WO2019021770A1 - Communication device, control method for communication device and program - Google Patents

Communication device, control method for communication device and program Download PDF

Info

Publication number
WO2019021770A1
WO2019021770A1 PCT/JP2018/025342 JP2018025342W WO2019021770A1 WO 2019021770 A1 WO2019021770 A1 WO 2019021770A1 JP 2018025342 W JP2018025342 W JP 2018025342W WO 2019021770 A1 WO2019021770 A1 WO 2019021770A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
sharing
request
communication
portable device
Prior art date
Application number
PCT/JP2018/025342
Other languages
French (fr)
Japanese (ja)
Inventor
篤志 皆川
Original Assignee
キヤノン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP2017-146799 priority Critical
Priority to JP2017146799 priority
Priority to JP2018082463A priority patent/JP2019029989A/en
Priority to JP2018-082463 priority
Application filed by キヤノン株式会社 filed Critical キヤノン株式会社
Priority claimed from KR1020207004920A external-priority patent/KR20200028473A/en
Publication of WO2019021770A1 publication Critical patent/WO2019021770A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/04Key management, e.g. by generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

A communication device that performs communication with an external device performs authentication by exchanging information for authentication processing with the external device. When detecting a request to share unique information used for providing a communication parameter in the authentication processing, the communication device shares the unique information with the external device after succeeding in authentication.

Description

Communication device, control method of communication device, and program

The present invention relates to a communication device, a control method of the communication device, and a program.

BACKGROUND In recent years, electronic devices equipped with a wireless communication function such as digital cameras, printers, portable devices, and smartphones are increasingly used in connection with wireless networks. In order to connect an electronic device to a wireless network, it is necessary to set various communication parameters such as an encryption method, an encryption key, an authentication method, and an authentication key. As a technology for facilitating setting of these communication parameters, a setting protocol (Wi-Fi Device Provisioning Protocol, hereinafter referred to as DPP) of communication parameters using QR code (registered trademark) or the like has been formulated (non-patent document) 1).

In the DPP of Non-Patent Document 1, the configurator sets, for the access point, communication parameters for forming a wireless network using the configurator's private key and public key pair. Further, Non-Patent Document 1 also provides communication parameters for connecting to an access point to an enrollee using a pair of a secret key and a public key of a configurator used for setting the access point. Here, when there are a large number of enrollees who want to connect to an access point, if there are multiple configurators that can provide communication parameters for connecting to the access point, the distribution processing efficiency of communication parameters will be increased, and user convenience can be achieved. Improve.

Wi-Fi Alliance, Wi-Fi Device Provisioning Protocol (DPP) DRAFT Technical Specification v0.0.35

The private key-public key pair used by the configurator to encrypt and decrypt communication parameters provided to the enrollee is unique for each network. This is because the access point accepts the connection only when the communication parameter included in the connection request transmitted by the wireless terminal can be decrypted using the public key of the configurator provided at the time of network setting. Thus, only an enrollee holding communication parameters provided using the configurator's private key and public key pair used to set the access point can connect to the access point. Therefore, in order to provide communication parameters for connecting a device to an access point that has already been configured by another configurator, it is necessary to obtain the configurator's private key and public key pair used for the configuration. there were.

Non-Patent Document 1 describes that an external storage medium (for example, a USB memory or a wireless storage) is used to share the configurator's private key and public key pair with a plurality of electronic devices. However, in this method, it takes time and effort to temporarily store the configurator's secret key and public key, which are unique information used for setting communication parameters, in an external storage medium and read them out with another electronic device.

In one embodiment of the present invention, a communication device, its control method, and a program are provided that simplify the time and effort required to provide other devices with unique information used for setting communication parameters.

A communication device according to an aspect of the present invention is a communication device that communicates with an external device, and the authentication device performs authentication processing by exchanging information for authentication with the external device, and the authentication by the authentication device. In processing, detecting means for detecting a request for sharing unique information used for providing communication parameters, and when the request is detected by the detecting means, the unique means after successful authentication by the authentication means Sharing means for sharing information with the external device.

According to the present invention, the time and effort of providing unique information used for setting communication parameters to other devices is simplified.

Other features and advantages of the present invention will become apparent from the following description taken in conjunction with the accompanying drawings. In the attached drawings, the same or similar configurations are denoted by the same reference numerals.

BRIEF DESCRIPTION OF THE DRAWINGS The figure which shows the structural example of the communication system in embodiment. BRIEF DESCRIPTION OF THE DRAWINGS The block diagram which shows the structural example of the portable apparatus in embodiment. The flowchart showing the communication parameter provision process by a portable apparatus. The sequence diagram showing the communication parameter provision process between a portable device and an access point. FIG. 7 is a sequence diagram showing wireless connection processing of a printer and an access point. FIG. 7 is a sequence diagram showing a process of sharing a key pair according to the first embodiment. 6 is a flowchart showing the operation of the mobile device 101 in the first embodiment. 6 is a flowchart showing the operation of the mobile device 102 in the first embodiment. FIG. 10 is a sequence diagram illustrating another example of key pair sharing processing according to the first embodiment. FIG. 10 is a sequence diagram illustrating another example of key pair sharing processing according to the first embodiment. FIG. 7 is a sequence diagram showing a process of sharing a key pair according to the first embodiment. 9 is a flowchart showing the operation of the mobile device 101 in the second embodiment. 9 is a flowchart showing the operation of the mobile device 102 in the second embodiment. 9 is a flowchart showing the operation of the mobile device 102 in the second embodiment. FIG. 14 is a sequence diagram showing key pair sharing processing according to the third embodiment. 12 is a flowchart showing the operation of the mobile device 101 in the third embodiment. 12 is a flowchart showing the operation of the mobile device 102 in the third embodiment. 12 is a flowchart showing the operation of the mobile device 102 in the third embodiment.

Hereinafter, each embodiment according to the present invention will be described according to the attached drawings. However, the technical scope of the present invention is determined by the scope of the claims, and is not limited by the following individual embodiments.

First Embodiment
FIG. 1 shows a configuration example of a communication system in the first embodiment.

The portable device 101 has a wireless LAN function, and operates, for example, as a configurator defined in DPP. The portable device 101 can provide the access point 103 with communication parameters for forming the wireless network 104. Here, the communication parameters include setting items necessary for performing wireless communication, such as an SSID (Service Set Identifier) as a network identifier, an encryption method, an encryption key, an authentication method, and the like. The communication parameters provided by the portable device 101, which is a configurator, are encrypted by the configurator-specific secret key held by the portable device 101. The portable device 101 can pass a pair of a configurator-dedicated secret key and a public key (hereinafter referred to as a key pair) used for setting of the access point 103 to the portable device 102.

The portable device 102 has a wireless LAN function, and operates, for example, as a configurator or enrollee defined in DPP. The portable device 102 can operate as an enrollee, obtain a key pair dedicated to the configurator from the portable device 101, and operate as a configurator providing communication parameters for connecting to the wireless network 104.

The access point 103 operates as an access point defined in, for example, DPP. In addition, the access point 103 operates as an enrollee and can form the wireless network 104 by acquiring communication parameters from the portable device 101 which is a configurator. The printer 105 and the printer 106 have a wireless LAN function, and operate as an enrollee defined in, for example, DPP. The printer 105 and the printer 106 can be connected to the wireless network 104 by acquiring encrypted communication parameters from the portable device 101 or the portable device 102 which is a configurator and decrypting and using them.

Examples of the mobile device of the present embodiment include electronic devices such as a mobile phone, a digital camera, a video camera, a PC, a PDA, a smartphone, and a smart watch, but the present invention is not limited thereto. Further, in the present embodiment, a description will be made using a portable device and a printer as the electronic devices connected to the wireless network, but the present invention is not limited thereto, and any electronic devices connectable to the wireless network may be used. It does not have to be a type. Further, the access point in the present embodiment may be an electronic device (such as a printer or a digital camera) that operates as an access point defined in DPP and has a specific function.

FIG. 2 is a block diagram showing an example of the functional configuration of the mobile device 101 and the mobile device 102 in the present embodiment. Each functional unit shown in FIG. 2 is realized by the computer (processor) executing a program stored in the memory. However, some or all of the functions may be realized by dedicated hardware.

In FIG. 2, a wireless communication control unit 201 controls communication using an antenna, a circuit, and the like for transmitting and receiving a wireless signal to and from another wireless device via a wireless LAN. The transmission / reception unit 202 performs transmission / reception control of data according to the protocol of each communication layer. The operation unit 203 is used by the user to operate the portable device 101. The operation unit 203 includes a button for activating the imaging unit 207 and the like. The operation unit 203 may be configured by hardware, or may be configured by a UI provided using the display unit 204 by software. The display unit 204 performs various display processing such as outputting information that can be recognized visually and aurally like an LCD, an LED, or a speaker.

The control unit 205 controls the entire portable device 101. The storage unit 206 includes a ROM in which programs and data for controlling the portable device 101 are stored, and a RAM that manages temporary storage. Various operations to be described later are performed by the CPU (not shown) executing a control program stored in the storage unit 206 to realize functional units such as the control unit 205 and the like.

