JP2021057713A - Communication device and computer program for communication device - Google Patents

Abstract

To disclose a novel technique that establishes a wireless connection between a communication device and a second external device by utilizing a first external device.SOLUTION: A communication device receives a specific signal from a first external device via a second wireless interface, causes an output unit to output the specific information obtained by using a public key after receiving the specific signal from the first external device, receives an authentication request using the public key from the first external device via a first wireless interface to transmit an authentication response to the first external device after outputting the specific information, receives connection information from the first external device via the first wireless interface, and uses the connection information to establish wireless communication between the communication device and a second external device via the first wireless interface after transmitting the authentication response to the first external device.SELECTED DRAWING: Figure 7

Description

This specification discloses a technique relating to a communication device capable of establishing a wireless connection with an external device.

Patent Document 1 discloses a technique for establishing a wireless connection between a camera and an AP by using a smartphone. In response to receiving an operation from the user, the camera displays a QR code (registered trademark) including information for setting communication parameters, and starts monitoring reception of a search signal. By reading the QR code displayed on the camera, the smartphone acquires information for setting communication parameters and transmits a search signal to the camera. When the camera receives the search signal from the smartphone, the camera transmits a response to the search signal to the smartphone. When the response is received from the camera, the smartphone sets the communication parameters using the acquired information and sends the set communication parameters to the camera. Further, the smartphone executes the same process with the AP and transmits the communication parameter to the AP. This allows the camera to establish a wireless connection with the AP using the received communication parameters.

JP-A-2017-28454 Japanese Unexamined Patent Publication No. 2018-6983 JP-A-2018-37778

"Device Provisioning Protocol Technical Specification Version 1.1" Wi-Fi Alliance, 2018

This specification discloses a novel technique for establishing a wireless connection between a communication device and a second external device by utilizing the first external device.

The communication device disclosed by the present specification includes a first wireless interface, a second wireless interface different from the first wireless interface, an output unit different from the second wireless interface, and a first. A specific signal receiving unit that receives a specific signal from an external device via the second wireless interface, and specific information obtained by using a public key after the specific signal is received from the first external device. Is a first output control unit that outputs the above to the output unit, and the public key is acquired by the first external device by outputting the specific information. After the specific information is output, the authentication request receiving unit that receives the authentication request using the public key from the first external device via the first wireless interface, and the first When the authentication request is received from the external device, the authentication response transmission unit that transmits the authentication response, which is a response to the authentication request, to the first external device via the first wireless interface, and the authentication. A connection information receiving unit that receives connection information from the first external device via the first wireless interface after the response is transmitted to the first external device. The connection information from the connection information receiving unit and the first external device, which is information for establishing a wireless connection between the communication device and the second external device via the first wireless interface. Is received, the connection information is used to provide an establishment unit for establishing the wireless connection between the communication device and the second external device via the first wireless interface. ..

According to the above configuration, the communication device outputs the specific information obtained by using the public key after receiving the specific signal from the first external device via the second wireless interface. As a result, the public key is acquired by the first external device. After that, the communication device receives the authentication request using the public key from the first external device via the first wireless interface different from the second wireless interface, and sends the authentication response to the first external device. It transmits and receives connection information from the first external device. As a result, the communication device can establish a wireless connection with the second external device by using the connection information.

Further, the communication device disclosed by the present specification includes a first wireless interface, a second wireless interface different from the first wireless interface, and the second wireless interface from the first external device. After the specific signal is received from the specific signal receiving unit that receives the specific signal and the first external device, the state of the communication device is changed from the impossible state to the possible state. The impossible state is a state in which an authentication response, which is a response to an authentication request, is not transmitted, and the possible state is a state in which the authentication request is received from the first external device. Authentication that receives the authentication request from the first state transition unit and the first external device, which is a state of transmitting the authentication response to the first external device, via the first wireless interface. When the authentication request is received from the first external device after the state of the request receiving unit and the communication device is shifted to the possible state, the authentication response is made via the first wireless interface. The authentication response transmission unit that transmits the authentication response to the first external device, and after the authentication response is transmitted to the first external device, from the first external device via the first wireless interface. A connection information receiving unit that receives connection information, and the connection information is information for establishing a wireless connection between the communication device and the second external device via the first wireless interface. When the connection information is received from the connection information receiving unit and the first external device, the first connection information is used between the communication device and the second external device. It is provided with an establishment unit for establishing the wireless connection via the wireless interface of the above.

According to the above configuration, the communication device shifts from the impossible state to the possible state after receiving the specific signal from the first external device via the second wireless interface. As a result, when the communication device receives the authentication request from the first external device via the first wireless interface different from the second wireless interface, the communication device can transmit the authentication response to the first external device. it can. Then, the communication device can receive the connection information from the first external device and use the connection information to establish a wireless connection with the second external device.

A computer program for realizing the above-mentioned communication device and a computer-readable recording medium for storing the computer program are also new and useful. Also, the method performed by the above communication device is new and useful. Further, a communication system including the above-mentioned communication device and another device (for example, a first external device, a second external device) is also new and useful.

The configuration of the communication system is shown. An explanatory diagram for explaining the outline of an embodiment is shown. The sequence diagram of the Bootstrapping process of Case A is shown. The sequence diagram of the processing of Authentication is shown. The sequence diagram of the processing of Configuration is shown. The sequence diagram of the processing of Network Access is shown. The sequence diagram of the Bootstrapping process of Case B is shown. The sequence diagram of the Bootstrapping process of Case C is shown. The sequence diagram of the Bootstrapping process of Case D is shown.

(Configuration of communication system 2; FIG. 1)
As shown in FIG. 1, the communication system 2 includes an AP (abbreviation of Access Point) 6, a terminal 10, and a printer 100. In this embodiment, it is assumed that the user uses the terminal 10 to establish a wireless connection (hereinafter, referred to as "Wi-Fi connection") between the printer 100 and the AP6 according to the Wi-Fi method. doing.

(Configuration of terminal 10)
The terminal 10 is a portable terminal device such as a mobile phone (for example, a smartphone), a PDA, or a tablet PC. In the modified example, the terminal 10 may be a stationary PC, a notebook PC, or the like. The terminal 10 includes a camera 15, a Wi-Fi interface 16, and a Bluetooth® interface 17. In the following, the interface is simply referred to as "I / F" and Bluetooth is simply referred to as "BT". The camera 15 is a device for photographing an object, and in this embodiment, it is particularly used for photographing a QR code for the AP6 and the printer 100. Further, the terminal 10 stores the connected application 40 (hereinafter, simply referred to as “application 40”). The application 40 is a program for establishing a Wi-Fi connection between the printer 100 and the AP 6, and is installed on the terminal 10 from a server on the Internet provided by the vendor of the printer 100, for example.

The Wi-Fi I / F 16 is a wireless interface for executing Wi-Fi communication according to the Wi-Fi method. The Wi-Fi method is, for example, the standard of IEEE (abbreviation of The Institute of Electrical and Electronics Engineers, Inc.) 802.11 and the standard equivalent thereto (for example, 802.11a, 11b, 11g, 11n, 11ac, etc.). According to the above, it is a wireless communication method for executing wireless communication. In particular, the Wi-Fi I / F16 supports the DPP (abbreviation of Device Provisioning Protocol) method, which will be formulated by the Wi-Fi Alliance. The DPP method is described in "DRAFT Device Provisioning Protocol Technical Specification Version 0.2.11" which is a draft of the standard document created by Wi-Fi Alliance, and a pair of devices (for example, a printer 100 and a printer 100) are used by using the terminal 10. This is a wireless communication method for easily establishing a Wi-Fi connection between AP6).

The BTI / F17 is a wireless interface for executing BT communication according to the BT method. The BT method is, for example, a wireless communication method based on the standard of IEEE802.5.1 and a standard equivalent thereto. More specifically, BTI / F17 supports BLE (short for Bluetooth Low Energy). BLE is a standard realized in version 4.0 or later of the BT method.

