JP7294489B2 - Communication device and computer program for the communication device - Google Patents

Description

This specification discloses a technology related to a communication device capable of establishing a wireless connection with an external device.

Non-Patent Document 1 describes a DPP (abbreviation for Device Provisioning Protocol) system, which is a wireless communication system formulated by the Wi-Fi Alliance. The DPP system is a wireless communication system for easily establishing a Wi-Fi connection between a pair of devices. Non-Patent Document 1 discloses, as an example for public key sharing, that a Responder uses Bluetooth (registered trademark) communication to transmit a public key to an Initiator.

Japanese Patent Application Laid-Open No. 2018-37978

"DRAFT Device Provisioning Protocol Technical Specification Version 0.2.11" Wi-Fi Alliance, 2017

Non-Patent Document 1 above does not disclose anything about restricting public key transmission. For this reason, when the Responder transmits the public key using Bluetooth communication, a device different from the Initiator intended by the user may receive the public key. As a result, a Wi-Fi connection may be established between a pair of devices unintended by the user.

This specification discloses a technology capable of suppressing the establishment of a wireless connection between a pair of devices unintended by the user.

A communication device disclosed by this specification transmits a public key to the outside via a first wireless interface, a second wireless interface different from the first wireless interface, and the first wireless interface. a public key transmitting unit that receives a specific signal from a first external device via the first wireless interface; and a specific signal receiving unit that receives the specific signal from the first external device a judgment unit for judging whether or not the received radio wave intensity of the specific signal is equal to or greater than a threshold; an authentication request receiving unit that receives an authentication request using the public key via an authentication request receiving unit that determines that the received radio wave intensity is equal to or greater than the threshold value and that receives the authentication request from the first external device; an authentication response transmitting unit configured to transmit an authentication response, which is a response to the authentication request, to the first external device via the second wireless interface when the received radio wave intensity is not equal to or greater than the threshold and the authentication response transmitting unit restricts transmission of the authentication response to the first external device when the authentication request is received from the first external device; A connection information receiving unit configured to receive connection information from the first external device via the second wireless interface after a response is transmitted to the first external device, the connection information comprising: The connection information receiving unit, which is information for establishing a wireless connection between the communication device and the second external device via the second wireless interface, and the connection information from the first external device is received, using the connection information to establish the wireless connection between the communication device and the second external device via the second wireless interface. may

According to the above configuration, when the communication device receives the specific signal from the first external device, it determines whether the received radio field intensity of the specific signal is equal to or greater than the threshold. Here, the situation where the received radio wave intensity is equal to or greater than the threshold is that the distance between the communication device and the first external device is relatively small, that is, the public key is exchanged between the communication device and the first external device This means that there is a high possibility that the user desires that communication using is executed. In such a situation, the communication device transmits an authentication response to the first external device in response to receiving an authentication request using a public key from the first external device, and receives a connection from the first external device. The information is received and a wireless connection is established with a second external device using the connection information. On the other hand, when the received radio wave intensity is less than the threshold, the distance between the communication device and the first external device is relatively large, that is, the public key is used between the communication device and the first external device. It means that there is a high possibility that the user does not want the executed communication to be executed. In this case, even if the communication device receives an authentication request using a public key from the first external device, transmission of an authentication response is restricted. Therefore, the communication device is restricted from receiving the connection information from the first external device, and as a result, is restricted from establishing a wireless connection using the connection information. For this reason, it is possible to suppress the establishment of a wireless connection between a pair of devices unintended by the user.

Further, the communication device disclosed in this specification transmits a public key to an external device via a first wireless interface, a second wireless interface different from the first wireless interface, and the first wireless interface. and a specific signal receiver for receiving a specific signal including object identification information for identifying the first external device from the first external device via the first wireless interface, and , an authentication request receiving unit for receiving an authentication request using the public key from a specific external device via the second wireless interface after the public key is transmitted to the outside, wherein the authentication request receives the identification signal from the first external device, and receives the authentication request from the specific external device; a determination unit for determining whether or not the target identification information included in the specific signal and the specific identification information included in the authentication request match each other, and a determination unit for determining whether the target identification information and the specific identification information match. an authentication response transmitting unit configured to transmit an authentication response, which is a response to the authentication request, to the specified external device matching the first external device via the second wireless interface when it is determined that , when it is determined that the target identification information and the specific identification information do not match, transmission of the authentication response to the specific external device different from the first external device is restricted, the authentication response transmission and a connection information receiving unit configured to receive connection information from the specific external device via the second wireless interface after the authentication response is transmitted to the specific external device, wherein the connection information is , the connection information is information for establishing a wireless connection between the communication device and the second external device via the second wireless interface, and the connection information is received from the specified external device; an establishing unit that establishes the wireless connection between the communication device and the second external device via the second wireless interface using the connection information when received. good too.

According to the above configuration, when the communication device receives the specific signal from the first external device and the authentication request from the specific external device, the target identification information included in the specific signal and the authentication request include It is determined whether or not it matches the specific identification information. Here, the situation in which the target identification information and the specific identification information match is that the first external device and the specific external device match, that is, the authentication request is issued from the first external device that is the transmission source of the specific signal. means sent. Therefore, it means that there is a high possibility that the user wants communication using a public key between the communication device and the specific external device that matches the first external device. In such a situation, the communication device transmits an authentication response to the specific external device, receives connection information from the specific external device, and uses the connection information to establish a wireless connection with the second external device. On the other hand, the situation where the target identification information and the specific identification information do not match is that the first external device and the specific external device do not match, that is, from a device different from the first external device that is the transmission source of the specific signal. Means that an authentication request has been sent. Therefore, it means that there is a high possibility that the user does not want the communication using the public key to be executed between the communication device and the specific external device different from the first external device. In this case, even if the communication device receives an authentication request using a public key from the specific external device, transmission of an authentication response is restricted. Therefore, in the communication device, reception of connection information from the specific external device is restricted, and as a result, establishment of wireless connection using the connection information is restricted. For this reason, it is possible to suppress the establishment of a wireless connection between a pair of devices unintended by the user.

A computer program for implementing the above communication device and a computer-readable recording medium storing the computer program are also novel and useful. The method performed by the communication device described above is also novel and useful. A communication system comprising the communication device described above and other devices (eg, a first external device, a second external device) is also novel and useful.

1 shows the configuration of a communication system; An explanatory view for explaining an outline of an example is shown. FIG. 12 is a sequence diagram of the bootstrapping process of case A; FIG. FIG. 4 shows a flowchart of authentication processing. FIG. 10 is a sequence diagram of authentication processing in case A; FIG. 10 is a sequence diagram of Configuration processing; FIG. 4 shows a sequence diagram of Network Access processing. FIG. 10 is a sequence diagram of the processes of Bootstrapping and Authentication in case B; FIG. FIG. 10 is a sequence diagram of the processes of Bootstrapping and Authentication in case C; FIG. FIG. 13 is a sequence diagram of the bootstrapping process of case D; FIG.

(Configuration of communication system 2; Fig. 1)
As shown in FIG. 1 , the communication system 2 includes an AP (abbreviation for Access Point) 6 , a plurality of terminals 10 and 50 and a printer 100 . In this embodiment, the user establishes a wireless connection according to the Wi-Fi method (hereinafter referred to as "Wi-Fi connection") between the printer 100 and the AP 6 using the terminals 10 and 50. Assuming the situation.

(Configuration of each terminal 10, 50)
Each of the terminals 10 and 50 is a portable terminal device such as a mobile phone (for example, smart phone), PDA, tablet PC, or the like. Note that, in a modification, each terminal 10, 50 may be a stationary PC, a notebook PC, or the like. Terminal 10 has a MAC address “xxx”. Terminal 50 has a MAC address “yyy”. Here, each terminal 10, 50 has the same configuration. Therefore, the configuration of the terminal 10 will be mainly described below.

The terminal 10 includes a Wi-Fi interface 16 and a BT (abbreviation for Bluetooth) interface 18 . Below, the interface is simply described as "I/F".

A Wi-Fi I/F 16 is a wireless interface for performing Wi-Fi communication according to the Wi-Fi system. The Wi-Fi system is, for example, the IEEE (abbreviation of The Institute of Electrical and Electronics Engineers, Inc.) 802.11 standard and standards conforming thereto (eg 802.11a, 11b, 11g, 11n, 11ac, etc.) is a wireless communication scheme for performing wireless communication according to. In particular, the Wi-Fi I/F 16 supports the DPP (abbreviation for Device Provisioning Protocol) method that will be formulated by the Wi-Fi Alliance. The DPP method is described in "DRAFT Device Provisioning Protocol Technical Specification Version 0.2.11", which is a draft of a standard created by the Wi-Fi Alliance, and uses a terminal 10 to connect a pair of devices (for example, a printer 100 and It is a wireless communication method for easily establishing a Wi-Fi connection between APs 6).

The BTI/F 18 is an I/F for executing communication according to BT system version 4.0 or later (communication according to so-called Blue Tooth Low Energy). The BT system is, for example, a wireless communication system based on the IEEE802.15.1 standard and standards conforming thereto.

The terminal 10 stores a first type application (hereinafter simply referred to as “first type application”) 40 . The first type application 40 is a program provided by the vendor of the printer 100, and is installed in the terminal 10 from a server on the Internet provided by the vendor of the printer 100, for example. The terminal 50 also stores a second type application (hereinafter simply referred to as a “second type application”) 52 . The second type application 52 is a program provided by a company different from the vendor of the printer 100 . The first type application 40 and the second type application 52 are programs for establishing a Wi-Fi connection between the printer 100 and the AP 6 according to the DPP method. Note that in a modified example, the first type application 40 may be a program provided by a company different from the vendor of the printer 100, and the second type application 52 may be provided by the vendor of the printer 100. It may be a program that Also, in another modification, the second type application 52 may be an OS program for realizing basic operations of the terminal 50 .

(Configuration of Printer 100)
The printer 100 is a peripheral device capable of executing a print function (for example, a peripheral device of the terminal 10). Printer 100 includes operation unit 112 , display unit 114 , Wi-Fi I/F 116 , BTI/F 118 , print execution unit 120 , and control unit 130 . Each unit 112 to 130 is connected to a bus line (reference numerals omitted).

The operation unit 112 has a plurality of keys. A user can input various instructions to the printer 100 by operating the operation unit 112 . The display unit 114 is a display for displaying various information. Wi-Fi I/F 116 is similar to Wi-Fi I/F 16 of terminal 10 . That is, the Wi-Fi I/F 116 supports the DPP method. Also, the Wi-Fi I/F 116 has a MAC address “abc”. BTI/F 118 is similar to BTI/F 18 of terminal 10 . The print execution unit 120 includes a printing mechanism such as an inkjet method or a laser method.