The imaging unit 207 includes an imaging element, a lens, and the like, and captures a still image or a moving image. The image processing unit 208 performs image processing of an image or the like captured by the imaging unit 207. The image processing unit 208 analyzes the image of the QR code captured by the imaging unit 207, decodes the encoded information, and acquires the information (QR code information). The code generation unit 209 generates QR code information, and performs control to display the generated QR code information on the display unit 204 as a QR code (image). In the present embodiment, the QR code is used as the image of the code information. However, the present invention is not limited to this, and a barcode, a two-dimensional code, or the like may be used.

The communication parameter processing unit 210 performs processing for providing and acquiring communication parameters for connecting to the wireless network 104. The role determination unit 211 determines the role of the partner device that transmits and receives communication parameters. In the present embodiment, the types of roles to be determined include a “configurator” that provides communication parameters, an “enrollee” that acquires communication parameters, and the like, but the present invention is not limited thereto. For example, there may be a role of providing a key pair dedicated to the configurator, and a role of obtaining a key pair dedicated to the configurator.

The key sharing processing unit 212 performs processing for sharing the pair (key pair) of the secret key and the public key used to provide the communication parameter to the access point 103 with another device. The key sharing processing unit 212 receives the instruction from the user for key sharing and the permission of the sharing request from the other device, and executes the key sharing process.

Note that the above functional blocks are an example, and a plurality of functional blocks may constitute one functional block, or any functional block may be further divided into blocks performing a plurality of functions.

Next, the process of providing communication parameters defined by the DPP standard will be described using FIGS. 3 and 4. Further, connection processing to an access point defined by the DPP standard will be described with reference to FIG.

First, a process of providing communication parameters in order to cause the access point 103 to form the wireless network 104 and to connect the printer 105 to the wireless network 104 will be described. FIG. 3 is a flowchart showing a process in which the portable device 101 as a configurator provides communication parameters to the access point 103 as an enrollee.

In the portable device 101, when the control unit 205 receives a parameter provision instruction from the user, the control unit 205 activates the imaging unit 207 to capture a QR code displayed by the access point 103 (S301). Then, the control unit 205 determines whether the imaging unit 207 of the portable device 101 has captured a QR code (S302). Here, the QR code displayed by the access point 103 is not limited to one displayed on a display or the like, and may be printed on a label or the like attached to a housing or an accessory of an electronic device. Also, the QR code may be, for example, one described in a manual or the like. If the QR code can not be captured within a predetermined time after activation of the imaging unit 207 in S302, the process of providing the communication parameter may end.

If it is determined that the QR code has been captured (YES in S302), the image processing unit 208 decodes the QR code in the captured image, and acquires QR code information including the public key for authentication of the access point 103 (S303) ). Next, the control unit 205 transmits an authentication request to the access point 103 using the transmission / reception unit 202 and the wireless communication control unit 201 (S304). This authentication request is, for example, a DPP Authentication Request frame defined by the DPP standard. The authentication request includes authentication information to be used for authentication, identification information of the portable device 101, role information, random numbers, and a public key for generating a shared key.

The authentication information is a hash value of a public key for authentication of the access point 103 included in the QR code. The identification information is a hash value of the public key for authentication of the mobile device 101. Role information is information indicating the role (such as a configurator or an enrollee) of the mobile device 101. The random number is used for authentication when receiving an authentication response described later. The public key for shared key generation is a key from which a shared key generated with the access point 103 is generated.

The access point 103 that has received the authentication request determines whether the device that has transmitted the authentication request is a device that has captured a QR code. This determination is performed using the authentication information contained in the authentication request. That is, the access point 103 calculates the hash value of the public key included in the displayed QR code, compares the calculated hash value with the hash value (authentication information) included in the authentication request, and the two match. To determine that the verification was successful. The hash function used to calculate the hash value at this time is assumed to be agreed in advance with the portable device 101 that transmits the authentication request.

The public key included in the authentication request is a key serving as a generation source of a shared key used for encrypting and decrypting information to be transmitted and received with the access point 103 such as tag information described later. The portable device 101, which is a configurator, uses both the public key for generating the shared key of the access point 103 (included in the authentication response described later) and the secret key for generating the shared key of the portable device 101. Generate On the other hand, the access point 103, which is an enrollee, generates a shared key using both the public key for generating the shared key of the mobile device 101 and the secret key for generating the shared key of the access point 103. The shared key is generated based on, for example, an ECDH (Elliptic Curve Diffie-Hellman) scheme. Hereinafter, although the shared key is generated based on this ECDH system, it is not limited to this system, and may be generated by another public key cryptosystem.

After transmitting the authentication request to the access point 103 in S304, the control unit 205 of the portable device 101 waits to receive an authentication response from the access point 103 (S305). If the authentication response can not be received within the predetermined time in S304, the process of providing communication parameters is ended.

The authentication response is, for example, a DPP Authentication Response frame defined by the DPP standard. The authentication response includes a public key for generating a shared key of the access point 103, role information, random numbers, and tag information. The portable device 101 generates a shared key using the public key for generating the shared key of the access point 103 and the secret key for generating the shared key of itself. The generation of the shared key is as described above.

Further, the tag information is a random number included in the authentication request transmitted by the portable device 101, and both of the secret key for generating the shared key of the access point 103 and the public key for generating the shared key of the portable device 101 are It is encrypted with the shared key generated using it. The portable device 101 determines that the authentication is successful when the tag information is correctly decrypted by the shared key generated by itself. More specifically, the control unit 205 is equivalent to the access point 103 generating the shared key using the secret key for generating the shared key of the portable device 101 and the public key for generating the shared key of the access point 103. Generate a shared key in the following way, and verify tag information using that shared key. The control unit 205 determines that the authentication is successful if the tag information can be decrypted with the shared key generated by itself, and determines that the authentication is unsuccessful if the decryption is not possible.

In FIG. 3, when the authentication response is received (YES in S305), the control unit 205 of the portable device 101 verifies the content of the authentication response (S306). As described above, the control unit 205 determines whether or not the authentication is successful by using the tag information included in the authentication response, and whether or not the role information of the access point 103 included in the authentication response indicates the enrollee. judge. When it is determined that the authentication fails or the role of the access point 103 that has transmitted the authentication response does not indicate the enrollee (NO in S306), the control unit 205 displays a message indicating an error on the display unit 204. (S310), the parameter provision processing ends.

If it is determined that the authentication is successful and if the role of the access point 103 is determined to be an enrollee (YES in S306), the control unit 205 transmits an authentication confirmation to the access point 103 (S307). This authentication confirmation is, for example, a DPP Authentication Confirm frame defined by the DPP standard. This authentication confirmation includes tag information. The tag information is obtained by the control unit 205 encrypting the random number included in the authentication response transmitted by the access point 103 using the shared key. After transmitting the authentication confirmation, the control unit 205 of the portable device 101 waits for the setting request to be transmitted from the access point 103 which is the enrollee (S308).

When the access point 103 that has received the authentication confirmation successfully decrypts the tag information included in the authentication confirmation with the shared key generated by itself, the access point 103 determines that the authentication is successful. If it is determined that the authentication is successful, the access point 103 recognizes the mobile device 101 that has transmitted the authentication request as a configurator, and transmits a setting request to the mobile device 101. The configuration request is, for example, a DPP Configuration Request frame defined by the DPP standard. The setting request includes device information of the access point 103 and role information after receiving communication parameters. The device information is, for example, the device name of the access point 103. The role information after receiving the communication parameter is information indicating whether the enrollee operates as an access point constructing a wireless network or operates as an apparatus connected to the wireless network. Here, information is set that indicates that it operates as an access point for establishing a wireless network. The information included in the setting request is encrypted with the shared key used by the access point 103 to encrypt the tag information when transmitting the authentication response.

When the setting request from the access point 103 is received (YES in S308), the communication parameter processing unit 210 of the portable device 101 performs processing for providing communication parameters for forming the wireless network 104 as a setting response (S309). ). The setting response is, for example, a DPP Configuration Response frame defined by the DPP standard. The setting response transmitted by the communication parameter processing unit 210 of the portable device 101 includes the communication parameter, the expiration date of the parameter, the public key dedicated to the configurator of the portable device 101, and the like. In the setting response, the communication parameter is encrypted with a secret key dedicated to the configurator of the portable device 101. Furthermore, the information included in the setting response is encrypted with the shared key used for encrypting the tag information in S307. The communication parameter includes, as an encryption key, the public key of the communication partner used to generate the shared key (in this case, the public key included in the authentication response from the access point 103).

After transmitting the setting request, the access point 103, which is an enrollee, waits for the setting response to be transmitted from the portable device 101, which is a configurator. The access point 103 that has received the setting response decrypts the information included in the setting response with the shared key used for encrypting the tag information. Further, the access point 103 decrypts the communication parameter encrypted by the secret key dedicated to the configurator of the portable device 101 with the public key dedicated to the configurator of the portable device 101. The access point 103 can form the wireless network 104 with the communication parameters obtained by decoding.

The operations of the portable device 101 and the access point 103 until the portable device 101 performing the processing as described above provides the communication parameters to the access point 103 will be further described. FIG. 4 is a sequence diagram showing processing in which the portable device 101 provides the access point 103 with communication parameters.