The differences between the Wi-Fi method and the BT method will be described. The communication speed of Wi-Fi communication (for example, the maximum communication speed is 600 Mbps) is faster than the communication speed of BT communication (for example, the maximum communication speed is 24 Mbps). The frequency of the carrier wave in Wi-Fi communication is 2.4 GHz band or 5.0 GHz band. The frequency of the carrier wave in BT communication is the 2.4 GHz band. That is, when the 5.0 GHz band is adopted as the carrier frequency in Wi-Fi communication, the carrier frequency in Wi-Fi communication and the carrier frequency in BT communication are different. Further, the maximum distance at which Wi-Fi communication can be executed (for example, about 100 m) is larger than the maximum distance at which BT communication can be executed (for example, about several tens of m).

(Configuration of Printer 100)
The printer 100 is a peripheral device (for example, a peripheral device of the terminal 10) capable of executing a printing function. The printer 100 includes an operation unit 112, a display unit 114, a Wi-Fi I / F 116, a BTI / F 117, a print execution unit 118, and a control unit 130. Each part 112 to 130 is connected to a bus line (reference numeral omitted).

The operation unit 112 includes a plurality of keys. The user can input various instructions to the printer 100 by operating the operation unit 112. The display unit 114 is a display for displaying various information. The Wi-Fi I / F 116 is the same as the Wi-Fi I / F 16 of the terminal 10. That is, the Wi-Fi I / F 116 supports the DPP method. The Wi-Fi I / F 116 also has a MAC address "abc". The BTI / F117 is the same as the BTI / F17 of the terminal 10. The print execution unit 118 includes a printing mechanism such as an inkjet method or a laser method.

The control unit 130 includes a CPU 132 and a memory 134. The CPU 132 executes various processes according to the program 136 stored in the memory 134. The memory 134 is composed of a volatile memory, a non-volatile memory, and the like.

(Outline of this embodiment; Fig. 2)
Subsequently, the outline of this embodiment will be described with reference to FIG. As mentioned above, the terminal 10 and the printer 100 support the DPP method, but the AP6 also supports the DPP method. Then, in this embodiment, it is realized that the Wi-Fi connection between the printer 100 and the AP6 is established by each of the devices 6, 10 and 100 executing the communication according to the DPP method. In the following, for ease of understanding, the operations executed by the CPU (for example, CPU 132, etc.) of each device will be described not mainly for the CPU but for each device (for example, the printer 100).

At T5, the terminal 10 executes DPP bootstrapping (hereinafter, simply referred to as “BS”) with AP6. In response to the QR code affixed to the AP6 being photographed by the terminal 10, the BS obtains information from the AP6 to be used in the T10 Authentication (hereinafter, simply referred to as “Aus”) described later. This is a process provided to the terminal 10.

At T10, the terminal 10 uses the information acquired by the BS of T5 to execute the DPP method of With AP6. The Auth is a process for each of the terminal 10 and the AP6 to authenticate the communication partner.

At T15, the terminal 10 executes DPP-type Configuration (hereinafter, simply referred to as “Config”) with AP6. The Config is a process of transmitting information to the AP6 for establishing a Wi-Fi connection between the printer 100 and the AP6. Specifically, the terminal 10 describes the first Configuration Object for establishing a Wi-Fi connection between the printer 100 and the AP6 in the Configuration (hereinafter, the Configuration Object is simply referred to as “CO”). ) Is generated and the first CO is transmitted to AP6. As a result, in AP6, the first CO is stored.

Next, the terminal 10 executes the DPP type BS with the printer 100 at T20. The BS is a process in which the printer 100 provides the terminal 10 with information used in the T25 Out, which will be described later, in response to the QR code displayed on the printer 100 being photographed by the terminal 10.

At T25, the terminal 10 uses the information acquired by the BS of T20 to execute the DPP-type Auth with the printer 100. The Auth is a process for each of the terminal 10 and the printer 100 to authenticate the communication partner.

At T30, the terminal 10 executes a DPP-type Config with the printer 100. The Config is a process of transmitting information for establishing a Wi-Fi connection between the printer 100 and the AP6 to the printer 100. The terminal 10 generates a second CO for establishing a Wi-Fi connection between the printer 100 and the AP6 in the Config, and transmits the second CO to the printer 100. As a result, the printer 100 stores the second CO.

In T35, the printers 100 and AP6 utilize the stored first and second COs to perform a DPP-based Network Access (hereinafter simply referred to as "NA"). NA is a process for sharing a connection key for establishing a Wi-Fi connection between the printer 100 and AP6.

At T40, the printer 100 and AP6 execute 4-way-handshake communication. In at least a part of the 4-way-handshake communication process, the printer 100 and the AP6 communicate the encrypted information encrypted by the connection key shared by the NA of the T35. Then, when the decryption of the encrypted information is successful, a Wi-Fi connection is established between the printer 100 and the AP6. As a result, the printer 100 can participate in the wireless network formed by the AP6 as a slave station, and as a result, perform communication with other devices participating in the wireless network via the AP6. Can be done. In the modified example, the printer 100 and AP6 may execute SAE (Simultaneous Authentication of Equals, commonly known as "Dragonfly") communication instead of the 4-way-handshake communication.

At T45, the printer 100 causes the display unit 114 to display a completion screen indicating that the Wi-Fi connection has been established with AP6. When the processing of T45 is completed, the processing of FIG. 2 is completed.

In the DPP method, in order to establish a Wi-Fi connection between the printer 100 and the AP6, the user can use information on the wireless network in which the AP6 operates as a master station (for example, SSID (abbreviation of Service Set Identifier), password, etc.). Does not need to be input to the printer 100. Therefore, the user can easily establish a Wi-Fi connection between the printer 100 and the AP6.

(Explanation of each process; FIGS. 3 to 9)
Subsequently, the details of each process executed in T20 to T35 of FIG. 2 will be described with reference to FIGS. 3 to 9. Since the processing of T5 to T15 is the same as the processing of T20 to T30 except that AP6 is used instead of the printer 100, detailed description thereof will be omitted. 3 and 7 to 9 show each case of BS executed between the terminal 10 and the printer 100. These cases are the processes performed in one embodiment.

(Case A Bootstrapping (BS); FIG. 3)
First, the process of case A of the BS of T20 of FIG. 2 will be described with reference to FIG. In the initial state of FIG. 3, the memory 134 of the printer 100 stores the public key PPK1 and the private key psk1 of the printer 100 in advance.

The printer 100 causes the display unit 114 to display the menu screen MS on the T105 in response to receiving the power ON operation from the user on the T100. In other words, the screen MS is the default screen of the printer 100, and includes a print button for causing the printer 100 to execute printing, and a setting button for designating various settings (for example, print settings) of the printer 100.

In T106, the printer 100 causes the display unit 114 to display the setting screen SS in T107 in response to the user selecting the setting button in the screen MS. The screen SS has a print setting button for changing the print setting of the printer 100, a QR code button for causing the printer 100 to display the QR code, and a mode transition button for changing the operation mode of the BTI / F117. And, including.

The printer 100 shifts from the impossible state to the possible state in T122 in response to the selection of the QR code button in the screen SS by the user in T120. In the impossible state, even if the Wi-Fi I / F116 receives the DPP Authentication Request (hereinafter, simply referred to as “AReq”) (see T200 in FIG. 4 described later) from the terminal 10, the DPP Authentication Response (hereinafter referred to as “AReq”) is received. Then, it is in a state of not transmitting (referred to simply as "ARes") (see T210 described later). That is, the impossible state is a state in which ARes, which is a response to AReq, is not transmitted. The possible state is a state in which the Wi-Fi I / F 116 transmits ARes to the terminal 10 in response to receiving the AReq from the terminal 10. That is, the printer 100 is in a state where it can execute Out (see T25 in FIG. 2) by shifting from the impossible state to the possible state. Specifically, in this embodiment, the impossible state is a state in which the Wi-Fi I / F 116 does not supply the signal to the CPU 132 even if it receives a signal from the outside. Further, the possible state is a state in which the Wi-Fi I / F 116 supplies the signal to the CPU 132 in response to receiving the signal from the outside, and transmits a response to the signal. Since the possible state is a state in which the CPU 132 processes a signal received from the outside, the processing load is higher than in the impossible state. In the modified example, the impossible state may be the state in which the Wi-Fi I / F 116 is not energized, and the possible state may be the state in which the Wi-Fi I / F 116 is energized. Further, in another modification, the impossible state is a state in which the Wi-Fi I / F116 does not supply the CPU 132 with a notification indicating that the AREq has been received even if the Wi-Fi I / F116 receives the AREq from the outside. , The Wi-Fi I / F 116 may be in a state of supplying a notification indicating that the AReq has been received to the CPU 132 in response to receiving the AReq from the outside.