Here, the differences between the Wi-Fi system and the BT system are described. The communication speed of Wi-Fi communication (for example, the maximum communication speed is 600 [Mbps]) is faster than the communication speed of BT communication (for example, the maximum communication speed is 24 [Mbps]). The carrier wave frequency in Wi-Fi communication is 2.4 [GHz] band or 5.0 [GHz] band. The carrier wave frequency in BT communication is in the 2.4 [GHz] band. That is, when the 5.0 [GHz] band is adopted as the frequency of the carrier wave in Wi-Fi communication, the frequency of the carrier wave in Wi-Fi communication is different from the frequency of the carrier wave in BT communication. Also, the maximum distance over which Wi-Fi communication can be performed (eg, about 100 [m]) is longer than the maximum distance over which BT communication can be performed (eg, about several dozen [m]).

Control unit 130 includes CPU 132 and memory 134 . CPU 132 executes various processes according to programs 136 stored in memory 134 . The memory 134 is composed of a volatile memory, a nonvolatile memory, or the like.

(Overview of this embodiment; FIG. 2)
Next, an outline of this embodiment will be described with reference to FIG. As mentioned above, each terminal 10, 50 and printer 100 supports the DPP method, and the AP 6 also supports the DPP method. In this embodiment, each device 6, 10 (or 50), 100 executes communication according to the DPP method, thereby establishing a Wi-Fi connection between the printer 100 and the AP 6. . The processing executed by the terminal 10 and the processing executed by the terminal 50 are the same except for some processing (for example, T122 to T132 in FIG. 3 described later). Therefore, description of the terminal 50 is omitted in FIG. In the following, for ease of understanding, the operations executed by the CPU (eg, CPU 132, etc.) of each device will be described mainly for each device (for example, the printer 100), not for the CPU.

At T5, the terminal 10 performs DPP-based bootstrapping (hereinafter simply referred to as “BS”) with AP6. The BS is used for Authentication at T10 (hereinafter simply referred to as "Auth") in response to the QR code (registered trademark) attached to the AP 6 being photographed by the terminal 10. This is a process of providing information from the AP 6 to the terminal 10 .

At T10, the terminal 10 uses the information acquired by the BS at T5 to perform DPP Auth with AP6. The Auth is processing for each of the terminal 10 and the AP 6 to authenticate the communication partner.

At T15, the terminal 10 performs DPP configuration (hereinafter simply referred to as “Config”) with AP6. The Config is a process of transmitting information for establishing Wi-Fi connection between the printer 100 and the AP6 to the AP6. Specifically, in the Config, the terminal 10 establishes a Wi-Fi connection between the printer 100 and the AP 6 as a first Configuration Object (hereinafter, the Configuration Object is simply referred to as "CO"). ) and send the first CO to AP6. As a result, AP6 stores the first CO.

Next, the terminal 10 executes DPP BS with the printer 100 at T20. The BS is a process in which the printer 100 provides the terminal 10 with information to be used for Auth at T25, which will be described later, via the BTI/F 118 .

At T25, the terminal 10 uses the information acquired by the BS at T20 to perform DPP Auth with the printer 100. FIG. The Auth is processing for each of the terminal 10 and the printer 100 to authenticate a communication partner.

At T<b>30 , the terminal 10 executes DPP Config with the printer 100 . The Config is a process of transmitting information to the printer 100 for establishing a Wi-Fi connection between the printer 100 and the AP6. The terminal 10 generates a second CO for establishing Wi-Fi connection between the printer 100 and the AP 6 in the Config, and transmits the second CO to the printer 100 . As a result, the printer 100 stores the second CO.

At T35, the printer 100 and AP 6 use the stored first and second COs to execute DPP-based Network Access (hereinafter simply referred to as "NA"). NA is processing for sharing a connection key for establishing a Wi-Fi connection between the printer 100 and AP6.

At T40, the printer 100 and AP6 execute 4way-handshake communication. In at least a part of the 4way-handshake communication, the printer 100 and the AP 6 communicate encrypted information encrypted by the connection key shared by NA of T35. Then, when the encryption information is successfully decrypted, a Wi-Fi connection is established between the printer 100 and the AP6. As a result, the printer 100 can participate in the wireless network formed by the AP 6 as a slave station, and as a result, communicate with other devices participating in the wireless network via the AP 6. can be done. In a modified example, the printer 100 and the AP 6 may perform SAE (abbreviation for Simultaneous Authentication of Equals, commonly known as “Dragonfly”) communication instead of 4way-handshake communication.

At T45, the printer 100 causes the display unit 114 to display a completion screen indicating that the Wi-Fi connection has been established with the AP6. When the process of T45 ends, the process of FIG. 2 ends.

In the DPP method, in order to establish a Wi-Fi connection between the printer 100 and the AP 6, the user provides information of the wireless network in which the AP 6 operates as a master station (for example, SSID (abbreviation of Service Set Identifier), password, etc.). need not be input to the printer 100 . Therefore, the user can easily establish a Wi-Fi connection between the printer 100 and the AP6.

(Description of each process; FIGS. 3 to 10)
Next, the details of each process executed at T20 to T35 in FIG. 2 will be described with reference to FIGS. 3 to 10. FIG. The processing from T5 to T15 is the same as the processing from T20 to T30 except that the AP6 is used instead of the printer 100, so detailed description thereof will be omitted. 3 to 5 and 8 to 10 show each case of BS or Auth executed between each terminal 10, 50 and the printer 100. FIG. These cases are the processing performed in one embodiment.

(Bootstrapping (BS) of case A; Fig. 3)
First, with reference to FIG. 3, the processing of the BS case A at T20 in FIG. 2 will be described. In the initial state of FIG. 3, the memory 134 of the printer 100 pre-stores the public key PPK1 and the private key psk1 of the printer 100 .

The printer 100 causes the display unit 114 to display the menu screen MS at T105 in response to receiving the power ON operation from the user at T100. The screen MS is, in other words, the default screen of the printer 100, and includes a print button for causing the printer 100 to print, and a setting button for designating various settings of the printer 100 (for example, print settings).

Printer 100 then begins energizing BTI/F 118 since memory 134 has not yet stored the second CO (see T30 in FIG. 2). Therefore, when the memory 134 does not store the second CO, the power supply to the BTI/F 118 is started only by the user turning on the power of the printer 100 . Then, at T107, the printer 100 starts to repeatedly transmit an Advertise signal (hereinafter simply referred to as "AD") according to the BT method to the outside via the BTI/F 118. FIG. The AD is a signal that enables communication with the device to be communicated with without completing pairing with the device. The AD includes public key PPK1 pre-stored in memory 134, a channel list pre-stored in memory 134, and the MAC address “abc” of Wi-Fi I/F 116. FIG. The channel list is a list of multiple communication channel values to be used for Auth (see T25 in FIG. 2).

Next, at T109, the printer 100 transitions from the disabled state to the enabled state. Therefore, when the memory 134 does not store the second CO, simply by turning on the power of the printer 100 by the user, the operation state of the printer 100 is changed from the disabled state to the enabled state. In the impossible state, even if the Wi-Fi I/F 116 receives a DPP Authentication Request (hereinafter simply referred to as “AReq”) from the terminal 10 (see T200 in FIG. 5 described later), the DPP Authentication Response (hereinafter In this case, simply described as "ARes") (see T210 described later) is not transmitted. The enabled state is a state in which the Wi-Fi I/F 116 transmits ARes to the terminal 10 in response to receiving AReq from the terminal 10 . That is, the printer 100 enters a state in which Auth (see T25 in FIG. 2) can be executed by shifting from the disabled state to the enabled state. Specifically, in this embodiment, the disabled state is a state in which the Wi-Fi I/F 116 receives a signal from the outside but does not supply the signal to the CPU 132 . The enabled state is a state in which the Wi-Fi I/F 116 receives a signal from the outside, supplies the signal to the CPU 132, and transmits a response to the signal. Since the enabled state is a state in which the CPU 132 processes signals received from the outside, the processing load is higher than that in the disabled state. In a modified example, the disabled state may be a state in which the Wi-Fi I/F 116 is not energized, and the possible state may be a state in which the Wi-Fi I/F 116 is energized. In another modification, the disabled state is a state in which the Wi-Fi I/F 116 receives an AReq from the outside but does not supply a notification indicating that the AReq has been received to the CPU 132, and the enabled state is , the Wi-Fi I/F 116 may be in a state of supplying a notification indicating that the AReq has been received to the CPU 132 in response to receiving the AReq from the outside.

The terminal 10 activates the first type application 40 in T112 in response to receiving an application activation operation from the user in T110. Each subsequent process executed by the terminal 10 is implemented by the first type application 40 . The terminal 10 then starts energizing the BTI/F 18 . Therefore, the terminal 10 is ready to receive the AD (see T107) transmitted from the printer 100. FIG. As a result, at T120, the terminal 10 receives the AD from the printer 100 via the BTI/F 18, and each information in the AD (that is, the public key PPK1, the channel list, and the MAC address "abc"). get.

At T122, the terminal 10 displays a terminal-side confirmation screen TCS asking the user whether or not to execute connection processing for establishing a Wi-Fi connection between the printer 100 and the AP6. The screen TCS includes a YES button indicating execution of connection processing and a NO button indicating not executing connection processing. Then, at T130, the terminal 10 accepts the selection of the YES button in the screen TCS from the user, and at T132, sends the AD including the MAC address "xxx" of the Wi-Fi I/F 16 to the printer 100 via the BTI/F 18. Send.

When the printer 100 receives an AD from the terminal 10 via the BTI/F 118 at T132, the printer 100 acquires the received radio wave intensity of the AD. When receiving the AD, the BTI/F 118 specifies the received radio wave intensity of the AD and supplies the specified received radio wave intensity to the CPU 132 . Thereby, the printer 100 (that is, the CPU 132) can acquire the received radio wave intensity. In case A of FIG. 3, the distance between the terminal 10 and the printer 100 is assumed to be relatively small, and the printer 100 determines that the acquired received radio wave intensity is equal to or greater than the threshold. The threshold may be a value predetermined by the vendor of the printer 100 when the printer 100 is shipped, or may be a value designated by the user of the printer 100 after the printer 100 is shipped. At T134, the printer 100 associates the MAC address "xxx" in the AD received at T132 with the radio wave intensity "strong" indicating that the received radio wave intensity is equal to or greater than the threshold value, and stores them in the memory 134. do. If the printer 100 determines that the acquired received radio wave intensity is less than the threshold value, the printer 100 associates the MAC address “xxx” with the radio wave intensity “weak” and stores them in the memory 134 . When the process of T134 ends, the BS process of case A ends.

(Authentication (Auth); Fig. 4)
Next, details of the processing executed by the printer 100 in the Auth processing of T25 in FIG. 2 will be described with reference to FIG. When the printer 100 transitions to the enabled state (T109 in FIG. 3), the processing in FIG. 4 is executed.

