JP2009034868A - Communicating apparatus, printer and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communicating apparatus in which both securing security and improving convenience are compatible, a printer and a program. <P>SOLUTION: The communicating apparatus 12 characterized by having a receiving means for receiving a third party certification demand which a second terminal transmitted for demanding the certification of a first terminal based on a certification vicarious execution demand which the first terminal 11 transmitted to the second terminal 13 to demand the certification by the communicating apparatus, and a transmitting means for transmitting the third party certification result containing whether the first terminal is certified or not based on the third party certification demand to the second terminal, is provided. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a communication device or the like that is connected by wireless communication, and more particularly to a communication device, a printer, and a program that permit connection using an authentication relationship.

  When printing a document or image data handled by a computer, generally, the computer and a printer are connected by wire, and the printer prints print data transmitted from the computer on a sheet. In contrast, print data can be transmitted from a computer, PDA, mobile phone, or the like to a printer and printed by wireless such as wireless LAN, infrared communication, or Bluetooth (registered trademark). In wireless transmission of print data, it is not necessary to prepare a cable, and the work of physically connecting the computer and the printer can be omitted, so that convenience for the user is improved.

However, the fact that physical connection is not necessary means that a terminal capable of wireless connection can print from the printer, and the printer may be used by a third party not intended by the printer owner. Will occur. In order to restrict the use of the printer by a third party, a printer has been proposed in which information relating to a terminal to which the authority to use the printer is given is registered in advance (see, for example, Patent Document 1). According to the printer described in Patent Document 1, since printing is not accepted from a terminal that does not permit printing, use of the printer by a third party can be restricted.
JP 2006-168019 A

  However, in the printer described in Patent Document 1, since it is necessary to register terminal information in the printer when printing, even if the owner of the printer prints from a new terminal, the terminal information There is a problem that registration work is required and convenience is lowered. That is, conventionally, there has not been proposed a printer that achieves both security and convenience that restrict the use of a third-party printer in wireless connection between a terminal and the printer.

  In view of the above problems, an object of the present invention is to provide a communication device, a printer, and a program that can ensure security and improve convenience.

  In view of the above problems, the present invention is based on an authentication proxy request transmitted from a first terminal (for example, PC 11) to a second terminal (for example, PDA 13) in order to request authentication by the communication device. Receiving means for receiving a third-party authentication request transmitted to request authentication of one terminal, and a third-party authentication result including a result of whether or not to authenticate the first terminal based on the third-party authentication request. And a communication device (for example, a printer 12) characterized by having a transmission means for transmitting to a second terminal.

  According to the present invention, the communication device receives a third-party authentication request via the second terminal and transmits the third-party authentication result even if there is no direct authentication relationship with the first terminal. be able to.

  In one embodiment of the present invention, the authentication proxy request is transmitted from the first terminal authorized by the second terminal, and the third-party authentication request is authorized by the communication device. If it is transmitted from the second terminal, the transmitting means transmits a third-party authentication result permitting authentication.

  According to the present invention, the first terminal can be authenticated based on the authentication relationship between the first terminal and the second terminal and the authentication relationship between the second terminal and the communication device.

  Further, in one aspect of the present invention, the authentication proxy request and the third party authentication request have the address of the first terminal, and if the third party authentication result permits authentication, the first request is made according to the address. And connecting means for connecting to the terminal.

  According to the present invention, the communication device can be connected to the first terminal.

  One embodiment of the present invention is characterized in that the first terminal and the second terminal, and the second terminal and the communication device communicate with each other via Bluetooth.

  In one embodiment of the present invention, when authentication is permitted, the third-party authentication result includes a password for connecting to the communication device, and the first terminal uses the password received from the second terminal. It connects to the said communication apparatus, It is characterized by the above-mentioned.

  According to the present invention, since the user does not need to remember the password, convenience is further improved. In addition, the first terminal can be connected to the communication device.

  It is possible to propose a communication device, a printer, and a program that can ensure security and improve convenience.