Next, at T124, the printer 100 causes the display unit 114 to display the QR code. The QR code is obtained by encoding the public key PPK1 pre-stored in the memory 134, the channel list pre-stored in the memory 134, and the MAC address "abc" of the Wi-Fi I / F 116. It is a code image obtained. The channel list is a list of values of a plurality of communication channels to be used in Auto (see T25 in FIG. 2). The QR code may be generated by the printer 100 when the process of the T124 is executed, or may be stored in the memory 134 in advance from the shipping stage of the printer 100.

The terminal 10 activates the application 40 and further activates the camera 15 in response to receiving the activation operation of the application 40 from the user at the T130. Each subsequent process executed by the terminal 10 is realized by the application 40. Next, at T132, the terminal 10 uses the camera 15 to take a picture of the QR code (see T124) displayed on the printer 100. Then, the terminal 10 decodes the photographed QR code at T134 to acquire the public key PPK1, the channel list, and the MAC address “abc”.

At T136, the terminal 10 displays a terminal-side confirmation screen TCS that asks the user whether or not to execute a connection process for establishing a Wi-Fi connection between the printer 100 and the AP6. The screen TCS includes a YES button indicating that the connection process is executed and a NO button indicating that the connection process is not executed. At T140, the terminal 10 accepts the user to select the YES button in the screen TCS. When the processing of T140 is completed, the processing of BS in case A is completed.

(Authentication (Ath); Fig. 4)
Subsequently, the processing of the Ath of T25 of FIG. 2 will be described with reference to FIG. In T140 of FIG. 3, the terminal 10 generates the public key TPK1 and the private key tsk1 of the terminal 10 in T141 in response to the YES button in the screen TCS being selected by the user. Next, in T142, the terminal 10 uses the generated private key tsk1 and the public key PPK1 of the printer 100 acquired in T134 of FIG. 3 according to ECDH (abbreviation of Elliptic curve Diffie-Hellman key exchange). , Generate shared key SK1. Then, in T144, the terminal 10 encrypts the random value RV1 using the generated shared key SK1 to generate the encrypted data ED1.

In the T200, the terminal 10 transmits the AReq to the printer 100 via the Wi-Fi I / F16 with the MAC address “abc” acquired in the T134 of FIG. 3 as the transmission destination. AReq is a signal that requests the printer 100 to execute authentication. Here, the terminal 10 repeatedly transmits the AREq to the printer 100 by sequentially using the plurality of communication channels in the channel list acquired by the T134. The AReq includes the public key TPK1 of the terminal 10 generated by T141, the encrypted data ED1 generated by T144, and the capability of the terminal 10.

The capacity is information specified in advance in a device that supports the DPP method, and indicates a value indicating that the device can operate only as a DPP method controller and a value indicating that the device can operate only as a DPP method Enrolle. It contains one of a value and a value indicating that it can operate as both a Componentator and an Enrollee. Note that the component means a device that transmits CO used in NA (T35 in FIG. 2) to Enrolle in Config (T30 in FIG. 2). On the other hand, Enrolle means a device that receives CO used in NA from a Configurator in Config. As described above, in this embodiment, the terminal 10 generates the first or second CO and transmits it to the AP6 or the printer 100. Therefore, the capacity of the terminal 10 includes a value indicating that the terminal 10 can operate as a configurator only.

The printer 100 receives the AReq from the terminal 10 via the Wi-Fi I / F 116 at the T200. As described above, the AReq is transmitted with the MAC address "abc" of the printer 100 as the transmission destination. Therefore, the printer 100 can appropriately receive the AREq from the terminal 10.

Further, when the printer 100 shifts to the enabled state at T124 of FIG. 3, it monitors that one of the plurality of communication channels in the channel list receives the used AREq. As described above, the ALeq of the T200 is transmitted by sequentially using a plurality of communication channels in the channel list. Therefore, the printer 100 can appropriately receive the AREq from the terminal 10.

Next, the printer 100 executes the following processing for authenticating the source of AReq (that is, the terminal 10). Specifically, first, in T202, the printer 100 uses the public key TPK1 of the terminal 10 in the AReq and the private key psk1 of the printer 100 stored in advance in the memory 134 according to ECDH. Generate shared key SK1. Here, the shared key SK1 generated by the terminal 10 at T142 and the shared key SK1 generated by the printer 100 at T204 are the same. Therefore, in T204, the printer 100 can appropriately decrypt the encrypted data ED1 in the AReq using the generated shared key SK1, and as a result, can acquire the random value RV1. When the decryption of the encrypted data ED1 is successful, the printer 100 determines that the source of the AReq is the device that captured the QR code displayed by the printer 100, that is, determines that the authentication is successful. , T206 and subsequent processes are executed. On the other hand, if the decryption of the encrypted data ED1 is not successful, the printer 100 determines that the source of the AREq is not the device that captured the QR code displayed by the printer 100, that is, the authentication fails. Is determined, and the processing after T206 is not executed.

At T206, the printer 100 generates a new public key PPK2 and a new private key psk2 for the printer 100. In the modified example, the public key PPK2 and the private key psk2 may be stored in the memory 134 in advance. Next, in T207, the printer 100 generates the shared key SK2 in accordance with ECDH by using the public key TPK1 of the terminal 10 in the AREq of the T200 and the private key psk2 of the generated printer 100. Then, in T208, the printer 100 uses the generated shared key SK2 to encrypt the acquired random value RV1 and the new random value RV2 to generate the encrypted data ED2.

In T210, the printer 100 transmits ARes to the terminal 10 via Wi-Fi I / F 116. The ARes include the public key PPK2 of the printer 100 generated by the T206, the encrypted data ED2 generated by the T208, and the capabilities of the printer 100. The capacity includes a value indicating that it can operate only as an Enrolle.

In T210, the terminal 10 executes the following process for authenticating the source (that is, the printer 100) of the ARes in response to receiving the ARes from the printer 100 via the Wi-Fi I / F16. .. Specifically, first, in T212, the terminal 10 uses the private key tsk1 of the terminal 10 generated in T141 and the public key PPK2 of the printer 100 in the ARes to obtain the shared key SK2 in accordance with ECDH. Generate. Here, the shared key SK2 generated by the printer 100 at T207 and the shared key SK2 generated by the terminal 10 at T212 are the same. Therefore, in T214, the terminal 10 can appropriately decrypt the encrypted data ED2 in the ARes by using the generated shared key SK2, and as a result, can acquire the random values RV1 and RV2. .. When the decryption of the encrypted data ED2 is successful, the terminal 10 determines that the source of the ARes is a device displaying the photographed QR code, that is, determines that the authentication is successful, and T220 or later. Executes the processing of. On the other hand, if the decryption of the encrypted data ED2 is not successful, the terminal 10 determines that the source of the ARes is not the device displaying the photographed QR code, that is, the authentication fails. , Do not execute the processing after T220.

At T220, the terminal 10 transmits Confirm to the printer 100 via Wi-Fi I / F 16. The Confirm includes information indicating that the terminal 10 operates as a Configurator and the printer 100 operates as an Enrollee. As a result, at T222, it is determined by the terminal 10 that it operates as a Componentrator, and at T224, it is determined by the printer 100 that it operates as an Enrolle. When the processing of T224 is completed, the processing of FIG. 4 is completed.

(Configuration (Config); Fig. 5)
Subsequently, the process of Config of T30 of FIG. 2 will be described with reference to FIG. In the T300, the printer 100 transmits a DPP Configuration Request (hereinafter, simply referred to as “CReq”) to the terminal 10 via Wi-Fi I / F116. The CReq is a signal requesting transmission of CO (that is, information for establishing a Wi-Fi connection between the printer 100 and AP6).

