WO2020110575A1 - 通信装置、通信装置の制御方法及びプログラム - Google Patents

通信装置、通信装置の制御方法及びプログラム Download PDF

Info

Publication number
WO2020110575A1
WO2020110575A1 PCT/JP2019/042483 JP2019042483W WO2020110575A1 WO 2020110575 A1 WO2020110575 A1 WO 2020110575A1 JP 2019042483 W JP2019042483 W JP 2019042483W WO 2020110575 A1 WO2020110575 A1 WO 2020110575A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication device
encryption key
communication
connection
access point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2019/042483
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
史英 後藤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Publication of WO2020110575A1 publication Critical patent/WO2020110575A1/ja
Priority to US17/328,915 priority Critical patent/US12167235B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to communication technology.
  • DPP Wi-Fi Device Provisioning Protocol
  • QR code registered trademark
  • a configurator that provides communication parameters provides the enrollee that receives the communication parameters with the information necessary to connect to the access point.
  • the enrollee device is a station (STA) or access point (AP) defined by IEEE 802.11.
  • STA station
  • AP access point
  • the STA and the AP it is necessary to perform the authentication process and the determination of the encryption key between the STA and the AP.
  • the present invention provides a technique for simplifying the processing between communication devices required for reconnection.
  • a communication device has the following configuration. That is, A first acquisition unit that acquires communication parameters according to the Wi-Fi DPP (Device Provisioning Protocol) standard; Second acquisition means for acquiring an encryption key by executing a Network Induction process compliant with the first other communication device using the communication parameter acquired by the first acquisition means, Connection means for performing connection processing with the first other communication device using the encryption key acquired by executing the network introduction processing; The reconnection with the first other communication device includes reconnection means for connecting to the first other communication device by omitting the acquisition of the encryption key by the Network Induction process.
  • Wi-Fi DPP Device Provisioning Protocol
  • processing between communication devices required for reconnection is simplified, and processing time required for reconnection is shortened.
  • the accompanying drawings are included in the specification and constitute a part of the specification, illustrate the embodiments of the present invention, and together with the description, serve to explain the principles of the present invention.
  • FIG. 3 is a diagram showing a configuration example of the communication system according to the present embodiment.
  • the communication system includes an access point 302, a smartphone 304, a printer 305, and a wireless LAN network (hereinafter, wireless network 303).
  • wireless network 303 a wireless LAN network
  • processing when the printer 305 participates in the wireless network 303 formed by the access point 302 will be described.
  • the smartphone 304 operates as a configurator defined by DPP (Device Provisioning Protocol), and provides the printer 305 with information for connecting to the access point 302.
  • DPP Device Provisioning Protocol
  • the device in the communication system will be described as a smartphone, an access point, and a printer, but other devices such as a mobile phone, a camera, a PC, a video camera, a smart watch, and a PDA may be used. Further, the description will be given assuming that the number of devices of the communication system is three, but the number may be two or four or more.
  • FIG. 1 shows the whole apparatus.
  • a control unit 102 controls the entire apparatus by executing a control program stored in the storage unit 103.
  • the control unit 102 is composed of, for example, a CPU (Central Processing Unit).
  • a storage unit 103 stores various information such as a control program executed by the control unit 102, image data, and communication parameters. Various operations described below are performed by the control unit 102 executing the control program stored in the storage unit 103.
  • the storage unit 103 is configured by a storage medium such as a ROM, a RAM, a HDD, a flash memory, or a removable SD card, for example.
  • Reference numeral 104 is a wireless unit for performing wireless LAN communication conforming to the IEEE 802.11 series.
  • the wireless unit 104 includes a chip that performs wireless communication.
  • Reference numeral 105 denotes a display unit that performs various displays, and has a function capable of outputting visually recognizable information, such as an LCD or LED, or outputting sound such as a speaker.
  • the display unit 105 has a function of outputting at least one of visual information and sound information.
  • the display unit 105 has a VRAM (Video RAM) that holds image data corresponding to the displayed visual information.
  • the display unit 105 performs display control for continuing to display the image data stored in the VRAM on the LCD or LED.
  • Numeral 106 is an image capturing unit configured by an image sensor, a lens, and the like, for capturing a photograph or a moving image.
  • the image capturing unit 106 captures an image such as a one-dimensional barcode or a two-dimensional code such as a QR code (registered trademark).
  • Reference numeral 107 is an antenna control unit that controls the output of the antenna 108, and 108 is an antenna that can perform communication in the 2.4 GHz band and/or 5 GHz band for wireless LAN communication.