When the access point 103 receives an instruction for parameter reception from the user (S401), the access point 103 displays a QR code on the display (S402) and waits for an authentication request. If the authentication request can not be received within a predetermined time, the access point 103 may end waiting for the authentication request. In addition, when the access point 103 is not provided with a display or the like for displaying the QR code, and the QR code is printed on a label or the like attached to a housing or an accessory of the electronic device, S402 is skipped. That is, when the access point 103 receives an instruction to receive a parameter (S401), the access point 103 waits for an authentication request without performing the processing in S402.

On the other hand, when the portable device 101 receives a parameter provision instruction from the user (S403), the portable device 101 activates the imaging unit 207 to capture the QR code displayed by the access point 103 (S404). Then, the imaging unit 207 of the mobile device 101 captures a QR code displayed by the access point 103, thereby acquiring information indicated by the QR code (S405).

The portable device 101 that has acquired the information indicated by the QR code generates and transmits an authentication request, and the access point 103 receives this authentication request (S406). The access point 103 verifies the content of the received authentication request. If it is determined that the portable device 101 that has transmitted the authentication request is the device that has captured the QR code, the role information is verified (S407). When the access point 103 determines that the role of the device that has transmitted the authentication request indicates the configurator as a result of verifying the role information, the access point 103 generates and transmits an authentication response (S408). The access point 103 that has transmitted the authentication response to the portable device 101 waits for the authentication confirmation to be transmitted from the portable device 101.

The portable device 101 having received the authentication response verifies the contents of the authentication response (S409). If the portable device 101 succeeds in the authentication of the authentication response and determines that the role information included in the authentication response indicates an enrollee, it transmits an authentication confirmation to the access point 103 (S410).

The access point 103 that has received the authentication confirmation from the portable device 101 (S410) verifies the content of the authentication confirmation. The access point 103 determines that the authentication is successful when the tag information can be correctly decrypted by the shared key generated by itself. If it is determined that the authentication is successful, the access point 103 performs communication parameter setting processing with the portable device 101 (S411). More specifically, the access point 103 transmits a setting request to perform communication parameter setting processing, and waits for a setting response to be transmitted from the portable device 101. The portable device 101 having received the setting request transmits, in the setting response, the communication parameter encrypted with the secret key dedicated to the configurator of the portable device 101 and the public key dedicated to the configurator. The access point 103 that has received the setting response decrypts the communication parameter with the public key dedicated to the configurator of the mobile device 101. The access point 103 forms a wireless network 104 using this decoded communication parameter.

As described above, the portable device 101 can provide the communication parameter to the access point 103 by the process described with reference to FIGS. 3 and 4. Further, the communication parameter can be provided to the printer 105 which is the enrollee of the portable device 101 which is the configurator by the processing similar to the processing described using FIG. 3 and FIG. 4. However, the shared key used for encryption of tag information or the like is a key different from the shared key generated between the portable device 101 and the access point 103. This is because the key pair for shared key generation of the printer 105 is different from the key pair for shared key generation of the access point 103. In addition, the contents included in the communication parameters are also different. This is because the communication parameters received by the printer 105 from the portable device 101 do not include the public key for generating the shared key of the access point 103 but include the public key for generating the shared key of the printer 105 itself.

Subsequently, a process will be described in which the printer 105 that has acquired the communication parameters from the portable device 101, which is the configurator, connects to the wireless network 104 formed by the access point 103. FIG. 5 is a sequence diagram showing processing of connecting the printer 105 to the wireless network 104 formed by the access point 103.

When the printer 105 receives an instruction to connect to the wireless network 104 from the user (S501), the printer 105 transmits a search request (S502). This search request is, for example, a DPP Peer Discovery Request frame defined by the DPP standard. The search request includes the communication parameters acquired by the printer 105 from the portable device 101. This communication parameter is encrypted with the secret key dedicated to the configurator of the portable device 101 as described above.

The access point 103 that has received the search request decrypts the communication parameters included in the search request using the configurator-dedicated public key of the portable device 101 acquired in S411 (S503). If the decryption is not possible, the search request is discarded. The access point 103 that has decrypted the communication parameters generates a master key (Pairwise Master Key (PMK)) to be shared with the printer 105 (S 504). This master key is a source of various keys in an encryption standard called Wi-Fi Protected Access (WPA), and is used when establishing a wireless connection. The master key is generated using both the public key for generating the shared key of the printer 105 included in the communication parameter and the secret key for generating the shared key of the access point 103.

The access point 103 that has generated the master key in S504 transmits a search response (S505). This search response is, for example, a DPP Peer Discovery Response frame defined by the DPP standard. The search response includes the communication parameter acquired by the access point 103 from the portable device 101 in S411. This communication parameter is similarly encrypted with a secret key dedicated to the configurator of the portable device 101.

The printer 105 that has received the search response decodes the communication parameters included in the search response using the public key dedicated to the configurator acquired from the portable device 101 (S506). If the decryption is not possible, the search response is discarded. The printer 105 that has decrypted the communication parameter generates a master key shared with the access point 103 (S507). The master key is generated using both the public key for generating the shared key of the access point 103 included in the communication parameter and the secret key for generating the shared key of the printer 105. The printer 105 and the access point 103 sharing the master key perform connection processing using the master key (S508). As described above, the printer 105 can be connected to the wireless network 104 formed by the access point 103.

Next, in addition to the portable device 101, it is assumed that the portable device 102 also operates as a configurator that provides communication parameters for connecting to the wireless network 104 formed by the access point 103. In this case, the portable device 102 needs to acquire a key pair dedicated to the configurator of the portable device 101 used by the portable device 101 to encrypt communication parameters. In order to explain the reason, it is assumed that the portable device 102 not holding the key pair dedicated to the configurator of the portable device 101 provides the printer 106 with the communication parameters acquired as an enrollee from the portable device 101.

For example, the portable device 102 provides the printer 106 with communication parameters as they are encrypted with a secret key dedicated to the configurator of the portable device 101. The printer 106 transmits a search request including the acquired communication parameters to the access point 103. The access point 103 that has received the search request decrypts the communication parameter using the public key dedicated to the configurator of the mobile device 101. The public key included in the communication parameter is the public key for generating the shared key of the mobile device 102. . The access point 103 generates a master key using both the public key for generating the shared key of the portable device 102 included in the communication parameter and the secret key for generating the shared key of the access point 103. On the other hand, the printer 106 generates a master key using both the public key for generating the shared key of the access point 103 included in the communication parameters transmitted from the access point 103 and the secret key for generating the shared key of the printer 106. Do. Therefore, the master key generated between the access point 103 and the printer 106 is a different key, and a wireless connection can not be established.

Further, for example, it is assumed that the portable device 102 encrypts the communication parameter decrypted with the public key dedicated to the configurator of the portable device 101 with the secret key dedicated to the configurator of the portable device 102 and provides the encrypted data to the printer 106. The printer 106 transmits a search request including the communication parameters acquired from the portable device 102 to the access point 103. The access point 103 that has received the search request tries to decode the communication parameter, but discards the search request because the public key dedicated to the configurator of the portable device 101 can not decode this communication parameter. As a result, the printer 106 can not connect to the wireless network 104.

From the above reasons, in order to operate as a configurator for providing communication parameters for connecting the mobile device 102 to the wireless network 104, the mobile device 102 needs to acquire a key pair dedicated to the configurator of the mobile device 101. Hereinafter, a process of providing a key pair dedicated to the configurator of the portable device 101 used for encryption and decryption of communication parameters for connection to the wireless network 104 from the portable device 101 to the portable device 102 will be described. In the first embodiment, a process when the portable device 102 requests the portable device 101 to share the key pair dedicated to the configurator of the portable device 101 used for setting the access point 103 will be described.

FIG. 6 is a sequence diagram showing processing between the mobile device 101 and the mobile device 102 in the present embodiment. The portable device 101 and the portable device 102 can communicate with the portable device 102 and the portable device 101 which are external devices, respectively.

The portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator providing communication parameters for connecting to the wireless network 104 (S601). Then, the portable device 102 causes the display unit 204 of the own device to display the QR code, and waits for an authentication request (S602). On the other hand, when the portable device 101 receives a parameter provision start instruction from the user (S603), the portable device 101 captures an image of the QR code displayed by the portable device 102 to acquire QR code information (S604, S605). Steps S606, S609, and S613 are authentication processes for exchanging a frame including information (in the present embodiment, authentication information, random numbers, tag information) for the mobile device 101 and the mobile device 102 to authenticate each other. Then, during this authentication process, a request for sharing with the enrollee unique information (in the present embodiment, the configurator's secret key) used by the configurator to provide communication parameters, and permission for the request are exchanged. .