The best mode for carrying out the present invention will be described below based on the embodiments with reference to the drawings.
[First Embodiment]
FIG. 1 shows an example of a system configuration diagram of a wireless communication system 10. A wireless communication system 10 in FIG. 1 includes a personal computer (hereinafter referred to as a PC) 11, a printer 12, and a PDA (Personal Data Assistant) 13, each having a communication module compliant with Bluetooth (registered trademark). . The PC 11 and the PDA 13 have been authenticated with each other, and the printer 12 and the PDA 13 have been authenticated with each other (hereinafter, the relationship of being authenticated with each other is referred to as an authentication relationship).

  FIG. 2 shows an outline of a procedure in which the PDA 13 performs authentication substitution in the wireless communication system 10 of the present embodiment. In this embodiment, as shown in FIG. 2A, the PC 11 transmits an authentication proxy request to the PDA 13, and the PDA 13 receives the request and transmits a third-party authentication request to the printer 12. Since there is an authentication relationship between them, the printer 12 can authenticate the PC 11 by using two authentication relationships.

  That is, when the PC 11 issues a connection request to the printer 12, the PC 11 realizes connection with the printer 12 using the authentication relationship between the PC 11 and the PDA 13 and the authentication relationship between the PDA 13 and the printer 12. Therefore, even if there is no authentication relationship between the PC 11 and the printer 12, the PC 11 can print using the printer 12. Further, since a third party PC (not shown) that is not authenticated by the PDA 13 and the printer 12 cannot be printed by the printer 12, security is also ensured.

  In the following, Bluetooth (registered trademark) is referred to as BLTH, a communication device compliant with Bluetooth (registered trademark) is referred to as a BLTH module, and a device equipped with the BLTH module is referred to as a BLTH device.

  The authentication relationship will be described. In the case of a BLTH module, when connecting for the first time, both BLTH modules 25 are required to transmit the same PIN (Personal Identification Number) code to each other. That is, the user has an authentication relationship only when the connection is established, if the operation called bonding or pairing for mutually authenticating the PIN codes (link keys) between the terminals is completed. In FIG. 1, bonding is completed between the PC 11 and the PDA 13 and between the PDA 13 and the printer 12.

  In the case of wireless LAN, the terminal must store the same ESS-ID (Extend Service Set-Identifier) and WEP (Wired Equivalent Privacy) key stored in the access point when connecting to the access point. is required. Therefore, in the case of wireless LAN, if the terminal stores ESS-ID and WEP, there is an authentication relationship.

  If there is such an authentication relationship, the PC 11 and the PDA 13, the printer 12 and the PDA 13 can communicate with each other to transmit / receive desired data. Hereinafter, a case where the PC 11, the PDA 13, and the printer 12 communicate with each other using the BLTH module 25 will be described as an example. However, the present invention can be suitably applied to infrared communication, ZIGBEE, and the like as well as a wireless LAN.

  An outline of BLTH will be described. FIG. 3 shows an example of a protocol stack of BLTH. The protocol stack of FIG. 3 has a configuration in which an authentication management layer 31 is added to the layer configuration defined in the BLTH standard.

  The physical layer is a layer that performs so-called RF communication processing, and forms a communication path by radio waves modulated by a frequency hopping type spread spectrum system using a frequency band of 2.4 GHz. The baseband layer is a layer serving as an interface for transmitting and receiving packets to and from the physical layer, and provides two communication links, an SCO link and an ACL link. The baseband layer performs processing such as switching of transmission / reception frequencies for frequency hopping, error correction, and piconet formation.

  The link management layer specifies communication link settings and various communication parameters related to the link to the baseband layer. They are defined in the link management layer as control packets, and are used for communication with the connection destination BLTH module 25 as necessary. The voice layer is a layer that delivers a voice-coded signal from a higher-level application to the baseband layer when the link management layer sets a communication link for voice use.

  The logical link management layer (L2CAP) manages user data (print data, etc. in this embodiment) other than voice data provided by a higher-level application as a logical channel transmitted and received in the baseband layer, and has a predetermined size. Split or reassemble into packets.

