WO2019021770A1 - Dispositif de communication, procédé de commande destiné à un dispositif de communication et programme - Google Patents

Dispositif de communication, procédé de commande destiné à un dispositif de communication et programme Download PDF

Info

Publication number
WO2019021770A1
WO2019021770A1 PCT/JP2018/025342 JP2018025342W WO2019021770A1 WO 2019021770 A1 WO2019021770 A1 WO 2019021770A1 JP 2018025342 W JP2018025342 W JP 2018025342W WO 2019021770 A1 WO2019021770 A1 WO 2019021770A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
sharing
request
communication
portable device
Prior art date
Application number
PCT/JP2018/025342
Other languages
English (en)
Japanese (ja)
Inventor
篤志 皆川
Original Assignee
キヤノン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2018082463A external-priority patent/JP7109243B2/ja
Application filed by キヤノン株式会社 filed Critical キヤノン株式会社
Priority to EP18837789.9A priority Critical patent/EP3637814B1/fr
Priority to KR1020207004920A priority patent/KR102283325B1/ko
Priority to CN201880049650.1A priority patent/CN110999351B/zh
Publication of WO2019021770A1 publication Critical patent/WO2019021770A1/fr
Priority to US16/743,401 priority patent/US20200154276A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to a communication device, a control method of the communication device, and a program.
  • Non-Patent Document 1 the configurator sets, for the access point, communication parameters for forming a wireless network using the configurator's private key and public key pair. Further, Non-Patent Document 1 also provides communication parameters for connecting to an access point to an enrollee using a pair of a secret key and a public key of a configurator used for setting the access point.
  • the distribution processing efficiency of communication parameters will be increased, and user convenience can be achieved. Improve.
  • Wi-Fi Alliance Wi-Fi Device Provisioning Protocol (DPP) DRAFT Technical Specification v0.0.35
  • the private key-public key pair used by the configurator to encrypt and decrypt communication parameters provided to the enrollee is unique for each network. This is because the access point accepts the connection only when the communication parameter included in the connection request transmitted by the wireless terminal can be decrypted using the public key of the configurator provided at the time of network setting. Thus, only an enrollee holding communication parameters provided using the configurator's private key and public key pair used to set the access point can connect to the access point. Therefore, in order to provide communication parameters for connecting a device to an access point that has already been configured by another configurator, it is necessary to obtain the configurator's private key and public key pair used for the configuration. there were.
  • Non-Patent Document 1 describes that an external storage medium (for example, a USB memory or a wireless storage) is used to share the configurator's private key and public key pair with a plurality of electronic devices.
  • an external storage medium for example, a USB memory or a wireless storage
  • a communication device In one embodiment of the present invention, a communication device, its control method, and a program are provided that simplify the time and effort required to provide other devices with unique information used for setting communication parameters.
  • a communication device is a communication device that communicates with an external device, and the authentication device performs authentication processing by exchanging information for authentication with the external device, and the authentication by the authentication device.
  • detecting means for detecting a request for sharing unique information used for providing communication parameters, and when the request is detected by the detecting means, the unique means after successful authentication by the authentication means Sharing means for sharing information with the external device.
  • the time and effort of providing unique information used for setting communication parameters to other devices is simplified.
  • FIG. 7 is a sequence diagram showing wireless connection processing of a printer and an access point.
  • FIG. 7 is a sequence diagram showing a process of sharing a key pair according to the first embodiment.
  • 6 is a flowchart showing the operation of the mobile device 101 in the first embodiment.
  • 6 is a flowchart showing the operation of the mobile device 102 in the first embodiment.
  • FIG. 10 is a sequence diagram illustrating another example of key pair sharing processing according to the first embodiment.
  • FIG. 10 is a sequence diagram illustrating another example of key pair sharing processing according to the first embodiment.
  • FIG. 7 is a sequence diagram showing a process of sharing a key pair according to the first embodiment.
  • 9 is a flowchart showing the operation of the mobile device 101 in the second embodiment.
  • 9 is a flowchart showing the operation of the mobile device 102 in the second embodiment.
  • 9 is a flowchart showing the operation of the mobile device 102 in the second embodiment.
  • FIG. 14 is a sequence diagram showing key pair sharing processing according to the third embodiment.
  • 12 is a flowchart showing the operation of the mobile device 101 in the third embodiment.
  • 12 is a flowchart showing the operation of the mobile device 102 in the third embodiment.
  • 12 is a flowchart showing the operation of the mobile device 102 in the third embodiment.
  • FIG. 1 shows a configuration example of a communication system in the first embodiment.
  • the portable device 101 has a wireless LAN function, and operates, for example, as a configurator defined in DPP.
  • the portable device 101 can provide the access point 103 with communication parameters for forming the wireless network 104.
  • the communication parameters include setting items necessary for performing wireless communication, such as an SSID (Service Set Identifier) as a network identifier, an encryption method, an encryption key, an authentication method, and the like.
  • the communication parameters provided by the portable device 101 which is a configurator, are encrypted by the configurator-specific secret key held by the portable device 101.
  • the portable device 101 can pass a pair of a configurator-dedicated secret key and a public key (hereinafter referred to as a key pair) used for setting of the access point 103 to the portable device 102.
  • the portable device 102 has a wireless LAN function, and operates, for example, as a configurator or enrollee defined in DPP.
  • the portable device 102 can operate as an enrollee, obtain a key pair dedicated to the configurator from the portable device 101, and operate as a configurator providing communication parameters for connecting to the wireless network 104.
  • the access point 103 operates as an access point defined in, for example, DPP.
  • the access point 103 operates as an enrollee and can form the wireless network 104 by acquiring communication parameters from the portable device 101 which is a configurator.
  • the printer 105 and the printer 106 have a wireless LAN function, and operate as an enrollee defined in, for example, DPP.
  • the printer 105 and the printer 106 can be connected to the wireless network 104 by acquiring encrypted communication parameters from the portable device 101 or the portable device 102 which is a configurator and decrypting and using them.
  • Examples of the mobile device of the present embodiment include electronic devices such as a mobile phone, a digital camera, a video camera, a PC, a PDA, a smartphone, and a smart watch, but the present invention is not limited thereto. Further, in the present embodiment, a description will be made using a portable device and a printer as the electronic devices connected to the wireless network, but the present invention is not limited thereto, and any electronic devices connectable to the wireless network may be used. It does not have to be a type. Further, the access point in the present embodiment may be an electronic device (such as a printer or a digital camera) that operates as an access point defined in DPP and has a specific function.
  • FIG. 2 is a block diagram showing an example of the functional configuration of the mobile device 101 and the mobile device 102 in the present embodiment.
  • Each functional unit shown in FIG. 2 is realized by the computer (processor) executing a program stored in the memory. However, some or all of the functions may be realized by dedicated hardware.
  • a wireless communication control unit 201 controls communication using an antenna, a circuit, and the like for transmitting and receiving a wireless signal to and from another wireless device via a wireless LAN.
  • the transmission / reception unit 202 performs transmission / reception control of data according to the protocol of each communication layer.
  • the operation unit 203 is used by the user to operate the portable device 101.
  • the operation unit 203 includes a button for activating the imaging unit 207 and the like.
  • the operation unit 203 may be configured by hardware, or may be configured by a UI provided using the display unit 204 by software.
  • the display unit 204 performs various display processing such as outputting information that can be recognized visually and aurally like an LCD, an LED, or a speaker.
  • the control unit 205 controls the entire portable device 101.
  • the storage unit 206 includes a ROM in which programs and data for controlling the portable device 101 are stored, and a RAM that manages temporary storage. Various operations to be described later are performed by the CPU (not shown) executing a control program stored in the storage unit 206 to realize functional units such as the control unit 205 and the like.
  • the imaging unit 207 includes an imaging element, a lens, and the like, and captures a still image or a moving image.
  • the image processing unit 208 performs image processing of an image or the like captured by the imaging unit 207.
  • the image processing unit 208 analyzes the image of the QR code captured by the imaging unit 207, decodes the encoded information, and acquires the information (QR code information).
  • the code generation unit 209 generates QR code information, and performs control to display the generated QR code information on the display unit 204 as a QR code (image).
  • the QR code is used as the image of the code information.
  • the present invention is not limited to this, and a barcode, a two-dimensional code, or the like may be used.
  • the communication parameter processing unit 210 performs processing for providing and acquiring communication parameters for connecting to the wireless network 104.
  • the role determination unit 211 determines the role of the partner device that transmits and receives communication parameters.
  • the types of roles to be determined include a “configurator” that provides communication parameters, an “enrollee” that acquires communication parameters, and the like, but the present invention is not limited thereto.
  • the key sharing processing unit 212 performs processing for sharing the pair (key pair) of the secret key and the public key used to provide the communication parameter to the access point 103 with another device.