The portable device 101 generates an authentication request based on the acquired QR code information and transmits it (S606). The processes of S603 to S606 are similar to the processes of S403 to S406 described in FIG. When the portable device 102 receives the authentication request (S606), the portable device 102 verifies the contents of the authentication request. If the portable device 102 verifies the authentication information included in the authentication request and determines that the mobile device 101 that has transmitted the authentication request is a device that has captured the QR code (authentication success), the role information included in the authentication request is It verifies (S607). When the portable device 102 determines that the role information included in the authentication request transmitted by the portable device 101 is the configurator, the portable device 102 performs a process of including information indicating the key pair sharing request in the authentication response (S 608). The key pair sharing request is indicated by, for example, setting a predetermined bit of the DPP Authentication Response frame. Although the predetermined bit is used to indicate the key pair request, the present invention is not limited to this. For example, the role information included in the authentication response may indicate a role other than the configurator representing the “parameter provider” or the enrollee representing the “parameter receiver”, for example, the role representing the “key pair receiver”. The portable device 102 transmits an authentication response including the key pair sharing request generated as described above (S609). After transmitting the authentication response, the mobile device 102 waits for the authentication confirmation to be transmitted from the mobile device 101 that has transmitted the authentication request.

The portable device 101 receives the authentication response (S609), and when the authentication based on the tag information succeeds, the role information of the portable device 102 included in the authentication response is verified (S610). If it is determined by the verification of the role information that the role of the device that has transmitted the authentication response indicates an enrollee (or a “role indicating a key pair receiving device”), the portable device 101 continues the parameter providing process. On the other hand, when the role information indicates a role other than the above, the parameter providing process is ended.

The portable device 101 continuing the parameter provision processing checks whether the authentication response contains a request for sharing the key pair (S611). If the authentication response includes a key pair sharing request, the portable device 101 displays on the display unit 204 that there is a key pair sharing request, and notifies the user, and the user using the operation unit 203 Listen for permission instructions for sharing the key pair. When sharing of the key pair is permitted by the user, the portable device 101 includes information indicating permission for sharing the key pair in the authentication confirmation (S612). The key pair sharing permission is indicated, for example, by raising a predetermined bit of the DPP Authentication Confirm frame. The portable device 101 transmits an authentication confirmation including information indicating permission for sharing the key pair to the portable device 102 (S613).

Although it is displayed on the display unit 204 that there is a key pair sharing request and the permission instruction from the user using the operation unit 203 is accepted as the key pair sharing condition, the present invention is not limited thereto. . For example, processing may be performed to include information indicating permission for sharing the key pair in the authentication confirmation without receiving a permission instruction from the user. In this case, the indication that there is a key pair sharing request may be omitted.

On the other hand, when the user does not permit sharing of the key pair, the key pair provision process (S616) described later is not performed. Alternatively, when sharing of the key pair is not permitted, the process may be terminated without performing the parameter providing process by not transmitting the authentication confirmation. Furthermore, when key pair sharing is not permitted, a message including information indicating that the key pair is not permitted may be transmitted to the portable device 102.

The portable device 102 that has received the authentication confirmation confirms the information indicating the sharing permission of the key pair included in the authentication confirmation (S614). If the information indicating permission for sharing the key pair is not included in the authentication confirmation, the portable device 102 ends the parameter reception process. If the information indicating permission for sharing the key pair is not included in the authentication confirmation, the mobile device 102 may display a message indicating an error on the display unit 204 to notify the user.

When the authentication by the authentication confirmation is completed, setting of communication parameters is performed (S615). More specifically, after the portable device 102 completes the authentication based on the authentication confirmation, a setting request is transmitted to the portable device 101. The portable device 101 transmits a setting response including the communication parameter to the portable device 102 in response to the setting request. Thus, communication parameter provision processing is performed. When the process of providing the communication parameters is completed, the portable device 101 encrypts a pair of a secret key and a public key dedicated to the configurator of the portable device 101 using the shared key between the portable device 101 and the portable device 102, It transmits to the portable device 102 (S616). Since the setting response transmitted in S615 includes the public key dedicated to the configurator of the portable device 101, only the secret key may be transmitted in S616. In addition, the portable device 101 may transmit the setting response including the secret key dedicated to the configurator of the portable device 101 in the parameter providing process in S615. In that case, the process of S616 is unnecessary.

In addition, after transmitting the authentication confirmation in S613, the portable device 101 may provide a key pair dedicated to the configurator of the portable device 101 before the communication parameter provision processing in S615 is completed. Furthermore, the portable device 101 may provide a key pair dedicated to the configurator of the portable device 101 even when transmitting the authentication confirmation without including the information indicating permission for sharing the key pair.

The portable device 102 that has acquired a pair of a private key dedicated to the configurator of the portable device 101 used for setting the access point 103 and a public key can provide communication parameters to the printer 106, which is an enrollee, as a configurator. The printer 106 can connect to the wireless network 104 formed by the access point 103 by performing the process shown in the sequence of FIG. 5 using the communication parameters acquired from the portable device 102.

When the start of the key pair sharing is instructed instead of the instruction to start the parameter provision in S603, the information confirmation indicating the key pair sharing permission is included in the authentication confirmation without waiting for the permission instruction from the user in S612. You may process.

Note that only the key pair may be provided without providing the communication parameter, that is, without performing the parameter setting of S615. In that case, since the communication parameter provision processing in S615 can be omitted, the convenience of the user is improved. The process of providing only the key pair may be executed when an instruction to pass only the key pair is received from the user in S612. If the start of key pair sharing is instructed instead of the parameter provision instruction in S603, processing for providing only the key pair is performed without waiting for the permission instruction from the user in S612. Good. Also in the processing shown in the sequence diagrams of FIGS. 9 to 11 described later, the processing for providing the key pair may be executed without performing the processing for providing the communication parameter.

Subsequently, processing of the portable device 101 and the portable device 102 will be described using the flowcharts of FIGS. 7 and 8.

FIG. 7 is a flowchart showing processing in which the portable device 101 provides the portable device 102 with a key pair (private key and public key) of the configurator held by the portable device 101 in response to a request from the portable device 102. The process from activation of the imaging unit 207 to verification of the authentication response is the same as that in FIG. 3 (S301 to S306). FIG. 7 shows the process after the authentication using the authentication response is successful in the process of FIG. 3 and it is determined that the role information indicates an enrollee (YES in S306).

With regard to the authentication response transmitted by the mobile device 102, if the role is an enrollee and verification of the tag information is successful, the control unit 205 of the mobile device 101 determines whether or not there is a key pair sharing request in the authentication response (S701). ). If it is determined that there is a key pair sharing request, the control unit 205 uses the display unit 204 and the operation unit 203 to confirm with the user whether or not the key pair can be shared (S702). If the user permits sharing (OK in S702), the key sharing processing unit 212 sets information indicating sharing permission in the authentication confirmation (S703), and transmits this to the portable device 102 (S704). On the other hand, if it is determined that there is no request for sharing of the key pair in the authentication response (NO in S701), or if the user does not permit sharing (NG in S702), S703 is skipped and there is no information indicating sharing permission An authentication confirmation is sent to the mobile device 102 (S704).

After that, the control unit 205 waits for a setting request from the portable device 102 (S705). When the setting request is received, the communication parameter processing unit 210 provides communication parameters to the portable device 102 (S706). This providing process is similar to that of S310. Subsequently, the key sharing processing unit 212 provides the portable device 102 with a key pair, which is the configurator's secret key and public key (S 707). The key pair is encrypted by the shared key. Further, as shown in S807 of FIG. 8 described later, since the setting request is not received if the sharing permission is not set in S703, the key pair is not shared. However, for the sake of security, provision of the key pair may be performed only when the supply permission is set in S703 in S707.

In FIG. 8, the portable device 102 receives an instruction from the user to share the key pair held by the portable device 101, and acquires a key pair dedicated to the configurator of the portable device 101 used in the setting process of the access point 103. Is a flowchart showing

The code generation unit 209 of the portable device 102 generates a QR code upon receiving an instruction from the user via the operation unit 203 to share a key pair dedicated to the configurator of the portable device 101 held by the portable device 101, and displays the QR code. It is displayed on the unit 204 (S801). Thereafter, the control unit 205 waits for an authentication request (S802). If the authentication request can not be received within a predetermined time, the access point 103 may end waiting for the authentication request.

When the authentication request is received from the portable device 101, the control unit 205 performs authentication using the authentication information included in the received authentication request, and the role determination unit 211 verifies the role information to determine the role. The control unit 205 determines whether the authentication using the authentication information is successful and whether the role determined by the role determination unit 211 is a configurator (S803). If the authentication fails or it is determined that the role of the portable device 101 is not the configurator, the control unit 205 displays a message indicating an error on the display unit 204 (S811), and ends the process. Note that the display of the error message (S811) may be omitted.

On the other hand, when it is determined in S803 that the authentication is successful, and it is determined that the role of the portable device 101 that has transmitted the authentication request is the configurator, the key sharing processing unit 212 authenticates the information indicating the key pair sharing request. It sets to (S804). Thereafter, the control unit 205 transmits an authentication response in which the sharing request is set to the portable device 101 (S805), and waits for an authentication confirmation from the portable device 101.