  • An input unit 109 is used by the user to perform various inputs and operate the communication apparatus 101.
  • the input unit 109 stores a flag corresponding to the input in a memory such as the storage unit 103. Note that the example of FIG.
  • the communication device may have other hardware configurations.
  • the communication device 101 when the communication device 101 is a printer, it may have a printing unit in addition to the configuration shown in FIG. If the communication device 101 is the access point 302, the image capturing unit 106 and the display unit 105 may not be provided.
  • FIG. 2 is a block diagram showing an example of the configuration of a software function block that executes a communication control function described later.
  • each functional block of the communication device 101 is stored in the storage unit 103 as a control program, and the function is implemented by the control unit 102 executing the control program.
  • the control unit 102 realizes each functional block by controlling each hardware and calculating and processing information according to a control program.
  • some or all of the functional blocks may be implemented as hardware.
  • a part or all of the functional block is configured by, for example, ASIC (Application Specific Integrated Circuit).
  • 201 indicates the entire software function block.
  • 202 is a communication parameter control unit.
  • the communication parameter control unit 202 executes communication parameter sharing processing for sharing communication parameters between devices.
  • the providing device provides the receiving device with communication parameters for wireless communication.
  • the communication parameters include wireless communication parameters necessary for performing wireless LAN communication such as SSID (Service Set Identifier) as a network identifier, an encryption method, an encryption key, an authentication method, and an authentication key.
  • SSID Service Set Identifier
  • a connector defined by DPP, a MAC address, a PSK, a pass phrase, an IP address for performing communication in the IP layer, information necessary for higher level services, and the like may be included in the communication parameters.
  • the communication parameter sharing process executed by the communication parameter control unit 202 is assumed to be DPP.
  • the communication parameter sharing process executed by the communication parameter control unit 202 may be another process such as WPS (Wi-Fi Protected Setup) or Wi-Fi Direct, and is not limited to DPP.
  • WPS Wi-Fi Protected Setup
  • Wi-Fi Direct Wi-Fi Direct
  • the barcode reading control unit 203 is a bar code reading control unit.
  • the barcode reading control unit 203 analyzes an image such as a one-dimensional barcode captured by the capturing unit 106 or a two-dimensional code such as a QR code (registered trademark), and acquires encoded information.
  • the barcode reading control unit 203 photographs the code information including the public key used when executing the communication parameter sharing process by the photographing unit 106, and acquires the photographed image.
  • the code information may be a two-dimensional code such as a CP code or a QR code (registered trademark) or a one-dimensional code such as a bar code.
  • the barcode reading control unit 203 analyzes the image of the code information acquired by the image capturing of the image capturing unit 106, and acquires the encoded information.
  • the code information may include information used in the communication parameter sharing process.
  • the information used in the communication parameter sharing process is information such as the public key and the device identifier used in the authentication process.
  • the public key is information used to enhance security during the communication parameter sharing process, and may be information such as a certificate or a password.
  • the public key is a kind of encryption key used in the public key cryptosystem.
  • Reference numeral 204 denotes a bar code generation control unit, which executes control for generating a one-dimensional bar code, a two-dimensional code such as a QR code (registered trademark), and displaying the two-dimensional code on the display unit 105.
  • the barcode generation control unit 204 generates code information including information such as a public key used when executing the communication parameter sharing process and an identifier of the communication device.
  • 205 is a service control unit in the application layer.
  • the application layer here refers to the service providing layer in the upper layers of the fifth layer and above in the OSI reference model.
  • the service control unit 205 executes print processing, image streaming processing, file transfer processing, and the like using wireless communication by the wireless unit 104.
  • Reference numeral 206 is a packet receiving unit
  • 207 is a packet transmitting unit, which controls transmission/reception of all packets including upper layer communication protocols. Also, the packet reception unit 206 and the packet transmission unit 207 control the wireless unit 104 in order to perform transmission and reception of packets conforming to the IEEE 802.11 standard with the opposite device.
  • a station function control unit 208 provides a STA function that operates as a station (STA) in the infrastructure mode defined in the IEEE 802.11 standard.
  • the station function control unit 208 performs authentication/encryption processing and the like when operating as a STA.
  • An access point function control unit 209 provides an AP function that operates as an access point (AP) in the infrastructure mode defined by the IEEE 802.11 standard.
