JP2022188744A - Communication device, communication method, and program - Google Patents

Abstract

To improve security when communication in accordance with the IEEE802.11be standard is to be performed with other communication devices.SOLUTION: A communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA 3 method executes authentication using the WPA 3 method on the basis of communication with the other communication device in a state in which a plurality of links is established with other communication devices.SELECTED DRAWING: Figure 7

Description

The present invention relates to transmission and reception of operational parameters in wireless communication.

Wireless LAN (Local Area Network) technology is standardized by IEEE802.11, which is a standardization body for wireless LAN technology. /ax, etc. Here, IEEE is an abbreviation for Institute of Electrical and Electronics Engineers.

IEEE 802.11ax, which is described in Patent Document 1, uses OFDMA to achieve a high peak throughput of up to 9.6 gigabits per second (Gbps) and an improvement in communication speed under congestion conditions. OFDMA is an abbreviation for Orthogonal Frequency-Division Multiple Access.

In order to further improve throughput, a Task Group was launched to formulate IEEE802.11be as a successor to IEEE802.11ax.

On the other hand, in order to guarantee interconnection of wireless LAN technologies, standards have been formulated by the Wi-Fi Alliance, and WPA3, which is a more secure authentication program, is being standardized. WPA is an abbreviation for Wi-Fi Protected Access.

JP 2018-50133 A

A communication device that communicates in accordance with the communication method defined by IEEE802.11be is considered to be compatible with WPA3 authentication and encryption technology. However, in order to ensure mutual compatibility, WPA and WPA2, which are widely used authentication methods, may be used for authentication. Therefore, WPA or WPA2 is used for authentication and encryption to perform communication even though WPA3, which is an authentication method that enables more secure authentication and encryption, can be used for authentication and encryption. This could pose a safety problem.

SUMMARY OF THE INVENTION In view of the above problems, an object of the present invention is to improve safety when communicating with another communication device in compliance with the IEEE802.11be standard.

In order to achieve the above object, a communication device of the present invention is a communication device capable of performing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method, wherein establishing means for establishing a link between the communication device and another communication device; and control means for controlling authentication for executing communication with the other communication device, wherein the control means performing authentication using the WPA3 method based on communicating with the other communication device with a plurality of links established between the communication device and the other communication device by the establishing means; Characterized by

Further, the communication device of the present invention is a communication device capable of performing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method, and operating as a communication access point. communication means for communicating with another communication device operating as an access point; and control means for controlling authentication of communication with the other communication device, wherein the control means controls the communication device and the other communication device It is characterized in that authentication using the WPA3 method is executed based on cooperative operation with the communication device.

Further, the communication device of the present invention is a communication device capable of performing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method, and is communication means for communicating with another communication device. and control means for controlling authentication of communication with said other communication device, wherein said control means controls said communication device to conform to a first communication method and a second communication method of the IEEE802.11 standard series. wherein authentication using the WPA3 method is executed based on communication in compliance with the first communication method with the other communication device by the communication means in a state in which compliant communication can be performed. do.

Further, a communication device of the present invention is a communication device capable of executing authentication using a first security method and authentication using a second security method, and is capable of performing other communication with the communication device via a frequency channel. establishing means for establishing a link between devices; and control means for controlling authentication for executing communication with the other communication device, wherein the control means establishes a connection with the communication device by the establishing means. performing authentication using the second security method based on communicating with the other communication device while establishing a plurality of links with the other communication device; Authentication is performed using the first security method or the second security method based on communicating with the other communication device while establishing a single link with the other communication device. characterized by

Further, a communication device of the present invention is a communication device capable of executing authentication using a first security method and authentication using a second security method, and operating as a communication access point. and a control means for controlling authentication of communication with the other communication device, and the control means controls the communication between the communication device and the other communication device by the communication means. authentication using the second security scheme is performed based on cooperative operation between the communication device and the other communication device. The authentication is performed using the first security scheme or the second security scheme.