The terminal 10 receives the CReq from the printer 100 via the Wi-Fi I / F 16 at the T300. In this case, the terminal 10 acquires the group ID "Group1", the public key TPK2, and the private key tsk2 from the memory (not shown) of the terminal 10 at the T301. As described above, the terminal 10 has already executed the Config of T15 in FIG. 2 with AP6, and at this time, the group ID “Group1”, the public key TPK2, and the private key tsk2 are generated and stored in the memory. The group ID "Group1" is information that identifies a wireless network formed by establishing a Wi-Fi connection between the printer 100 and the AP6. In the modified example, the character string specified by the user may be used as the group ID. That is, in T301, the terminal 10 acquires each information stored in T15 of FIG. The terminal 10 then generates a second CO (see T30 in FIG. 2) at T302. Specifically, the terminal 10 executes each of the following processes.

The terminal 10 generates a hash value HV by hashing the public key TPK2 of the terminal 10. Further, the terminal 10 generates a specific value by hashing a combination of the hash value HV, the group ID “Group1”, and the public key PPK2 of the printer 100 in Ares of T210 in FIG. Then, the terminal 10 generates the electronic signature DS1 by encrypting the generated specific value using the private key tsk2 of the terminal 10 according to ECDSA (abbreviation of Elliptic Curve Digital Signature Algorithm). As a result, the terminal 10 simply refers to the Signed-Connector for the printer (hereinafter, the Signed-Connector) including the hash value HV, the group ID “Group1”, the public key PPK2 of the printer 100, and the electronic signature DS1. (Descripted as "SCont") can be generated. Then, the terminal 10 generates a second CO including the SCont for the printer and the public key TPK2 of the terminal 10.

In the T310, the terminal 10 transmits a DPP Configuration Response (hereinafter, simply referred to as “CRes”) containing the second CO to the printer 100 via the Wi-Fi I / F16.

The printer 100 receives CRes from the terminal 10 via Wi-Fi I / F 116 at T310. In this case, the printer 100 stores the second CO in the CRes in the memory 134 at T312. When the processing of T312 is completed, the processing of FIG. 5 is completed.

(Newwork Access (NA); Fig. 6)
Subsequently, with reference to FIG. 6, the processing of NA of T35 of FIG. 2 executed between the printer 100 and AP6 will be described. As described above, similarly to T20 to T30 in FIG. 2, the processes of T5 to T15 in FIG. 2 have already been executed between the terminals 10 and AP6. However, AP6 does not execute the processes of T105 to T124 of FIG. The AP6 stores the public key APK1 and the private key ask1 of the AP6 in advance. Then, the QR code obtained by encoding the public key APK1 of AP6, the channel list of AP6, and the MAC address of AP6 is attached to the housing of AP6. When the terminal 10 captures the QR code, each process similar to each process after T134 is executed between the terminal 10 and AP6. As a result, the AP6 stores the public key APK2 and the private key ask2 of the AP6 (see T206 in FIG. 4), and further stores the first CO received from the terminal 10 (see T312 in FIG. 5). The first CO includes the AP SCont and the public key TPK2 of the terminal 10. The public key TPK2 is the same as the public key TPK2 included in the second CO. Further, the SCont for AP includes a hash value HV, a group ID "Group1", a public key APK2 of AP6, and a digital signature DS2. The hash value HV and the group ID "Group1" are the same as the hash value HV and the group ID "Group1" contained in the second CO, respectively. The digital signature DS2 is information in which the specific value obtained by hashing the combination of the hash value HV, the group ID "Group1" and the public key APK2 is encrypted by the private key tsk2 of the terminal 10, and is the second. It is a value different from the electronic signature DS1 included in CO.

In the T400, the printer 100 transmits a DPP Peer Discovery Request (hereinafter, simply referred to as “DReq”) including a printer screen to the AP6 via Wi-Fi I / F116. The DReq is a signal requesting the AP6 to execute authentication and transmit the AP SCont.

In response to receiving the DReq from the printer 100 in the T400, the AP6 determines the source of the DReq (that is, the printer 100) and each information in the DReq (that is, the hash value HV, “Group1”, and the public key. Execute the process for authenticating PPK2). Specifically, in T402, first, in T402, the hash value HV in the received printer SCont and the group ID "Group1" are the hashes in the AP SCont contained in the stored first CO, respectively. The first AP determination process regarding whether or not the value HV and the group ID "Group1" are matched is executed. In the case of FIG. 6, the AP6 determines that the first AP determination process "matches", so that it is determined that the authentication of the DReq source (that is, the printer 100) is successful. It should be noted that the fact that the hash value HV in the received printer SCont and the hash value HV in the AP SCont contained in the stored first CO match means that the printer SCont and the AP SCont match. , Means that it was generated by the same device (ie, terminal 10). Therefore, the AP6 also determines that the authentication of the generated source (that is, the terminal 10) of the received printer SCont has been successful. Further, the AP6 uses the public key TPK2 of the terminal 10 included in the stored first CO to decrypt the digital signature DS1 in the received printer SCont. In the case of FIG. 6, since the decryption of the electronic signature DS1 is successful, the AP6 has the specific value obtained by decoding the electronic signature DS1 and each information (that is, the hash value HV) in the received printer SCont. , "Group1", and the value obtained by hashing the public key PPK2), and the second AP determination process regarding whether or not they match are executed. In the case of FIG. 6, the AP6 determines that the second AP determination process "matches", so that it is determined that the authentication of each information in the DReq has been successful, and the processing after T404 is executed. The fact that "matching" is determined in the second AP determination process means that after the second CO is stored in the printer 100, each information (that is, the hash value HV, "Group1") in the received printer SCont is determined. , And the public key PPK2) has not been tampered with by a third party. On the other hand, if it is determined in the first AP determination process that it does not match, if the decoding of the digital signature DS1 fails, or if it is determined in the second AP determination process that it does not match, AP6 determines that the authentication has failed and does not execute the processing after T404.

Next, in T404, the AP6 generates a connection key (that is, a shared key) CK by using the acquired public key PPK2 of the printer 100 and the stored private key ask2 of the AP6 according to ECDH.

In the T410, the AP6 transmits a DPP Peer Discovery Response (hereinafter, simply referred to as “DRes”) including a SCont for AP to the printer 100.

The printer 100 receives the DRes from the AP6 via the Wi-Fi I / F116 in the T410, and the source of the DRes (that is, the AP6) and each information in the DRes (that is, the hash value HV, The process for authenticating "Group1" and the public key APK2) is executed. Specifically, in T412, the printer 100 first has the hash value HV and the group ID "Group1" in the received AP SCont in the stored second CO in the printer SCont, respectively. The first PR determination process regarding whether or not the hash value HV and the group ID "Group1" are matched is executed. In the case of FIG. 6, since the printer 100 determines that the printer 100 "matches" in the first PR determination process, it is determined that the authentication of the DRes source (that is, AP6) is successful. The fact that the hash value HV in the received AP SCont and the hash value HV in the printer SCont included in the stored second CO match means that the printer SCont and the AP SCont match. , Means that it was generated by the same device (ie, terminal 10). Therefore, the printer 100 also determines that the authentication of the generated source (that is, the terminal 10) of the received AP SCont has succeeded. Further, the printer 100 uses the public key TPK2 of the terminal 10 included in the stored second CO to decrypt the received digital signature DS2 in the AP Scont. In the case of FIG. 6, since the decoding of the electronic signature DS2 is successful, the printer 100 has the specific value obtained by decoding the electronic signature DS2 and each information (that is, the hash value) in the received AP SCont. The second PR determination process regarding whether or not the values obtained by hashing the HV, "Group1", and the public key APK2) match is executed. In the case of FIG. 6, since the printer 100 determines that the second PR determination process "matches", it is determined that the authentication of each information in the DRes is successful, and the processing after T414 is executed. The fact that the second PR judgment process "matches" means that after the first CO is stored in the AP6, each information in the AP SCont (that is, the hash value HV, "Group1", and It means that the public key APK2) has not been tampered with by a third party. On the other hand, if it is determined in the first PR determination process that it does not match, if the decoding of the digital signature DS2 fails, or if it is determined in the second PR determination process that it does not match, The printer 100 determines that the authentication has failed, and does not execute the processing after T414.