  The layer above the logical link management layer is a layer in which various protocols adapted to the logical link management layer can be stacked. SDP (service discovery protocol) is a layer for searching for available services, and defines functions and procedures for acquiring information about services. For example, if the SDP of the printer 12 is used, it is searched that a service called printing is available. RFCOMM is also called a cable replacement protocol, and is a layer that defines a protocol for serial transmission instead of wired communication.

  In general, the physical layer, the baseband layer, and the link management layer are functions common to all the BLTH modules 25. Therefore, the logical layer management layer and the voice layer are configured as hardware on the IC chip of the BLTH module 25. The upper layers that are included are implemented by software executed by the PC 11, the printer 12, the PDA 13, and the like (sometimes referred to as the host side).

  The authentication management layer 31 plays a central role for realizing the authentication of the present embodiment, but the authentication management layer 31 is also implemented as an application (program) of the PC 11, the printer 12, and the PDA 13.

  By the way, BLTH defines a common interface for accessing the lower layer so as to provide compatibility that allows connection even if the provider (manufacturer, etc.) of the upper layer is different. This interface is called HCI (Host Control Interface) and provides consistency with existing interfaces for wireless communication by BLTH. With the HCI interface, the upper layer (the authentication management layer 31, the logical link management layer, and the voice layer in the figure) can access the lower layer hardware without being aware of the BLTH-specific communication protocol.

  Therefore, the HCI is provided between the physical layer, the baseband layer and the link management layer side, and an upper layer, and is used as firmware or middleware of an IC chip or an IC chip constituting the physical layer and the baseband layer. Has been implemented.

  FIG. 4 is a hardware configuration diagram of a computer that executes a program that implements the authentication management layer 31. The PC 11, printer 12, and PDA 13 are also designed according to their required functions, but the basic configuration in FIG. 4 is common.

  The computer is configured to include a RAM 21, a ROM 22, a drive device 23, an input device 24, a BLTH module 25, a display control device 26, a storage device 27, and a CPU 28 that are mutually connected by a bus.

  The RAM 21 is a working memory for temporarily storing an OS (Operating Software) and various programs and data, and the ROM 22 stores a program for starting the OS such as a BIOS and a setting file. The drive device 23 is configured so that the storage medium 29 can be attached and detached, and is used when writing the authentication management program 30 and data into the storage medium 29, and also stores the authentication management program 30 and data recorded in the storage medium 29. Used when reading.

  The input device 24 is a device for inputting various operation instructions from the user, such as a pointing device such as a keyboard and a mouse, and a touch panel. The BLTH module 25 is a communication device compliant with BLTH, and is an IC chip or the like on which a layer composed of hardware is mounted in the protocol stack of FIG. Radio waves are transmitted and received between the antennas provided in the BLTH module 25, and packets such as print data are extracted by the BLTH module 25.

  The display control device 26 controls the screen displayed on the display, and instructs the display, for example, the display position of the window, operation screen, etc. generated by the application program.

  The storage device 27 is a non-volatile memory such as an HDD (hard disk drive) or a flash memory, and stores files such as an OS, an authentication management program 30, an application program, and a driver.

  The CPU 28 loads the OS, the authentication management program 30, the application program, and the like from the storage device 27 and executes them, thereby providing the authentication management layer 31, other layers, and various functions, and processing performed by the computer. Control all over.

  The authentication management program 30 may be shipped as the PC 11, the printer 12, or the PDA 13 in a state installed in the storage device 27 in advance, or may be downloaded from the network or distributed by the storage medium 29 and transferred from the drive device 23 to the storage device 27. May be installed.

  Based on the above configuration, the procedure in which the PC 11 receives authentication of the printer 12 via the PDA 13 and connects to the printer 12 will be described with reference to the sequence diagram of FIG. Note that FIG. 5 is executed by the authentication management layers 31A to 31C of each device.

  First, the PC 11 instructs the link management layer to execute an inquiry using a standard HCI command (for example, Inquiry) in order to find a BLTH device around the PC 11 (S301). Thereby, the link management layer of the PC 11 can transmit the inquiry packet to the PDA 13. In BLTH, one master and one or more slaves form a network (piconet), but an inquiry is transmitted from the master when connecting to a surrounding slave (whether or not).

