "second identification information receiving unit" of the "server" can be omitted.

(Modification 11) In each of the above embodiments, the processes of FIGS. 2 to 5 are executed by software (for example, programs 36, 78, and 136), but at least one of these processes is performed by hardware such as a logic circuit. may be realized by

The technical elements described in this specification or in the drawings exhibit technical usefulness alone or in various combinations, and are not limited to the combinations described in the claims at the time of filing. In addition, the techniques exemplified in this specification or drawings can simultaneously achieve a plurality of purposes, and achieving one of them has technical utility in itself.

2: Communication system, 6: Internet, 10: Printer, 12: Operation unit, 14: Display unit, 16: Communication interface, 18: Print engine, 30: Control unit, 32: CPU, 34: Memory, 36: Program, 50: mobile terminal, 52: operation unit, 54: display unit, 56: communication interface, 70: control unit, 72: CPU, 74: memory, 76: OS program, 78: printer application, 100: service providing server, 116 : communication interface, 130: control unit, 132: CPU, 134: memory, 136: program, 138: printer table 138

Claims (15)

A communication system,
a terminal device;
a communication device;
a server;
The terminal device
a public key acquisition unit that acquires the public key of the communication device;
a public key transmission unit that transmits the public key to the server,
The communication device
An encrypted information transmission unit for transmitting encrypted information to the server, wherein the encrypted information is information obtained by encrypting registered information using a secret key corresponding to the public key as an encryption key. the encrypted information transmission unit, wherein the registration information is information for registering identification information for identifying the communication device in the server;
The server is
memory;
a public key receiving unit that receives the public key from the terminal device;
an encryption information receiving unit that receives the encryption information from the communication device;
a decryption unit that obtains the registration information by decrypting the encrypted information using the public key;
a registration unit that registers the identification information in a predetermined area in the memory when the registration information is acquired;
a service providing unit that provides a service related to the communication device when the identification information is registered in the predetermined area;
Communications system. A communication device,
An encrypted information transmission unit that transmits encrypted information to a server, wherein the encrypted information is information obtained by encrypting registration information using a secret key corresponding to the public key of the communication device as an encryption key. and the registration information is information for registering identification information for identifying the communication device in the server. The communication device further
a connection information receiving unit that receives connection information from a terminal device;
an establishing unit that establishes a wireless connection with an external device using the connection information;
3. The communication device according to claim 2, wherein said encrypted information transmission unit uses said wireless connection to transmit said encrypted information to said server via said external device. The communication device further
comprising a first output control unit that causes an output unit to output specific information obtained using the public key;
The public key is obtained by a terminal device in response to output of the specific information, transmitted from the terminal device to the server, and used by the server to decrypt the encrypted information. 4. The communication device according to 2 or 3. 5. The communication device according to claim 4, wherein said first output control unit transmits said specific information, which is said public key, to said terminal device via a wireless communication interface, which is said output unit. 5. The communication device according to claim 4, wherein said first output control section causes a display section serving as said output section to display said specific information. The communication device further
a connection information receiving unit that receives connection information from the terminal device by executing wireless communication using the public key with the terminal device after the public key is acquired by the terminal device;
an establishing unit that establishes a wireless connection with an external device using the connection information;
7. The communication device according to claim 6, wherein said encrypted information transmission unit uses said wireless connection to transmit said encrypted information to said server via said external device. The communication device further
A second output control unit for outputting the identification information to an output unit,
The identification information is acquired by a terminal device in response to the output of the specific information, transmitted from the terminal device to the server together with the public key, and stored in the server in association with the public key. Item 8. The communication device according to any one of Items 4 to 7. The communication device further
an identification information transmission unit configured to transmit the identification information to the server, wherein the public key stored in association with the identification information is transmitted in response to transmission of the identification information from the communication device to the server; 9. A communication device according to claim 8, utilized by said server. 10. The communication device according to claim 9, wherein said identification information transmission unit uses said secret key to transmit said identification information that is not encrypted to said server. The communication device according to any one of claims 2 to 10, wherein said encryption information transmission unit repeatedly transmits said encryption information to said server. The communication device further
an authentication information receiving unit that receives authentication information for executing communication with the server from the server;
a status information transmission unit configured to transmit the authentication information and status information related to the status of the communication device to the server after the identification information is registered in the server and the authentication information is received from the server; ,
with
12. A communication device according to any one of claims 2 to 11, wherein said status information is utilized by said server to provide said service. A computer program for a server, comprising:
The server computer is configured with the following parts:
a public key receiving unit that receives the public key of the communication device from the terminal device;
An encrypted information receiving unit that receives encrypted information from the communication device, wherein the encrypted information is information obtained by encrypting registration information using a private key corresponding to the public key as an encryption key. the encrypted information receiving unit, wherein the registration information is information for registering identification information for identifying the communication device in the server;
a decryption unit that obtains the registration information by decrypting the encrypted information using the public key;
a registration unit that registers the identification information in a predetermined area in the memory of the server when the registration information is acquired;
a service providing unit that provides a service related to the communication device when the identification information is registered in the predetermined area;
A computer program that acts as a The computer program further causes the computer to:
a first identification information receiving unit that receives the identification information together with the public key from the terminal device;
a storage control unit that associates the public key with the identification information and stores the same in the memory;
a second identification information receiving unit that receives the identification information from the communication device;
function as
14. The computer program according to claim 13, wherein said decryption unit decrypts said encrypted information using said public key stored in said memory in association with said identification information received from said communication device. The computer program further causes the computer to:
an authentication information transmission unit that transmits authentication information for executing communication with the server to the communication device;
A status of receiving the authentication information and status information about the status of the communication device from the communication device after the identification information is registered in the predetermined area and the authentication information is transmitted to the communication device. an information receiving unit;
function as
15. The computer program according to claim 13, wherein said service providing unit provides said service using said status information.

Images