In S3, the printer 100 monitors the reception of AReq from the outside via the Wi-Fi I/F 116. FIG. Hereinafter, the terminal from which the AReq is transmitted will be referred to as a "specific terminal". AReq includes a public key of a specific terminal, encrypted data generated by the specific terminal, MAC address of the specific terminal, and capability of the specific terminal. The capability is information that is specified in advance in a device that supports the DPP method, and indicates that it can operate only as a configurator of the DPP method and that it can operate only as an enrollee of the DPP method. and a value indicating that it can operate as both a Configurator and an Enrollee. Configurator means a device that generates CO for Enrollee and transmits the CO to Enrollee in Config (T30 in FIG. 2). On the other hand, Enrollee means a device that receives CO used in NA from Configurator in Config. When the printer 100 receives an AReq from the outside, it determines YES in S3 and proceeds to S5. On the other hand, when the printer 100 does not receive an AReq within a predetermined time after transitioning to the enabled state (T109 in FIG. 3), the printer 100 determines NO in S3 and terminates the processing in FIG. 4 as a non-execution END. Non-execution END means to stop processing according to the DPP method.

In S5, the printer 100 determines whether the MAC address stored in the memory 134 (see T134 in FIG. 3) matches the MAC address in the received AReq. If the printer 100 determines that the two MAC addresses match, it determines that the specific terminal matches the AD transmission source terminal (YES in S5), and proceeds to S10. On the other hand, if the printer 100 determines that the two MAC addresses do not match, it determines that the specific terminal is different from the AD transmission source terminal (NO in S5), and proceeds to S20.

In S10, the printer 100 determines whether or not the radio wave intensity stored in the memory 134 (see T134 in FIG. 3) is "strong". When the stored radio wave intensity is "strong", the printer 100 determines YES in S10 and proceeds to S15. On the other hand, if the stored radio wave intensity is "weak", the printer 100 determines NO in S10 and proceeds to S20.

At S15, the printer 100 executes authentication processing and operation determination processing. Authentication processing is processing for the printer 100 to authenticate a communication partner. Operation determination processing is processing for determining that the printer 100 operates as a configurator or an enrollee. The printer 100 finishes the Auth process when the authentication process and the operation determination process are finished.

In S20, the printer 100 causes the display unit 114 to display a printer-side confirmation screen PCS for asking the user to confirm execution of connection processing for establishing a Wi-Fi connection. The screen PSC includes a YES button indicating that connection processing is to be executed.

At S25, the printer 100 determines whether or not the user has selected the YES button in the screen PCS. When the user selects the YES button in the screen PCS, the printer 100 determines YES in S25 and proceeds to S15. On the other hand, if the YES button is not selected after a predetermined period of time has elapsed since the screen PCS was displayed (that is, in the case of timeout), the printer 100 determines NO in S25 and performs the processing of FIG. 4 as a non-execution END. exit. Note that in a modification, the screen PCS includes a NO button indicating that the connection process is not to be executed, and when the user selects the NO button in the screen PCS, the printer 100 determines NO in S25 and Auth. may be terminated.

(Authentication (Auth) in case A; Fig. 5)
Next, with reference to FIG. 5, the Auth processing of case A realized by the processing of FIG. 4 will be described. After transmitting AD to the printer 100 in T132 of FIG. 3, the terminal 10 generates a public key TPK1 and a secret key tsk1 of the terminal 10 in T141. Next, at T142, the terminal 10 uses the generated secret key tsk1 and the public key PPK1 of the printer 100 obtained at T120 in FIG. , generates a shared key SK1. Then, in T144, the terminal 10 encrypts the random value RV1 using the generated shared key SK1 to generate encrypted data ED1.

At T200, the terminal 10 transmits AReq to the printer 100 via the Wi-Fi I/F 16 with the MAC address "abc" acquired at T120 in FIG. AReq is a signal requesting the printer 100 to perform authentication. Here, the terminal 10 repeats transmitting AReq to the printer 100 by sequentially using the plurality of communication channels in the channel list obtained in T134. The AReq includes the public key TPK1 of the terminal 10 generated at T141, the encrypted data ED1 generated at T144, the MAC address "xxx" of the terminal 10, and the capabilities of the terminal 10. As described above, in this embodiment, the terminal 10 generates the first or second CO and transmits it to the AP 6 or printer 100 . Therefore, the capability of the terminal 10 includes a value indicating that it can operate only as a configurator.

At T200, the printer 100 receives AReq from the terminal 10 via the Wi-Fi I/F 116 (YES in S3 of FIG. 4). As described above, the AReq is transmitted with the MAC address "abc" of the printer 100 as the destination. Therefore, the printer 100 can appropriately receive the AReq from the terminal 10 .

Also, when the printer 100 transitions to the enabled state at T109 in FIG. 3, the printer 100 monitors reception of an AReq using one of the plurality of communication channels in the channel list. As described above, the T200 AReq is transmitted using a plurality of communication channels in the channel list in sequence. Therefore, the printer 100 can appropriately receive the AReq from the terminal 10 .

At T201, the printer 100 determines that the MAC address "xxx" stored in the memory 134 (see T134 in FIG. 3) matches the MAC address "xxx" in AReq (YES at S5 in FIG. 4), In addition, it is determined that the radio wave intensity stored in memory 134 (see T134 in FIG. 3) is "strong" (YES in S10).

Next, the printer 100 executes authentication processing from T202 to T208 (S15). Specifically, first, in T202, the printer 100 uses the public key TPK1 of the terminal 10 in the AReq and the private key psk1 of the printer 100 stored in advance in the memory 134 according to ECDH, Generate shared key SK1. Here, the shared key SK1 generated by the terminal 10 at T142 is the same as the shared key SK1 generated by the printer 100 at T204. Therefore, in T204, the printer 100 can appropriately decrypt the encrypted data ED1 in the AReq by using the generated shared key SK1, and as a result, obtain the random value RV1. When the decryption of the encrypted data ED1 is successful, the printer 100 determines that the source of the AReq is the device that received the AD (see T120 in FIG. 3) transmitted from the printer 100. That is, authentication is performed. was successful, and the processing from T206 onwards is executed. On the other hand, if the decryption of the encrypted data ED1 is not successful, the printer 100 determines that the source of the AReq is not the device that received the AD transmitted from the printer 100, that is, the authentication fails. It judges, and the processing after T206 is not executed.

The printer 100 generates a new public key PPK2 and a new private key psk2 for the printer 100 in T206. Note that, in a modified example, the public key PPK2 and the private key psk2 may be stored in the memory 134 in advance. Next, in T207, the printer 100 uses the public key TPK1 of the terminal 10 in the AReq of T200 and the generated private key psk2 of the printer 100 to generate a shared key SK2 according to ECDH. In T208, the printer 100 encrypts the obtained random value RV1 and the new random value RV2 using the generated shared key SK2 to generate encrypted data ED2.

At T210, the printer 100 transmits ARes to the terminal 10 via the Wi-Fi I/F116. The ARes includes the public key PPK2 of the printer 100 generated at T206, the encrypted data ED2 generated at T208, and the capabilities of the printer 100. The capability includes a value indicating that it can operate as an Enrollee only.

At T210, in response to receiving ARes from the printer 100 via the Wi-Fi I/F 16, the terminal 10 executes the following process for authenticating the source of the ARes (that is, the printer 100). . Specifically, first, in T212, the terminal 10 uses the secret key tsk1 of the terminal 10 generated in T141 and the public key PPK2 of the printer 100 in the ARes according to the ECDH to generate the shared key SK2. Generate. Here, the shared key SK2 generated by the printer 100 at T207 is the same as the shared key SK2 generated by the terminal 10 at T212. Therefore, at T214, the terminal 10 can appropriately decrypt the encrypted data ED2 in the ARes using the generated shared key SK2, and as a result, can obtain the random values RV1 and RV2. . If the decryption of the encrypted data ED2 succeeds, the terminal 10 determines that the source of the ARes is the device that sent the AD received at T120 in FIG. Then, the process after T220 is executed. On the other hand, if the decryption of the encrypted data ED2 is not successful, the terminal 10 determines that the source of the ARes is not the device that sent the AD received at T120, that is, the authentication failed. It judges, and the processing after T220 is not executed.

At T220, the terminal 10 transmits Confirm to the printer 100 via the Wi-Fi I/F 16. FIG. Confirm includes information indicating that the terminal 10 operates as a configurator and the printer 100 operates as an enrollee. As a result, in T222, the terminal 10 decides to operate as a configurator, and in T224, the printer 100 decides to operate as an enrollee (operation decision processing in S14 of FIG. 4). When the process of T224 ends, the Auth process of case A ends.

(Configuration (Config); Fig. 6)
Next, the Config processing at T30 in FIG. 2 will be described with reference to FIG. At T300, the printer 100 transmits a DPP Configuration Request (hereinafter simply referred to as “CReq”) to the terminal 10 via the Wi-Fi I/F 116. FIG. The CReq is a signal requesting transmission of CO (that is, information for establishing a Wi-Fi connection between the printer 100 and the AP 6).

The terminal 10 receives CReq from the printer 100 via the Wi-Fi I/F 16 at T300. In this case, the terminal 10 acquires the group ID “Group1”, the public key TPK2, and the secret key tsk2 from the memory (not shown) of the terminal 10 in T301. As described above, the terminal 10 has executed the Config of T15 in FIG. 2 with the AP 6, and at this time, generates the group ID "Group1", the public key TPK2, and the secret key tsk2, and stores them in the memory. The group ID “Group1” is information identifying a wireless network formed by establishing a Wi-Fi connection between the printer 100 and the AP6. Note that in a modification, a character string specified by the user may be used as the group ID. That is, at T301, the terminal 10 acquires each piece of information stored at T15 in FIG. Next, the terminal 10 generates a second CO (see T30 in FIG. 2) in T302. Specifically, the terminal 10 executes the following processes.

Terminal 10 generates hash value HV by hashing public key TPK2 of terminal 10 . Also, the terminal 10 generates a specific value by hashing the combination of the hash value HV, the group ID “Group1”, and the public key PPK2 of the printer 100 in ARes of T210 in FIG. Then, the terminal 10 generates the electronic signature DS1 by encrypting the generated specific value using the secret key tsk2 of the terminal 10 according to ECDSA (abbreviation of Elliptic Curve Digital Signature Algorithm). As a result, the terminal 10 receives a Signed-Connector for the printer (hereinbelow, the Signed-Connector is simply referred to as described as "SCont") can be generated. Then, the terminal 10 generates a second CO including the printer SCont and the public key TPK2 of the terminal 10 .

At T310, the terminal 10 transmits to the printer 100 via the Wi-Fi I/F 16 a DPP Configuration Response (hereinafter simply referred to as "CRes") including the second CO.

The printer 100 receives CRes from the terminal 10 via the Wi-Fi I/F 116 at T310. In this case, the printer 100 stores the second CO in the CRes in the memory 134 at T312. When the process of T312 ends, the process of FIG. 6 ends.