When the authentication confirmation is received from the portable device 101 (S806), the control unit 205 succeeds in the authentication using the tag information included in the authentication confirmation, and the information indicating permission of sharing the key pair is included in the authentication confirmation. It is determined whether or not (S807). If it is determined that the authentication is successful, and it is determined that the information indicating permission for sharing the key pair is included in the authentication confirmation, the communication parameter processing unit 210 transmits a setting request to the portable device 101 (S808) ). Thereafter, the communication parameter processing unit 210 acquires a communication parameter by receiving the setting response from the portable device 101 (S809). Then, the key sharing processing unit 212 acquires a key pair dedicated to the configurator of the portable device 101 (S810). On the other hand, if it is determined in S807 that the verification of the tag information fails or that the information indicating permission for sharing the key pair is not included in the authentication confirmation, the control unit 205 causes the display unit 204 to display an error message. Is displayed, and the process ends (S811).

<Modification 1>
In FIG. 6, from the frame for the portable device 101 and the portable device 102 to exchange information for authentication, a request to share unique information (a key pair in this embodiment) used by the configurator to provide communication parameters. An example is shown in which (sharing request) is detected. However, the method of notifying the portable device 101 of the sharing request is not limited to this. For example, notification may be performed using an Action frame including information indicating a request for sharing a key pair addressed to the portable device 101, or a request for sharing a key pair may be notified using a QR code. FIG. 9 is a sequence diagram showing processing in the case where information indicating a key pair sharing request is included in the QR code.

The portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator providing communication parameters for connecting to the wireless network 104 (S901). The portable device 102 that has received the instruction to share the key pair embeds the information indicating the sharing request of the key pair in the QR code (S902), and displays this (S903). The processing in S904 to S906 for the portable device 101 to acquire the information of the QR code displayed by the portable device 102 is the same as the processing from S403 to S405 in FIG. 4. Note that a QR code including a sharing request may be provided in the form of a printed matter or the like.

The portable device 101 confirms that the key pair sharing request exists in the acquired QR code information (S907). The portable device 101 that has confirmed the key pair sharing request includes information indicating permission for sharing the key pair in the authentication request (S 908) and transmits the information to the portable device 102 (S 909). . The processing of S907 and S908 is the same as that of S611 and S612.

When the portable device 102 receives the authentication request (S909) and succeeds in the authentication based on the authentication information included in the authentication request (determines that the portable device 101 that has transmitted the authentication request is a device that has captured the QR code), the authentication request Verify the role information contained in (S910). When verifying that the portable device 101 is the configurator by verification of the authentication information, the portable device 102 confirms information indicating permission of sharing of the key pair included in the authentication request (S911). The key pair sharing permission is indicated, for example, by having a predetermined bit set in the DPP Authentication Request frame. Note that the method of indicating permission for sharing the key pair in the authentication request is not limited to this. For example, the key pair sharing permission is indicated by setting the role information included in the authentication request so as to indicate that the role is not the configurator representing “parameter providing device” but “key pair providing device”. It is also good.

The portable device 102 that has confirmed the information indicating permission for sharing the key pair from the authentication request transmits an authentication response (S912), and waits for transmission of an authentication confirmation from the portable device 101. On the other hand, the portable device 101 having received the authentication response verifies the tag information included in the authentication response and the role information of the portable device 102 (S913). Then, if it is determined that the tag information is correctly decoded and the authentication is successful, and the role information indicates an enrollee, the portable device 101 transmits an authentication confirmation (S914). Thus, when the authentication is completed, processing for providing communication parameters by the setting request and the setting response is performed. The processes of S915 to S916, which are the process of setting the communication parameter and the process of providing the key pair, are the same as the processes of S615 to S616 in FIG.

As described above, according to the process described with reference to FIG. 9, the key pair dedicated to the configurator of the portable device 101 can be shared by notifying the key pair sharing request using the QR code.

<Modification 2>
Further, according to the processing described with reference to FIG. 6, the portable device 102 that requests sharing of the key pair displays the QR code, but the present invention is not limited to this. Even when the portable device 101 displays the QR code, the portable device 102 may request the portable device 101 to share the key pair. FIG. 10 is a sequence diagram showing processing in which the portable device 101 displays a QR code and the portable device 102 requests the portable device 101 for a key bearer.

When the portable device 101 receives a parameter provision instruction from the user (S1001), the portable device 101 displays a QR code on the display unit 204 of its own device and waits for an authentication request (S1002). On the other hand, the portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator providing communication parameters for connecting to the wireless network 104 (S1003). In response to the instruction, the portable device 102 activates the imaging unit 207 to capture a QR code (S1004). The portable device 102 images the QR code displayed on the display unit 204 of the portable device 101 by the imaging unit 207 of the portable device 102, and acquires information indicated by the QR code (S1005). The portable device 102 generates an authentication request using the QR code information, includes information indicating a key pair sharing request in the authentication request (S1006), and transmits this to the portable device 101 (S1007). The key pair sharing request is indicated, for example, by setting a predetermined bit of the DPP Authentication Request frame.

The portable device 101 having received the authentication request verifies the role information contained in the authentication request when the authentication is successful by the authentication information contained in the authentication request (S1008). If it is confirmed by this verification that the role information indicates an enrollee, the portable device 101 confirms whether the request for sharing the key pair is included in the authentication request (S1009). Upon confirming that the request for sharing the key pair is included in the request for authentication, the portable device 101 includes information indicating permission for sharing the key pair in the request for authentication (S1010) and transmits this to the portable device 102 (S1011). . The key pair sharing permission is indicated, for example, by the fact that a predetermined bit of the DPP Authentication Response frame is set. The processes of S1009 and S1010 are the same as those of S611 and S612.

When the portable device 102 receives the authentication response, it verifies the tag information and the role information included in the authentication response (S1012). Then, if the authentication using the tag information is successful and the role information indicates the configurator, the portable device 102 checks whether the authentication response includes the key pair sharing permission (S1013). The portable device 102 that has confirmed the key pair sharing permission transmits an authentication confirmation to the portable device 101 (S1014). Thus, when the authentication is completed, a communication parameter providing process (S1015) and a key pair providing process (S1016) are performed. The processes in S1015 to S1016, which are the process of setting the communication parameter and the process of providing the key pair, are the same as the processes in S615 to S616 of FIG.

As described above, according to the process described using FIG. 10, even when the portable device 101 displays the QR code, the key pair dedicated to the configurator of the portable device 101 can be shared.

As described above, according to the first embodiment, the portable device 102 requests the portable device 101 to share the pair of the secret key and the public key dedicated to the configurator of the portable device 101 used for the setting of the access point 103. can do. As a result of sharing the key pair, it becomes possible to duplicate a configurator that distributes communication parameters for connecting to the wireless network 104, thereby improving user convenience.

Second Embodiment
In the first embodiment, the case where the portable device 102 requests the portable device 101 to share the key pair dedicated to the configurator of the portable device 101 used for setting the access point 103 has been described. In the second embodiment, a process when the portable device 101 requests the portable device 102 to share a key pair dedicated to the configurator of the portable device 101 used for setting of the access point 103 will be described.

FIG. 11 is a sequence diagram showing processing between the mobile device 101 and the mobile device 102 in the second embodiment.

When the portable device 102 receives an instruction to receive communication parameters from the user (S1101), the portable device 102 displays a QR code on the display (S1102), and waits for an authentication request. On the other hand, the portable device 101 receives an instruction from the user to share a key pair with the portable device 102 in order to operate the portable device 102 as a configurator providing communication parameters for connecting to the wireless network 104. (S1103). When the portable device 101 receives the instruction in S1103, the portable device 101 activates the imaging unit 207 to capture a QR code (S1104). The portable device 101 captures an image of the QR code displayed on the display unit 204 of the portable device 102 by the imaging unit 207, and acquires information indicated by the QR code (S1105). The portable device 101 that has acquired the information indicated by the QR code includes the information indicating the key pair sharing request in the authentication request (S1106), and transmits the authentication request to the portable device 102 (S1107).

The portable device 102 that has received the authentication request from the portable device 101 in S1107 verifies the authentication information and the role information included in the authentication request. When the mobile device 102 confirms that the authentication is successful and the role information indicates the configurator, the mobile device 102 confirms whether the information indicating the key pair sharing request is included in the authentication request (S1109). After confirming that the information indicating the key pair sharing request is included, the mobile device 102 inquires of the user whether sharing is possible and waits for a sharing permission instruction from the user using the operation unit 203. When an instruction to permit sharing of the key pair is input, the portable device 102 includes information indicating permission to share the key pair in the authentication request (S1110), and transmits this to the portable device 101 (S1111).

If sharing of the key pair is not permitted, the process of providing the key pair in S1116 described later is not performed. If sharing of the key pair is not permitted, the process may be terminated without performing the parameter providing process by not transmitting the authentication response. Furthermore, when sharing of the key pair is not permitted, a message (authentication response) including information indicating that the supply of the key pair is not permitted may be transmitted to the portable device 101.

Upon receiving the authentication response, the portable device 101 verifies the tag information and the role information included in the authentication response (S1112). When the portable device 101 confirms that the authentication based on the tag information is successful and indicates that the role information indicates an enrollee, the portable device 101 confirms permission of sharing of the key pair included in the authentication response (S1113). If the key pair sharing permission is confirmed, the portable device 101 transmits an authentication confirmation (S1114). Thus, when the authentication is completed, communication parameter provision processing is performed (S1115), and then key pair provision processing is performed (S1116). The processes of S1115 to S1116 are the same as the processes of S615 to S616 in FIG.