  The PDA 13 waits for a connection request until an inquiry is received from the PC 11, and waits for a connection from any device (here, the PC 11) (S401). When the inquiry packet is transmitted from the PC 11 to the PDA 13, the PDA 13 having an authentication relationship with the PC 11 transmits the FHS packet. Note that the BLTH address and clock information necessary for intra-piconet synchronization are exchanged by receiving the FHS.

  When there are a plurality of slaves (here, PDA 13) around the PC 11, the PC 11 receives a plurality of FHS packets. Therefore, the authentication management layer 31A of the PC 11 performs connection processing described below for each slave that has transmitted the FHS packets. Execute. When the connection process is completed for all slaves, the sequence diagram of FIG.

  Next, the authentication management layer 31A of the PC 11 instructs the link management layer to execute connection using a standard HCI command (for example, Create_Connection) in order to connect to the PDA 13 (S303). Since the communication is preferably encrypted, the standard HCI command “Set_Connection_Encryption” may be transmitted to the link management layer to encrypt the communication between the link management layers of the connected devices.

  In response to this connection request, the PDA 13 transmits a predetermined response (for example, Connection_Complete) to the PC 11 (S402). The connection is completed by receiving Create_Connection and sending Connection_Complete.

  The authentication management layer 31A of the PC 11 determines whether or not the connection with the PDA 13 has been established based on the response from the PDA 13 (S304). If the connection could not be established (No in S304), the process returns to step S302 to move to the process for other BLTH devices. If the process is executed for all the BLTH devices found in step S301, the process shown in the sequence diagram of FIG. Exit.

If the connection is established, the authentication management layer 31A of the PC 11 requests the PDA 13 to perform an authentication proxy with the printer 12 (S305). Since the authentication proxy request command is not defined in the standard HCI command, for example, the following command is transmitted to the authentication management layer 31B of the PDA 13.
"command"
Ninsyo_Daiko_Yokyu, 00: 01: 02: 03: 04: 06, 01: 02: 03: 04: 05: 06
Where 00: 01: 02: 03: 04: 05: 06: BLTH address of the PC
01: 02: 03: 04: 05: 06: BLTH address of the printer Note that information indicating that the PC 11 and the PDA 13 are in an authentication relationship may be included in the command.

  Through the processing so far, as shown in FIG. 2A, an authentication proxy request is transmitted from the PC 11 to the PDA 13.

  The authentication management layer 31B of the PDA 13 receives the authentication proxy request transmitted from the PC 11 (S403). The authentication management layer 31B of the PDA 13 interprets the command and tries to connect to the printer 12.

  The connection method is the same as in steps S301 to S303, but at the time of step S403, the role of the PDA 13 is a slave, and a new connection cannot be made in this state. Therefore, the authentication management layer 31B of the PDA 13 changes to the master or disconnects the connection with the PC 11 using the standard HCI command Switch_Role before starting the connection to the printer 12.

  Since the authentication proxy request includes the BLTH address of the printer 12 as described above, the authentication management layer 31B of the PDA 13 uses the standard HCI command “Paging” to instruct the link management layer to execute connection (S404). ).

  If the BLTH address of the printer 12 is not known to the PC 11, in this case, the PDA 13 acquires “Code Of Device” from the surrounding BLTH device and searches for the printer 12.

  Next, the authentication management layer 31C of the printer 12 instructs the link management layer to transmit an FHS packet, and the connection between the PDA 13 and the printer 12 is established by transmission / reception of Create_Connection and Connection_Complete.

When the connection is completed, the authentication management layer 31B of the PDA 13 instructs the link management layer to transmit a third-party authentication request to the printer 12 (S405). The authentication management layer 31B of the PDA 13 instructs the link management layer to transmit a command such as the following, for example.
"command"
Daisansya_Ninsyo_Yokyu, 00: 01: 02: 03: 04: 06, 01: 02: 03: 04: 05: 06
Where 00: 01: 02: 03: 04: 05: 06: BLTH address of the PC
01: 02: 03: 04: 05: 06: BLTH address of the printer Through the processing so far, a third-party authentication request is transmitted from the PDA 13 to the printer 12 as shown in FIG.