  • the AP function control unit 209 forms a wireless network and performs authentication/encryption processing for the STA and management of the STA.
  • a data storage unit 210 controls writing and reading of software itself, communication parameters, and barcode information to the storage unit 103. When the communication device 101 is the access point 302, the bar code reading control unit 203 and the station function control unit 208 do not have to exist.
  • the access point 302 builds a wireless network 303, and the smartphone 304 holds communication parameters connectable to the access point 302.
  • the communication parameter acquisition method in the smartphone 304 may use an existing protocol such as WPS or AOSS when the access point 302 does not support DPP.
  • WPS Wireless Fidelity
  • AOSS Advanced System for Mobile Communications
  • the access point 302 supports DPP
  • automatic setting using DPP or the like may be used.
  • the user may manually input using the input unit 109.
  • FIG. 4 is a diagram showing an example of an operation sequence between the communication devices of this embodiment.
  • An operation sequence (a processing operation sequence executed between the access point 302, the smartphone 304, and the printer 305) between the communication devices according to the present embodiment will be described with reference to FIG.
  • the sequence of the printer 305 shown in FIG. 4 is roughly divided into the following three processes.
  • the first process is a process (F400, F401) in which the printer 305 acquires information regarding communication parameters of the wireless network from another communication device (smartphone 304) and sets communication parameters.
  • the DPP acquires the information about the communication parameter setting process, and acquires and sets the communication parameter.
  • the communication parameter for communication via the wireless network is shared between the printer 305 and the access point 302 based on the acquired communication parameter, and the encryption key is set based on the communication parameter.
  • Processing (F403 to F404).
  • the process for sharing the communication parameter is executed based on the information about the communication parameter setting process, and includes, for example, the Network Induction procedure specified by DPP.
  • the third process is a process (F405 to F412) of establishing communication by the wireless network between the access point 302 and the printer 305 based on the shared communication parameter and the set encryption key. This third processing includes, for example, 4-Way Handshake.
  • the process shown in FIG. 4 will be described in more detail.
  • FIG. 4 shows a state in which the access point 302 and the printer 305 are used as an enrollee device and the smartphone 304 is used as a configurator device to establish a network. Since the configurator manages all the devices in the network to set the communication parameters in the DPP, first, the smartphone 304 is used to acquire information about the communication parameter setting process of the access point 302 (F400). After that, the acquisition of the information regarding the communication parameter setting process of the printer 305 and the setting of the communication parameter are performed using the smartphone 304 (F401).
  • the information regarding the communication parameter is, for example, the information included in the DPP Credential, and the details thereof are as defined by the DPP specifications.
  • the procedure for the printer 305 to connect to the network constructed by the access point 302 is started.
  • the communication parameters are shared and the encryption key (PMK) is set between the printer 305 and the access point 302.
  • the printer 305 transmits a DPP connection request signal (DPP connection request) to the access point 302 (F403). That is, the printer 305 sends a Peer Discovery Request to the access point to start the Network Induction sequence specified by the DPP.
  • DPP connection request DPP connection request signal
  • the printer 305 cannot identify the access point 302 to be connected before the connection request signal is transmitted. Therefore, the printer 305 performs a partner device search (F402) defined by the IEEE 802.11 standard before transmitting the connection request signal.
  • a partner device search F402
  • the connection request signal may be transmitted as a broadcast packet to all devices on the network.
  • the access point 302 Upon receiving the DPP connection request (F403) from the printer 305, the access point 302 sends a DPP connection response to the printer 305 as a response (F404).
  • the following three confirmations (1) to (3) are performed based on the information passed from the configurator device to each enrollee device. From these confirmations, it can be determined that the printer 305 and the access point 302 can be connected to each other.
  • the following confirmation contents are specified in the Network Induction Exchange in DPP.
  • the access point 302 and the printer 305 calculate PMK (Pairwise Master Key) during the DPP connection request/response by F403 and F404.
  • the calculation of PMK is realized, for example, by establishing PMKSA information between the printer 305 and the access point 302 based on the communication parameters of the DPP specifications set for the access point 302 and the printer 305 from the smartphone 304. ..
  • a hash value called PMKID (PMK Identifier) is calculated based on the calculated PMK by the method defined in the IEEE 802.11 standard.