Further, a communication device of the present invention is a communication device capable of executing authentication using a first security method and authentication using a second security method, comprising communication means for communicating with another communication device; and control means for controlling authentication of communication with the other communication device, wherein the control means is configured such that the communication device conforms to the first communication method and the second communication method of the IEEE802.11 standard series. performing authentication using the second security scheme on the basis of performing communication in compliance with the first communication scheme with the other communication device by the communication means in a communicable state; authentication using the first security method or the second security method based on communication conforming to the second communication method.

ADVANTAGE OF THE INVENTION According to this invention, when performing communication based on another communication apparatus and IEEE802.11be standard, it becomes possible to improve security.

1 is a diagram showing the configuration of a network in the present invention; FIG. 1 is a diagram showing a hardware configuration of a communication device according to the present invention; FIG. 1 is a diagram showing a functional configuration of a communication device according to the present invention; FIG. It is an example of an element indicating an RSNE assigned according to a security method determined by the communication device 101 of the present invention. It is an example of an element indicating Extended Capability added according to the security method determined by the communication apparatus 101 in the present invention. It is an example of an element indicating RSNXE provided according to the security method determined by the communication apparatus 101 in the present invention. FIG. 4 is a flow chart diagram showing processing for determining a security method by the communication apparatus 101 according to the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. An example of a graphical user interface display in the present invention. FIG. 4 is a flow chart diagram showing processing for determining a security method by the communication apparatus 101 according to the present invention. FIG. 4 is a flow chart diagram showing processing for determining a security method by the communication apparatus 101 according to the present invention.

Embodiments of the present invention will now be described in detail with reference to the accompanying drawings. The configurations shown in the following embodiments are merely examples, and the present invention is not limited to the illustrated configurations.

(Configuration of wireless communication system)
FIG. 1 shows the configuration of a network in which a communication device 102 according to this embodiment participates. Communication device 102 is a station (STA) responsible for participating in network 100 . A communication device 101 is an access point (AP) that has a role of constructing the wireless network 100 . Communication device 101 can communicate with communication device 102 . This embodiment applies to the communication device 101 .

Each of communication device 101 and communication device 102 is capable of performing wireless communication conforming to the IEEE802.11be (EHT) standard. Note that IEEE is an abbreviation for Institute of Electrical and Electronics Engineers. Also, the communication devices 101 and 102 can establish connections via a plurality of frequency channels from any of a plurality of frequency bands and perform multi-link communication. Multiple frequency bands refer to sub-GHz, 2.4 GHz, 3.6 GHz, 4.9 and 5 GHz, 60 GHz, and 6 GHz bands. Also, the communication device 101 and the communication device 102 can communicate using bandwidths of 20 MHz, 40 MHz, 80 MHz, 160 MHz, and 320 MHz. The bandwidth used by each communication device is not limited to this, and different bandwidths such as 240 MHz and 4 MHz may be used.

The communication device 101 and the communication device 102 can implement multi-user (MU) communication in which signals of a plurality of users are multiplexed by executing OFDMA communication conforming to the IEEE802.11be standard. OFDMA stands for Orthogonal Frequency Division Multiple Access. In OFDMA communication, a part of the divided frequency band (RU, Resource Unit) is allocated to each STA so as not to overlap each other, and the carrier waves of each STA are orthogonal. Therefore, the AP can communicate with multiple STAs in parallel within the defined bandwidth.

Although the communication device 101 and the communication device 102 are compliant with the IEEE802.11be standard, in addition to this, they may also be compliant with the legacy standard, which is a standard prior to the IEEE802.11be standard. Specifically, the communication device 101 and the communication device 102 may support at least one of the IEEE802.11a/b/g/n/ac/ax standards. In addition to the IEEE802.11 standard series, other communication standards such as Bluetooth (registered trademark), NFC, UWB, ZigBee, and MBOA may be supported. UWB is an abbreviation for Ultra Wide Band, and MBOA is an abbreviation for Multi Band OFDM Alliance. Also, NFC is an abbreviation for Near Field Communication. UWB includes wireless USB, wireless 1394, WiNET, and the like. Moreover, it may correspond to a communication standard for wired communication such as a wired LAN. Specific examples of the communication device 101 include, but are not limited to, a wireless LAN router and a personal computer (PC). Also, the communication device 101 may be any communication device that can perform wireless communication conforming to the IEEE802.11be standard. Specific examples of the communication device 102 include, but are not limited to, cameras, tablets, smartphones, PCs, mobile phones, video cameras, headsets, and the like. Also, the communication device 102 may be any communication device that can perform wireless communication conforming to the IEEE802.11be standard.