  • the key sharing processing unit 212 receives the instruction from the user for key sharing and the permission of the sharing request from the other device, and executes the key sharing process.
  • FIG. 3 is a flowchart showing a process in which the portable device 101 as a configurator provides communication parameters to the access point 103 as an enrollee.
  • the control unit 205 when the control unit 205 receives a parameter provision instruction from the user, the control unit 205 activates the imaging unit 207 to capture a QR code displayed by the access point 103 (S301). Then, the control unit 205 determines whether the imaging unit 207 of the portable device 101 has captured a QR code (S302).
  • the QR code displayed by the access point 103 is not limited to one displayed on a display or the like, and may be printed on a label or the like attached to a housing or an accessory of an electronic device.
  • the QR code may be, for example, one described in a manual or the like. If the QR code can not be captured within a predetermined time after activation of the imaging unit 207 in S302, the process of providing the communication parameter may end.
  • the image processing unit 208 decodes the QR code in the captured image, and acquires QR code information including the public key for authentication of the access point 103 (S303) ).
  • the control unit 205 transmits an authentication request to the access point 103 using the transmission / reception unit 202 and the wireless communication control unit 201 (S304).
  • This authentication request is, for example, a DPP Authentication Request frame defined by the DPP standard.
  • the authentication request includes authentication information to be used for authentication, identification information of the portable device 101, role information, random numbers, and a public key for generating a shared key.
  • the authentication information is a hash value of a public key for authentication of the access point 103 included in the QR code.
  • the identification information is a hash value of the public key for authentication of the mobile device 101.
  • Role information is information indicating the role (such as a configurator or an enrollee) of the mobile device 101. The random number is used for authentication when receiving an authentication response described later.
  • the public key for shared key generation is a key from which a shared key generated with the access point 103 is generated.
  • the access point 103 that has received the authentication request determines whether the device that has transmitted the authentication request is a device that has captured a QR code. This determination is performed using the authentication information contained in the authentication request. That is, the access point 103 calculates the hash value of the public key included in the displayed QR code, compares the calculated hash value with the hash value (authentication information) included in the authentication request, and the two match. To determine that the verification was successful.
  • the hash function used to calculate the hash value at this time is assumed to be agreed in advance with the portable device 101 that transmits the authentication request.
  • the public key included in the authentication request is a key serving as a generation source of a shared key used for encrypting and decrypting information to be transmitted and received with the access point 103 such as tag information described later.
  • the portable device 101 which is a configurator, uses both the public key for generating the shared key of the access point 103 (included in the authentication response described later) and the secret key for generating the shared key of the portable device 101.
  • the access point 103 which is an enrollee, generates a shared key using both the public key for generating the shared key of the mobile device 101 and the secret key for generating the shared key of the access point 103.
  • the shared key is generated based on, for example, an ECDH (Elliptic Curve Diffie-Hellman) scheme.
  • ECDH Elliptic Curve Diffie-Hellman
  • the shared key is generated based on this ECDH system, it is not limited to this system, and may be generated by another public key cryptosystem.
  • the control unit 205 of the portable device 101 After transmitting the authentication request to the access point 103 in S304, the control unit 205 of the portable device 101 waits to receive an authentication response from the access point 103 (S305). If the authentication response can not be received within the predetermined time in S304, the process of providing communication parameters is ended.
  • the authentication response is, for example, a DPP Authentication Response frame defined by the DPP standard.
  • the authentication response includes a public key for generating a shared key of the access point 103, role information, random numbers, and tag information.
  • the portable device 101 generates a shared key using the public key for generating the shared key of the access point 103 and the secret key for generating the shared key of itself. The generation of the shared key is as described above.
  • the tag information is a random number included in the authentication request transmitted by the portable device 101, and both of the secret key for generating the shared key of the access point 103 and the public key for generating the shared key of the portable device 101 are It is encrypted with the shared key generated using it.
  • the portable device 101 determines that the authentication is successful when the tag information is correctly decrypted by the shared key generated by itself. More specifically, the control unit 205 is equivalent to the access point 103 generating the shared key using the secret key for generating the shared key of the portable device 101 and the public key for generating the shared key of the access point 103. Generate a shared key in the following way, and verify tag information using that shared key. The control unit 205 determines that the authentication is successful if the tag information can be decrypted with the shared key generated by itself, and determines that the authentication is unsuccessful if the decryption is not possible.
  • the control unit 205 of the portable device 101 verifies the content of the authentication response (S306). As described above, the control unit 205 determines whether or not the authentication is successful by using the tag information included in the authentication response, and whether or not the role information of the access point 103 included in the authentication response indicates the enrollee. judge. When it is determined that the authentication fails or the role of the access point 103 that has transmitted the authentication response does not indicate the enrollee (NO in S306), the control unit 205 displays a message indicating an error on the display unit 204. (S310), the parameter provision processing ends.
  • the control unit 205 transmits an authentication confirmation to the access point 103 (S307).
  • This authentication confirmation is, for example, a DPP Authentication Confirm frame defined by the DPP standard.
  • This authentication confirmation includes tag information.
  • the tag information is obtained by the control unit 205 encrypting the random number included in the authentication response transmitted by the access point 103 using the shared key.
  • the control unit 205 of the portable device 101 waits for the setting request to be transmitted from the access point 103 which is the enrollee (S308).
  • the access point 103 determines that the authentication is successful. If it is determined that the authentication is successful, the access point 103 recognizes the mobile device 101 that has transmitted the authentication request as a configurator, and transmits a setting request to the mobile device 101.
  • the configuration request is, for example, a DPP Configuration Request frame defined by the DPP standard.
  • the setting request includes device information of the access point 103 and role information after receiving communication parameters.
  • the device information is, for example, the device name of the access point 103.
  • the role information after receiving the communication parameter is information indicating whether the enrollee operates as an access point constructing a wireless network or operates as an apparatus connected to the wireless network. Here, information is set that indicates that it operates as an access point for establishing a wireless network.
  • the information included in the setting request is encrypted with the shared key used by the access point 103 to encrypt the tag information when transmitting the authentication response.
  • the communication parameter processing unit 210 of the portable device 101 performs processing for providing communication parameters for forming the wireless network 104 as a setting response (S309).
  • the setting response is, for example, a DPP Configuration Response frame defined by the DPP standard.
  • the setting response transmitted by the communication parameter processing unit 210 of the portable device 101 includes the communication parameter, the expiration date of the parameter, the public key dedicated to the configurator of the portable device 101, and the like.
  • the communication parameter is encrypted with a secret key dedicated to the configurator of the portable device 101.
  • the information included in the setting response is encrypted with the shared key used for encrypting the tag information in S307.
  • the communication parameter includes, as an encryption key, the public key of the communication partner used to generate the shared key (in this case, the public key included in the authentication response from the access point 103).
  • the access point 103 After transmitting the setting request, the access point 103, which is an enrollee, waits for the setting response to be transmitted from the portable device 101, which is a configurator.
  • the access point 103 that has received the setting response decrypts the information included in the setting response with the shared key used for encrypting the tag information. Further, the access point 103 decrypts the communication parameter encrypted by the secret key dedicated to the configurator of the portable device 101 with the public key dedicated to the configurator of the portable device 101.
  • the access point 103 can form the wireless network 104 with the communication parameters obtained by decoding.
  • FIG. 4 is a sequence diagram showing processing in which the portable device 101 provides the access point 103 with communication parameters.
  • the access point 103 When the access point 103 receives an instruction for parameter reception from the user (S401), the access point 103 displays a QR code on the display (S402) and waits for an authentication request. If the authentication request can not be received within a predetermined time, the access point 103 may end waiting for the authentication request. In addition, when the access point 103 is not provided with a display or the like for displaying the QR code, and the QR code is printed on a label or the like attached to a housing or an accessory of the electronic device, S402 is skipped. That is, when the access point 103 receives an instruction to receive a parameter (S401), the access point 103 waits for an authentication request without performing the processing in S402.