  • a communication parameter for wireless communication between the printer 305 and the access point 302 via the wireless network is shared by the DPP connection request and the DPP connection response, and the encryption key (PMK) is set.
  • the connection process for example, the transmission and reception of the Authentication packet (F405, F406) are performed as defined by the IEEE 802.11 standard.
  • the transmission and reception of the Association Request packet and the Association Response packet (F407, F408) are performed.
  • 4-Way Handshaking is performed (F409 to F412) to generate an actual session key (PTK (Pairwise Transient Key) according to the IEEE 802.11 standard) based on the PMK.
  • PTK Packed Access
  • WPA Wi-Fi Protected Access
  • connection process When the connection process is completed as described above, data communication can be performed between the printer 305 and the access point 302. After that, when the printer 305 reconnects to the access point 302, the PMKID based on the PMK generated as described above is added to the Association request packet and transmitted. As a result, the printer 305 and the access point 302 can perform reconnection processing based on the IEEE 802.11 standard without performing F403 and F404. That is, when the printer 305 reconnects to the access point 302 after the encryption key for communication is set, the procedure (F403 to F404) for sharing the communication parameters and setting the encryption key (PMK) is omitted. Then, the setting of the encryption key used for wireless communication (F405 to F412) is started.
  • the Access Point 302 When the Access Point 302 receives the Association Request Packet (F407) to which the PMKID is added, the access point 302 internally searches whether there is PMKSA information or PMK information associated with the added PMKID. If the information associated with the PMKID information exists, the access point 302 determines that the Association request packet (F407) is a reconnection request, and if it does not exist, the access point 302 determines that it is the first connection request after parameter setting by DPP. can do.
  • the exchange of the DPP connection request (F403) and the DPP connection response (F404) described above is not performed, and the confirmation of the above (1) to (3) is not performed. That is, the process corresponding to the generation of Network Induction Exchange and PMK in DPP is omitted. As a result, it is possible to shorten the time required for connection at the time of reconnection.
  • the connection process will be performed from the beginning without omitting F403 and F404.
  • F403 and F404 considering the convenience to the user, it may be automatically performed without displaying anything on the display unit 105, or to remind the user.
  • a message indicating that the authentication process will be re-executed may be displayed.
  • the printer 305, the access point 302, or both of them need to re-execute the DPP processing (F400, F401) by the smartphone 304. In this case as well, in consideration of the convenience to the user, it may be automatically performed without displaying anything on the display unit 105, or a message indicating that the authentication process is re-executed is displayed to alert the user. May be.
  • PMKID information is added to the Association Request packet at the time of reconnection, but the present invention is not limited to this.
  • the PMKID information may be added to the Probe Request signal for the printer 305 to search for an access point.
  • the access point 302 can be configured to add the PMKID to the Beacon signal or the Probe Response signal.
  • FIG. 5 and 6 are flowcharts showing an operation example of the communication device 101 (communication parameter control unit 202) according to this embodiment.
  • the flowchart in FIG. 5 shows the operation of the printer 305.
  • the printer 305 is in a state in which communication parameter setting processing by DPP with the smartphone 304 has been completed.
  • An operation flow when connecting to the access point 302 in this state will be described.
  • the flowchart of FIG. 6 shows the operation of the access point 302.
  • the access point 302 is also in a state in which the communication parameter setting process by DPP with the smartphone 304 has been completed.
  • the printer 305 determines whether or not the connection to the access point 302 this time is a reconnection to the access point 302 after the encryption key is set by the 4-Way Handshake described above. In this embodiment, for example, the determination is made in the following S501 and S502.
  • the access point 302 to be the target of communication connection is searched by searching for a partner device (S501). In this example, the device search is performed by detecting the Beacon signal.
  • the printer 305 detects the Beacon signal from the access point that is the target of the communication connection, the printer 305 determines whether or not the Beacon signal includes the PMKID corresponding to the PMKSA information held by itself.
  • the PMKID may be included in the Probe Response, and in that case, the printer 305 performs the above-mentioned processing for the PMKID included in the Probe Response.
  • the printer 305 determines whether or not there is a connection history with the access point 302 (S502).
  • whether or not there is a connection history is whether or not at least one of the MAC address information, BSSID information, PMKSA information, etc. of the access point 302 is stored. Since the smartphone 304 does not pass device-specific information such as the MAC address of the access point 302 to the printer 305 in the DPP process, it is possible to determine that there is a connection history by holding the MAC address.