Each communication device can communicate using bandwidths of 20 MHz, 40 MHz, 80 MHz, 160 MHz and 320 MHz.

Further, the communication device 101 and the communication device 102 establish links via a plurality of frequency channels and perform multi-link communication. The IEEE 802.11 series of standards defines the bandwidth of each frequency channel as 20 MHz. Here, the frequency channel is a frequency channel defined in the IEEE802.11 standard series, and in the IEEE802.11 standard series, a plurality of frequency bands are used in each of the 2.4 GHz band, 5 GHz band, 6 GHz band, and 60 GHz band. A frequency channel is defined. A bandwidth of 40 MHz or more may be used in one frequency channel by bonding with adjacent frequency channels. Also, for example, the communication device 101 can communicate with the communication device 102 by establishing a link 103 via a first frequency channel in the 2.4 GHz band. In parallel with this, the communication device 102 can establish a link 104 and communicate with the communication device 101 via a second frequency channel in the 5 GHz band. In this case, the communication device 102 performs multi-link communication maintaining a second link 104 over the second frequency channel in parallel with the link 103 over the first frequency channel. By establishing a link with the communication device 102 via a plurality of frequency channels, the communication device 101 can improve throughput in communication with the communication device 102 . In this embodiment, the link 103 is a 20 MHz connection with 6 channels in the 2.4 GHz band, and the link number is 1 . Assume that the link 104 is a 320 MHz connection with 113 channels in the 6 GHz band, and the link number is 2.

For example, communication device 101 and communication device 102 may establish a third link in the 5 GHz band in addition to link 103 in the 2.4 GHz band and second link 104 in the 6 GHz band. Alternatively, links may be established via a plurality of different channels included in the same frequency band. For example, a 6-channel link in the 2.4 GHz band may be established as the first link, and a 1-channel link in the 2.4 GHz band may be established as the second link. Links with the same frequency band and links with different frequency bands may coexist. For example, in addition to the 6-channel link 103 in the 2.4-GHz band, the communication devices 101 and 102 may establish a 1-channel link in the 2.4-GHz band and a 149-channel link in the 5-GHz band. The communication device 101 establishes a plurality of connections with different frequencies with the communication device 102, so that even if one band is congested, communication can be established with the communication device 102 in the other band. It is possible to prevent deterioration of throughput and communication delay.

Although the wireless network 100 in FIG. 1 is composed of one AP and one STA, the number and arrangement of APs and STAs are not limited to this. For example, one STA may be added to the wireless network in FIG. The frequency band of each link to be established at this time, the number of links, and the frequency width do not matter.

When multi-link communication is performed, the communication device 101 and the communication device 102 divide one piece of data and transmit it to the partner device via a plurality of links.

Further, the communication device 101 and the communication device 102 may be capable of executing MIMO (Multiple-Input And Multiple-Output) communication. In this case, communication device 101 and communication device 102 have multiple antennas, and one transmits different signals from each antenna using the same frequency channel. The receiving side simultaneously receives all signals arriving from multiple streams using multiple antennas, separates and decodes the signals of each stream. By performing MIMO communication in this way, communication device 101 and communication device 102 can communicate more data in the same amount of time than when MIMO communication is not performed. Further, when performing multi-link communication, communication device 101 and communication device 102 may perform MIMO communication on some links.