The printer 12 receives a third party authentication request from the PDA 13 (S502). The authentication management layer 31C of the printer 12 interprets the third-party authentication request command and instructs the link management layer to transmit the third-party authentication result (S503). The third party authentication result is, for example, authentication OK if there is an authentication relationship between the printer 12 and the PDA 13 and if there is an authentication relationship between the PC 11 and the PDA 13. Accordingly, the PC 11 authenticated by the PDA 13 is determined to be safe, and the printer 12 transmits a third-party authentication result of authentication OK.
《Third party authentication result》
If authenticated: Ninsyo_sareta, 00: 01: 02: 03: 04: 06
If not authenticated: Ninsyo_sarenakatta, 00: 01: 02: 03: 04: 06
Returning to step S406, the authentication management layer 31B of the PDA 13 determines whether or not the third-party authentication request has been transmitted (S406). This determination is No, for example, when radio waves do not reach or when the printer 12 cannot be connected (when there is no authentication relationship).

  Next, the PDA 13 receives the third party authentication result (S407). If the third party authentication result can be normally received and “Ninsyo_sareta” is included, the printer 12 has authenticated the PC 11. Also, if “Ninsyo_sarenakatta” is included in the third party authentication result or if the connection cannot be made, the authentication is not successful.

The authentication management layer 31B of the PDA 13 transmits an authentication proxy result to the PC 11 according to whether or not the PC 11 has been authenticated (S408). For example, authentication proxy results transmitted by the PDA 13 are as follows.
<Authentication results>
If authenticated: Ninsyo_sareta, 00: 01: 02: 03: 04: 06
If not authenticated: Ninsyo_sarenakatta, 00: 01: 02: 03: 04: 06
Here, since the role of the PDA 13 is the master, it is not necessary to change to the master. When the result of the authentication proxy request to the PC 11 is transmitted, the role of the authentication management layer 31B of the PDA 13 is terminated.

By the way, since the roles of both the PDA 13 and the PC 11 become masters when the PDA 13 transmits the authentication proxy result, the authentication management layer 31A of the PC 11 transmits the authentication proxy request in step S305, and then manages the disconnection of the link. Instruct the layer (S306)
Then, the PC 11 receives the authentication proxy result from the PDA 13 (S307). The authentication management layer 31A of the PC 11 interprets the authentication proxy result and determines the result of the authentication proxy request (S308). If “Ninsyo_sarenakatta” is included in the authentication proxy request, the process returns to step S302 and the same processing is performed on another PDA 13.

  When “Ninsyo_sareta” is included in the authentication proxy request (Yes in S308), since there is a connection request from the printer 12 to the PC 11, the PC 11 is in a standby state until then (S310).

  Returning to step S504, following the transmission of the third-party authentication request (S503), the authentication management layer 31C of the printer 12 determines the authentication proxy request source based on the BLTH address of the PC 11 included in the third-party authentication request. The link management layer is instructed to connect to the PC 11 (S504).

  Accordingly, the PC 11 can establish a connection as a slave from the printer 12 (S311).

  When the connection process with the PC 11 is completed, the role of the authentication management layer 31C of the printer 12 and the role of the authentication management layer 31A of the PC 11 are terminated, and communication between each other can be performed by the upper application of the PC 11 and the printer 12. .

  With the above processing, the PC 11 can be connected to the printer 12 as shown in FIG.

  According to this embodiment, even if there is no direct authentication relationship between the parties, printing can be performed with the aid of an authentication relationship other than between the parties, so that it is not necessary to perform bonding or the like again, improving convenience. To do. Even when bonding is not required, if the connection to the printer 12 by the third party PC 11 is not permitted in the visited office, the PDA 13 of the visiting company employee and the PC 11 are in an authentication relationship. Thus, it is possible to permit third party printing while ensuring security.

  The relationship between the PC 11, the printer 12, and the PDA 13 is only an example. The PC 11 may perform an authentication proxy or a third party authentication proxy, the PDA 13 may request an authentication proxy or a third party authentication proxy, and the printer 12 may request an authentication proxy or request a third party authentication. May be.