  • the printer 305 transmits the DPP connection request (F403) described in FIG. 4 to the access point 302 (S503), and waits for the DPP connection response (F404) from the access point 302 (S504). If the DPP connection response is not received in S504 and it is determined that the processing is ended in error, this processing ends.
  • step S504 when the DPP connection response is not received even after the DPP connection request is retransmitted a predetermined number of times, the printer 305 determines that the processing according to the DPP connection request ends in error.
  • a DPP connection response may be waited for a predetermined time in response to a single DPP connection request, and if no DPP connection response is received even after the predetermined time elapses, it may be determined that an error end has occurred.
  • the printer 305 Upon receiving the DPP connection response (YES in S504), the printer 305 confirms the content of the DPP connection response received from the access point 302 (S505).
  • the contents to be confirmed here include the confirmation of (1) to (3) described in F403 to F404 of FIG. 4, for example.
  • the access point 302 may confirm these confirmation contents and add the result to the DPP connection response for transmission. In that case, the printer 305 omits the content confirmation and adopts the confirmation result by the access point 302. At this time, the printer 305 sets PMK.
  • the printer 305 transmits and receives Authentication packets (F405 to F406) according to the IEEE 802.11 standard (S506). Then, the printer 305 transmits/receives the Association Request (F407, F408) (S507).
  • the printer 305 determines that the Association Response indicates success (normal response), it performs 4-Way Handshake to generate an encryption key used for communication by the wireless network (S508).
  • the encryption key generated here is, for example, a session key (PTK defined in the IEEE 802.11 standard).
  • the printer 305 can perform data communication with secured security with the access point 302.
  • the Association Response indicates failure
  • this process ends.
  • the Association Response indicates failure, the process may be restarted from the DPP connection in S503.
  • the printer 305 holds the PMKSA information defined in the IEEE 802.11 standard as the connection history information. In this case, the printer 305 sets PMKID information that is a hash value based on the PMKSA information that it holds (S509). When the PMKID is held, it may be read and set. Then, the printer 305 adds the PMKID set in S509 as additional information to the Association Request and transmits it to the access point 302 (S510).
  • the access point 302 that has received the Association Request to which the PMKID has been added determines whether or not there is PMKSA information corresponding to the PMKID (described later with reference to FIG. 6). If the PMKSA information corresponding to the PMKID is present, the access point 302 determines that the requested connection is a reconnection, and returns “success” as the Association Response. If there is no PMKSA information corresponding to the PMKID added to the Association Response, the access point 302 determines that the requested connection is the first connection, and returns "Failure” as the Association Response.
  • the printer 305 determines whether the Association Response to the Association Request sent in S510 is successful or unsuccessful (S511). If it is determined in S511 that the job is successful, the printer 305 executes 4-Way Handshaking to generate an actual session key (PTK according to the IEEE 802.11 standard) (S508). Thus, the processes of S503 to S507 are omitted. On the other hand, if it is determined to be unsuccessful in S511, it means that the PMKSA information corresponding to the PMKID added to the Association Request does not exist in the access point 302, and the process returns to S503. In this way, the printer 305 restarts the connection process from the transmission of the DPP connection request.
  • the printer 305 may re-execute S503 without displaying anything on the display unit 105 in consideration of the convenience to the user, or may re-execute the authentication process to remind the user. You may display that it does and re-execute S503.
  • the flowchart of FIG. 5 shows an example of re-executing from the DPP connection request (S503) in the case of NO in S511, but the present invention is not limited to this.
  • the parameter setting process (F401) with the smartphone 304 may be redone.
  • the processing from F401 may be redone.
  • the access point 302 returns an Association Response indicating failure, but the present invention is not limited to this.
  • the access point 302 may return an Association Response indicating success but not start 4-Way Handshake.
  • the printer 305 waits for the start of 4-Way Handshake for a predetermined time. Then, when the 4-Way Handshake does not start within a predetermined time, the printer 305 may perform the disconnection process and then start the process from S503 of the flowchart shown in FIG. Further, even when the result in S501 is Yes, if the PMKID included in Beacon or the like has expired, the printer 305 proceeds to S503 instead of S509 and transmits the DPP connection request. You may do it.