  • the portable device 101 when the portable device 101 receives a parameter provision instruction from the user (S403), the portable device 101 activates the imaging unit 207 to capture the QR code displayed by the access point 103 (S404). Then, the imaging unit 207 of the mobile device 101 captures a QR code displayed by the access point 103, thereby acquiring information indicated by the QR code (S405).
  • the portable device 101 that has acquired the information indicated by the QR code generates and transmits an authentication request, and the access point 103 receives this authentication request (S406).
  • the access point 103 verifies the content of the received authentication request. If it is determined that the portable device 101 that has transmitted the authentication request is the device that has captured the QR code, the role information is verified (S407).
  • the access point 103 determines that the role of the device that has transmitted the authentication request indicates the configurator as a result of verifying the role information
  • the access point 103 generates and transmits an authentication response (S408).
  • the access point 103 that has transmitted the authentication response to the portable device 101 waits for the authentication confirmation to be transmitted from the portable device 101.
  • the portable device 101 having received the authentication response verifies the contents of the authentication response (S409). If the portable device 101 succeeds in the authentication of the authentication response and determines that the role information included in the authentication response indicates an enrollee, it transmits an authentication confirmation to the access point 103 (S410).
  • the access point 103 that has received the authentication confirmation from the portable device 101 verifies the content of the authentication confirmation.
  • the access point 103 determines that the authentication is successful when the tag information can be correctly decrypted by the shared key generated by itself. If it is determined that the authentication is successful, the access point 103 performs communication parameter setting processing with the portable device 101 (S411). More specifically, the access point 103 transmits a setting request to perform communication parameter setting processing, and waits for a setting response to be transmitted from the portable device 101.
  • the portable device 101 having received the setting request transmits, in the setting response, the communication parameter encrypted with the secret key dedicated to the configurator of the portable device 101 and the public key dedicated to the configurator.
  • the access point 103 that has received the setting response decrypts the communication parameter with the public key dedicated to the configurator of the mobile device 101.
  • the access point 103 forms a wireless network 104 using this decoded communication parameter.
  • the portable device 101 can provide the communication parameter to the access point 103 by the process described with reference to FIGS. 3 and 4. Further, the communication parameter can be provided to the printer 105 which is the enrollee of the portable device 101 which is the configurator by the processing similar to the processing described using FIG. 3 and FIG. 4.
  • the shared key used for encryption of tag information or the like is a key different from the shared key generated between the portable device 101 and the access point 103. This is because the key pair for shared key generation of the printer 105 is different from the key pair for shared key generation of the access point 103.
  • the contents included in the communication parameters are also different. This is because the communication parameters received by the printer 105 from the portable device 101 do not include the public key for generating the shared key of the access point 103 but include the public key for generating the shared key of the printer 105 itself.
  • FIG. 5 is a sequence diagram showing processing of connecting the printer 105 to the wireless network 104 formed by the access point 103.
  • the printer 105 When the printer 105 receives an instruction to connect to the wireless network 104 from the user (S501), the printer 105 transmits a search request (S502).
  • This search request is, for example, a DPP Peer Discovery Request frame defined by the DPP standard.
  • the search request includes the communication parameters acquired by the printer 105 from the portable device 101. This communication parameter is encrypted with the secret key dedicated to the configurator of the portable device 101 as described above.
  • the access point 103 that has received the search request decrypts the communication parameters included in the search request using the configurator-dedicated public key of the portable device 101 acquired in S411 (S503). If the decryption is not possible, the search request is discarded.
  • the access point 103 that has decrypted the communication parameters generates a master key (Pairwise Master Key (PMK)) to be shared with the printer 105 (S 504).
  • PMK Physical Master Key
  • This master key is a source of various keys in an encryption standard called Wi-Fi Protected Access (WPA), and is used when establishing a wireless connection.
  • the master key is generated using both the public key for generating the shared key of the printer 105 included in the communication parameter and the secret key for generating the shared key of the access point 103.
  • the access point 103 that has generated the master key in S504 transmits a search response (S505).
  • This search response is, for example, a DPP Peer Discovery Response frame defined by the DPP standard.
  • the search response includes the communication parameter acquired by the access point 103 from the portable device 101 in S411. This communication parameter is similarly encrypted with a secret key dedicated to the configurator of the portable device 101.
  • the printer 105 that has received the search response decodes the communication parameters included in the search response using the public key dedicated to the configurator acquired from the portable device 101 (S506). If the decryption is not possible, the search response is discarded.
  • the printer 105 that has decrypted the communication parameter generates a master key shared with the access point 103 (S507).
  • the master key is generated using both the public key for generating the shared key of the access point 103 included in the communication parameter and the secret key for generating the shared key of the printer 105.
  • the printer 105 and the access point 103 sharing the master key perform connection processing using the master key (S508). As described above, the printer 105 can be connected to the wireless network 104 formed by the access point 103.
  • the portable device 102 also operates as a configurator that provides communication parameters for connecting to the wireless network 104 formed by the access point 103.
  • the portable device 102 needs to acquire a key pair dedicated to the configurator of the portable device 101 used by the portable device 101 to encrypt communication parameters.
  • the portable device 102 not holding the key pair dedicated to the configurator of the portable device 101 provides the printer 106 with the communication parameters acquired as an enrollee from the portable device 101.
  • the portable device 102 provides the printer 106 with communication parameters as they are encrypted with a secret key dedicated to the configurator of the portable device 101.
  • the printer 106 transmits a search request including the acquired communication parameters to the access point 103.
  • the access point 103 that has received the search request decrypts the communication parameter using the public key dedicated to the configurator of the mobile device 101.
  • the public key included in the communication parameter is the public key for generating the shared key of the mobile device 102. .
  • the access point 103 generates a master key using both the public key for generating the shared key of the portable device 102 included in the communication parameter and the secret key for generating the shared key of the access point 103.
  • the printer 106 generates a master key using both the public key for generating the shared key of the access point 103 included in the communication parameters transmitted from the access point 103 and the secret key for generating the shared key of the printer 106. Do. Therefore, the master key generated between the access point 103 and the printer 106 is a different key, and a wireless connection can not be established.
  • the portable device 102 encrypts the communication parameter decrypted with the public key dedicated to the configurator of the portable device 101 with the secret key dedicated to the configurator of the portable device 102 and provides the encrypted data to the printer 106.
  • the printer 106 transmits a search request including the communication parameters acquired from the portable device 102 to the access point 103.
  • the access point 103 that has received the search request tries to decode the communication parameter, but discards the search request because the public key dedicated to the configurator of the portable device 101 can not decode this communication parameter. As a result, the printer 106 can not connect to the wireless network 104.
  • the mobile device 102 in order to operate as a configurator for providing communication parameters for connecting the mobile device 102 to the wireless network 104, the mobile device 102 needs to acquire a key pair dedicated to the configurator of the mobile device 101.
  • a process of providing a key pair dedicated to the configurator of the portable device 101 used for encryption and decryption of communication parameters for connection to the wireless network 104 from the portable device 101 to the portable device 102 will be described.
  • a process when the portable device 102 requests the portable device 101 to share the key pair dedicated to the configurator of the portable device 101 used for setting the access point 103 will be described.
  • FIG. 6 is a sequence diagram showing processing between the mobile device 101 and the mobile device 102 in the present embodiment.
  • the portable device 101 and the portable device 102 can communicate with the portable device 102 and the portable device 101 which are external devices, respectively.
  • the portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator providing communication parameters for connecting to the wireless network 104 (S601). Then, the portable device 102 causes the display unit 204 of the own device to display the QR code, and waits for an authentication request (S602). On the other hand, when the portable device 101 receives a parameter provision start instruction from the user (S603), the portable device 101 captures an image of the QR code displayed by the portable device 102 to acquire QR code information (S604, S605).