In T414, the printer 100 generates a connection key CK by using the stored private key psk2 of the printer 100 and the public key APK2 of AP6 in the received AP Scont according to ECDH. Here, the connection key CK generated by AP6 at T404 and the connection key CK generated by printer 100 at T414 are the same. As a result, the connection key CK for establishing the Wi-Fi connection is shared between the printer 100 and the AP6. When T414 is completed, the process of FIG. 6 is completed.

As described above, after the connection key CK is shared between the printer 100 and AP6, in T40 of FIG. 2, the printer 100 and AP6 use the connection key CK to perform 4-way-handshake communication. As a result, a Wi-Fi connection is established between the printer 100 and the AP6. As described above, the printer 100 receives the AReq of T200 of FIG. 4 from the terminal 10 by using one communication channel among the plurality of communication channels included in the channel list of the printer 100. That is, the printer 100 receives the AReq of the T200 from the terminal 10 by using a communication channel that can be used by both the printer 100 and the terminal 10. On the other hand, in T40 of FIG. 2, the printer 100 establishes a Wi-Fi connection with the AP6 by using a communication channel that can be used by both the printer 100 and the AP6. Here, the communication channel that can be used by the terminal 10 and the communication channel that can be used by the AP6 may be different. In this embodiment, the communication channel for the printer 100 to receive the AReq from the terminal 10 at the T200 of FIG. 4 and the communication channel for the printer 100 to establish the Wi-Fi connection with the AP6 at the T40 of FIG. different. However, in the modified example, the former communication channel and the latter communication channel may be the same.

(Case B Bootstrapping (BS); FIG. 7)
Subsequently, the processing of the case B of the BS of T20 of FIG. 2 will be described with reference to FIG. 7. Case B is a state before T20 to T40 of FIG. 2 is executed, that is, a state in which the memory 134 of the printer 100 has not yet stored the second CO.

T500 and T505 are the same as T100 and T105 in FIG. In the T509, since the memory 134 does not store the second CO, the printer 100 supplies the BTI / F117 with a transition instruction for shifting the operation mode of the BTI / F117, and sets the operation mode of the BTI / F117. Shift from normal mode to setting mode. Therefore, in the state where the memory 134 does not store the second CO, the operation mode of the BTI / F117 is automatically changed from the normal mode to the setting mode only by turning on the power of the printer 100. The normal mode is a mode in which the Advanced signal (T512 described later) according to the BT method cannot be interpreted (that is, a mode in which even if the Advanced signal is received, it is ignored). The setting mode is a mode in which the Advanced signal can be interpreted (that is, a mode in which the information in the Advanced signal is supplied to the CPU 132 when the Advanced signal is received).

In response to receiving the activation operation of the application 40 from the user, the terminal 10 activates the application 40 at T510, and further activates the camera 15. In this case, the terminal 10 broadcasts the Advantage signal at T512 via the BTI / F17. The Advantage signal includes a display instruction predetermined in the application 40. For example, the display instruction is a character string that can be interpreted by the printer 100.

At T512, the printer 100 acquires a display instruction from the BTI / F117 in response to receiving an Advantage signal from the terminal 10 via the BTI / F117. In this case, the printer 100 executes the processing after T514 according to the display instruction included in the Advantage signal. At T514, the printer 100 causes the display unit 114 to display the printer-side confirmation screen PCS. The screen PCS is a screen that asks the user whether or not to display the QR code on the printer 100. A YES button indicating that the printer 100 is to display the QR code and a QR code display on the printer 100 are displayed. Includes a NO button indicating that it should not be executed. As a result, for example, when the user does not want to establish a Wi-Fi connection (for example, when the application 40 is accidentally started), the QR code is displayed by selecting the NO button in the screen PCS. It can be suppressed from being done.

Further, in T512, when the Advantage signal including the display instruction is broadcast, the screen PCS may be displayed in a printer different from the printer 100. In this case, the user can suppress the QR code from being displayed on the different printer by selecting the NO button in the screen PCS displayed on the different printer.

In T520, the printer 100 shifts from the impossible state to the possible state in T522 according to the YES button in the screen PCS being selected by the user, and displays the QR code on the display unit 114 in T524. T532 to T540 are the same as T132 to T140 in FIG. When the processing of T540 is completed, the processing of FIG. 7 is completed. Then, the same processing as in FIGS. 4 to 6 is executed by the devices 6, 10 and 100 to establish a Wi-Fi connection between the printer 100 and the AP6.

Although not shown, in Case A of FIG. 3, the printer 100 shifts the operation mode of the BTI / F117 from the normal mode to the setting mode in response to receiving the power ON operation from the user at the T100. Let me. However, in case A of FIG. 3, the processes of T106 to T120 are executed and the QR code is displayed before the application 40 is started on the terminal 10. Therefore, the printer 100 does not execute the process of T514 in FIG. 7.

(Case C Bootstrapping (BS); FIG. 8)
Subsequently, the processing of another case C of BS will be described with reference to FIG. Case C is a state after T20 to T40 of FIG. 2 is executed, that is, a state in which the memory 134 of the printer 100 has stored the second CO.

T600 and T605 are similar to T500 and T505 in FIG. In this case, since the memory 134 of the printer 100 stores the second CO, the printer 100 does not shift the operation mode of the BTI / F117 from the normal mode to the setting mode. In a situation where the printer 100 stores the second CO, the second CO can be used to establish a Wi-Fi connection with the AP6. Therefore, it is unlikely that BS will be executed in the printer 100. In such a situation, the printer 100 does not shift the operation mode of the BTI / F117 to the setting mode, so that it is possible to prevent the QR code from being displayed unnecessarily.

The user may wish to establish a Wi-Fi connection between the printer 100 and an AP different from the AP6, for example, in a state where the printer 100 stores a second CO. In this case, the user can select the setting button in the screen MS at T606 and the mode transition button in the screen SS (T607) displayed accordingly at T608. In this case, the printer 100 shifts the operation mode of the BTI / F117 from the normal mode to the setting mode in the T609. As a result, when the printer 100 receives the Advanced signal from the terminal 10, the printer 100 can execute the processes after T514 in FIG. 7 and receive a new CO from the terminal 10.

The printer 100 can also establish a Wi-Fi connection with the AP6 according to a normal Wi-Fi method (that is, a method using an SSID and a password) without using the DPP method. In this case, the memory 134 of the printer 100 stores wireless setting information (that is, SSID and password) for establishing a Wi-Fi connection with the AP6. Even if the power of the printer 100 is turned on in such a state, the printer 100 does not shift the operation mode of the BTI / F117 from the normal mode to the setting mode as in the case C of FIG. This is because the printer 100 can establish a Wi-Fi connection with the AP6 by using the wireless setting information. As a result, even though the printer 100 can establish a Wi-Fi connection with the AP6, it is possible to prevent the process for establishing the Wi-Fi connection between the printer 100 and the AP6 from being executed. ..

(Case D Bootstrapping (BS); FIG. 9)
Subsequently, the processing of another case D of BS will be described with reference to FIG. In case D, it is assumed that the QR code displayed on the printer 100 is not photographed by the terminal 10.

T700 to T724 are the same as T500 to T524 in FIG. In this case, AReq (see T200 in FIG. 4) is not transmitted from the terminal 10 to the printer 100 because the QR code displayed on the printer 100 is not photographed by the terminal 10. In this case, the printer 100 determines at T726 that it does not receive the AREq within a predetermined time after shifting to the possible state at T722, and shifts from the possible state to the impossible state at T728. As a result, it is possible to prevent the printer 100 from continuing the possible state for a long period of time. That is, it is possible to suppress the continuation of the state in which the Wi-Fi I / F 116 supplies the signal received from the outside to the CPU 132, that is, the state in which the CPU 132 processes the signal received from the outside. Thereby, the processing load of the printer 100 can be reduced. Then, at T730, the printer 100 causes the display unit 114 to display an error screen indicating that the AReq has not been received from the terminal 10. When the processing of T730 is completed, the processing of FIG. 9 is completed.