  • the access point 302 When there is a PMKID generated in the communication with another communication device that is not currently in communication connection (YES in S601), the access point 302 adds the PMKID to Beacon (S602) and transmits it (S603). ). If the corresponding PMKID does not exist in S601, Beacon to which the PMKID is not added is transmitted (S603). Then, the access point 302 waits for a DPP connection request signal or an Association Request from another communication device (S604, S610). The configuration may be such that normal Beacon is transmitted, in which case S601 and S602 are omitted. Instead of or in addition to the processing of S602 to S603, PMKID may be added to the probe response and transmitted.
  • the access point 302 Upon receiving the DPP connection request (YES in S604), the access point 302 confirms the content of the DPP connection request (S605).
  • the contents to be confirmed here include the confirmation of (1) to (3) described in F403 to F404 of FIG. 4, for example.
  • the access point 302 transmits a DPP connection response to the transmission source of the DPP connection request.
  • the confirmation result of S605 may be added to the DPP connection response.
  • the access point 302 executes Authentication (F405 to F406) and Association (F407, F408) according to the IEEE 802.11 standard (S607 to S608).
  • 4-Way Handshake is started for the communication device that is the sender of the Association Request (S609).
  • the process proceeds from S610 to S611.
  • the access point 302 confirms whether or not the PMKID is added to the received Association Request. If the PMKID is not added (NO in S611), the access point 302 sends an Associate Response (failure) to the sender of the Association Request (S615).
  • the access point 302 searches the PMKSA information corresponding to the PMKID (S612). When the corresponding PMKSA information is retrieved (YES in S613), the access point 302 transmits an Associative Response (success) to the source of the Association Request (S614). Then, the access point 302 executes 4-Way Handshake with the device that is the sender of the Association Request (S609). In this way, when the information specifying the already set encryption key is added to the Association Request that instructs the setting start of the encryption key used for communication by the wireless network, the access point 302 sets the encryption key used for communication. To start. As a result, the sharing procedure in S605 to S606 is omitted, and the time required for connection processing is shortened.
  • the access point 302 sends an Associate Response (failure) to the source of the Association Request (S615). In this case, 4-Way Handshake in S609 is not executed. Note that if NO in S613, the Association Response (failure) is transmitted, but the present invention is not limited to this.
  • the access point 302 may control so as to transmit the Association Response (success) in the case of NO in S613 and not start the 4-Way Handshake in S609.
  • the access point 302 manages the PMKID and the expiration date in the PMKSA information in association with each other, and confirms in S612 whether the PMKID has expired. To do. Then, if the expiration date has not expired, the result in S613 is Yes, and if the expiration date has expired, that is, if the PMKID is invalid, the result in S613 is No. Alternatively, the access point 302 may delete the information about the expired PMKID from the PMKSA information. Even with such a configuration, the same effect can be obtained.
  • the procedure up to the connection can be switched depending on the presence or absence of the connection history between the AP and the STA after setting the communication parameters by the DPP, and particularly the procedure at the time of reconnection is simplified. It becomes possible to do.
  • the configuration for exchanging the information for setting the communication parameters between the devices by using the image of the QR code has been described.
  • wireless communication such as NFC or Bluetooth (registered trademark) may be used.
  • wireless communication such as IEEE 802.11ad or TransferJet (registered trademark) may be used.
  • the QR code (registered trademark) to be read is not only the QR code (registered trademark) displayed on the display unit but also the QR code (registered trademark) attached to the housing of the communication device in a form such as a sticker. You may. Further, the QR code (registered trademark) to be read may be attached to an instruction manual or a package such as a cardboard at the time of selling the communication device. Further, a barcode or a two-dimensional code may be used instead of the QR code (registered trademark). Further, in place of the machine-readable information such as the QR code (registered trademark), information in a format that the user can read may be used.
  • a wireless communication medium such as a wireless USB, Bluetooth (registered trademark), ZigBee, or NFC may be used.
  • UWB includes wireless USB, wireless 1394, WINET, and the like.
  • the wireless LAN access point provides the wireless parameter
  • the present invention is not limited to this.
  • the group parameter of Wi-Fi Direct may provide the wireless parameter.
  • the present invention supplies a program that implements one or more functions of the above-described embodiments to a system or apparatus via a network or a storage medium, and one or more processors in a computer of the system or apparatus read and execute the program. It can also be realized by the processing. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/JP2019/042483 2018-11-29 2019-10-30 通信装置、通信装置の制御方法及びプログラム Ceased WO2020110575A1 (ja)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/328,915 US12167235B2 (en) 2018-11-29 2021-05-24 Communication apparatus, control method of communication apparatus and non-transitory computer-readable storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2018223974A JP7121646B2 (ja) 2018-11-29 2018-11-29 通信装置、通信装置の制御方法及びプログラム
JP2018-223974 2018-11-29