  Further, the PC 11, the printer 12, and the PDA 13 are only examples of BLTH devices, and a form of the PC 11 may include a PDA 13, an MFP (Multi Function Printer), a mobile phone, a PHS, and the like. May include PHS, personal computer, MFP. The printer 12 may be an MFP, a facsimile machine, a copying machine, or the like.

Further, in this embodiment, only one PDA 13 is used as a BLTH device that mediates an authentication request to the printer 12 to which the PC 11 wants to connect, but a plurality of PDAs 13 may be provided. In this case, only the PDA 13 closest to the printer 12 transmits a third-party authentication request to the printer 12, and authentication proxy requests are successively transmitted and received between the PDAs 13. Therefore, by combining BLTH devices having an authentication relationship, it is possible to connect between desired BLTH devices, and it is possible to ensure convenience while ensuring security.
[Second Embodiment]
In the first embodiment, when the third party authentication request is accepted, the printer 12 connects to the PC 11. However, the third party authentication request is performed in the same manner. You may connect to.

  FIG. 6 shows a system configuration diagram of the wireless communication system 10 in the present embodiment. In FIG. 6, the description of the same components as those in FIG. 1 is omitted. When connecting from the PC 11 to the printer 12, bonding is not performed as in the first embodiment, but in this embodiment, security between the PC 11 and the printer 12 is managed by a password instead of bonding. Yes. Therefore, for example, even if a link key, ESS-ID, etc. are obtained openly, connection is impossible without a password.

  As shown in FIG. 6, the process is the same as in the first embodiment until the PC 11 issues an authentication proxy request to the PDA 13 and the PDA 13 requests the printer 12 to perform third party authentication. However, when the third party authentication request is permitted. The printer 12 transmits the password to the PC 11 via the PDA 13. Therefore, the PC 11 that has been authenticated by the third party can connect to the printer 12 using the password and print.

  FIG. 7 shows a sequence diagram of a procedure in which the PC 11 receives a password via the PDA 13 and connects to the printer 12. The processing in FIG. 7 is the same as that in FIG. 5 until the printer 12 receives a third-party authentication request in step S502.

When the printer 12 receives a third-party authentication request from the PDA 13 (S502), the authentication management layer 31C of the printer 12 interprets the third-party authentication request command and instructs the link management layer to transmit the third-party authentication result. (S503). For example, if there is an authentication relationship between the printer 12 and the PDA 13 and between the PDA 13 and the PC 11, the third party authentication result is authentication OK. In this embodiment, the authentication management layer 31C of the printer 12 includes “PASSWORD (password)”, and transmits, for example, the following third-party authentication result. “PASSWORD” is a password for the PC 11 to connect to the printer 12. This content is the same in the authentication proxy result.
<Result of third-party authentication request>
Ninsyo_sareta, 00: 01: 02: 03: 04: 06, PASSWORD
Returning to step S406, the authentication management layer 31B of the PDA 13 determines whether or not the third-party authentication request has been transmitted (S406). This determination is No, for example, when radio waves do not reach or when the printer 12 cannot be connected (when there is no authentication relationship).

  Next, the PDA 13 receives the third party authentication result (S407). If the third party authentication result can be normally received and “Ninsyo_sareta” is included, the printer 12 has authenticated the PC 11, and if “Ninsyo_sarenakatta” is included or if the connection has failed, the authentication has not been performed.

The authentication management layer 31B of the PDA 13 instructs the link management layer to transmit an authentication proxy result according to whether or not the PC 11 has been authenticated (S408). Accordingly, the authentication proxy results of the printer 12 are as follows, for example.
<Authentication results>
If authenticated: Ninsyo_sareta, 00: 01: 02: 03: 04: 06, PASSWORD
If not authenticated: Ninsyo_sarenakatta, 00: 01: 02: 03: 04: 06
When the result of the authentication proxy request is transmitted to the PC 11, the role of the authentication management layer 31B of the PDA 13 is terminated.