Subsequently, the operation of the mobile device 101 and the operation of the mobile device 102 for realizing the above-described operation will be described with reference to the flowcharts of FIGS. 12, 13A, and 13B. FIG. 12 is a flowchart showing processing for providing a key pair dedicated to the configurator of the portable device 101 used in the setting process of the access point 103 by the portable device 101.

The key sharing processing unit 212 of the portable device 101 that has received an instruction from the user to share the key pair with the portable device 102 activates the imaging unit 207 (S1201). Then, the key sharing processing unit 212 determines whether the imaging unit 207 has captured a QR code (S1202). If it is determined in S1202 that the QR code has been captured, the image processing unit 208 decodes the QR code in the captured image, and acquires QR code information including the public key for authentication of the mobile device 102. The control unit 205 generates an authentication request using the acquired QR code information (S1203). The control unit 205 includes information indicating a key pair sharing request in the authentication request (S1204), and transmits the authentication request to the portable device 102 (S1205). After that, the key sharing processing unit 212 waits for an authentication response from the portable device 102 (S1206). If the authentication response can not be received within the predetermined time in S1206, the key pair sharing process may be ended.

When the authentication response is received, the control unit 205 determines whether the authentication based on the tag information included in the authentication response is successful or not and whether the role information of the portable device 102 indicates an enrollee (S1207). If the authentication fails, or if it is determined that the role information does not indicate an enrollee, the control unit 205 displays a message indicating an error on the display unit 204, and ends the key pair sharing process (S1213). If the authentication is successful and it is determined that the role information is an enrollee, the control unit 205 determines whether the key pair sharing permission is included in the authentication response (S1208). If it is determined that the key pair sharing permission is not included in the authentication response (NO in S1208), the key sharing processing unit 212 displays a message indicating an error on the display unit 204, and ends the key sharing processing ((S1208) S1213).

If it is determined that the key pair sharing permission is included in the authentication response (YES in S1208), the control unit 205 transmits an authentication confirmation (S1209), and waits for a setting request from the portable device 102 (S1210) . When the setting request from the portable device 102 is received, the communication parameter processing unit 210 performs a process of providing communication parameters and provides the portable device 102 with the communication parameters (S1211). Then, the key sharing processing unit 212 provides a key pair (S1212). The processes of S1211 and S1212 are the same as the processes of S706 and S707.

13A and 13B are flowcharts showing processing in which the portable device 102 receives provision of a key pair dedicated to the configurator by the portable device 101. In response to the user receiving the parameter reception instruction, the code generation unit 209 generates a QR code and controls to display it on the display unit 204 (S1301). Thereafter, the control unit 205 waits for an authentication request (S1302). If the authentication request can not be received within a predetermined time, the access point 103 may end waiting for the authentication request.

When the authentication request is received from the portable device 101, the control unit 205 verifies the authentication information of the authentication request and determines whether the authentication is successful (whether the device as the transmission source of the authentication request is a device that has captured the QR code) The role determination unit 211 determines the role information (S1303). If the authentication fails or the role information is other than the configurator (NO in S1303), the control unit 205 displays a message indicating an error on the display unit 204 (S1313), and ends the processing. Note that the display of the error message (S1313) may be omitted.

If the authentication is successful and the role information indicates a configurator (YES in S1303), the control unit 205 determines whether a key pair sharing request is set in the authentication request (S1304). If the key pair sharing request is set in the authentication request, the control unit 205 confirms with the user whether or not the sharing setting can be made (S1305). If the user permits sharing setting (YES in S1305), the control unit 205 sets sharing permission as an authentication response (S1306), and transmits this to the portable device 101 (S1307). On the other hand, when the information indicating the key pair supply request is not set in the authentication request (NO in S1304), or when the user does not permit the sharing setting (NO in S1305), the control unit 205 sets the supply permission. An authentication response without a key is sent to the portable device 101 (S1307). Then, the control unit 205 waits for an authentication confirmation from the portable device 101 which is the transmission destination of the authentication response (S1308).

When receiving the authentication confirmation from the portable device 101, the control unit 205 performs authentication using the tag information, and when the authentication is successful (YES in S1309), transmits a setting request to the portable device 101 (S1310). Thereafter, the communication parameter processing unit 210 acquires communication parameters by the communication parameter provision processing with the portable device 101 (S1311). When the sharing permission is set in S1306, the key sharing processing unit 212 receives the provision of the key pair of the configurator of the portable device 101, and acquires the key pair (S1312).

As described above, according to the second embodiment, when the portable device 101 requests the portable device 102 to share the key pair, the secret key dedicated to the configurator of the portable device 101 used for setting of the access point 103 and the disclosure are made public. You can share key pairs. As a result of sharing the key pair, configurators for distributing communication parameters for connecting to the wireless network 104 are increased, and user convenience is improved.

Even when the portable device 101 requests the portable device 102 to share the key pair dedicated to the configurator of the portable device 101, the QR code is used as in the process (modification 1) described with reference to FIG. The key pair may be shared by notifying the key pair sharing request. Also, as in the process (modification 2) described with reference to FIG. 10, the key pair may be shared even when the portable device 101 displays the QR code.

Third Embodiment
In the first embodiment and the second embodiment, an example has been shown in which the portable device 101 and the portable device 102 notify the key pair sharing request using a frame or a QR code for exchanging information for authentication. In the third embodiment, the portable device 101 requests the portable device 102 to share the key pair dedicated to the configurator of the portable device 101 used for setting the access point 103 using a frame for performing communication parameter setting processing. The process in the case of performing will be described.

FIG. 14 is a sequence diagram showing processing between the mobile device 101 and the mobile device 102 in the third embodiment.

The portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator for providing communication parameters for connecting to the wireless network 104 (S 1401). Then, the portable device 102 causes the display unit 204 of the own device to display the QR code, and waits for an authentication request (S1402). The processes of S1401 to S1402 are similar to the processes of S601 to S602 described with reference to FIG.

On the other hand, when the portable device 101 receives an instruction to start parameter provision from the user (S1403), the portable device 101 captures an image of the QR code displayed by the portable device 102 to acquire QR code information (S1404, S1405). The portable device 101 generates an authentication request based on the acquired QR code information and transmits it (S1406).

When the portable device 102 receives the authentication request (S1406), the portable device 102 verifies the contents of the authentication request. If the portable device 102 verifies the authentication information included in the authentication request and determines that the mobile device 101 that has transmitted the authentication request is a device that has captured the QR code (authentication success), the role information included in the authentication request is It verifies (S1407). As a result of verifying the role information, when the portable device 102 determines that the role of the device that has transmitted the authentication request indicates the configurator, the portable device 102 generates and transmits an authentication response (S1408). The mobile device 102 that has transmitted the authentication response to the mobile device 101 waits for the authentication confirmation to be sent from the mobile device 101. The portable device 101 receives the authentication response (S1408), and if the authentication based on the tag information is successful, verifies the role information of the portable device 102 included in the authentication response (S1409). If the portable device 101 succeeds in the authentication of the authentication response and determines that the role information included in the authentication response indicates the enrollee, it transmits an authentication confirmation to the portable device 102 (S1410). The processes of S1403 to S1410 are similar to the processes of S403 to S410 described in FIG.

When the portable device 102 receives the authentication confirmation (S1410), the content of the authentication confirmation is verified. As a result of verifying the contents of the authentication confirmation, if it is determined that the authentication is successful, a process of including information indicating a key pair sharing request in the setting request is performed (S1411). The key pair sharing request is indicated, for example, by setting a predetermined bit of the DPP Configuration Request frame. Although the predetermined bit is used to indicate the key pair request, the present invention is not limited to this. For example, the role information after receiving the communication parameters included in the setting request may indicate a role other than the “access point” or the “device connected to the wireless network”, for example, a role representing the “configurator”. The portable device 102 transmits a setting request including the key pair sharing request generated as described above (S1412). After transmitting the setting request, the mobile device 102 waits for the setting response to be transmitted from the mobile device 101 that has transmitted the authentication confirmation.

The portable device 101 having received the setting request confirms whether the setting request includes the key pair sharing request (S1413). If the setting request includes a key pair sharing request, the portable device 101 displays on the display unit 204 that there is a key pair sharing request and notifies the user, and the user using the operation unit 203 Listen for permission instructions for sharing the key pair. If sharing of the key pair is permitted by the user, the portable device 101 includes information indicating permission for sharing the key pair in the setting response (S1414). The sharing permission of the key pair is indicated, for example, by setting a predetermined bit of the DPP Configuration Response frame. The portable device 101 transmits a setting response including information indicating permission for sharing the key pair to the portable device 102 (S1415). The portable device 101 that has transmitted the setting response encrypts the pair of the secret key and the public key dedicated to the configurator of the portable device 101 using the shared key between the portable device 101 and the portable device 102, and transmits it to the portable device 102. It transmits (S1416). Since the setting response transmitted in S1415 includes the public key dedicated to the configurator of the portable device 101, only the secret key may be transmitted in S1416. In addition, the portable device 101 may transmit the setting response transmitted in S1415 including the secret key dedicated to the configurator of the portable device 101. In that case, the process of S1416 is unnecessary.