(Network Access (NA); Fig. 7)
Next, with reference to FIG. 7, the processing of NA in T35 of FIG. 2 executed between the printer 100 and AP6 will be described. As described above, the processing of T5 to T15 in FIG. 2 has already been executed between the terminal 10 and AP6, similar to T20 to T30 in FIG. However, AP6 does not execute the processing of T105 to T134 in FIG. AP6 pre-stores AP6's public key APK1 and secret key ask1. A QR code obtained by encoding AP6's public key APK1, AP6's channel list, and AP6's MAC address is attached to the housing of AP6. When the terminal 10 captures the QR code, each process similar to each process after T141 in FIG. 5 is executed between the terminal 10 and the AP6. As a result, AP6 stores AP6's public key APK2 and private key ask2 (see T206), and further stores the first CO received from terminal 10 (see T312 in FIG. 6). The first CO includes SCont for AP and public key TPK2 of terminal 10 . The public key TPK2 is the same as the public key TPK2 included in the second CO. Also, the AP SCont includes a hash value HV, a group ID "Group1", a public key APK2 of AP6, and an electronic signature DS2. The hash value HV and the group ID "Group1" are the same as the hash value HV and the group ID "Group1" included in the second CO, respectively. The electronic signature DS2 is information obtained by hashing a combination of the hash value HV, the group ID "Group1", and the public key APK2 and encrypting the specific value with the private key tsk2 of the terminal 10. This value is different from the electronic signature DS1 included in the CO.

At T400, the printer 100 transmits a DPP Peer Discovery Request (hereinafter simply referred to as “DReq”) including the printer SCont to the AP 6 via the Wi-Fi I/F 116 . The DReq is a signal requesting the AP 6 to perform authentication and transmit SCont for AP.

In response to receiving the DReq from the printer 100 at T400, the AP 6 obtains the source of the DReq (i.e., the printer 100) and each piece of information in the DReq (i.e., hash value HV, "Group1", and public key Execute processing for authenticating PPK2). Specifically, in T402, the AP 6 first sets the hash value HV in the received SCont for printer and the group ID "Group1" to the hash value HV in the SCont for AP contained in the first CO stored. A first AP determination process is executed regarding whether or not the value HV and the group ID "Group1" match. In the case of FIG. 7, the AP 6 determines "match" in the first AP determination process, and thus determines that the authentication of the source of the DReq (that is, the printer 100) has succeeded. The fact that the hash value HV in the received printer SCont and the hash value HV in the AP SCont included in the stored first CO match means that the printer SCont and the AP SCont are , means that it was generated by the same device (ie terminal 10). Therefore, the AP 6 also determines that the authentication of the generation source (that is, the terminal 10) of the received SCont for printer has succeeded. Furthermore, AP6 decrypts the electronic signature DS1 in the received printer SCont using the public key TPK2 of the terminal 10 included in the stored first CO. In the case of FIG. 7, the decryption of the electronic signature DS1 is successful, so the AP6 obtains the specific value obtained by decrypting the electronic signature DS1 and each information in the received printer SCont (that is, the hash value HV , “Group1”, and the value obtained by hashing the public key PPK2) are matched. In the case of FIG. 7, the AP 6 determines "match" in the second AP determination process, so it determines that the authentication of each information in the DReq has succeeded, and executes the process from T404. The fact that the second CO is determined to be "matched" in the second AP determination process means that after the second CO is stored in the printer 100, each information in the received printer SCont (that is, hash value HV, "Group1 , and that the public key PPK2) has not been tampered with by a third party. On the other hand, if it is determined that the first AP determination process "does not match", if the decryption of the electronic signature DS1 fails, or if it is determined that the second AP determination process "does not match", AP6 determines that the authentication has failed, and does not execute the process after T404.

Next, in T404, AP6 generates a connection key (that is, a shared key) CK using the obtained public key PPK2 of the printer 100 and the stored secret key ask2 of AP6 according to ECDH.

At T410, the AP 6 transmits to the printer 100 a DPP Peer Discovery Response (hereinafter simply referred to as "DRes") including the SCont for AP.

At T410, in response to receiving DRes from AP6 via the Wi-Fi I/F 116, the printer 100 determines the source of the DRes (that is, AP6) and each piece of information in DRes (that is, the hash value HV, Execute processing for authenticating “Group1” and public key APK2). Specifically, in T412, the printer 100 first converts the hash value HV and the group ID “Group1” in the received SCont for the AP into the SCont for the printer included in the stored second CO. A first PR determination process is executed regarding whether or not the hash value HV and the group ID "Group1" match. In the case of FIG. 7, the printer 100 determines that the PRes match in the first PR determination process, and thus determines that the authentication of the DRes sender (that is, AP6) has succeeded. The fact that the hash value HV in the received SCont for AP matches the hash value HV in the SCont for printer contained in the stored second CO means that the SCont for printer and the SCont for AP , means that it was generated by the same device (ie terminal 10). Therefore, the printer 100 also determines that the authentication of the source of the received SCont for AP (that is, the terminal 10) has succeeded. Further, the printer 100 uses the public key TPK2 of the terminal 10 included in the stored second CO to decrypt the electronic signature DS2 in the received SCont for AP. In the case of FIG. 7, since the electronic signature DS2 is successfully decrypted, the printer 100 receives the specific value obtained by decrypting the electronic signature DS2 and each piece of information (that is, hash value) in the received SCont for AP. HV, "Group1", and the value obtained by hashing the public key APK2) are matched. In the case of FIG. 7, the printer 100 determines “matches” in the second PR determination process, and thus determines that the authentication of each information in DRes has succeeded, and executes the processes from T414. The fact that it is determined to be “matched” in the second PR determination process means that after the first CO is stored in AP 6, each information in SCont for AP (that is, hash value HV, “Group1”, and It means that the public key APK2) has not been tampered with by a third party. On the other hand, if it is determined that the first PR determination process "does not match", if the decryption of the electronic signature DS2 fails, or if it is determined that the second PR determination process "does not match", The printer 100 determines that the authentication has failed, and does not execute the processing after T414.

At T414, the printer 100 generates a connection key CK according to the ECDH using the stored private key psk2 of the printer 100 and the public key APK2 of AP6 in the received SCont for AP. Here, the connection key CK generated by the AP 6 at T404 is the same as the connection key CK generated by the printer 100 at T414. As a result, the connection key CK for establishing Wi-Fi connection is shared between the printer 100 and AP6. When T414 ends, the processing in FIG. 7 ends.

As described above, after the connection key CK is shared between the printer 100 and AP6, the printer 100 and AP6 execute 4way-handshake communication using the connection key CK at T40 in FIG. As a result, a Wi-Fi connection is established between the printer 100 and the AP6. As described above, printer 100 uses one of the plurality of communication channels included in the channel list of printer 100 to receive AReq of T200 in FIG. That is, the printer 100 receives AReq of T200 from the terminal 10 using a communication channel that can be used by both the printer 100 and the terminal 10 . On the other hand, at T40 in FIG. 2, the printer 100 establishes a Wi-Fi connection with AP6 using a communication channel that can be used by both the printer 100 and AP6. Here, the communication channel that can be used by the terminal 10 and the communication channel that can be used by the AP 6 may differ. In this embodiment, a communication channel for the printer 100 to receive AReq from the terminal 10 at T200 in FIG. 5 and a communication channel for the printer 100 to establish a Wi-Fi connection with the AP 6 at T40 in FIG. different. However, in a modification, the former communication channel and the latter communication channel may be the same.

(BS and Auth in case B; Figure 8)
Next, with reference to FIG. 8, the processing of case B of BS at T20 and Auth at T25 in FIG. 2 will be described. Case B assumes a situation where the distance between the terminal 10 and the printer 100 is relatively large.

T500 to T532 are the same as T100 to T132 in FIG. At T534, the printer 100 determines that the AD received radio wave intensity is less than the threshold, and stores the MAC address “xxx” of the terminal 10 in the AD in association with the radio wave intensity “weak” in the memory 134 .

T541 to T550 are the same as T141 to T200 in FIG. At T551, the printer 100 determines that the MAC address "xxx" stored in the memory 134 matches the MAC address "xxx" in the AReq (YES in S5 of FIG. 4), and stores the address in the memory 134. It is determined that the radio field strength already received is "weak" (NO in S10). In this case, the printer 100 causes the display unit 114 to display the printer-side confirmation screen PCS in T552 (S20). Then, in T554, the printer 100 determines that the YES button in the screen PCS was not selected within a predetermined time (that is, timeout) (NO in S25), terminates the display of the screen PCS, and performs a non-execution END. The process of FIG. 8 ends.

As shown in case B, in a situation where the distance between the printer 100 and the terminal 10 is relatively long, the user of the terminal 10 cannot perform communication according to the DPP method (that is, communication using the public key PPK1). It is highly likely that you do not want to be executed between the printer 100 and the terminal 10 . For example, the terminal 10 is located at a considerable distance from the printer 100, and the user of the terminal 10 wishes to establish a Wi-Fi connection between a printer different from the printer 100 and the AP 6. assume. In this case, the terminal 10 receives the AD from the printer 100 (T520) and sends the AD and AReq to the printer 100 not intended by the user (T532, T550). In such a situation, if the printer 100 automatically executes the processing after T202 in FIG. A Wi-Fi connection may be established between 100 and AP6. That is, a Wi-Fi connection may be established between a pair of devices (ie, printer 100 and AP 6) not intended by the user of terminal 10. FIG.

On the other hand, in case B, when the printer 100 receives AD and AReq from the terminal 10 (T550), the received radio field strength of AD is "weak", so the screen PCS is displayed on the display unit 114. limits the transmission of ARes (T552). The user of the terminal 10 does not want the printer 100 to establish a Wi-Fi connection, so he does not select the YES button in the printer-side confirmation screen PCS. As a result, the printer 100 determines that timeout has occurred (T554) and does not send ARes to the terminal 10. FIG. Therefore, establishment of a Wi-Fi connection between the printer 100 and the AP 6 can be suppressed. That is, it is possible to suppress the establishment of a Wi-Fi connection between a pair of devices not intended by the user of the terminal 10 .

(BS and Auth in case C; FIG. 9)
Next, with reference to FIG. 9, another case C processing of BS at T20 and Auth at T25 in FIG. 2 will be described. The terminal 10 has a first type application 40 provided by the vendor of the printer 100 . Therefore, it is highly likely that the user of the terminal 10 will want the printer 100 to establish a Wi-Fi connection. On the other hand, the terminal 50 has a second type application 52 provided by a business operator different from the vendor of the printer 100 . Therefore, the user of terminal 50 is less likely to want printer 100 to establish a Wi-Fi connection. In Case C, the user of the terminal 10 wants to establish a Wi-Fi connection between the printer 100 and the AP 6, and the user of the terminal 50 wants a printer different from the printer 100, Assume a situation where a Wi-Fi connection wants to be established with an AP different from AP6.

In case C, first, the terminal 10 and the printer 100 execute the same processing as T100 to T134 in FIG. As a result, the printer 100 associates the MAC address "xxx" of the terminal 10 with the radio field strength "strong" and stores them in the memory 134 (T134).