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/328,915 Continuation US12167235B2 (en) 2018-11-29 2021-05-24 Communication apparatus, control method of communication apparatus and non-transitory computer-readable storage medium

Publications (1)

Publication Number Publication Date
WO2020110575A1 true WO2020110575A1 (ja) 2020-06-04

Family

ID=70853684

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/042483 Ceased WO2020110575A1 (ja) 2018-11-29 2019-10-30 通信装置、通信装置の制御方法及びプログラム

Country Status (3)

Country Link
US (1) US12167235B2 (enExample)
JP (1) JP7121646B2 (enExample)
WO (1) WO2020110575A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12432804B2 (en) 2020-06-16 2025-09-30 Canon Kabushiki Kaisha Communication apparatus, communication method, and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2023137428A (ja) * 2022-03-18 2023-09-29 ブラザー工業株式会社 端末装置のためのアプリケーションプログラム、端末装置、及び、通信装置

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010093585A (ja) * 2008-10-08 2010-04-22 Fujitsu Ltd ネットワーク接続制御プログラム及び方法、ネットワーク接続プログラム及び方法、認証装置
JP2017130971A (ja) * 2017-03-30 2017-07-27 カシオ計算機株式会社 無線通信方法及びプログラム
US20170295448A1 (en) * 2016-04-08 2017-10-12 Blackberry Limited Managed object to provision a device according to one of plural provisioning techniques
US20180109381A1 (en) * 2016-10-19 2018-04-19 Qualcomm Incorporated Configurator key package for device provisioning protocol (dpp)
US20180109418A1 (en) * 2016-10-19 2018-04-19 Qualcomm Incorporated Device provisioning protocol (dpp) using assisted bootstrapping
US20180278625A1 (en) * 2017-03-24 2018-09-27 Qualcomm Incorporated Exchanging message authentication codes for additional security in a communication system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7395427B2 (en) * 2003-01-10 2008-07-01 Walker Jesse R Authenticated key exchange based on pairwise master key
US7275157B2 (en) * 2003-05-27 2007-09-25 Cisco Technology, Inc. Facilitating 802.11 roaming by pre-establishing session keys
US7672459B2 (en) * 2005-02-18 2010-03-02 Cisco Technology, Inc. Key distribution and caching mechanism to facilitate client handoffs in wireless network systems
US9143937B2 (en) * 2011-09-12 2015-09-22 Qualcomm Incorporated Wireless communication using concurrent re-authentication and connection setup
US8744439B2 (en) * 2011-10-07 2014-06-03 Apple Inc. Methods and apparatus for intelligent initiation of connections within a network
EP3379789A1 (en) * 2017-03-20 2018-09-26 Koninklijke Philips N.V. Mutual authentication system
JP7024559B2 (ja) * 2018-03-30 2022-02-24 ブラザー工業株式会社 端末装置のためのコンピュータプログラム、端末装置、通信装置、及び、通信装置のためのコンピュータプログラム
JP7155581B2 (ja) * 2018-03-30 2022-10-19 ブラザー工業株式会社 通信装置と通信装置のためのコンピュータプログラム
US10169587B1 (en) * 2018-04-27 2019-01-01 John A. Nix Hosted device provisioning protocol with servers and a networked initiator
US12185104B2 (en) * 2022-02-16 2024-12-31 Cypress Semiconductor Corporation System and method for efficient onboarding to a wireless network of a group of WLAN devices owned by a user