Although it is displayed on the display unit 204 that there is a key pair sharing request and the permission instruction from the user using the operation unit 203 is accepted as the key pair sharing condition, the present invention is not limited thereto. . For example, the key pair may be provided without receiving a permission instruction from the user. Also, processing may be performed to include information indicating permission for sharing the key pair in the setting response without receiving a permission instruction from the user. In this case, the indication that there is a key pair sharing request may be omitted.

On the other hand, when the user does not permit sharing of the key pair, the key pair provision process (S1416) is not performed. Alternatively, when sharing of the key pair is not permitted, the setting response may not be transmitted, and the process may be ended without performing the parameter providing process. Furthermore, when key pair sharing is not permitted, a setting response including information indicating that the key pair is not permitted may be transmitted to the portable device 102.

The portable device 102 having received the setting response confirms information indicating permission of sharing of the key pair included in the setting response (S1417). If the setting response does not include information indicating permission for sharing the key pair, the portable device 102 ends the parameter reception process. If the information indicating permission for sharing the key pair is not included in the setting response, the mobile device 102 may notify the user by displaying a message indicating an error on the display unit 204.

Subsequently, processing of the portable device 101 and the portable device 102 will be described using the flowcharts of FIGS. 15, 16A, and 16B.

FIG. 15 is a flowchart showing processing in which the portable device 101 provides the portable device 102 with a key pair (secret key and public key) of the configurator held by the portable device 101 in response to a request from the portable device 102. The process from the start of the imaging unit 207 to the reception of the setting request is the same as that in FIG. 3 (S301 to S308). FIG. 15 shows the process after it is determined in the process of FIG. 3 that the setting request has been received (YES in S308).

The control unit 205 of the portable device 101 having received the setting request transmitted by the portable device 102 determines whether or not there is a request for sharing the key pair in the setting request (S1501). If it is determined that there is a key pair sharing request, the control unit 205 uses the display unit 204 and the operation unit 203 to confirm with the user whether or not the key pair can be shared (S1502). If the user permits sharing (OK in S1502), the key sharing processing unit 212 sets information indicating sharing permission in the setting response (S1503), and transmits this to the portable device 102 (S1504). On the other hand, if it is determined that there is no key pair sharing request in the setting request (NO in S1501) or if the user does not permit sharing (NG in S1502), S1503 is skipped and there is no information indicating sharing permission The setting response is transmitted to the portable device 102 (S1504).

Subsequently, the key sharing processing unit 212 provides the portable device 102 with a key pair, which is the configurator's secret key and public key (S1505). The key pair is encrypted by the shared key. Also, for the sake of security, in S1505, provision of the key pair may be executed only when sharing permission is set in S1503.

16A and 16B, when the portable device 102 receives an instruction from the user to share the key pair held by the portable device 101, the key pair dedicated to the configurator of the portable device 101 used in the setting process of the access point 103 is used. It is a flowchart which shows the process to acquire.

When the control unit 205 of the portable device 102 receives an instruction from the user via the operation unit 203 to share the key pair, the control unit 205 generates a QR code and displays the QR code on the display unit 204 (S1601). Thereafter, the control unit 205 waits for an authentication request (S1602). When receiving the authentication request from the portable device 101, the control unit 205 performs authentication, verifies the role information, and determines whether the role is a configurator (S1603). If the authentication fails, or if it is determined that the role of the portable device 101 is not the configurator (NO in S1603), the control unit 205 displays a message indicating an error on the display unit 204 (S1612), and ends the process. .

On the other hand, when it is determined in S1603 that the authentication is successful, and it is determined that the role of the portable device 101 that has transmitted the authentication request is the configurator (YES in S1603), the control unit 205 transmits an authentication response (S1604), It waits for authentication confirmation from the portable device 101. When the authentication confirmation is received from the portable device 101 (YES in S1605), the control unit 205 determines whether the authentication using the tag information included in the authentication confirmation has succeeded (S1606).

When the control unit 205 receives the authentication confirmation from the portable device 101, the authentication is performed using the tag information, and when the authentication is successful (YES in S1606), the key sharing processing unit 212 performs the information indicating the key pair sharing request. The setting request is set (S1607). After that, the control unit 205 transmits a setting request in which the sharing request is set to the portable device 101 (S1608), and waits for a setting response from the portable device 101. On the other hand, if the verification of the tag information fails in S1606, the control unit 205 displays a message indicating an error on the display unit 204, and ends the processing (S1612).

When the setting response is received from the portable device 101 (S1609), the control unit 205 determines whether the information indicating permission for sharing the key pair is included in the setting response (S1610). Then, when it is determined that the information indicating permission for sharing the key pair is included in the setting response (YES in S110), the key sharing processing unit 212 acquires a key pair dedicated to the configurator of the portable device 101 (S1611). ). If it is determined in S1610 that the information indicating permission for sharing the key pair is not included in the authentication confirmation (NO in S1610), the control unit 205 ends the parameter reception processing or indicates an error on the display unit 204. The message is displayed, and the process ends (S1612).

<Other Embodiments>
In the above-mentioned each embodiment, the structure which exchanges the information for setting a communication parameter using the image of QR Code (trademark) was demonstrated between apparatuses. However, instead of shooting a QR code (registered trademark), wireless communication such as NFC or Bluetooth (registered trademark) may be used. Alternatively, wireless communication such as IEEE 802.11ad or TransferJet (registered trademark) may be used.

Note that the QR code (registered trademark) to be read may be not only the QR code displayed on the display unit, but also the QR code attached to the housing of the communication device in the form of a seal or the like. In addition, the QR code (registered trademark) to be read may be attached to a package such as a handling instruction manual or a cardboard at the time of sales of the communication device. Moreover, not a QR code but a barcode or a two-dimensional code may be used. Also, instead of machine-readable information such as QR code, it may be information in a format that can be read by the user.

In each embodiment, although the case where communication between devices is performed by wireless LAN communication conforming to IEEE 802.11 has been described, the present invention is not limited to this. For example, it may be implemented using a wireless communication medium such as wireless USB, MBOA, Bluetooth (registered trademark), UWB, ZigBee, NFC and the like. Here, MBOA is an abbreviation for Multi Band OFDM Alliance. Also, UWB includes wireless USB, wireless 1394, WINET and the like.

Moreover, although the case where the communication parameter for connecting to the access point of wireless LAN was provided was described in each embodiment, it does not restrict to this. For example, communication parameters for connecting to a Wi-Fi Direct (registered trademark) group owner may be provided.

As described above, according to each embodiment, the pair of the secret key and the public key used by the configurator for encryption and decryption of communication parameters is shared by a request from another device or a request from the configurator. Can. As a result, the number of configurators providing communication parameters to connect to the access point can be easily increased. For example, in the procedure of setting communication parameters by DPP, a configurator key pair can be shared with the configurator without using a storage medium or another protocol (for example, HTTP).

The present invention supplies a program that implements one or more functions of the above-described embodiments to a system or apparatus via a network or storage medium, and one or more processors in a computer of the system or apparatus read and execute the program. Can also be realized. It can also be implemented by a circuit (eg, an ASIC) that implements one or more functions.

The present invention is not limited to the above embodiment, and various changes and modifications can be made without departing from the spirit and scope of the present invention. Accordingly, the following claims are attached to disclose the scope of the present invention.

Claims (35)