By the way, since the roles of both the PDA 13 and the PC 11 become masters at the stage where the PDA 13 transmits the authentication proxy result, the authentication management layer 31A of the PC 11 disconnects the connection after transmitting the authentication proxy request in step S305 (S306). )
Then, the PC 11 receives the authentication proxy result from the PDA 13 (S307). The authentication management layer 31A of the PC 11 interprets the authentication proxy result and determines whether the authentication proxy request has been accepted (S308).

  If the authentication proxy request includes “Ninsyo_sarenakatta” (No in S308), the process returns to step S302 and the same processing is performed on another PDA 13.

  When the authentication proxy request includes “Ninsyo_sareta” (Yes in S308), the authentication management layer 31A of the PC 11 extracts the PASSWORD from the authentication proxy result, and the PC 11 connects to the printer 12 (S312). Thereby, the printer 12 and the PC 11 are connected (S504).

  When the connection process with the PC 11 is completed, the role of the authentication management layer 31C of the printer 12 and the role of the authentication management layer 31A of the PC 11 are terminated, and communication between the PC 11 and the printer 12 can be performed with each other.

  According to the present embodiment, in addition to the effects of the first embodiment, the user does not need to remember the password, and convenience is further improved.

It is an example of the system block diagram of a radio | wireless communications system. It is a figure which shows the outline of the procedure in which PDA performs an authentication agency in a radio | wireless communications system. It is a figure which shows an example of the protocol stack of BLTH. It is an example of the hardware block diagram of the computer which performs the program which implement | achieves an authentication management layer. FIG. 3 shows a sequence diagram of a procedure in which a PC receives printer authentication via a PDA and connects to the printer. It is an example of the system block diagram of a radio | wireless communications system (2nd Embodiment). FIG. 10 is a sequence diagram of a procedure in which a PC receives a password via a PDA and connects to a printer.

Explanation of symbols

10 wireless communication system 11 PC (personal computer)
12 Printer 13 PDA
25 BLTH module 29 Storage medium 30 Authentication management program 31, 31A, 31B, 31C Authentication management layer

Claims (8)

Third-party authentication sent by the second terminal to request authentication of the first terminal based on an authentication proxy request sent to the second terminal to request authentication by the communication device Receiving means for receiving the request;
Transmitting means for transmitting a third party authentication result including a result of whether to authenticate the first terminal based on the third party authentication request to the second terminal;
A communication apparatus comprising: The authentication proxy request is transmitted from the first terminal authorized by the second terminal, and
When the third-party authentication request is transmitted from the second terminal that is permitted to authenticate by the communication device,
The transmitting means transmits the third-party authentication result permitting authentication;
The communication apparatus according to claim 1. The authentication proxy request and the third party authentication request have an address of the first terminal,
If the third-party authentication result is one that permits authentication, it has connection means for connecting to the first terminal according to the address,
The communication apparatus according to claim 1 or 2, characterized in that The first terminal and the second terminal, and the second terminal and the communication device communicate with each other via Bluetooth.
The communication apparatus according to any one of claims 1 to 3. When authentication is permitted, the third-party authentication result includes a password for connecting to the communication device,
The first terminal connects to the communication device using the password received from the second terminal;
The communication apparatus according to claim 1.   A printer equipped with the communication device according to claim 1. On the computer,
Receiving, by means of communication means, an authentication proxy request transmitted by the first terminal to request authentication by the third terminal;
Transmitting a third-party authentication request for requesting authentication of the first terminal to the third terminal by the communication means based on the received authentication proxy request;
Receiving, by the communication means, a third party authentication result transmitted from the third terminal and including a result of whether or not to authenticate the first terminal;
Based on the third party authentication result, transmitting an authentication proxy result including a result of the authentication proxy request to the first terminal by the communication means;
A program characterized by having executed. On the computer,
Transmitting an authentication agent request for requesting authentication by the third terminal to the second terminal by the communication means;
A third party authentication result including a result of whether or not to authenticate the computer based on a third party authentication request for requesting authentication of the computer transmitted from the second terminal. To the second terminal,
Receiving the authentication proxy result including the result of the authentication proxy request transmitted by the second terminal based on the third party authentication result by the communication means;
A program characterized by having executed.

Images