  • Steps S606, S609, and S613 are authentication processes for exchanging a frame including information (in the present embodiment, authentication information, random numbers, tag information) for the mobile device 101 and the mobile device 102 to authenticate each other. Then, during this authentication process, a request for sharing with the enrollee unique information (in the present embodiment, the configurator's secret key) used by the configurator to provide communication parameters, and permission for the request are exchanged. .
  • information in the present embodiment, authentication information, random numbers, tag information
  • the portable device 101 generates an authentication request based on the acquired QR code information and transmits it (S606).
  • the processes of S603 to S606 are similar to the processes of S403 to S406 described in FIG.
  • the portable device 102 receives the authentication request (S606), the portable device 102 verifies the contents of the authentication request. If the portable device 102 verifies the authentication information included in the authentication request and determines that the mobile device 101 that has transmitted the authentication request is a device that has captured the QR code (authentication success), the role information included in the authentication request is It verifies (S607).
  • the portable device 102 determines that the role information included in the authentication request transmitted by the portable device 101 is the configurator, the portable device 102 performs a process of including information indicating the key pair sharing request in the authentication response (S 608).
  • the key pair sharing request is indicated by, for example, setting a predetermined bit of the DPP Authentication Response frame. Although the predetermined bit is used to indicate the key pair request, the present invention is not limited to this.
  • the role information included in the authentication response may indicate a role other than the configurator representing the “parameter provider” or the enrollee representing the “parameter receiver”, for example, the role representing the “key pair receiver”.
  • the portable device 102 transmits an authentication response including the key pair sharing request generated as described above (S609). After transmitting the authentication response, the mobile device 102 waits for the authentication confirmation to be transmitted from the mobile device 101 that has transmitted the authentication request.
  • the portable device 101 receives the authentication response (S609), and when the authentication based on the tag information succeeds, the role information of the portable device 102 included in the authentication response is verified (S610). If it is determined by the verification of the role information that the role of the device that has transmitted the authentication response indicates an enrollee (or a “role indicating a key pair receiving device”), the portable device 101 continues the parameter providing process. On the other hand, when the role information indicates a role other than the above, the parameter providing process is ended.
  • the portable device 101 continuing the parameter provision processing checks whether the authentication response contains a request for sharing the key pair (S611). If the authentication response includes a key pair sharing request, the portable device 101 displays on the display unit 204 that there is a key pair sharing request, and notifies the user, and the user using the operation unit 203 Listen for permission instructions for sharing the key pair. When sharing of the key pair is permitted by the user, the portable device 101 includes information indicating permission for sharing the key pair in the authentication confirmation (S612). The key pair sharing permission is indicated, for example, by raising a predetermined bit of the DPP Authentication Confirm frame. The portable device 101 transmits an authentication confirmation including information indicating permission for sharing the key pair to the portable device 102 (S613).
  • processing may be performed to include information indicating permission for sharing the key pair in the authentication confirmation without receiving a permission instruction from the user.
  • the indication that there is a key pair sharing request may be omitted.
  • the key pair provision process (S616) described later is not performed.
  • the process may be terminated without performing the parameter providing process by not transmitting the authentication confirmation.
  • a message including information indicating that the key pair is not permitted may be transmitted to the portable device 102.
  • the portable device 102 that has received the authentication confirmation confirms the information indicating the sharing permission of the key pair included in the authentication confirmation (S614). If the information indicating permission for sharing the key pair is not included in the authentication confirmation, the portable device 102 ends the parameter reception process. If the information indicating permission for sharing the key pair is not included in the authentication confirmation, the mobile device 102 may display a message indicating an error on the display unit 204 to notify the user.
  • setting of communication parameters is performed (S615). More specifically, after the portable device 102 completes the authentication based on the authentication confirmation, a setting request is transmitted to the portable device 101. The portable device 101 transmits a setting response including the communication parameter to the portable device 102 in response to the setting request. Thus, communication parameter provision processing is performed. When the process of providing the communication parameters is completed, the portable device 101 encrypts a pair of a secret key and a public key dedicated to the configurator of the portable device 101 using the shared key between the portable device 101 and the portable device 102, It transmits to the portable device 102 (S616).
  • the setting response transmitted in S615 includes the public key dedicated to the configurator of the portable device 101, only the secret key may be transmitted in S616.
  • the portable device 101 may transmit the setting response including the secret key dedicated to the configurator of the portable device 101 in the parameter providing process in S615. In that case, the process of S616 is unnecessary.
  • the portable device 101 may provide a key pair dedicated to the configurator of the portable device 101 before the communication parameter provision processing in S615 is completed. Furthermore, the portable device 101 may provide a key pair dedicated to the configurator of the portable device 101 even when transmitting the authentication confirmation without including the information indicating permission for sharing the key pair.
  • the portable device 102 that has acquired a pair of a private key dedicated to the configurator of the portable device 101 used for setting the access point 103 and a public key can provide communication parameters to the printer 106, which is an enrollee, as a configurator.
  • the printer 106 can connect to the wireless network 104 formed by the access point 103 by performing the process shown in the sequence of FIG. 5 using the communication parameters acquired from the portable device 102.
  • the information confirmation indicating the key pair sharing permission is included in the authentication confirmation without waiting for the permission instruction from the user in S612. You may process.
  • only the key pair may be provided without providing the communication parameter, that is, without performing the parameter setting of S615.
  • the communication parameter provision processing in S615 can be omitted, the convenience of the user is improved.
  • the process of providing only the key pair may be executed when an instruction to pass only the key pair is received from the user in S612. If the start of key pair sharing is instructed instead of the parameter provision instruction in S603, processing for providing only the key pair is performed without waiting for the permission instruction from the user in S612. Good. Also in the processing shown in the sequence diagrams of FIGS. 9 to 11 described later, the processing for providing the key pair may be executed without performing the processing for providing the communication parameter.
  • FIG. 7 is a flowchart showing processing in which the portable device 101 provides the portable device 102 with a key pair (private key and public key) of the configurator held by the portable device 101 in response to a request from the portable device 102.
  • the process from activation of the imaging unit 207 to verification of the authentication response is the same as that in FIG. 3 (S301 to S306).
  • FIG. 7 shows the process after the authentication using the authentication response is successful in the process of FIG. 3 and it is determined that the role information indicates an enrollee (YES in S306).
  • the control unit 205 of the mobile device 101 determines whether or not there is a key pair sharing request in the authentication response (S701). ). If it is determined that there is a key pair sharing request, the control unit 205 uses the display unit 204 and the operation unit 203 to confirm with the user whether or not the key pair can be shared (S702). If the user permits sharing (OK in S702), the key sharing processing unit 212 sets information indicating sharing permission in the authentication confirmation (S703), and transmits this to the portable device 102 (S704).
  • the control unit 205 waits for a setting request from the portable device 102 (S705).
  • the communication parameter processing unit 210 provides communication parameters to the portable device 102 (S706). This providing process is similar to that of S310.
  • the key sharing processing unit 212 provides the portable device 102 with a key pair, which is the configurator's secret key and public key (S 707).
  • the key pair is encrypted by the shared key. Further, as shown in S807 of FIG. 8 described later, since the setting request is not received if the sharing permission is not set in S703, the key pair is not shared. However, for the sake of security, provision of the key pair may be performed only when the supply permission is set in S703 in S707.
  • the portable device 102 receives an instruction from the user to share the key pair held by the portable device 101, and acquires a key pair dedicated to the configurator of the portable device 101 used in the setting process of the access point 103. Is a flowchart showing
  • the code generation unit 209 of the portable device 102 generates a QR code upon receiving an instruction from the user via the operation unit 203 to share a key pair dedicated to the configurator of the portable device 101 held by the portable device 101, and displays the QR code. It is displayed on the unit 204 (S801). Thereafter, the control unit 205 waits for an authentication request (S802). If the authentication request can not be received within a predetermined time, the access point 103 may end waiting for the authentication request.