In this embodiment, the communication device 101 and the communication device 102 are assumed to support WPA2 and WPA3 standards in addition to the WPA (Wi-Fi Protected Access) standard which is a security system. WPA, WPA2, and WPA3 are standards for authentication of a counterpart device and encryption of communication with the counterpart device. Since the communication apparatuses 101 and 102 are compliant with the WPA3 standard, they can use SAE (Simultaneous Authentication of Equals), which is a scheme for sharing an encryption key in the WPA3 standard. In addition, since there is no need to consider interoperability with existing communication devices in 6 GHz communication, the Wi-Fi Alliance decided to authenticate and encrypt 6 GHz communication using WPA3. ing. WPA3 uses AES-CCMP and AES-GCMP instead of TKIP and WEP as encryption methods.

(Configuration of AP and STA)
FIG. 2 shows a hardware configuration example of the communication device 101 in this embodiment. Communication device 101 has storage unit 201 , control unit 202 , function unit 203 , input unit 204 , output unit 205 , communication unit 206 and antenna 207 . A plurality of antennas may be provided.

The storage unit 201 is composed of one or more memories such as ROM and RAM, and stores computer programs for performing various operations described later and various information such as communication parameters for wireless communication. ROM is an abbreviation for Read Only Memory, and RAM is an abbreviation for Random Access Memory. As the storage unit 201, in addition to memories such as ROM and RAM, storage media such as flexible disks, hard disks, optical disks, magneto-optical disks, CD-ROMs, CD-Rs, magnetic tapes, non-volatile memory cards, DVDs, etc. may be used. Also, the storage unit 201 may include a plurality of memories or the like.

The control unit 202 is configured by, for example, one or more processors such as CPU and MPU, and controls the entire communication device 101 by executing computer programs stored in the storage unit 201 . Note that the control unit 202 may control the entire communication device 101 through cooperation between a computer program stored in the storage unit 201 and an OS (Operating System). The control unit 202 also generates data and signals (radio frames) to be transmitted in communication with other communication devices. Incidentally, CPU is an abbreviation for Central Processing Unit, and MPU is an abbreviation for Micro Processing Unit. Also, the control unit 202 may include a plurality of processors such as multi-core processors, and the communication apparatus 101 as a whole may be controlled by the plurality of processors.

The control unit 202 also controls the function unit 203 to perform predetermined processing such as wireless communication, imaging, printing, and projection. The functional unit 203 is hardware for the communication device 101 to execute predetermined processing.

The input unit 204 receives various operations from the user. The output unit 205 performs various outputs to the user via a monitor screen or a speaker. Here, the output from the output unit 205 may be display on a monitor screen, audio output from a speaker, vibration output, or the like. Note that both the input unit 204 and the output unit 205 may be realized by one module like a touch panel. Also, the input unit 204 and the output unit 205 may be integrated with the communication device 101 or may be separate units.

The communication unit 206 controls wireless communication conforming to the IEEE802.11be standard. In addition to the IEEE802.11be standard, the communication unit 206 may control wireless communication conforming to other IEEE802.11 standard series, and wired communication such as a wired LAN. The communication unit 206 controls the antenna 207 to transmit and receive signals for wireless communication generated by the control unit 202 .

Note that if the communication device 101 supports the NFC standard, the Bluetooth standard, etc. in addition to the IEEE802.11be standard, wireless communication may be controlled in compliance with these communication standards. Further, if the communication device 101 can perform wireless communication conforming to a plurality of communication standards, it may be configured to have separate communication units and antennas corresponding to the respective communication standards. The communication device 101 communicates data such as image data, document data, and video data with the communication device 101 via the communication unit 206 . The antenna 207 may be configured separately from the communication unit 206, or may be configured together with the communication unit 206 as one module.

Antenna 207 is an antenna capable of communication in the 2.4 GHz band, 5 GHz band, and 6 GHz band. Although the communication device 101 has one antenna in this embodiment, it may have three antennas. Or you may have a different antenna for every frequency band. Moreover, when the communication device 101 has a plurality of antennas, the communication device 101 may have a communication unit 206 corresponding to each antenna.

Note that the communication device 102 has the same hardware configuration as the communication device 101 .