(Effect of this example)
In this embodiment, the printer 100 obtains the public key PPK1 by encoding the public key PPK1 when receiving an Advanced signal including a display instruction from the terminal 10 (T512 in FIG. 7, T612 in FIG. 8, T712 in FIG. 9). The QR code to be printed is displayed (T522, T622, T722). As a result, the public key PPK1 is acquired by the terminal 10 (T534, T634). After that, the printer 100 receives the AReq in which the public key TPK1 is used from the terminal 10 (T200 in FIG. 4), transmits Ares to the terminal 10 (T210), and receives the second CO from the terminal 10. (T310 in FIG. 5). As a result, the printer 100 can establish a Wi-Fi connection with the AP6 by utilizing the second CO (T40 in FIG. 2).

Further, in the present embodiment, when the printer 100 receives the Advanced signal including the display instruction from the terminal 10 (T512 in FIG. 7, T612 in FIG. 8, T712 in FIG. 9), the printer 100 shifts from the impossible state to the possible state. (T524, T624, T724). As a result, the printer 100 can transmit ARes to the terminal 10 when receiving the AReq from the terminal 10 (T200 in FIG. 4) (T210). Then, the printer 100 receives the second CO from the terminal 10 (T310 in FIG. 5), and can use the second CO to establish a Wi-Fi connection with the AP6 (T40 in FIG. 2). ).

For example, a user who has knowledge of wireless communication or operation of the printer 100 selects a setting button in the screen MS at T106 and a QR code button in the screen SS at T120 as in case A of FIG. Can be selected to cause the printer 100 to perform the transition to the possible state (T122) and the display of the QR code (T124). However, the above-mentioned poorly knowledgeable user may not be able to properly perform the above-mentioned selection operation. According to this embodiment, as shown in Case B of FIG. 7, when the printer 100 receives an Advantage signal including a display instruction from the terminal 10, even if T106 and T120 of FIG. 3 are not executed by the user. , Transition to the possible state (T522) and display the QR code (T524). Therefore, a user who has little knowledge of wireless communication can easily make the printer 100 perform the transition to the possible state and the display of the QR code by activating the application 40 of the terminal 10.

Further, for example, when an Advantage signal is received from the terminal 10, a wireless connection according to the BT method is established between the printer 10 and the terminal 10, and the public key PPK1 and the channel are used by using the wireless connection. A comparative example of transmitting the list and the MAC address "abc" to the terminal 10 is assumed. In this comparative example, the terminal 10 acquires the public key PPK1 or the like by using BT communication without using the QR code. Here, the maximum distance at which BT communication can be executed is several tens of meters. Therefore, the user can operate the terminal 10 at a place away from the printer 100 to have the terminal 10 acquire the public key PPK1 of the printer 100. On the other hand, in this embodiment, when the Advanced signal is received from the terminal 10, the printer 100 displays the QR code without using the wireless connection according to the BT method (T524). Therefore, the user cannot make the terminal 10 acquire the public key PPK1 of the printer 100 unless the user approaches the printer 100. That is, in this embodiment, it is possible to prevent the terminal 10 from acquiring the public key PPK1 of the printer 100 at a place away from the printer 100.

(Correspondence)
The printer 100, the terminal 10, and the AP6 are examples of a "communication device," a "first external device," and a "second external device," respectively. The display unit 114, Wi-Fi I / F116, and BTI / F117 are examples of the “output unit”, the “first wireless interface”, and the “second wireless interface”, respectively. The Advantage signal including the display instruction, the public key PPK1 of the printer 100, and the QR code are examples of the "specific signal", the "public key", and the "specific information", respectively. AReq, ARES, and the second CO are examples of "authentication request", "authentication response", and "connection information", respectively. The Wi-Fi connection established at T40 in FIG. 2 is an example of a "wireless connection".

The operation of selecting the QR code button of T120 in FIG. 3 is an example of the “predetermined operation”. The screen PCS is an example of an "instruction screen". The operation of selecting the mode transition button of T608 in FIG. 8 is an example of the “specific operation”, in which the power ON operation from the user is accepted in the state where the second CO is not stored in the memory 134, and the memory. Accepting the selection of the mode transition button from the user while the second CO is stored in 134 is an example of the "predetermined condition". The normal mode and the setting mode are examples of the "first mode" and the "second mode", respectively. The channel list, the communication channel used in T200 of FIG. 4, and the communication channel used in T40 of FIG. 2 are "communication channel information", "first communication channel", and "second communication channel", respectively. This is an example. The elapse of the predetermined time of T726 in FIG. 9 is an example of the "specific condition".

T512 (or T612 in FIG. 8, T712 in FIG. 9) processing, T522 (or T622, T722) processing, T200 processing in FIG. 4, T210 processing, T310 processing in FIG. 5, T35 and T40 in FIG. Processing is executed by the "specific signal receiving unit", "first output control unit", "authentication request receiving unit", "authentication response transmitting unit", "connection information receiving unit", and "establishment unit", respectively. This is an example of processing.

T512 (or T612 in FIG. 8, T712 in FIG. 9) processing, T524 (or T624, T724) processing, T200 processing in FIG. 4, T210 processing, T310 processing in FIG. 5, T35 and T40 in FIG. Processing is executed by the "specific signal receiving unit", "first state transition unit", "authentication request receiving unit", "authentication response transmitting unit", "connection information receiving unit", and "establishment unit", respectively. This is an example of processing.

Although specific examples of the present invention have been described in detail above, these are merely examples and do not limit the scope of claims. The techniques described in the claims include various modifications and modifications of the specific examples illustrated above. Modifications of the above embodiment are listed below.

(Modification 1) For example, the QR code displayed on the printer 100 at T124 in FIG. 3 does not have to be a coded version of the channel list and the MAC address “abc”. That is, the QR code may be at least a code image obtained by encoding the public key PPK1. In this case, the printer 100 receives the AREq in which one of all the radio channels available to the printer 100 is used in response to the transition from the impossible state to the possible state in T122. To monitor. Further, in T200 of FIG. 4, the terminal 10 sequentially uses all the radio channels available to the terminal 10 and sequentially transmits AReq by broadcasting. That is, the "specific information" may be at least information obtained by using the public key.

(Modification 2) The process for generating the shared key (for example, SK1) (for example, T142 and T202 in FIG. 4) is not limited to the process of the above embodiment according to ECDH, and other processes according to ECDH. It may be. Further, the process for generating the shared key is not limited to the process according to ECDH, and the process according to another method (for example, DH (abbreviation of Diffie-Hellman key exchange)) may be executed. Further, in the above embodiment, the digital signatures DS1 and DS2 are generated according to ECDSA, but other methods (for example, DSA (abbreviation of Digital Signature Algorithm), RAS (abbreviation of Riverst-Shamir-Adleman cryptosystem), etc.). It may be generated according to.

(Modification 3) In T512 of FIG. 7, when an Advantage signal including a display instruction is broadcast, a screen PCS may be displayed on a printer different from the printer 100. In order to deal with such a situation, the printer 100 may broadcast a PREq instructing to stop the display of the screen PCS in response to receiving the AReq from the terminal 10 at the T200 of FIG. .. The PREq includes a stop instruction for stopping the display of the screen PCS. As a result, even if the screen PCS is displayed on a printer different from the printer 100, the display of the screen PCS can be stopped without accepting an operation from the user.

(Modification 4) For example, in T524 of FIG. 7, the printer 100 may have the print execution unit 118 print the QR code on the print medium instead of displaying the QR code on the display unit 114. .. According to this modification, for example, in a situation where the printer 100 does not have a display unit 114 and cannot display screens such as the screen MS of T105, the screen SS of T107, and the QR code of T122 in FIG. Also, it is possible to establish a Wi-Fi connection between the printer 100 and the AP6 by executing communication according to the DPP method. In this modification, the print execution unit 118 is an example of the “output unit”. In another modification, the printer 100 may transmit the public key PPK1, the channel list, and the MAC address "abc" to the terminal 10 via Wi-Fi I / F 116. Specifically, when the printer 100 receives the Advantage signal including the MAC address of the terminal 10 and the transmission instruction, the printer 100 enters the Advantage signal according to the transmission instruction in the Advantage signal via Wi-Fi I / F116. The public key PPK1 or the like may be transmitted to the terminal 10 with the MAC address of the above as the destination. In this modification, Wi-Fi I / F 116 is an example of the “output unit”.