  • the control unit 205 When the authentication request is received from the portable device 101, the control unit 205 performs authentication using the authentication information included in the received authentication request, and the role determination unit 211 verifies the role information to determine the role. The control unit 205 determines whether the authentication using the authentication information is successful and whether the role determined by the role determination unit 211 is a configurator (S803). If the authentication fails or it is determined that the role of the portable device 101 is not the configurator, the control unit 205 displays a message indicating an error on the display unit 204 (S811), and ends the process. Note that the display of the error message (S811) may be omitted.
  • the key sharing processing unit 212 authenticates the information indicating the key pair sharing request. It sets to (S804). Thereafter, the control unit 205 transmits an authentication response in which the sharing request is set to the portable device 101 (S805), and waits for an authentication confirmation from the portable device 101.
  • the control unit 205 succeeds in the authentication using the tag information included in the authentication confirmation, and the information indicating permission of sharing the key pair is included in the authentication confirmation. It is determined whether or not (S807). If it is determined that the authentication is successful, and it is determined that the information indicating permission for sharing the key pair is included in the authentication confirmation, the communication parameter processing unit 210 transmits a setting request to the portable device 101 (S808) ). Thereafter, the communication parameter processing unit 210 acquires a communication parameter by receiving the setting response from the portable device 101 (S809). Then, the key sharing processing unit 212 acquires a key pair dedicated to the configurator of the portable device 101 (S810).
  • control unit 205 causes the display unit 204 to display an error message. Is displayed, and the process ends (S811).
  • FIG. 6 from the frame for the portable device 101 and the portable device 102 to exchange information for authentication, a request to share unique information (a key pair in this embodiment) used by the configurator to provide communication parameters.
  • An example is shown in which (sharing request) is detected.
  • the method of notifying the portable device 101 of the sharing request is not limited to this.
  • notification may be performed using an Action frame including information indicating a request for sharing a key pair addressed to the portable device 101, or a request for sharing a key pair may be notified using a QR code.
  • FIG. 9 is a sequence diagram showing processing in the case where information indicating a key pair sharing request is included in the QR code.
  • the portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator providing communication parameters for connecting to the wireless network 104 (S901).
  • the portable device 102 that has received the instruction to share the key pair embeds the information indicating the sharing request of the key pair in the QR code (S902), and displays this (S903).
  • the processing in S904 to S906 for the portable device 101 to acquire the information of the QR code displayed by the portable device 102 is the same as the processing from S403 to S405 in FIG. 4.
  • a QR code including a sharing request may be provided in the form of a printed matter or the like.
  • the portable device 101 confirms that the key pair sharing request exists in the acquired QR code information (S907).
  • the portable device 101 that has confirmed the key pair sharing request includes information indicating permission for sharing the key pair in the authentication request (S 908) and transmits the information to the portable device 102 (S 909).
  • the processing of S907 and S908 is the same as that of S611 and S612.
  • the portable device 102 confirms information indicating permission of sharing of the key pair included in the authentication request (S911).
  • the key pair sharing permission is indicated, for example, by having a predetermined bit set in the DPP Authentication Request frame. Note that the method of indicating permission for sharing the key pair in the authentication request is not limited to this.
  • the key pair sharing permission is indicated by setting the role information included in the authentication request so as to indicate that the role is not the configurator representing “parameter providing device” but “key pair providing device”. It is also good.
  • the portable device 102 that has confirmed the information indicating permission for sharing the key pair from the authentication request transmits an authentication response (S912), and waits for transmission of an authentication confirmation from the portable device 101.
  • the portable device 101 having received the authentication response verifies the tag information included in the authentication response and the role information of the portable device 102 (S913). Then, if it is determined that the tag information is correctly decoded and the authentication is successful, and the role information indicates an enrollee, the portable device 101 transmits an authentication confirmation (S914).
  • S915 to S916 which are the process of setting the communication parameter and the process of providing the key pair, are the same as the processes of S615 to S616 in FIG.
  • the key pair dedicated to the configurator of the portable device 101 can be shared by notifying the key pair sharing request using the QR code.
  • FIG. 10 is a sequence diagram showing processing in which the portable device 101 displays a QR code and the portable device 102 requests the portable device 101 for a key bearer.
  • the portable device 101 When the portable device 101 receives a parameter provision instruction from the user (S1001), the portable device 101 displays a QR code on the display unit 204 of its own device and waits for an authentication request (S1002). On the other hand, the portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator providing communication parameters for connecting to the wireless network 104 (S1003). In response to the instruction, the portable device 102 activates the imaging unit 207 to capture a QR code (S1004). The portable device 102 images the QR code displayed on the display unit 204 of the portable device 101 by the imaging unit 207 of the portable device 102, and acquires information indicated by the QR code (S1005).
  • the portable device 102 generates an authentication request using the QR code information, includes information indicating a key pair sharing request in the authentication request (S1006), and transmits this to the portable device 101 (S1007).
  • the key pair sharing request is indicated, for example, by setting a predetermined bit of the DPP Authentication Request frame.
  • the portable device 101 having received the authentication request verifies the role information contained in the authentication request when the authentication is successful by the authentication information contained in the authentication request (S1008). If it is confirmed by this verification that the role information indicates an enrollee, the portable device 101 confirms whether the request for sharing the key pair is included in the authentication request (S1009). Upon confirming that the request for sharing the key pair is included in the request for authentication, the portable device 101 includes information indicating permission for sharing the key pair in the request for authentication (S1010) and transmits this to the portable device 102 (S1011). .
  • the key pair sharing permission is indicated, for example, by the fact that a predetermined bit of the DPP Authentication Response frame is set.
  • the processes of S1009 and S1010 are the same as those of S611 and S612.
  • the portable device 102 When the portable device 102 receives the authentication response, it verifies the tag information and the role information included in the authentication response (S1012). Then, if the authentication using the tag information is successful and the role information indicates the configurator, the portable device 102 checks whether the authentication response includes the key pair sharing permission (S1013). The portable device 102 that has confirmed the key pair sharing permission transmits an authentication confirmation to the portable device 101 (S1014). Thus, when the authentication is completed, a communication parameter providing process (S1015) and a key pair providing process (S1016) are performed.
  • the processes in S1015 to S1016 which are the process of setting the communication parameter and the process of providing the key pair, are the same as the processes in S615 to S616 of FIG.
  • the key pair dedicated to the configurator of the portable device 101 can be shared.
  • the portable device 102 requests the portable device 101 to share the pair of the secret key and the public key dedicated to the configurator of the portable device 101 used for the setting of the access point 103. can do.
  • sharing the key pair it becomes possible to duplicate a configurator that distributes communication parameters for connecting to the wireless network 104, thereby improving user convenience.
  • Second Embodiment In the first embodiment, the case where the portable device 102 requests the portable device 101 to share the key pair dedicated to the configurator of the portable device 101 used for setting the access point 103 has been described. In the second embodiment, a process when the portable device 101 requests the portable device 102 to share a key pair dedicated to the configurator of the portable device 101 used for setting of the access point 103 will be described.
  • FIG. 11 is a sequence diagram showing processing between the mobile device 101 and the mobile device 102 in the second embodiment.
  • the portable device 102 When the portable device 102 receives an instruction to receive communication parameters from the user (S1101), the portable device 102 displays a QR code on the display (S1102), and waits for an authentication request. On the other hand, the portable device 101 receives an instruction from the user to share a key pair with the portable device 102 in order to operate the portable device 102 as a configurator providing communication parameters for connecting to the wireless network 104. (S1103).
  • the portable device 101 activates the imaging unit 207 to capture a QR code (S1104).
  • the portable device 101 captures an image of the QR code displayed on the display unit 204 of the portable device 102 by the imaging unit 207, and acquires information indicated by the QR code (S1105).
  • the portable device 101 that has acquired the information indicated by the QR code includes the information indicating the key pair sharing request in the authentication request (S1106), and transmits the authentication request to the portable device 102 (S1107).
  • the portable device 102 that has received the authentication request from the portable device 101 in S1107 verifies the authentication information and the role information included in the authentication request.