FIG. 3 shows a block diagram of the functional configuration of the communication device 101 in this embodiment. The communication device 102 also has the same configuration. Here, the communication device 101 is assumed to have a wireless LAN control unit 301 . Although one wireless LAN control unit is provided in FIG. 3, the present invention is not limited to this. Communication device 101 further includes frame generation section 302 , transmission time control section 303 , beacon reception control section 304 , UI control section 305 and storage section 306 , and radio antenna 307 .

The wireless LAN control unit 301 includes an antenna and circuits for transmitting/receiving wireless signals to/from another wireless LAN device, and a program for controlling them. The wireless LAN control unit 301 executes wireless LAN communication control based on the frame generated by the frame generation unit 302 according to the IEEE802.11 standard series.

Frame generation section 302 generates a wireless control frame to be transmitted by wireless LAN control section 301 . The contents of the radio control generated by the frame generation unit 302 may be restricted by settings saved in the storage unit 305 . Also, it may be changed by user setting from the UI control unit 305 . The information of the generated frame is sent to the wireless LAN control section 301 and transmitted to the communication partner.

A communication method determination unit 303 determines a communication format to be used when communicating with a partner based on the received frame received from the wireless LAN control unit 301 and setting information in the UI control unit 305 . Also, the determined communication format is communicated to the authentication method determining unit 306 . After determining the communication method, the wireless LAN control unit 301 communicates with the partner device according to the determined communication method.

Authentication method determination section 304 determines a method for authenticating the counterpart apparatus from information from communication method determination section 303 and setting information in UI control section 305 . Wireless LAN control section 301 authenticates the partner apparatus based on the determined authentication method.

The UI control unit 305 includes hardware related to a user interface, such as a touch panel or buttons for receiving an operation on the AP by a user (not shown) of the AP, and a program for controlling the hardware. Note that the UI control unit 305 also has a function of presenting information such as display of an image or output of sound to the user.

The storage unit 306 is a storage device that can be configured by a ROM, a RAM, and the like that store programs and data for the AP to operate.

FIG. 4 shows RSNE (Robust Security Network element) defined by IEEE802.11. The RSNE is stored in a management frame conforming to IEEE802.11.

Element ID field 401 indicates that the element is an RSNE. That is, the value becomes 48.

A Pairwise Cipher Suite Count field 405 indicates the number of encryption schemes supported. Specific values are shown in the Pairwise Cipher Suite List field 406 . For example, 00-0F-AC-04 corresponds to CCMP-128. When the Pairwise Cipher Suite Count field 405 indicates that a plurality is supported, for example, when the Pairwise Cipher Suite Count field 405 is set to 2, a plurality of 406 are continued. For example, when supporting CCMP-128 and GCMP-128, 00-0F-AC-04 is followed by 00-0F-AC-08. This order may be reversed. Any number of corresponding numbers may be used.

The AKM Suite Count field 407 indicates the number of corresponding authentication schemes. Specific values are shown in the AKM Suite List field 408. In this embodiment, since only WPA3-SAE is assigned to RSNE, AKM Suite Count field 407 is set to 1 and AKM Suite List field 408 is set to 00-0F-AC-08 indicating SAE. Note that this value may be a value specified in WPA3 or later. In other words, when an authentication method with SHA-384 as hash in SAE is added to 00-0F-AC-14, it may be indicated in addition to the above. Also, 00-0F-AC-09 that implements FT (Fast Transition) in SAE may be included. However, 00-0F-AC-02 and 00-0F-AC-06 indicating PSK are not included because only WPA3 corresponds to FT implementation in SAE.

FIG. 5 shows Extended Capabilities defined in IEEE802.11. Extended Capabilities are stored in a management frame conforming to IEEE802.11.

The fields shown here are an Element ID field 501, a Length field 502, and an Extended Capabilities field 503 from the beginning.

Among said fields 503 are SAE Password Identifiers In Use subfield 504 and SAE Password Identifiers Used Exclusively subfield 505 . These fields are enabled when using a Password ID that can set an ID for changing the password for each user when constructing a network with the same SSID. For example, if a part of the constructed network has a Password ID, the SAE Password Identifiers In Use subfield 504 is enabled. If all constructed networks have Password IDs, subfields 504 and 505 are enabled.