(Modification 5) In the modification, the printer 100 calculates the reception radio field strength of the Adaptise signal in response to receiving the Adaptation signal from the terminal 10 at T512, and the calculated received radio wave strength is determined in advance. When the threshold value is equal to or higher than the specified threshold value, the screen PCS may be displayed on the display unit 114 at T514. That is, the printer 100 may display the screen PCS on the display unit 114 on the condition that the distance between the printer 100 and the terminal 10 is not more than a predetermined distance.

(Modification 6) The standard "Device Provisioning Protocol Technical Specification Version 1.1" created by Wi-Fi Alliance describes that shared codes, keys, phrases, and words are called "codes". Therefore, the printer 100 has an image including a shared code, a key, a phrase, and a word obtained by encoding the public key PPK1, the channel list, and the MAC address "abc" in place of the QR code in T122. May be displayed on the display unit 114.

(Modification 7) In T35 of FIG. 2, NA processing may be executed between the terminal 10 and the printer 100, and a Wi-Fi connection may be established between the terminal 10 and the printer 100. That is, the "second external device" may be the same device as the "first external device".

(Modification 8) The screen SS displayed at T107 in FIG. 3 does not have to include the QR code button. In this case, the terminal 10 and the printer 100 execute the BS process of the case B of FIG. 7 without executing the BS process of the case A of FIG. 3, and Wi-Fi between the printer 100 and the AP6. Establish a connection. In this modification, the "second output control unit" and the "third state transition unit" can be omitted.

(Modification 9) The printer 100 skips the processing of T514 and T520 in response to receiving the Advanced signal from the terminal 10 at T512 in FIG. 7, and displays the QR code on the display unit 114 at T524. You may. In this modification, the "display control unit" can be omitted.

(Modification 10) The Wi-Fi I / F 116 of the printer 100 may be configured to always operate in the setting mode. In this modification, the "mode transition unit" and the "memory control unit" can be omitted.

(Modification 11) The process of case D in FIG. 9 does not have to be executed. That is, the printer 100 does not have to shift from the possible state to the impossible state when a predetermined time elapses after shifting to the possible state. In this modification, the "second state transition portion" can be omitted. Further, in another modification, in T726 of FIG. 9, instead of monitoring that the predetermined time elapses, the printer 100 monitors that it receives an instruction from the user indicating that the state shifts to the impossible state. You may. In this modification, receiving an instruction from the user is an example of a "specific condition".

(Modification 12) In the above embodiment, the Wi-Fi connection between the printer 100 and the AP6 is established by using the terminal 10. Instead of this, for example, a printer 100 (that is, a device that operates as a master station) that operates as a WFD-type G / O (abbreviation of Group Owner) using a terminal 10 and another device (that is, as a slave station). A Wi-Fi connection between the operating device) and the device may be established. That is, the "second external device" does not have to be the "master station device".

(Modification 13) In the above embodiment, the terminal 10 transmits an Advanced signal including a display instruction to the printer 100 (T512 in FIG. 7). Instead, the printer 100 may periodically transmit an Advantage signal to the outside. When the terminal 10 receives the Advantage signal from the printer 100, the terminal 10 may display the device name of the printer 100 included in the Advantage signal. Here, when the terminal 10 receives the Advertise signal from each of the plurality of printers including the printer 100, the terminal 10 may display a plurality of device names corresponding to the plurality of printers. Then, when the device name of the printer 100 is selected by the user from the plurality of device names, the terminal 10 may transmit a Scan Request including a display instruction to the printer 100 via the BTI / F17. .. In this modification, the QR code is displayed on the printer 100 among the plurality of printers, and the Wi-Fi connection with the printer 100 can be appropriately established. In this modification, Scan Request is an example of a "specific signal". Further, in another modification, the above Scan Request does not include a display instruction, and the printer 100 transmits a response to the Scan Request to the terminal 10, so that the pair between the printer 100 and the terminal 10 according to the BT method. The ring may be established. Then, the terminal 10 may transmit a signal including a display instruction to the printer 100 via the BTI / F17 by using the pairing. In this modification, the signal using pairing is an example of a "specific signal".

(Modification 14) The “communication device” does not have to be a printer, but may be another device such as a scanner, a multifunctional device, a mobile terminal, a PC, or a server.

(Modification 15) The processes of T522 in FIG. 7 and T722 in FIG. 9 may not be executed. In this modification, the printer 100 may always operate in a possible state. In this modification, the "first state transition unit" can be omitted.

(Modification 16) The processes of T524 of FIG. 7 and T724 of FIG. 9 may not be executed. In this modification, for example, after the state of the printer 100 becomes possible in response to the reception of the Advanced signal, the terminal 10 photographs the QR code attached to the housing of the printer 100, and the public key PPK1 Etc. may be obtained. In this modification, the "first display control unit" can be omitted.

(Modification 17) The "second wireless interface" does not have to be BT / F117, and for example, I / F, Zigbee (registration) for executing communication according to the NFC (Near Field Communication) method. It may be an IF for executing communication according to a method different from the Wi-Fi method such as I / F for executing communication according to the trademark) method.

(Modification 18) In each of the above embodiments, each process of FIGS. 2 to 9 is realized by software (that is, program 136), but at least one of these processes is performed by hardware such as a logic circuit. It may be realized.

In addition, the technical elements described in the present specification or the drawings exhibit technical usefulness alone or in various combinations, and are not limited to the combinations described in the claims at the time of filing. In addition, the techniques illustrated in this specification or drawings achieve a plurality of objectives at the same time, and achieving one of the objectives itself has technical usefulness.

2: Communication system, 6: AP, 10: Terminal, 16, 116: Wi-Fi I / F, 17, 117: BTI / F, 40: Connected application, 100: Printer, 112: Operation unit, 114: Display unit, 118: Print execution unit, 130: Control unit, 132: CPU, 134: Memory, 136: Program

Claims (21)