Thereafter, before AReq is transmitted from the terminal 10 to the printer 100 (that is, before T200 in FIG. 5), at T610, the user of the terminal 50 performs an operation to activate the second type application 52 on the terminal 50, and T612 , the second type application 52 is activated. As a result, the terminal 50 executes the following processes according to the second type application 52 . It should be noted that the terminal 50 has already executed the same processes as T5 to T15 in FIG. 2 with the different APs before executing the processes after T610.

The terminal 50 receives the AD from the printer 100 at T620. Here, since the second type application 52 is not the first type application 40 provided by the vendor of the printer 100, even if the AD is received from the printer 100, the AD including the MAC address "yyy" of the terminal 50 is not sent to the printer 100. Therefore, in the printer 100, the MAC address "yyy" of the terminal 50 is not stored.

T641 to T650 are that the terminal 50 is used instead of the terminal 10, and that the public key TPK5, secret key tsk5, shared key SK5, random value RV5, encrypted data ED5, and MAC address "yyy , is the same as T141 to T200 in FIG. At T651, the printer 100 determines that the MAC address "xxx" stored in the memory 134 does not match the MAC address "yyy" in AReq (NO in S5 of FIG. 4). In this case, the printer 100 causes the display unit 114 to display the printer-side confirmation screen PCS at T652 (S20). In T654, the printer 100 determines that the YES button in the screen PCS has not been selected within a predetermined time (i.e., timeout) (NO in S25 of FIG. 4), ends the display of the screen PCS, and displays the screen shown in FIG. end the processing of

Note that, for example, a situation can be assumed in which the processes T610 to T650 are executed between the terminal 50 and the printer 100 before T100 to T134 in FIG. 3 are executed. That is, a situation can be assumed in which the printer 100 receives an AReq from the terminal 50 in a situation where the MAC address “xxx” of the terminal 10 and the radio wave intensity “strong” are not associated and stored in the memory 134 . In this case as well, the printer 100 determines NO in S5 of FIG. The screen PCS is displayed on the display unit 114 (S20).

Here, if the printer 100 receives AReq from the terminal 50 (T650) and automatically executes the processes after T202 in FIG. Wi-Fi connections can be established between different APs. That is, a Wi-Fi connection can be established between a pair of devices not intended by the user of terminal 50 (ie, printer 100 and the different AP described above).

On the other hand, in case C, when the printer 100 receives an AReq from the terminal 50 (T650), the printer 100 stores the MAC address "xxx" of the terminal 10 in the memory 134 and the MAC address "yyy" of the terminal 50 in the AReq. do not match, the transmission of ARes is restricted by displaying the printer-side confirmation screen PCS on the display unit 114 (T652). The user of terminal 50 does not want printer 100 to establish a Wi-Fi connection, so he does not select the YES button in screen PCS. As a result, the printer 100 determines that timeout has occurred (T654) and does not send ARes to the terminal 50. FIG. Therefore, it is possible to suppress the establishment of a Wi-Fi connection between the printer 100 and the different AP. That is, it is possible to suppress the establishment of a Wi-Fi connection between a pair of devices not intended by the user of the terminal 50 .

(BS of case D; Fig. 10)
Next, with reference to FIG. 10, the processing of another case D of the BS will be described. Case D is the state after T20 to T40 in FIG. 2 have been executed, that is, the state in which the memory 134 of the printer 100 has already stored the second CO.

T700 and T705 are similar to T100 and T105 in FIG. In this case, the memory 134 of the printer 100 stores the second CO, so the printer 100 does not start energizing the BTI/F 118 . In situations where the printer 100 stores the second CO, the printer 100 can utilize the second CO to establish a Wi-Fi connection with the AP6. Therefore, the possibility of BS being executed in the printer 100 is low. In such a situation, the printer 100 does not start energizing the BTI/F 118, thereby reducing power consumption.

The user may wish to establish a Wi-Fi connection between the printer 100 and an AP different from AP6, for example, while the printer 100 stores the second CO. In this case, the user selects the setting button in the menu screen MS in T706. The printer 100 causes the display unit 114 to display the setting screen SS in T707. The screen SS includes a print setting button for changing the print settings of the printer 100 and a connection process button for instructing execution of the connection process. Then, at T710, the user selects the connection processing button in the screen SS. In this case, the printer 100 starts energizing the BTI/F 118, starts repeatedly transmitting AD to the outside via the BTI/F 118 at T712, and transitions to the enabled state at T714. Accordingly, in response to the activation of the first type application 40 on the terminal 10, the processes after T120 in FIG. 3 are executed.

Note that the printer 100 can also establish a Wi-Fi connection with the AP 6 according to the normal Wi-Fi method (that is, the method using the SSID and password) without using the DPP method. In this case, the memory 134 of the printer 100 stores wireless setting information (ie SSID and password) for establishing Wi-Fi connection with the AP6. Even if the power of the printer 100 is turned on in such a state, the printer 100 does not start energizing the BTI/F 118, as in the case D of FIG. This is because the printer 100 can establish a Wi-Fi connection with the AP 6 using the wireless setting information. As a result, the power consumption of the printer 100 can be suppressed.

(Effect of this embodiment)
In this embodiment, when the AD is received from the terminal 10 (T132 in FIG. 3), the printer 100 determines whether the received radio wave intensity of the AD is equal to or greater than the threshold. Here, the situation where the received radio wave intensity is equal to or greater than the threshold (Case A in FIG. 3) is when the distance between the printer 100 and the terminal 10 is relatively small, that is, when the distance between the printer 100 and the terminal 10 is relatively small. This means that there is a high possibility that the user of the terminal 10 wants communication using the key PPK1 to be executed. In such a situation, in response to receiving AReq from terminal 10 (T200 in FIG. 5), printer 100 transmits ARes to terminal 10 (T210) and receives the second CO from terminal 10 ( T310 in FIG. 6), and establishes a Wi-Fi connection with AP 6 using the second CO (T35, T40 in FIG. 2).

On the other hand, when the received radio wave intensity is not equal to or greater than the threshold (Case B in FIG. 8), the distance between the printer 100 and the terminal 10 is relatively large. This means that there is a high possibility that the user of the terminal 10 does not want communication using . In this situation, when the printer 100 receives an AReq from the terminal 10 (T550), the printer 100 displays a printer-side confirmation screen PCS on the display unit 114 to limit the transmission of ARes (T552). In case B of FIG. 8, the YES button in the screen PCS is not selected by the user (T554), so no Wi-Fi connection is established between the printer 100 and the AP6. Therefore, it is possible to suppress the establishment of a Wi-Fi connection between a pair of devices not intended by the user of the terminal 10 . Note that in case B, if the user of the terminal 10 wishes to establish a Wi-Fi connection between the printer 100 and the AP 6, the user selects the YES button in the screen PCS. In this case, the processing from T202 onward in FIG. 5 is executed, and the Wi-Fi connection is established between the printer 100 and the AP6. Therefore, it is possible to establish a Wi-Fi connection according to the user's intention.

Further, in this embodiment, when the printer 100 receives an AD from the terminal 10 (T132 in FIG. 3) and also receives an AReq from the specific terminal (terminal 10 or terminal 50) (YES in S3 in FIG. 4) First, it is determined whether or not the MAC address included in AD matches the MAC address included in AReq (S5). Here, the situation where the MAC address included in the AD matches the MAC address included in the AReq (Case A in FIG. 5) is that the terminal 10 and the specific terminal match, that is, the terminal that is the transmission source of the AD. 10 has sent an AReq. Therefore, it means that there is a high possibility that the user wants communication between the printer 100 and the terminal 10 using the public key PPK1. In such a situation, the printer 100 transmits ARes to the terminal 10 (T210 in FIG. 5), receives the second CO from the terminal 10 (T310 in FIG. 6), and uses the second CO to establish a Wi-Fi connection with (T35, T40 in FIG. 2).

On the other hand, the situation where the MAC address included in the AD and the MAC address included in the AReq do not match (case C in FIG. 9) is that the terminal 10 and the specific terminal do not match, that is, the terminal 10 that is the source of the AD means that the AReq was sent from a different device. This means that there is a high possibility that the user does not want communication between the printer 100 and the terminal 50 using the public key PPK1. In such a situation, when the printer 100 receives an AReq from the terminal 50 (T650 in FIG. 9), the printer 100 displays a printer-side confirmation screen PCS on the display unit 114 to restrict the transmission of ARes (T652). . In case C of FIG. 9, the YES button in the screen PCS is not selected by the user (T654), so no Wi-Fi connection is established between the printer 100 and an AP other than AP6. Therefore, it is possible to suppress the establishment of a Wi-Fi connection between a pair of devices not intended by the user of terminal 50 . In Case C, if the user of terminal 50 wishes to establish a Wi-Fi connection between printer 100 and the different AP, the user selects the YES button in screen PCS. be done. In this case, the processing from T202 onward in FIG. 5 is executed to establish a Wi-Fi connection between the printer 100 and the different AP. Therefore, it is possible to establish a Wi-Fi connection according to the user's intention.

(correspondence relationship)
The printer 100, the terminal 10, and the AP 6 are examples of the "communication device,""first external device," and "second external device," respectively. Terminal 10 or terminal 50 is an example of a "specific external device." The BTI/F 118 and Wi-Fi I/F 116 are examples of the "first wireless interface" and the "second wireless interface", respectively. The public key PPK1 and the AD transmitted from the printer 100 are examples of the "public key" and the "specific signal", respectively. AReq, ARes, and second CO are examples of "authentication request,""authenticationresponse," and "connection information," respectively. The Wi-Fi connection established at T40 in FIG. 2 is an example of a "wireless connection."

The printer side confirmation screen PCS is an example of the "instruction screen". The MAC address (“xxx” or “yyy”) in the MAC address “xxx” AReq of the terminal 10 is an example of “target identification information” and “specific identification information”, respectively. The channel list, the communication channel used at T200 in FIG. 4, and the communication channel used at T40 in FIG. An example. Receiving a power ON operation from the user when the second CO is not stored in the memory 134, and selecting the wireless setting button by the user when the second CO is stored in the memory 134 is an example of a "predetermined condition". The first type application 40 is an example of an "application program." The selection operation of the connection processing button in the setting screen SS is an example of the "specific operation". The SCont for AP and the hash value HV in the second CO are examples of "receiving information" and "authentication information", respectively.

3, T132 (or T532), S10 in FIG. 4, T200 (or T550) in FIG. 5, T210 in FIG. 6, and the processes of T35 and T40 in FIG. , a “connection information receiving unit”, and an “establishing unit”.

Processing of T120 (or T520 of FIG. 8, T620 of FIG. 9), processing of T132 (or T532) of FIG. 3, processing of T200 (or T550, T650) of FIG. 5, processing of S5 of FIG. 4, processing of T210 , the processing of T310 in FIG. 6, and the processing of T35 and T40 in FIG. It is an example of processing executed by a "connection information receiving unit" and an "establishing unit".