The values stored in the subfields in the Extended Capabilities field 503 may be valid, for example, when building a network for Multi-Link communication in addition to an existing network. For example, when connecting to a network for Multi-Link communication, by requiring a Password ID, it is possible to force a connection using an authentication method corresponding to the Password ID. In order to make the Passowrd ID mandatory, for example, it is conceivable to prepare a bit that the compatible device must be connected by a predetermined method, and to set the bit.

Also, for example, when building a network with Multi-Link communication, the SAE Password Identifiers In Use subfield 504 may be enabled without fail. It is conceivable that the security will be improved because the Password ID increases the secrecy of the password. Therefore, by always validating the Password ID when using Multi-Link communication, the AP can construct a network with higher security. Conversely, the STA can also control an AP that constructs a network for Multi-Link communication as unreliable and not connect to it even though SAE Password Identifiers In Use is disabled. Also, when an STA that does not correspond to Password ID requests a connection, the AP may treat the STA as untrustworthy and not connect to it.

FIG. 6 shows RSNXE (RSN Extension element) defined by IEEE802.11. RSNXE is stored in a management frame conforming to IEEE802.11.

The fields shown here are an Element ID field 601, a Length field 602, and an Extended RSN Capabilities field 603 from the beginning.

The SAE hash-to-element subfield 606 indicates compatibility with the H2E (Hash to Element) method among the SAE authentications defined by WPA3. The SAE-PK subfield 607 indicates that the SAE authentication corresponds to the SAE-PK (SAE Public Key) method.

SAE hash-to-element is one of SAE authentication schemes, and can pre-calculate parameters to be exchanged off-line. This makes it possible to prevent side-channel attacks in which a calculated value is estimated based on the calculation time, thereby enhancing security.

Therefore, for example, the SAE hash-to-element subfield 606 or the SAE-PK subfield 607 may be enabled whenever multi-link communication is performed. By enabling SAE hash-to-element whenever Multi-Link is used, it becomes possible to perform communication built on a network with higher security. Conversely, while the SAE hash-to-element is invalidated, the communication device 102 can determine that the APs constructing the multi-link network are unreliable and should not be connected. Furthermore, when an STA that does not support SAE hash-to-element requests a connection, the AP can determine that the STA is unreliable and will not connect.

Also, SAE-PK is one of the SAE authentication methods, and is a method for confirming whether the STA is trying to connect to a legitimate AP. If the AP with which the STA is trying to establish a connection is a fake AP, the STA can determine that it is a fake AP by verifying the value. This can contribute to improving security in public wireless LANs. Therefore, by enabling SAE-PK whenever Multi-Link communication is used, the communication device 102 can construct a network with higher security. Conversely, even though the SAE-PK is invalid, the STA can determine that the AP that constructs the network for Multi-Link communication is unreliable and will not be connected. Furthermore, when an STA that does not support SAE-PK connects to the AP, it can be determined that the STA is unreliable and will not be connected.

Regarding Password ID, SAE hash-to-element, and SAE-PK mentioned above, as a connection judgment condition between AP and STA, connect only when any one of them is supported. may be left unconnected.

(Processing flow)
(Embodiment 1)
7, WPA3 is selected when Multi-Link communication is selected by the control unit 202 executing the program stored in the storage unit 201 of the communication device 101. The flow of processing for controlling to Multi-Link communication is a technology under study in the IEEE802.11be standard, and communication devices capable of executing Multi-Link communication are likely to support WPA3. Therefore, when multi-link communication is performed, authentication is performed using WPA3, which allows authentication to be performed more securely. It is assumed that the communication device 101 has at least a wireless LAN control unit capable of Multi-Link communication.

This flowchart is started when the communication apparatus 101 constructs the network or when the user instructs to change the network settings.