It ’s a communication device,
The first wireless interface and
A second wireless interface different from the first wireless interface,
An output unit different from the second wireless interface,
A specific signal receiving unit that receives a specific signal from the first external device via the second wireless interface, and
A first output control unit that outputs specific information obtained by using a public key to the output unit after receiving the specific signal from the first external device, and outputs the specific information. With the first output control unit, wherein the public key is acquired by the first external device.
After the specific information is output, an authentication request receiving unit that receives an authentication request using the public key from the first external device via the first wireless interface.
When the authentication request is received from the first external device, an authentication response transmission unit that transmits an authentication response, which is a response to the authentication request, to the first external device via the first wireless interface. When,
A connection information receiving unit that receives connection information from the first external device via the first wireless interface after the authentication response is transmitted to the first external device. Is information for establishing a wireless connection between the communication device and the second external device via the first wireless interface, the connection information receiving unit, and
When the connection information is received from the first external device, the connection information is used to make the wireless communication between the communication device and the second external device via the first wireless interface. The establishment part that establishes the connection and
A communication device. The communication device further
Operation unit and
A second output control unit that outputs the specific information to the output unit when a predetermined operation via the operation unit is accepted is provided.
The first output control unit outputs the specific information to the output unit even if the predetermined operation via the operation unit is not received after the specific signal is received from the first external device. The communication device according to claim 1. The communication device according to claim 1 or 2, wherein the specific information is a code image obtained by encoding the public key. The code image is a QR code (registered trademark).
The communication device according to claim 3, wherein the public key is acquired by the first external device in response to the QR code being photographed by the first external device. The output unit is a display unit for displaying an image.
The communication device according to any one of claims 1 to 4, wherein the first output control unit displays the specific information on the output unit, which is the display unit. The communication device further
Operation unit and
When the specific information is received from the first external device, a display control unit that causes the output unit, which is the display unit, to display an instruction screen for instructing that the specific information should be displayed. Prepare,
The first output control unit displays the specific information on the output unit, which is the display unit, when it is instructed to display the specific information via the operation unit on the instruction screen. The communication device according to claim 5. The communication device further
A mode transition unit that shifts the operation mode of the second wireless interface from the first mode to the second mode when a predetermined condition is satisfied, and the first mode is the second wireless interface. Is a mode in which the specific signal cannot be interpreted, and the second mode includes the mode transition unit in which the second radio interface is a mode in which the specific signal can be interpreted.
In a situation where the operation mode of the second wireless interface is the second mode, the first output control unit obtains the specific information after receiving the specific signal from the first external device. Output to the output section
The communication device according to any one of claims 1 to 6, wherein the specific information is not output in a situation where the operation mode of the second wireless interface is the first mode. The communication device according to any one of claims 1 to 7, wherein the output unit is different from any of the first wireless interface and the second wireless interface. The communication device further
A first state transition unit that shifts the state of the communication device from an impossible state to a possible state after the specific signal is received from the first external device, and the impossible state is the authentication response. Is not transmitted, and the possible state is a state in which the authentication response is transmitted to the first external device in response to receiving the authentication request from the first external device. Equipped with a state transition part of
When the authentication request is received from the first external device after the state of the communication device is shifted to the possible state, the authentication response transmission unit is said to be via the first wireless interface. The communication device according to any one of claims 1 to 8, which transmits an authentication response to the first external device. The specific information is information obtained by using the public key and communication channel information indicating a first communication channel predetermined in the communication device.
By outputting the specific information, the communication channel information is acquired by the first external device, and the communication channel information is acquired by the first external device.
The possible state monitors the reception of the authentication request using the first communication channel from the first external device, and in response to receiving the authentication request from the first external device. , The state of transmitting the authentication response to the first external device.
The authentication response transmission unit receives the authentication request using the first communication channel from the first external device after the state of the communication device is shifted to the possible state. The communication device according to claim 9, wherein the authentication response is transmitted to the first external device via the first wireless interface. It ’s a communication device,
The first wireless interface and
A second wireless interface different from the first wireless interface,
A specific signal receiving unit that receives a specific signal from the first external device via the second wireless interface, and
A first state transition unit that shifts the state of the communication device from an impossible state to a possible state after the specific signal is received from the first external device, and the impossible state is a response to an authentication request. The authentication response, which is a response, is not transmitted, and the possible state is a state in which the authentication response is transmitted to the first external device in response to receiving the authentication request from the first external device. There is the first state transition part and
An authentication request receiving unit that receives the authentication request from the first external device via the first wireless interface.
When the authentication request is received from the first external device after the state of the communication device is shifted to the possible state, the authentication response is sent to the first via the first wireless interface. An authentication response transmitter that sends to an external device,
A connection information receiving unit that receives connection information from the first external device via the first wireless interface after the authentication response is transmitted to the first external device. Is information for establishing a wireless connection between the communication device and the second external device via the first wireless interface, the connection information receiving unit, and
When the connection information is received from the first external device, the connection information is used to make the wireless communication between the communication device and the second external device via the first wireless interface. The establishment part that establishes the connection and
A communication device. The possible state monitors the reception of the authentication request from the first external device using the first communication channel predetermined in the communication device, and the authentication from the first external device. In response to receiving the request, the authentication response is transmitted to the first external device.
The authentication response transmission unit receives the authentication request using the first communication channel from the first external device after the state of the communication device is shifted to the possible state. The communication device according to claim 11, wherein the authentication response is transmitted to the first external device via the first wireless interface. The establishment unit uses a second communication channel different from the first communication channel to make the wireless connection between the communication device and the second external device via the first wireless interface. The communication device according to claim 10 or 12, wherein the communication device is established. The communication device further
A claim comprising a second state transition unit that shifts the state of the communication device from the possible state to the impossible state when a specific condition is satisfied after the state of the communication device is shifted to the possible state. Item 2. The communication device according to any one of items 9 to 13. The communication device further
Operation unit and
A third state transition unit that shifts the state of the communication device from the impossible state to the possible state when a predetermined operation via the operation unit is accepted is provided.
The first state transition unit cannot change the state of the communication device even if the predetermined operation via the operation unit is not received after the specific signal is received from the first external device. The communication device according to any one of claims 9 to 14, which shifts from the state to the possible state. The communication device further
A mode transition unit that shifts the operation mode of the second wireless interface from the first mode to the second mode when a predetermined condition is satisfied, and the first mode is the second wireless interface. Is a mode in which the specific signal cannot be interpreted, and the second mode includes the mode transition unit in which the second radio interface is a mode in which the specific signal can be interpreted.
The first state transition unit is the state of the communication device after the specific signal is received from the first external device in a situation where the operation mode of the second wireless interface is the second mode. From the impossible state to the possible state,
In a situation where the operation mode of the second wireless interface is the first mode, even if the specific signal is received from the first external device, the state of the communication device changes from the impossible state to the possible state. The communication device according to any one of claims 11 to 15, which is not transferred to. The communication device further
Memory and
A storage control unit that stores the connection information in the memory when the connection information is received from the first external device is provided.
When the power of the communication device is turned on in a situation where the connection information is not stored in the memory, the predetermined condition is satisfied.
The communication device according to claim 7 or 16, wherein the predetermined condition is not satisfied when the power of the communication device is turned on in a situation where the connection information is stored in the memory. The communication device further
Equipped with an operation unit
The communication device according to claim 17, wherein the predetermined condition is satisfied when a specific operation via the operation unit is accepted in a situation where the connection information is stored in the memory. The second external device is a device different from the first external device and is a master station device that should operate as a master station of a wireless network.
The establishment unit establishes the wireless connection between the communication device and the second external device via the first wireless interface, and causes the communication device to participate in the wireless network as a slave station. The communication device according to any one of claims 1 to 18. A computer program for communication equipment
The communication device is
The first wireless interface and
A second wireless interface different from the first wireless interface,
An output unit different from the second wireless interface,
With a computer
With
The computer program puts the computer into the following parts, that is,
A specific signal receiving unit that receives a specific signal from the first external device via the second wireless interface, and
A first output control unit that outputs specific information obtained by using a public key to the output unit after receiving the specific signal from the first external device, and outputs the specific information. With the first output control unit, wherein the public key is acquired by the first external device.
After the specific information is output, an authentication request receiving unit that receives an authentication request using the public key from the first external device via the first wireless interface.
When the authentication request is received from the first external device, an authentication response transmission unit that transmits an authentication response, which is a response to the authentication request, to the first external device via the first wireless interface. When,
A connection information receiving unit that receives connection information from the first external device via the first wireless interface after the authentication response is transmitted to the first external device. Is information for establishing a wireless connection between the communication device and the second external device via the first wireless interface, the connection information receiving unit, and
When the connection information is received from the first external device, the connection information is used to make the wireless communication between the communication device and the second external device via the first wireless interface. The establishment part that establishes the connection and
A computer program that acts as. A computer program for communication equipment
The communication device is
The first wireless interface and
A second wireless interface different from the first wireless interface,
With a computer
With
The computer program puts the computer into the following parts, that is,
A specific signal receiving unit that receives a specific signal from the first external device via the second wireless interface, and
A first state transition unit that shifts the state of the communication device from an impossible state to a possible state after the specific signal is received from the first external device, and the impossible state is a response to an authentication request. The authentication response, which is a response, is not transmitted, and the possible state is a state in which the authentication response is transmitted to the first external device in response to receiving the authentication request from the first external device. There is the first state transition part and
An authentication request receiving unit that receives the authentication request from the first external device via the first wireless interface.
When the authentication request is received from the first external device after the state of the communication device is shifted to the possible state, the authentication response is sent to the first via the first wireless interface. An authentication response transmitter that sends to an external device,
A connection information receiving unit that receives connection information from the first external device via the first wireless interface after the authentication response is transmitted to the first external device. Is information for establishing a wireless connection between the communication device and the second external device via the first wireless interface, the connection information receiving unit, and
When the connection information is received from the first external device, the connection information is used to make the wireless communication between the communication device and the second external device via the first wireless interface. The establishment part that establishes the connection and
A computer program that acts as.

Images