  • the mobile device 102 confirms whether the information indicating the key pair sharing request is included in the authentication request (S1109).
  • the mobile device 102 inquires of the user whether sharing is possible and waits for a sharing permission instruction from the user using the operation unit 203.
  • the portable device 102 includes information indicating permission to share the key pair in the authentication request (S1110), and transmits this to the portable device 101 (S1111).
  • sharing of the key pair is not permitted, the process of providing the key pair in S1116 described later is not performed. If sharing of the key pair is not permitted, the process may be terminated without performing the parameter providing process by not transmitting the authentication response. Furthermore, when sharing of the key pair is not permitted, a message (authentication response) including information indicating that the supply of the key pair is not permitted may be transmitted to the portable device 101.
  • the portable device 101 Upon receiving the authentication response, the portable device 101 verifies the tag information and the role information included in the authentication response (S1112). When the portable device 101 confirms that the authentication based on the tag information is successful and indicates that the role information indicates an enrollee, the portable device 101 confirms permission of sharing of the key pair included in the authentication response (S1113). If the key pair sharing permission is confirmed, the portable device 101 transmits an authentication confirmation (S1114). Thus, when the authentication is completed, communication parameter provision processing is performed (S1115), and then key pair provision processing is performed (S1116). The processes of S1115 to S1116 are the same as the processes of S615 to S616 in FIG.
  • FIG. 12 is a flowchart showing processing for providing a key pair dedicated to the configurator of the portable device 101 used in the setting process of the access point 103 by the portable device 101.
  • the key sharing processing unit 212 of the portable device 101 activates the imaging unit 207 (S1201). Then, the key sharing processing unit 212 determines whether the imaging unit 207 has captured a QR code (S1202). If it is determined in S1202 that the QR code has been captured, the image processing unit 208 decodes the QR code in the captured image, and acquires QR code information including the public key for authentication of the mobile device 102.
  • the control unit 205 generates an authentication request using the acquired QR code information (S1203).
  • the control unit 205 includes information indicating a key pair sharing request in the authentication request (S1204), and transmits the authentication request to the portable device 102 (S1205). After that, the key sharing processing unit 212 waits for an authentication response from the portable device 102 (S1206). If the authentication response can not be received within the predetermined time in S1206, the key pair sharing process may be ended.
  • the control unit 205 determines whether the authentication based on the tag information included in the authentication response is successful or not and whether the role information of the portable device 102 indicates an enrollee (S1207). If the authentication fails, or if it is determined that the role information does not indicate an enrollee, the control unit 205 displays a message indicating an error on the display unit 204, and ends the key pair sharing process (S1213). If the authentication is successful and it is determined that the role information is an enrollee, the control unit 205 determines whether the key pair sharing permission is included in the authentication response (S1208). If it is determined that the key pair sharing permission is not included in the authentication response (NO in S1208), the key sharing processing unit 212 displays a message indicating an error on the display unit 204, and ends the key sharing processing ((S1208) S1213).
  • the control unit 205 transmits an authentication confirmation (S1209), and waits for a setting request from the portable device 102 (S1210) .
  • the communication parameter processing unit 210 performs a process of providing communication parameters and provides the portable device 102 with the communication parameters (S1211).
  • the key sharing processing unit 212 provides a key pair (S1212).
  • the processes of S1211 and S1212 are the same as the processes of S706 and S707.
  • 13A and 13B are flowcharts showing processing in which the portable device 102 receives provision of a key pair dedicated to the configurator by the portable device 101.
  • the code generation unit 209 In response to the user receiving the parameter reception instruction, the code generation unit 209 generates a QR code and controls to display it on the display unit 204 (S1301). Thereafter, the control unit 205 waits for an authentication request (S1302). If the authentication request can not be received within a predetermined time, the access point 103 may end waiting for the authentication request.
  • the control unit 205 verifies the authentication information of the authentication request and determines whether the authentication is successful (whether the device as the transmission source of the authentication request is a device that has captured the QR code)
  • the role determination unit 211 determines the role information (S1303). If the authentication fails or the role information is other than the configurator (NO in S1303), the control unit 205 displays a message indicating an error on the display unit 204 (S1313), and ends the processing. Note that the display of the error message (S1313) may be omitted.
  • the control unit 205 determines whether a key pair sharing request is set in the authentication request (S1304). If the key pair sharing request is set in the authentication request, the control unit 205 confirms with the user whether or not the sharing setting can be made (S1305). If the user permits sharing setting (YES in S1305), the control unit 205 sets sharing permission as an authentication response (S1306), and transmits this to the portable device 101 (S1307). On the other hand, when the information indicating the key pair supply request is not set in the authentication request (NO in S1304), or when the user does not permit the sharing setting (NO in S1305), the control unit 205 sets the supply permission. An authentication response without a key is sent to the portable device 101 (S1307). Then, the control unit 205 waits for an authentication confirmation from the portable device 101 which is the transmission destination of the authentication response (S1308).
  • the control unit 205 When receiving the authentication confirmation from the portable device 101, the control unit 205 performs authentication using the tag information, and when the authentication is successful (YES in S1309), transmits a setting request to the portable device 101 (S1310). Thereafter, the communication parameter processing unit 210 acquires communication parameters by the communication parameter provision processing with the portable device 101 (S1311). When the sharing permission is set in S1306, the key sharing processing unit 212 receives the provision of the key pair of the configurator of the portable device 101, and acquires the key pair (S1312).
  • the secret key dedicated to the configurator of the portable device 101 used for setting of the access point 103 and the disclosure are made public. You can share key pairs. As a result of sharing the key pair, configurators for distributing communication parameters for connecting to the wireless network 104 are increased, and user convenience is improved.
  • the QR code is used as in the process (modification 1) described with reference to FIG.
  • the key pair may be shared by notifying the key pair sharing request. Also, as in the process (modification 2) described with reference to FIG. 10, the key pair may be shared even when the portable device 101 displays the QR code.
  • the portable device 101 and the portable device 102 notify the key pair sharing request using a frame or a QR code for exchanging information for authentication.
  • the portable device 101 requests the portable device 102 to share the key pair dedicated to the configurator of the portable device 101 used for setting the access point 103 using a frame for performing communication parameter setting processing. The process in the case of performing will be described.
  • FIG. 14 is a sequence diagram showing processing between the mobile device 101 and the mobile device 102 in the third embodiment.
  • the portable device 102 receives an instruction from the user to share a key pair dedicated to the configurator of the portable device 101 in order to operate as a configurator for providing communication parameters for connecting to the wireless network 104 (S 1401). Then, the portable device 102 causes the display unit 204 of the own device to display the QR code, and waits for an authentication request (S1402).
  • the processes of S1401 to S1402 are similar to the processes of S601 to S602 described with reference to FIG.
  • the portable device 101 when the portable device 101 receives an instruction to start parameter provision from the user (S1403), the portable device 101 captures an image of the QR code displayed by the portable device 102 to acquire QR code information (S1404, S1405). The portable device 101 generates an authentication request based on the acquired QR code information and transmits it (S1406).
  • the portable device 102 When the portable device 102 receives the authentication request (S1406), the portable device 102 verifies the contents of the authentication request. If the portable device 102 verifies the authentication information included in the authentication request and determines that the mobile device 101 that has transmitted the authentication request is a device that has captured the QR code (authentication success), the role information included in the authentication request is It verifies (S1407). As a result of verifying the role information, when the portable device 102 determines that the role of the device that has transmitted the authentication request indicates the configurator, the portable device 102 generates and transmits an authentication response (S1408). The mobile device 102 that has transmitted the authentication response to the mobile device 101 waits for the authentication confirmation to be sent from the mobile device 101.
  • the portable device 101 receives the authentication response (S1408), and if the authentication based on the tag information is successful, verifies the role information of the portable device 102 included in the authentication response (S1409). If the portable device 101 succeeds in the authentication of the authentication response and determines that the role information included in the authentication response indicates the enrollee, it transmits an authentication confirmation to the portable device 102 (S1410).
  • the processes of S1403 to S1410 are similar to the processes of S403 to S410 described in FIG.