  1. A communication device that communicates with an external device,
    An authentication unit that performs an authentication process by exchanging information for authentication with the external device;
    A detection means for detecting a request for sharing unique information used to provide communication parameters in the authentication process by the authentication means;
    A communication apparatus, comprising: sharing means for sharing the unique information with the external device after the authentication by the authentication means is successful when the request is detected by the detection means.
  2. The communication apparatus according to claim 1, wherein the detection unit detects the request by reading an image of code information provided by the external apparatus.
  3. The communication apparatus according to claim 1, wherein the detection unit detects the request from a frame including information for authentication received by the authentication unit from the external apparatus.
  4. In response to the request detected by the detection means, permission for sharing the unique information is included in a frame including information for authentication transmitted to the external device by the authentication means. The communication apparatus according to any one of claims 1 to 3.
  5. The communication device according to claim 4, wherein the permission is indicated by a predetermined bit of the frame.
  6. The communication apparatus according to claim 4, wherein the permission is indicated by role information representing a role of the communication apparatus included in the frame.
  7. The method according to any one of claims 4 to 6, further comprising: inquiry means for inquiring a user whether or not sharing of the unique information is permitted when the request is detected by the detection means. The communication device according to.
  8. The communication apparatus according to any one of claims 3 to 7, wherein the frame is a frame for performing authentication in accordance with IEEE 802.11.
  9. A communication device that communicates with an external device,
    Operation means for receiving an instruction from a user for sharing specific information used for providing communication parameters;
    An authentication unit that performs authentication by exchanging information for authentication with the external device;
    Confirmation means for confirming, during authentication by the authentication means, that the external device has permitted sharing of the unique information with the external device, when an instruction from the user is received by the operation means;
    A communication apparatus, comprising: sharing means for sharing the unique information with the external device after success of authentication by the authentication means when permission is confirmed by the confirmation means.
  10. 10. The apparatus according to claim 9, further comprising: request means for requesting the external device to share the unique information with the external device when an instruction from the user is received by the operation means. Communication device.
  11. The communication apparatus according to claim 10, wherein the request means includes the request in a frame of information for authentication transmitted by the authentication means.
  12. The communication device according to claim 11, wherein the request is indicated by using predetermined bits of the frame.
  13. The communication apparatus according to claim 11, wherein the request is indicated by using role information indicating the role of the communication apparatus, which is included in the frame.
  14. The communication apparatus according to any one of claims 11 to 13, wherein the frame is a frame for performing authentication in compliance with IEEE 802.11.
  15. The communication device according to claim 10, wherein the request means includes the request in an image of code information read by the external device.
  16. The communication device is a providing device for providing communication parameters to the external device,
    The communication apparatus according to any one of claims 1 to 15, wherein the sharing unit provides the communication parameter and the unique information.
  17. The communication device is a device that receives provision of communication parameters from the external device,
    The communication apparatus according to any one of claims 1 to 15, wherein the sharing unit acquires the unique information from the external apparatus.
  18. The communication apparatus according to claim 17, wherein the sharing unit acquires the communication parameter and the unique information from the external apparatus.
  19. A communication device for providing communication parameters to an external device, the communication device comprising:
    An authentication unit that performs an authentication process by exchanging information for authentication with the external device;
    Detection means for detecting requests to share unique information used to provide communication parameters after successful authentication by the authentication means;
    A communication apparatus, comprising: sharing means for sharing the unique information with the external device when the request is detected by the detection means.
  20. 20. The communication apparatus according to claim 19, further comprising: inquiry means for inquiring a user whether or not sharing of the unique information is permitted when the request is detected by the detection means.
  21. 21. A communication apparatus according to claim 19, wherein the sharing means provides the communication parameter and the unique information.
  22. A communication device that receives provision of communication parameters from an external device,
    Operation means for receiving an instruction from a user for sharing specific information used for providing communication parameters;
    An authentication unit that performs an authentication process by exchanging information for authentication with the external device;
    Request means for requesting the external device to share the unique information with the external device after success of authentication by the authentication means when an instruction from the user is accepted by the operation means;
    A communication unit that shares the unique information with the external device.
  23. The communication apparatus according to claim 22, wherein the sharing unit acquires the unique information from the external apparatus.
  24. The communication apparatus according to claim 23, wherein the sharing unit acquires the communication parameter and the unique information from the external apparatus.
  25. 22. The communication apparatus according to any one of claims 19 to 21, wherein the detection means detects the request from a frame received after success of authentication by the authentication means.
  26. The communication apparatus according to any one of claims 22 to 24, wherein the request means includes the request in a frame for requesting a communication parameter transmitted by the authentication means.
  27. The communication device according to claim 25 or 26, wherein the request is indicated by using predetermined bits of the frame.
  28. The communication device according to claim 25 or 26, wherein the request is indicated by using role information indicating the role of the external device, which is included in the frame.
  29. The communication apparatus according to any one of claims 25 to 28, wherein the frame is a frame for requesting a communication parameter compliant with IEEE 802.11.
  30. The communication apparatus according to any one of claims 1 to 18, wherein the unique information includes a secret key used to encrypt the communication parameter in providing the communication parameter.
  31. A control method of a communication device for communicating with an external device, comprising:
    An authentication process for performing an authentication process by exchanging information for authentication with the external device;
    A detection step of detecting a request for sharing unique information used to provide communication parameters during the authentication process by the authentication step;
    A control method of a communication apparatus, comprising: a sharing step of sharing the unique information with the external device after success of authentication by the authentication step when the request is detected by the detection step.
  32. A control method of a communication device for communicating with an external device, comprising:
    An input step of receiving an instruction from a user for sharing specific information used to provide communication parameters;
    An authentication step of performing authentication by exchanging information for authentication with the external device;
    A confirmation step of confirming, during the authentication in the authentication step, that the external device has permitted sharing the unique information with the external device when an instruction from the user is received in the input step;
    A control method of a communication apparatus, comprising: a sharing step of sharing the unique information with the external device after success of authentication in the authentication step if permission is confirmed in the confirmation step.
  33. A control method for providing communication parameters to an external device, comprising:
    An authentication process for performing an authentication process by exchanging information for authentication with the external device;
    A detection step of detecting a request to share unique information used to provide communication parameters after successful authentication by the authentication step;
    And a sharing step of sharing the unique information with the external device when the request is detected in the detecting step.
  34. A communication device that receives provision of communication parameters from an external device,
    An input step of receiving an instruction from a user for sharing specific information used to provide communication parameters;
    An authentication process for performing an authentication process by exchanging information for authentication with the external device;
    A request step of requesting the external device to share the unique information with the external device after a successful authentication by the authentication step when an instruction from the user is received in the input step;
    And a sharing step of sharing the unique information with the external device.
  35. A program for causing a computer to function as each means of the communication device according to any one of claims 1 to 30.
PCT/JP2018/025342 2017-07-28 2018-07-04 Communication device, control method for communication device and program WO2019021770A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2017-146799 2017-07-28
JP2017146799 2017-07-28
JP2018082463A JP2019029989A (en) 2017-07-28 2018-04-23 Communication device, control method of the same, and program
JP2018-082463 2018-04-23

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR1020207004920A KR20200028473A (en) 2017-07-28 2018-07-04 Communication device, control method of communication device, and program
EP18837789.9A EP3637814A1 (en) 2017-07-28 2018-07-04 Communication device, control method for communication device and program
CN201880049650.1A CN110999351A (en) 2017-07-28 2018-07-04 Communication device, control method for communication device, and program
US16/743,401 US20200154276A1 (en) 2017-07-28 2020-01-15 Communication device, control method for communication device, and non-transitory computer-readable storage medium

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/743,401 Continuation US20200154276A1 (en) 2017-07-28 2020-01-15 Communication device, control method for communication device, and non-transitory computer-readable storage medium

Publications (1)

Publication Number Publication Date
WO2019021770A1 true WO2019021770A1 (en) 2019-01-31

Family

ID=65040158

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/025342 WO2019021770A1 (en) 2017-07-28 2018-07-04 Communication device, control method for communication device and program

Country Status (1)

Country Link
WO (1) WO2019021770A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017028455A (en) * 2015-07-21 2017-02-02 キヤノン株式会社 Communication device, control method therefor and program
JP2017028457A (en) * 2015-07-21 2017-02-02 キヤノン株式会社 Communication device, communication method and program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017028455A (en) * 2015-07-21 2017-02-02 キヤノン株式会社 Communication device, control method therefor and program
JP2017028457A (en) * 2015-07-21 2017-02-02 キヤノン株式会社 Communication device, communication method and program

Similar Documents

Publication Publication Date Title
RU2647680C2 (en) Information interaction method and apparatus, and electronic equipment
ES2659639T3 (en) Assisted device provisioning in a network
TWI441025B (en) Accessory, controller, and method for establishing wireless communication link therebetween
JP5991733B2 (en) Network system, information processing apparatus, and communication method
JP6156024B2 (en) Function execution device
JP5941300B2 (en) Information processing apparatus, information processing apparatus control method, and program
JP4702944B2 (en) Communication device, its control method, and communication system
JP5454574B2 (en) Communication apparatus and secret information sharing method
JP6379767B2 (en) Terminal device, printer, computer program
CN103905903B (en) A kind of communication partner method of digital TV terminal, terminal and system
KR101786177B1 (en) Method and apparatus for performing secure bluetooth communication
US8116685B2 (en) System and method for visual pairing of mobile devices
JP4027360B2 (en) Authentication method and system, information processing method and apparatus
EP1909431B1 (en) Mutual authentication method between a communication interface and a host processor of an NFC chipset
RU2553102C2 (en) Device communication
TWI420921B (en) Fast authentication between heterogeneous wireless networks
EP3082291A1 (en) Secure communication method and apparatus and multimedia device employing same
JP5347847B2 (en) Image capturing apparatus, communication establishment method, program
CN105284176B (en) Method and device for establishing connection
EP1989830B1 (en) Communication apparatus and communication layer role deciding method
EP2375824A2 (en) Communication apparatus and method for wi-fi protected setup in adhoc network
DE112009000416T5 (en) Two-way authentication between two communication endpoints using a one-way out-of-band (OOB) channel
US9628585B2 (en) Systems and methods for cross-layer secure connection set up
JP2016533055A (en) Wireless configuration using passive near-field communication
KR20080063130A (en) A method for exchanging strong encryption keys between devices using alternate input methods in wireless personal area networks(wpan)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18837789

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

ENP Entry into the national phase in:

Ref document number: 2018837789

Country of ref document: EP

Effective date: 20200109

ENP Entry into the national phase in:

Ref document number: 20207004920

Country of ref document: KR

Kind code of ref document: A