Although specific examples of the present invention have been described in detail above, these are merely examples and do not limit the scope of the claims. The technology described in the claims includes various modifications and changes of the specific examples illustrated above. Modifications of the above embodiment are listed below.

(Modification 1) At T132 in FIG. 3, the terminal 10 may transmit an AD that does not include the MAC address "xxx" to the printer 100 via the BTI/F18. In this case, in T132, the printer 100 receives an AD from the terminal 10 via the BTI/F 118, and if it determines that the received radio field strength of the AD is equal to or greater than the threshold, the radio field strength " Strong” is stored in memory 134 . When the printer 100 receives an AReq from the specific terminal (YES in S3 of FIG. 4), the printer 100 skips the processing of S5 and checks whether or not the radio field strength "strong" is stored in the memory 134. to decide. If the radio field strength "strong" is stored in the memory 134, the printer 100 proceeds to S15. On the other hand, if the radio field strength "weak" is stored in the memory 134, the printer 100 proceeds to S20. In a modified example, the "specific signal" may not include the "target identification information."

(Modification 2) At T134 in FIG. 3, the printer 100 may store only the MAC address “xxx” in the memory 134 without judging whether the received radio wave intensity of the AD is equal to or greater than the threshold. In this case, the printer 100 receives an AReq from the specific terminal (YES in S3 of FIG. 4) and determines that the MAC address stored in the memory 134 matches the MAC address in the received AReq. In this case, the process of S10 is skipped and the process of S15 is executed.

(Modification 3) For example, the AD transmitted from the printer 100 at T105 in FIG. 3 may not include the channel list and the MAC address "abc". That is, the AD should include at least the public key PPK1. In this case, the printer 100 receives an AReq in which one wireless channel out of all wireless channels available to the printer 100 is used in response to the transition from the disabled state to the enabled state at T109. to monitor. In addition, at T200 in FIG. 5, the terminal 10 sequentially uses all radio channels available to the terminal 10 to sequentially transmit AReq by broadcasting. That is, the "specific signal" may be at least information obtained using a public key. Also, in this modified example, the "channel information transmission unit" can be omitted.

(Modification 4) The processing (eg, T142 and T202 in FIG. 4) for generating a shared key (eg, SK1) is not limited to the above-described processing according to ECDH, and other processing according to ECDH. may be Further, the processing for generating a shared key is not limited to processing according to ECDH, and processing according to other schemes (for example, DH (abbreviation of Diffie-Hellman key exchange), etc.) may be executed. Further, in the above embodiment, the electronic signatures DS1 and DS2 were generated according to ECDSA, but other methods (eg, DSA (abbreviation of Digital Signature Algorithm), RAS (abbreviation of Rivest-Shamir-Adleman cryptosystem), etc.) may be generated according to

(Modification 5) For example, at T107 in FIG. 3, the printer 100 may repeatedly transmit a signal (for example, Scan Request) that is different from the AD and conforms to the BT method to the outside. In this modified example, the different signal is an example of the "specific signal".

(Modification 6) When determining NO in S5 of FIG. 4, the printer 100 may terminate the processing of FIG. 4 as a non-execution END without executing S20 and S25. Further, when the determination in S10 is NO, the printer 100 may terminate the process of FIG. 4 as a non-execution END without executing S20 and S25. In this modified example, not transmitting ARes in the case of NO in S5 or NO in S10 is an example of "the transmission of the authentication response is restricted". Also, in this modified example, the “display control unit” can be omitted.

(Modification 7) At T132 in FIG. 3, the terminal 10 may transmit an AD including the device name of the terminal 10 to the printer 100 via the BTI/F 18 instead of the MAC address "xxx". In this case, at T134, the printer 100 associates and stores the device name of the terminal in the AD and the radio field strength "strong". Further, at T200 in FIG. 5, the printer 100 receives an AReq containing the device name of the terminal 10 instead of the MAC address "xxx" from the terminal 10 via the Wi-Fi I/F 116, and stores it in the memory 134. If the device name already written matches the device name in AReq, the processing from T202 onwards is executed. In this modification, the device name of the terminal 10 is an example of "target identification information" and "specific identification information." Generally speaking, the 'target identification information (or specific identification information)' may be any information that identifies the 'first external device (or specific external device)'.

(Modification 8) For example, the processes of T107 and T120 in FIG. 3 may be omitted. In this case, the printer 100 receives the AD from the terminal 10 via the BTI/F 118 at T132, and then transmits the AD including the public key PPK1 and the like to the terminal 10 via the BTI/F 118. FIG. That is, the 'specific signal receiving unit' may receive the 'specific signal' before the 'public key' is received by the 'first external device'.

(Modification 9) At T35 in FIG. 2, NA processing may be executed between the terminal 10 and the printer 100 to establish a Wi-Fi connection between the terminal 10 and the printer 100. FIG. That is, the "second external device" may be the same device as the "first external device".

(Modification 10) The AD transmitted from the printer 100 at T107 or the like in FIG. In this case, the terminal 10 starts energizing the BTI/F 18 in response to the power being turned on, and activates the first type application 40 in response to receiving the AD including activation information from the printer 100. It starts up and executes the processing after T122.

(Modification 11) In the above embodiment, the terminal 10 is used to establish a Wi-Fi connection between the printer 100 and the AP6. Alternatively, for example, using the terminal 10, the printer 100 operating as a WFD system G/O (abbreviation for Group Owner) (that is, a device operating as a master station) and another device (that is, a slave station) A Wi-Fi connection may be established between the operating device) and the That is, the "second external device" does not have to be the "master station device".

(Modification 12) At T650 in FIG. 9, the terminal 50 may transmit to the printer 100 an AReq that does not include the MAC address “yyy”. In this case, the printer 100 receives the AReq from the terminal 50 via the Wi-Fi I/F 116, determines that the AReq does not contain the MAC address, and displays the printer side confirmation screen PCS. It may be displayed on the display unit 114 .

(Modification 13) Instead of the BTI/F 118, the printer 100 may be provided with a wireless interface conforming to a wireless communication method different from the BT method (for example, the ZigBee method). In this modified example, the wireless interface is an example of the "first wireless interface".

(Modification 14) The “communication device” may not be a printer, but may be another device such as a scanner, a multi-function device, a mobile terminal, a PC, or a server.

(Modification 15) In each of the above-described embodiments, each process of FIGS. may be implemented.