  • the portable device 102 When the portable device 102 receives the authentication confirmation (S1410), the content of the authentication confirmation is verified. As a result of verifying the contents of the authentication confirmation, if it is determined that the authentication is successful, a process of including information indicating a key pair sharing request in the setting request is performed (S1411).
  • the key pair sharing request is indicated, for example, by setting a predetermined bit of the DPP Configuration Request frame. Although the predetermined bit is used to indicate the key pair request, the present invention is not limited to this.
  • the role information after receiving the communication parameters included in the setting request may indicate a role other than the “access point” or the “device connected to the wireless network”, for example, a role representing the “configurator”.
  • the portable device 102 transmits a setting request including the key pair sharing request generated as described above (S1412). After transmitting the setting request, the mobile device 102 waits for the setting response to be transmitted from the mobile device 101 that has transmitted the authentication confirmation.
  • the portable device 101 having received the setting request confirms whether the setting request includes the key pair sharing request (S1413). If the setting request includes a key pair sharing request, the portable device 101 displays on the display unit 204 that there is a key pair sharing request and notifies the user, and the user using the operation unit 203 Listen for permission instructions for sharing the key pair. If sharing of the key pair is permitted by the user, the portable device 101 includes information indicating permission for sharing the key pair in the setting response (S1414). The sharing permission of the key pair is indicated, for example, by setting a predetermined bit of the DPP Configuration Response frame. The portable device 101 transmits a setting response including information indicating permission for sharing the key pair to the portable device 102 (S1415).
  • the portable device 101 that has transmitted the setting response encrypts the pair of the secret key and the public key dedicated to the configurator of the portable device 101 using the shared key between the portable device 101 and the portable device 102, and transmits it to the portable device 102. It transmits (S1416). Since the setting response transmitted in S1415 includes the public key dedicated to the configurator of the portable device 101, only the secret key may be transmitted in S1416. In addition, the portable device 101 may transmit the setting response transmitted in S1415 including the secret key dedicated to the configurator of the portable device 101. In that case, the process of S1416 is unnecessary.
  • the present invention is not limited thereto.
  • the key pair may be provided without receiving a permission instruction from the user.
  • processing may be performed to include information indicating permission for sharing the key pair in the setting response without receiving a permission instruction from the user. In this case, the indication that there is a key pair sharing request may be omitted.
  • the key pair provision process (S1416) is not performed.
  • the setting response may not be transmitted, and the process may be ended without performing the parameter providing process.
  • a setting response including information indicating that the key pair is not permitted may be transmitted to the portable device 102.
  • the portable device 102 having received the setting response confirms information indicating permission of sharing of the key pair included in the setting response (S1417). If the setting response does not include information indicating permission for sharing the key pair, the portable device 102 ends the parameter reception process. If the information indicating permission for sharing the key pair is not included in the setting response, the mobile device 102 may notify the user by displaying a message indicating an error on the display unit 204.
  • FIG. 15 is a flowchart showing processing in which the portable device 101 provides the portable device 102 with a key pair (secret key and public key) of the configurator held by the portable device 101 in response to a request from the portable device 102.
  • the process from the start of the imaging unit 207 to the reception of the setting request is the same as that in FIG. 3 (S301 to S308).
  • FIG. 15 shows the process after it is determined in the process of FIG. 3 that the setting request has been received (YES in S308).
  • the control unit 205 of the portable device 101 having received the setting request transmitted by the portable device 102 determines whether or not there is a request for sharing the key pair in the setting request (S1501). If it is determined that there is a key pair sharing request, the control unit 205 uses the display unit 204 and the operation unit 203 to confirm with the user whether or not the key pair can be shared (S1502). If the user permits sharing (OK in S1502), the key sharing processing unit 212 sets information indicating sharing permission in the setting response (S1503), and transmits this to the portable device 102 (S1504).
  • the key sharing processing unit 212 provides the portable device 102 with a key pair, which is the configurator's secret key and public key (S1505).
  • the key pair is encrypted by the shared key. Also, for the sake of security, in S1505, provision of the key pair may be executed only when sharing permission is set in S1503.
  • the control unit 205 of the portable device 102 When the control unit 205 of the portable device 102 receives an instruction from the user via the operation unit 203 to share the key pair, the control unit 205 generates a QR code and displays the QR code on the display unit 204 (S1601). Thereafter, the control unit 205 waits for an authentication request (S1602). When receiving the authentication request from the portable device 101, the control unit 205 performs authentication, verifies the role information, and determines whether the role is a configurator (S1603). If the authentication fails, or if it is determined that the role of the portable device 101 is not the configurator (NO in S1603), the control unit 205 displays a message indicating an error on the display unit 204 (S1612), and ends the process. .
  • the control unit 205 transmits an authentication response (S1604), It waits for authentication confirmation from the portable device 101.
  • the control unit 205 determines whether the authentication using the tag information included in the authentication confirmation has succeeded (S1606).
  • control unit 205 When the control unit 205 receives the authentication confirmation from the portable device 101, the authentication is performed using the tag information, and when the authentication is successful (YES in S1606), the key sharing processing unit 212 performs the information indicating the key pair sharing request.
  • the setting request is set (S1607). After that, the control unit 205 transmits a setting request in which the sharing request is set to the portable device 101 (S1608), and waits for a setting response from the portable device 101.
  • the control unit 205 displays a message indicating an error on the display unit 204, and ends the processing (S1612).
  • the control unit 205 determines whether the information indicating permission for sharing the key pair is included in the setting response (S1610). Then, when it is determined that the information indicating permission for sharing the key pair is included in the setting response (YES in S110), the key sharing processing unit 212 acquires a key pair dedicated to the configurator of the portable device 101 (S1611). ). If it is determined in S1610 that the information indicating permission for sharing the key pair is not included in the authentication confirmation (NO in S1610), the control unit 205 ends the parameter reception processing or indicates an error on the display unit 204. The message is displayed, and the process ends (S1612).
  • the QR code (registered trademark) to be read may be not only the QR code displayed on the display unit, but also the QR code attached to the housing of the communication device in the form of a seal or the like.
  • the QR code (registered trademark) to be read may be attached to a package such as a handling instruction manual or a cardboard at the time of sales of the communication device.
  • a QR code not a QR code but a barcode or a two-dimensional code may be used.
  • machine-readable information such as QR code, it may be information in a format that can be read by the user.
  • wireless communication medium such as wireless USB, MBOA, Bluetooth (registered trademark), UWB, ZigBee, NFC and the like.
  • MBOA is an abbreviation for Multi Band OFDM Alliance.
  • UWB includes wireless USB, wireless 1394, WINET and the like.
  • the communication parameter for connecting to the access point of wireless LAN was provided was described in each embodiment, it does not restrict to this.
  • communication parameters for connecting to a Wi-Fi Direct (registered trademark) group owner may be provided.
  • the pair of the secret key and the public key used by the configurator for encryption and decryption of communication parameters is shared by a request from another device or a request from the configurator. Can.
  • the number of configurators providing communication parameters to connect to the access point can be easily increased.
  • a configurator key pair can be shared with the configurator without using a storage medium or another protocol (for example, HTTP).
  • the present invention supplies a program that implements one or more functions of the above-described embodiments to a system or apparatus via a network or storage medium, and one or more processors in a computer of the system or apparatus read and execute the program. Can also be realized. It can also be implemented by a circuit (eg, an ASIC) that implements one or more functions.
  • a circuit eg, an ASIC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un dispositif de communication effectuant une communication avec un dispositif externe qui effectue une authentification par échange des informations pour un traitement d'authentification avec le dispositif externe. Lors de la détection d'une demande de partage d'informations uniques utilisées pour fournir un paramètre de communication dans le traitement d'authentification, le dispositif de communication partage les informations uniques avec le dispositif externe après l'authentification.
PCT/JP2018/025342 2017-07-28 2018-07-04 Dispositif de communication, procédé de commande destiné à un dispositif de communication et programme WO2019021770A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP18837789.9A EP3637814B1 (fr) 2017-07-28 2018-07-04 Dispositif de communication, procédé de commande destiné à un dispositif de communication et programme
KR1020207004920A KR102283325B1 (ko) 2017-07-28 2018-07-04 통신 디바이스, 통신 디바이스의 제어 방법, 및 프로그램
CN201880049650.1A CN110999351B (zh) 2017-07-28 2018-07-04 通信设备、通信设备的控制方法以及程序
US16/743,401 US20200154276A1 (en) 2017-07-28 2020-01-15 Communication device, control method for communication device, and non-transitory computer-readable storage medium