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010093585A (ja) * 2008-10-08 2010-04-22 Fujitsu Ltd ネットワーク接続制御プログラム及び方法、ネットワーク接続プログラム及び方法、認証装置
US20170295448A1 (en) * 2016-04-08 2017-10-12 Blackberry Limited Managed object to provision a device according to one of plural provisioning techniques
US20180109381A1 (en) * 2016-10-19 2018-04-19 Qualcomm Incorporated Configurator key package for device provisioning protocol (dpp)
US20180109418A1 (en) * 2016-10-19 2018-04-19 Qualcomm Incorporated Device provisioning protocol (dpp) using assisted bootstrapping
US20180278625A1 (en) * 2017-03-24 2018-09-27 Qualcomm Incorporated Exchanging message authentication codes for additional security in a communication system
JP2017130971A (ja) * 2017-03-30 2017-07-27 カシオ計算機株式会社 無線通信方法及びプログラム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12432804B2 (en) 2020-06-16 2025-09-30 Canon Kabushiki Kaisha Communication apparatus, communication method, and storage medium

Also Published As

Publication number Publication date
JP2020088742A (ja) 2020-06-04
JP7121646B2 (ja) 2022-08-18
US12167235B2 (en) 2024-12-10
US20210282008A1 (en) 2021-09-09

Similar Documents

Publication Publication Date Title
JP6702833B2 (ja) 通信装置、通信装置の制御及びプログラム
JP6794191B2 (ja) 通信装置、通信方法、及びプログラム
JP6716399B2 (ja) 通信装置、通信装置の制御方法及びプログラム
JP6759011B2 (ja) 通信装置、通信方法、及びプログラム
CN110115099B (zh) 通信设备、控制方法和计算机可读存储介质
JP6614983B2 (ja) 通信装置、通信方法、プログラム
CN112655272B (zh) 通信装置、通信方法和非暂时性计算机可读存储介质
JP2017135519A (ja) 通信装置、通信方法、プログラム
JP6482299B2 (ja) 通信装置、通信装置の制御方法及びプログラム
US10966261B2 (en) Communication apparatus, communication method, and program
US10575171B2 (en) Communication apparatus, communication method, and storage medium
JP6704738B2 (ja) 通信装置、通信方法及びプログラム
JP2016201670A (ja) 通信装置、通信装置の制御方法、プログラム
JP6472259B2 (ja) 通信装置、通信装置の制御方法、プログラム
CN109565892B (zh) 一种通信装置、通信方法和计算机可读存储介质
US12167235B2 (en) Communication apparatus, control method of communication apparatus and non-transitory computer-readable storage medium
JP2018042057A (ja) 通信装置、通信装置の制御方法及びプログラム
JP2016213614A (ja) 通信装置、通信装置の制御方法、プログラム
JP2021177659A (ja) 通信装置、制御方法及びプログラム
JP2024089493A (ja) 通信装置、通信装置の制御方法及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19890235

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19890235

Country of ref document: EP

Kind code of ref document: A1