In addition, the technical elements described in this specification or in the drawings exhibit technical usefulness alone or in various combinations, and are not limited to the combinations described in the claims at the time of filing. In addition, the techniques exemplified in this specification or drawings achieve multiple purposes at the same time, and achieving one of them has technical utility in itself.
The following items are claimed elements as filed.
(Item 1)
A communication device,
a first wireless interface;
a second wireless interface different from the first wireless interface;
a public key transmission unit that transmits a public key to the outside via the first wireless interface;
a specific signal receiving unit that receives a specific signal from a first external device via the first wireless interface;
a judgment unit for judging whether the received radio wave intensity of the specific signal is equal to or greater than a threshold when the specific signal is received from the first external device;
an authentication request receiving unit that receives an authentication request using the public key from the first external device via the second wireless interface after the public key is transmitted to the outside;
A response to the authentication request via the second wireless interface when it is determined that the received radio wave intensity is equal to or greater than the threshold and the authentication request is received from the first external device. an authentication response transmitting unit configured to transmit an authentication response to the first external device, wherein it is determined that the received radio wave intensity is not equal to or greater than the threshold value, and the authentication request is received from the first external device; the authentication response transmission unit, wherein transmission of the authentication response to the first external device is restricted;
A connection information receiving unit configured to receive connection information from the first external device via the second wireless interface after the authentication response is transmitted to the first external device, the connection information is information for establishing a wireless connection between the communication device and a second external device via the second wireless interface;
When the connection information is received from the first external device, the connection information is used to communicate the wireless communication between the communication device and the second external device via the second wireless interface. an establishing unit for establishing a connection;
A communication device comprising:
(Item 2)
The communication device further
a display unit;
an instruction screen for instructing execution of transmission of the authentication response when it is determined that the received radio wave intensity is not equal to or greater than the threshold and the authentication request is received from the first external device; a display control unit that restricts transmission of the authentication response to the first external device by displaying on the display unit;
The authentication response transmission unit further transmits the authentication response via the second wireless interface when instructed to transmit the authentication response in a situation where the instruction screen is displayed. The communication device according to item 1, transmitting to the first external device.
(Item 3)
the specific signal includes object identification information that identifies the first external device;
The authentication response transmission unit receives the authentication request including the target identification information from the first external device determined that the received radio wave intensity is equal to or greater than the threshold and identified by the target identification information. transmitting the authentication response to the first external device via the second wireless interface,
the authentication response to the specific external device when the authentication request not containing the target identification information is received from the specific external device different from the first external device via the second wireless interface; 3. The communication device according to item 1 or 2, wherein the transmission of is restricted.
(Item 4)
The communication device further
a state transition unit that shifts the operation state of the communication device from the impossible state to the possible state when a predetermined condition is satisfied, wherein the impossible state is such that the authentication response is received even if the authentication request is received. The state transition unit is a state of not transmitting, and the possible state is a state of transmitting the authentication response in response to receiving the authentication request,
The authentication response transmission unit determines that the received radio wave intensity is equal to or greater than the threshold value after the operation state of the communication device is shifted to the enabled state, and the authentication request is received from the first external device. 4. A communication device according to any one of items 1 to 3, which, if received, transmits said authentication response to said first external device via said second wireless interface.
(Item 5)
The communication device further
a channel information transmitting unit configured to externally transmit communication channel information indicating a first communication channel predetermined in the communication device via the first wireless interface;
the enabled state is a state of monitoring reception of the authentication request using the first communication channel and transmitting the authentication response in response to receiving the authentication request;
The authentication response transmission unit determines that the received radio wave intensity is equal to or greater than the threshold value after the operating state of the communication device is shifted to the enabled state, and 5. The communication device according to item 4, wherein, when the authentication request using a communication channel is received, the authentication response is transmitted to the first external device via the second wireless interface.
(Item 6)
A communication device,
a first wireless interface;
a second wireless interface different from the first wireless interface;
a public key transmission unit that transmits a public key to the outside via the first wireless interface;
a specific signal receiving unit that receives a specific signal including target identification information for identifying the first external device from the first external device via the first wireless interface;
an authentication request receiving unit for receiving an authentication request using the public key from a specific external device via the second wireless interface after the public key is transmitted to the outside, wherein the authentication request is , the authentication request receiving unit including specific identification information for identifying the specific external device;
When the identification signal is received from the first external device and the authentication request is received from the specific external device, the object identification information included in the identification signal and the identification included in the authentication request a determination unit that determines whether or not the identification information matches;
When it is determined that the target identification information and the specific identification information match, the authentication response, which is a response to the authentication request, is sent to the first external device through the second wireless interface to identify the matching identification information. An authentication response transmission unit for transmitting to an external device, wherein, when it is determined that the target identification information and the specific identification information do not match, the authentication to the specific external device different from the first external device the authentication response sender, wherein transmission of responses is restricted;
A connection information receiving unit configured to receive connection information from the specific external device via the second wireless interface after the authentication response is transmitted to the specific external device, wherein the connection information is the communication the connection information receiving unit, which is information for establishing a wireless connection between the device and a second external device via the second wireless interface;
when the connection information is received from the specific external device, using the connection information to establish the wireless connection between the communication device and the second external device via the second wireless interface; an establishing unit that establishes;
A communication device comprising:
(Item 7)
The communication device further
a display unit;
By causing the display unit to display an instruction screen for instructing transmission of the authentication response when it is determined that the target identification information and the specific identification information do not match, the specific external device a display control unit that limits transmission of the authentication response to
The authentication response transmission unit transmits the authentication response through the second wireless interface when instructed to transmit the authentication response in a situation where the instruction screen is displayed. 7. A communication device according to item 6, transmitting to an external device.
(Item 8)
The communication device further
a state transition unit that shifts the operation state of the communication device from the impossible state to the possible state when a predetermined condition is satisfied, wherein the impossible state is such that the authentication response is received even if the authentication request is received. The state transition unit is a state of not transmitting, and the possible state is a state of transmitting the authentication response in response to receiving the authentication request,
The authentication response transmission unit, when it is determined that the target identification information and the specific identification information match after the operating state of the communication device is shifted to the enabled state, through the second wireless interface 8. The communication device according to item 6 or 7, further configured to transmit the authentication response to the specific external device.
(Item 9)
The communication device further
a channel information transmitting unit configured to externally transmit communication channel information indicating a first communication channel predetermined in the communication device via the first wireless interface;
the enabled state is a state of monitoring reception of the authentication request using the first communication channel and transmitting the authentication response in response to receiving the authentication request;
The authentication response transmission unit receives the authentication request using the first communication channel from the specific external device after the operation state of the communication device is shifted to the enabled state, and The communication device according to item 8, wherein, when it is determined that the information and the specific identification information match, the authentication response is transmitted to the specific external device via the second wireless interface.
(Item 10)
The establishing unit utilizes a second communication channel different from the first communication channel to establish the wireless connection between the communication device and the second external device via the second wireless interface. 10. A communication device according to item 5 or 9, which establishes a
(Item 11)
11. The communication device according to any one of items 1 to 10, wherein the specific signal is transmitted from the first external device to the communication device according to an application program provided by a vendor of the communication device.
(Item 12)
Item 1, wherein the specific signal receiving unit receives the specific signal from the first external device via the first wireless interface after the public key is received by the first external device. 12. The communication device according to any one of Claims 11 to 11.
(Item 13)
the first wireless interface is a wireless interface for performing wireless communication according to the Bluetooth (registered trademark) system;
13. The communication device according to any one of items 1 to 12, wherein the public key transmission unit is an Advertise signal conforming to the Bluetooth system and repeatedly transmits the Advertise signal including the public key to the outside.
(Item 14)
14. The communication device according to item 13, wherein the first wireless interface is a wireless interface for performing wireless communication according to version 4.0 or later of the Bluetooth system.
(Item 15)
The communication device further
a memory for storing the connection information;
The public key transmission unit transmits the public key to the outside via the first wireless interface when the power of the communication device is turned on in a situation where the connection information is not stored in the memory. send and
15. The communication device according to any one of items 1 to 14, wherein the public key is not transmitted when the communication device is powered on in a situation where the connection information is stored in the memory.
(Item 16)
The communication device further
Equipped with an operation unit,
The public key transmission unit receives the public key when a specific operation is accepted through the operation unit after the power of the communication device is turned on in a situation where the connection information is stored in the memory. 16. The communication device according to item 15, which transmits to the outside.
(Item 17)
The second external device is a device different from the first external device and is a master station device that should operate as a master station of a wireless network,
The establishing unit establishes the wireless connection between the communication device and the second external device via the second wireless interface, and allows the communication device to participate in the wireless network as a slave station. 17. Communication device according to any one of items 1-16.
(Item 18)
18. The communication device according to any one of items 1 to 17, wherein the connection information includes authentication information for authenticating received information received from the second external device.
(Item 19)
The communication device further
19. The communication device according to any one of items 1 to 18, further comprising an operation control unit that causes the communication device to operate as an Enrollee conforming to Wi-Fi standards after the authentication response is transmitted.
(Item 20)
A computer program for a communication device, comprising:
The computer of the communication device has the following parts:
a public key transmission unit that transmits a public key to the outside via a first wireless interface of the communication device;
a specific signal receiving unit that receives a specific signal from a first external device via the first wireless interface;
a judgment unit for judging whether the received radio wave intensity of the specific signal is equal to or greater than a threshold when the specific signal is received from the first external device;
an authentication request receiving unit configured to receive an authentication request using the public key from the first external device via a second wireless interface of the communication device after the public key is transmitted to the outside; wherein the second wireless interface is different from the first wireless interface, the authentication request receiving unit;
A response to the authentication request via the second wireless interface when it is determined that the received radio wave intensity is equal to or greater than the threshold and the authentication request is received from the first external device. an authentication response transmitting unit configured to transmit an authentication response to the first external device, wherein it is determined that the received radio wave intensity is not equal to or greater than the threshold value, and the authentication request is received from the first external device; the authentication response transmission unit, wherein transmission of the authentication response to the first external device is restricted;
A connection information receiving unit configured to receive connection information from the first external device via the second wireless interface after the authentication response is transmitted to the first external device, the connection information is information for establishing a wireless connection between the communication device and a second external device via the second wireless interface;
When the connection information is received from the first external device, the connection information is used to communicate the wireless communication between the communication device and the second external device via the second wireless interface. an establishing unit for establishing a connection;
A computer program that acts as
(Item 21)
A computer program for a communication device, comprising:
The computer of the communication device has the following parts:
a public key transmission unit that transmits a public key to the outside via a first wireless interface of the communication device;
a specific signal receiving unit that receives a specific signal including target identification information for identifying the first external device from the first external device via the first wireless interface;
an authentication request receiving unit that receives an authentication request using the public key from a specific external device via a second wireless interface of the communication device after the public key is transmitted to the outside, the second wireless interface is different from the first wireless interface, and the authentication request includes specific identification information for identifying the specific external device;
When the identification signal is received from the first external device and the authentication request is received from the specific external device, the object identification information included in the identification signal and the identification included in the authentication request a determination unit that determines whether or not the identification information matches;
When it is determined that the target identification information and the specific identification information match, the authentication response, which is a response to the authentication request, is sent to the first external device through the second wireless interface to identify the matching identification information. An authentication response transmission unit for transmitting to an external device, wherein, when it is determined that the target identification information and the specific identification information do not match, the authentication to the specific external device different from the first external device the authentication response sender, wherein transmission of responses is restricted;
A connection information receiving unit configured to receive connection information from the specific external device via the second wireless interface after the authentication response is transmitted to the specific external device, wherein the connection information is the communication the connection information receiving unit, which is information for establishing a wireless connection between the device and a second external device via the second wireless interface;
when the connection information is received from the specific external device, using the connection information to establish the wireless connection between the communication device and the second external device via the second wireless interface; an establishing unit that establishes;
A computer program that acts as

2: communication system, 6: AP, 10, 50: terminal, 16, 116: Wi-Fi I/F, 18, 118: BTI/F, 40: first type application, 52: second type application, 100 : printer, 112: operation unit, 114: display unit, 120: print execution unit, 130: control unit, 132: CPU, 134: memory, 136: program

Claims (24)