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2017146799 2017-07-28
JP2017-146799 2017-07-28
JP2018-082463 2018-04-23
JP2018082463A JP7109243B2 (ja) 2017-07-28 2018-04-23 通信装置、通信装置の制御方法及びプログラム

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/743,401 Continuation US20200154276A1 (en) 2017-07-28 2020-01-15 Communication device, control method for communication device, and non-transitory computer-readable storage medium

Publications (1)

Publication Number Publication Date
WO2019021770A1 true WO2019021770A1 (fr) 2019-01-31

Family

ID=65040158

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/025342 WO2019021770A1 (fr) 2017-07-28 2018-07-04 Dispositif de communication, procédé de commande destiné à un dispositif de communication et programme

Country Status (2)

Country Link
JP (1) JP7353433B2 (fr)
WO (1) WO2019021770A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020217811A1 (fr) * 2019-04-22 2020-10-29 キヤノン株式会社 Dispositif de communication, procédé de commande de dispositif de communication, et programme

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017028455A (ja) * 2015-07-21 2017-02-02 キヤノン株式会社 通信装置、通信装置の制御方法、プログラム
JP2017028457A (ja) * 2015-07-21 2017-02-02 キヤノン株式会社 通信装置、通信方法及びプログラム

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160034553A1 (en) * 2014-07-30 2016-02-04 Linkedln Corporation Hybrid aggregation of data sets

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017028455A (ja) * 2015-07-21 2017-02-02 キヤノン株式会社 通信装置、通信装置の制御方法、プログラム
JP2017028457A (ja) * 2015-07-21 2017-02-02 キヤノン株式会社 通信装置、通信方法及びプログラム

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020217811A1 (fr) * 2019-04-22 2020-10-29 キヤノン株式会社 Dispositif de communication, procédé de commande de dispositif de communication, et programme
JP2020178310A (ja) * 2019-04-22 2020-10-29 キヤノン株式会社 通信装置、通信装置の制御方法およびプログラム
CN113711633A (zh) * 2019-04-22 2021-11-26 佳能株式会社 通信设备、以及用于通信设备的控制方法和程序
JP7387283B2 (ja) 2019-04-22 2023-11-28 キヤノン株式会社 通信装置、通信装置の制御方法およびプログラム

Also Published As

Publication number Publication date
JP2022141827A (ja) 2022-09-29
JP7353433B2 (ja) 2023-09-29

Similar Documents

Publication Publication Date Title
JP7109243B2 (ja) 通信装置、通信装置の制御方法及びプログラム
JP7054341B2 (ja) 通信装置およびその制御方法
KR102200766B1 (ko) 통신 장치, 통신 방법 및 직접 통신을 용이하게 하기 위한 프로그램
JP4989117B2 (ja) 通信装置およびその方法
JP2006174423A (ja) 通信制御装置及びシステムならびにそれらの方法
JP6732460B2 (ja) 通信装置、通信方法、プログラム
JP2017130727A (ja) 通信装置、通信パラメータの共有方法、プログラム
CN109565892B (zh) 一种通信装置、通信方法和计算机可读存储介质
JP7353433B2 (ja) 通信装置、制御方法及びプログラム
JP4560366B2 (ja) 無線通信装置
JP2023120266A (ja) 通信装置、制御方法、およびプログラム
JP7406893B2 (ja) 通信装置、制御方法およびプログラム
JP6576129B2 (ja) 通信装置、通信方法およびプログラム
WO2020090443A1 (fr) Dispositif de communication, procédé de commande et programme
JP7266727B2 (ja) 通信装置およびその制御方法
JP6486228B2 (ja) 通信装置、制御方法、および、プログラム
WO2023053699A1 (fr) Dispositif de communication, procédé de commande et système de communication
WO2023218759A1 (fr) Dispositif de communication, procédé de commande associé, et système de communication
JP2017112430A (ja) 通信装置、通信装置の制御方法およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18837789

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018837789

Country of ref document: EP

Effective date: 20200109

ENP Entry into the national phase

Ref document number: 20207004920

Country of ref document: KR

Kind code of ref document: A