A communication device,
a first wireless interface;
a second wireless interface different from the first wireless interface, wherein a communicable distance of wireless communication via the second wireless interface is a communicable distance of wireless communication via the first wireless interface; the second wireless interface, which is greater than the distance
a public key transmission unit that transmits a public key to the outside via the first wireless interface;
a specific signal receiving unit that receives a specific signal from a first external device via the first wireless interface;
an authentication request receiving unit that receives an authentication request using the public key from the first external device via the second wireless interface after the public key is transmitted to the outside;
When the distance between the communication device and the first external device is less than a predetermined value based on the specific signal and the authentication request is received from the first external device, the second an authentication response transmission unit that transmits an authentication response, which is a response to the authentication request, to the first external device via the wireless interface of the communication device and the first external device based on the specific signal When the distance between is equal to or greater than the predetermined value and the authentication request is received from the first external device, transmission of the authentication response to the first external device is restricted. the authentication response transmission unit;
A connection information receiving unit configured to receive connection information from the first external device via the second wireless interface after the authentication response is transmitted to the first external device, the connection information is information for establishing a wireless connection between the communication device and a second external device via the second wireless interface;
When the connection information is received from the first external device, the connection information is used to communicate the wireless communication between the communication device and the second external device via the second wireless interface. an establishing unit for establishing a connection;
A communication device comprising: The communication device further
a display unit;
the authentication when the distance between the communication device and the first external device is equal to or greater than the predetermined value based on the specific signal and the authentication request is received from the first external device; a display control unit that restricts transmission of the authentication response to the first external device by causing the display unit to display an instruction screen for instructing transmission of the response;
The authentication response transmission unit further transmits the authentication response via the second wireless interface when instructed to transmit the authentication response in a situation where the instruction screen is displayed. 2. The communication device according to claim 1, transmitting to said first external device. the specific signal includes object identification information that identifies the first external device;
The authentication response transmission unit, based on the specific signal, determines that the distance between the communication device and the first external device is less than the predetermined value and the first device identified by the target identification information. transmitting the authentication response to the first external device via the second wireless interface when the authentication request including the target identification information is received from the external device;
the authentication response to the specific external device when the authentication request not containing the target identification information is received from the specific external device different from the first external device via the second wireless interface; 3. A communication device according to claim 1 or 2, wherein the transmission of is restricted. The communication device further
a state transition unit that shifts the operation state of the communication device from the impossible state to the possible state when a predetermined condition is satisfied, wherein the impossible state is such that the authentication response is received even if the authentication request is received. The state transition unit is a state of not transmitting, and the possible state is a state of transmitting the authentication response in response to receiving the authentication request,
The authentication response transmission unit, after the operation state of the communication device is shifted to the enabled state, is configured to determine whether the distance between the communication device and the first external device is less than the predetermined value based on the specific signal. and transmitting the authentication response to the first external device via the second wireless interface when the authentication request is received from the first external device. The communication device according to any one of Claims 1 to 3. The communication device further
a channel information transmitting unit configured to externally transmit communication channel information indicating a first communication channel predetermined in the communication device via the first wireless interface;
the enabled state is a state of monitoring reception of the authentication request using the first communication channel and transmitting the authentication response in response to receiving the authentication request;
The authentication response transmission unit, after the operation state of the communication device is shifted to the enabled state, is configured to determine whether the distance between the communication device and the first external device is less than the predetermined value based on the specific signal. and when the authentication request using the first communication channel is received from the first external device, the authentication response is sent to the first external device via the second wireless interface. 5. The communication device of claim 4, transmitting to a device. A communication device,
a first wireless interface;
a second wireless interface different from the first wireless interface, wherein a communicable distance of wireless communication via the second wireless interface is a communicable distance of wireless communication via the first wireless interface; the second wireless interface, which is greater than the distance
a public key transmission unit that transmits a public key to the outside via the first wireless interface;
a specific signal receiving unit that receives a specific signal including target identification information for identifying the first external device from the first external device via the first wireless interface;
an authentication request receiving unit for receiving an authentication request using the public key from a specific external device via the second wireless interface after the public key is transmitted to the outside, wherein the authentication request is , the authentication request receiving unit including specific identification information for identifying the specific external device;
The specific signal is received from the first external device, the authentication request is received from the specific external device, and the object identification information included in the specific signal and the specific identification included in the authentication request an authentication response transmitting unit configured to transmit an authentication response, which is a response to the authentication request, to the specified external device that matches the first external device via the second wireless interface if the information matches the first external device. the authentication response transmission unit configured to restrict transmission of the authentication response to the specific external device different from the first external device when the target identification information and the specific identification information do not match;
A connection information receiving unit configured to receive connection information from the specific external device via the second wireless interface after the authentication response is transmitted to the specific external device, wherein the connection information is the communication the connection information receiving unit, which is information for establishing a wireless connection between the device and a second external device via the second wireless interface;
when the connection information is received from the specific external device, using the connection information to establish the wireless connection between the communication device and the second external device via the second wireless interface; an establishing unit that establishes;
A communication device comprising: The communication device further
a display unit;
When the target identification information and the specific identification information do not match, the authentication to the specific external device is performed by displaying an instruction screen for instructing transmission of the authentication response on the display unit. a display control unit that limits transmission of responses,
The authentication response transmission unit transmits the authentication response through the second wireless interface when instructed to transmit the authentication response in a situation where the instruction screen is displayed. 7. The communication device according to claim 6, transmitting to an external device. The communication device further
a state transition unit that shifts the operation state of the communication device from the impossible state to the possible state when a predetermined condition is satisfied, wherein the impossible state is such that the authentication response is received even if the authentication request is received. The state transition unit is a state of not transmitting, and the possible state is a state of transmitting the authentication response in response to receiving the authentication request,
After the operation state of the communication device is shifted to the enabled state, the authentication response transmission unit transmits the 8. The communication device according to claim 6, which transmits an authentication response to said specific external device. The communication device further
a channel information transmitting unit configured to externally transmit communication channel information indicating a first communication channel predetermined in the communication device via the first wireless interface;
the enabled state is a state of monitoring reception of the authentication request using the first communication channel and transmitting the authentication response in response to receiving the authentication request;
The authentication response transmission unit receives the authentication request using the first communication channel from the specific external device after the operation state of the communication device is shifted to the enabled state, and 9. The communication device according to claim 8, wherein the authentication response is transmitted to the specific external device via the second wireless interface when the information matches the specific identification information. The establishing unit utilizes a second communication channel different from the first communication channel to establish the wireless connection between the communication device and the second external device via the second wireless interface. 10. A communication device according to claim 5 or 9, which establishes a 11. The communication device according to any one of claims 1 to 10, wherein said specific signal is transmitted from said first external device to said communication device according to an application program provided by a vendor of said communication device. The specific signal receiving unit receives the specific signal from the first external device via the first wireless interface after the public key is received by the first external device. 12. Communication device according to any one of claims 1 to 11. the first wireless interface is a wireless interface for performing wireless communication according to the Bluetooth (registered trademark) system;
The communication device according to any one of claims 1 to 12, wherein the public key transmission unit is an Advertise signal conforming to the Bluetooth system and repeatedly transmits the Advertise signal including the public key to the outside. 14. The communication device according to claim 13, wherein said first wireless interface is a wireless interface for performing wireless communication according to version 4.0 or later of said Bluetooth system. The communication device further
a memory for storing the connection information;
The public key transmission unit transmits the public key to the outside via the first wireless interface when the power of the communication device is turned on in a situation where the connection information is not stored in the memory. send and
15. The communication device according to any one of claims 1 to 14, wherein the public key is not transmitted when the communication device is powered on in a situation where the connection information is stored in the memory. The communication device further
Equipped with an operation unit,
The public key transmission unit receives the public key when a specific operation is accepted through the operation unit after the power of the communication device is turned on in a situation where the connection information is stored in the memory. 16. The communication device according to claim 15, which transmits to the outside. The second external device is a device different from the first external device and is a master station device that should operate as a master station of a wireless network,
The establishing unit establishes the wireless connection between the communication device and the second external device via the second wireless interface, and allows the communication device to participate in the wireless network as a slave station. 17. A communication device according to any one of claims 1-16. 18. The communication device according to any one of claims 1 to 17, wherein said connection information includes authentication information for authenticating received information received from said second external device. The communication device further
19. The communication device according to any one of claims 1 to 18, further comprising an operation control unit that causes the communication device to operate as an Enrollee conforming to Wi-Fi standards after the authentication response is transmitted. A communication device,
a first wireless interface;
a second wireless interface different from the first wireless interface;
a display unit;
a public key transmission unit that transmits a public key to the outside via the first wireless interface;
an authentication request receiving unit that receives an authentication request using the public key from a first external device via the second wireless interface after the public key is transmitted to the outside;
a display control unit for displaying, on the display unit, an instruction screen for instructing transmission of an authentication response, which is a response to the authentication request, when the authentication request is received from the first external device; ,
In a situation where the instruction screen is displayed, if an instruction is given to transmit the authentication response, the authentication response is transmitted to the first external device via the second wireless interface. wherein the authentication response transmission unit does not transmit the authentication response to the first external device when the transmission of the authentication response is not instructed in a situation where the instruction screen is displayed; an authentication response transmitter ;
A connection information receiving unit configured to receive connection information from the first external device via the second wireless interface after the authentication response is transmitted to the first external device, the connection information is information for establishing a wireless connection between the communication device and a second external device via the second wireless interface;
When the connection information is received from the first external device, the connection information is used to communicate the wireless communication between the communication device and the second external device via the second wireless interface. an establishing unit for establishing a connection;
A communication device comprising: the second wireless interface supports Device Provisioning Protocol (DPP);
The authentication request receiving unit receives the authentication request according to the DPP from the first external device,
The authentication response transmission unit transmits the authentication response according to the DPP to the first external device,
The communication device according to any one of claims 1 to 20, wherein said connection information receiving unit receives said connection information according to said DPP from said first external device. A computer program for a communication device, comprising:
The computer of the communication device has the following parts:
a public key transmission unit that transmits a public key to the outside via a first wireless interface of the communication device;
a specific signal receiving unit that receives a specific signal from a first external device via the first wireless interface;
an authentication request receiving unit configured to receive an authentication request using the public key from the first external device via a second wireless interface of the communication device after the public key is transmitted to the outside; the second wireless interface is different from the first wireless interface, and the communicable distance of wireless communication via the second wireless interface is greater than the wireless communication via the first wireless interface. the authentication request receiving unit, which is greater than the communicable distance of
When the distance between the communication device and the first external device is less than a predetermined value based on the specific signal and the authentication request is received from the first external device, the second an authentication response transmission unit that transmits an authentication response, which is a response to the authentication request, to the first external device via the wireless interface of the communication device and the first external device based on the specific signal When the distance between is equal to or greater than the predetermined value and the authentication request is received from the first external device, transmission of the authentication response to the first external device is restricted. the authentication response transmission unit;
A connection information receiving unit configured to receive connection information from the first external device via the second wireless interface after the authentication response is transmitted to the first external device, the connection information is information for establishing a wireless connection between the communication device and a second external device via the second wireless interface;
When the connection information is received from the first external device, the connection information is used to communicate the wireless communication between the communication device and the second external device via the second wireless interface. an establishing unit for establishing a connection;
A computer program that acts as A computer program for a communication device, comprising:
The computer of the communication device has the following parts:
a public key transmission unit that transmits a public key to the outside via a first wireless interface of the communication device;
a specific signal receiving unit that receives a specific signal including target identification information for identifying the first external device from the first external device via the first wireless interface;
an authentication request receiving unit that receives an authentication request using the public key from a specific external device via a second wireless interface of the communication device after the public key is transmitted to the outside, The second wireless interface is different from the first wireless interface , and the communicable distance of wireless communication via the second wireless interface is the communicable distance of wireless communication via the first wireless interface. the authentication request receiving unit, wherein the authentication request includes specific identification information that identifies the specific external device, the authentication request being greater than the distance ;
The specific signal is received from the first external device, the authentication request is received from the specific external device, and the object identification information included in the specific signal and the specific identification included in the authentication request an authentication response transmitting unit configured to transmit an authentication response, which is a response to the authentication request, to the specified external device that matches the first external device via the second wireless interface if the information matches the first external device. the authentication response transmission unit configured to restrict transmission of the authentication response to the specific external device different from the first external device when the target identification information and the specific identification information do not match;
A connection information receiving unit configured to receive connection information from the specific external device via the second wireless interface after the authentication response is transmitted to the specific external device, wherein the connection information is the communication the connection information receiving unit, which is information for establishing a wireless connection between the device and a second external device via the second wireless interface;
when the connection information is received from the specific external device, using the connection information to establish the wireless connection between the communication device and the second external device via the second wireless interface; an establishing unit that establishes;
A computer program that acts as A computer program for a communication device, comprising:
The computer of the communication device has the following parts:
a public key transmission unit that transmits a public key to the outside via a first wireless interface of the communication device;
an authentication request receiving unit that receives an authentication request using the public key from a first external device via a second wireless interface of the communication device after the public key is transmitted to the outside, , the second wireless interface is different from the first wireless interface, the authentication request receiving unit;
display for displaying, on a display unit of the communication device, an instruction screen for instructing transmission of an authentication response, which is a response to the authentication request, when the authentication request is received from the first external device; a control unit;
In a situation where the instruction screen is displayed, if an instruction is given to transmit the authentication response, the authentication response is transmitted to the first external device via the second wireless interface. wherein the authentication response transmission unit does not transmit the authentication response to the first external device when the transmission of the authentication response is not instructed in a situation where the instruction screen is displayed; an authentication response transmitter ;
A connection information receiving unit configured to receive connection information from the first external device via the second wireless interface after the authentication response is transmitted to the first external device, the connection information is information for establishing a wireless connection between the communication device and a second external device via the second wireless interface;
When the connection information is received from the first external device, the connection information is used to communicate the wireless communication between the communication device and the second external device via the second wireless interface. an establishing unit for establishing a connection;
A computer program that acts as

Images