First, the communication device 101 displays a wireless setting screen to the user (S701). The details of the screen displayed at this time will be described later. Next, it is determined whether or not Multi-Link communication is selected in the item for setting Multi-Link communication (S702). A method of determining whether or not Multi-Link communication is selected in S702 will be described later with reference to display examples shown in FIGS. If it is determined in S702 that the Multi-Link communication has been selected, it is checked whether or not there is an STA that has already established a connection with the communication apparatus 101 via a single Link (S703). In S703, if there is an STA that has established a connection with the communication apparatus 101 via a single Link, it is determined whether or not a connection has been established with the STA using an authentication method prior to WPA2 (S704). In S704, if the STA has established a connection with an authentication method earlier than WPA2, if the network is constructed again with Multi-Link, authentication will be performed only with WPA3. Therefore, if the connection is established by the authentication method before WPA2, it may not be possible to reconnect with the existing STA. Therefore, the communication apparatus 101 displays a warning to the user that the connection with the existing STA may be cut off by constructing a new network, and reconnection may become impossible (S705). Alternatively, the user is notified that a multi-link network will be constructed separately from the existing network. When constructing a network for Multi-Link separately from the existing network, it is desirable to encourage setting to an SSID or BSSID different from that of the existing network. In other words, if the same value as an existing SSID is entered in the SSID setting item, a warning display may be displayed or the network construction button may be disabled. If the user accepts the warning displayed in S705 (Yes in S706), the multi-link network construction setting is permitted, and only WPA3-SAE is set as Beacon or Probe Response, AKM Suite List field included in RSNE of Association Response. 408 (S707). Alternatively, when the present invention is applied to the communication device 102, it is added to the AKM Suite List field 408 included in the RSNE of Probe Request or Association Request.

When a network authenticated and encrypted by WPA3-SAE is established, the communication device 101 waits until it receives a connection request from the opposite device (S709). Alternatively, when the present invention is applied to the communication device 102, it searches for a counterpart device and transmits a connection request to the counterpart device that meets the conditions. Here, the connection request refers to a probe request or an association request conforming to the IEEE802.11 standard.

When the communication device 101 receives the connection request from the counterpart device, it confirms whether or not the counterpart device is in a state capable of executing Multi-Link communication and compatible with WPA3 (S711). Specifically, it is checked whether or not the AKM Suite List field 408 of the Probe Request or Association Request received in S709 contains information indicating that WPA3 can be supported.

If the opposite device is not in a state in which Multi-Link communication can be executed, or if WPA3 is not used to request connection, the connection is refused (S712). Here, in S712, in addition to rejecting the connection, another network may be recommended.

Alternatively, in S712, if Multi-Link communication is not executable, that is, if a connection is established via Single Link, processing may proceed to proceed with authentication in response to a WPA2 connection request. . As described above, if Passowrd ID, SAE hash-to-element, and SAE-PK are required in connection with Multi-Link communication, these can be used as conditions for connection approval in addition to WPA3 determination here. good. When the present invention is applied to the communication device 102, when searching for an AP, a connection request is transmitted only to an AP that builds a network that satisfies the above.

If the connection request from the STA satisfies the conditions, the communication device 101 authenticates the STA (S713). If the authentication succeeds in S713 (Yes in S714), it connects with the opposite device and starts communication (S715). If the authentication is not successful (No in S714), the connection is refused (S712). In S712, as means for rejecting the connection, setting the Status Code to Failure in the Association Response can be considered.

When Multi-Link communication is not selected (S702), or when network construction with Multi-Link communication is selected but the user does not approve it as a result of a warning display (S706), WPA2, WPA3 (S708).

In S708, the AKM Suite List field 408 of the RSNE shown in FIG. 4 contains 00-0F-AC-08 indicating that the SAE is supported, and 00-0F-AC that indicates that the PSK is supported. -02 and 00-0F-AC-06 are included. 00-0F-AC-02 indicates that PSK uses SHA-128 as a hash function, and 00-0F-AC-06 indicates that SHA-256 is used as a hash function. Only one of these may be included.

After building the network, it waits for a connection request from the opposite device (S710). If the opposite device requests connection, the authentication proceeds (S713), and if the authentication passes (Yes in S714), the device connects and starts communication (S715). If the authentication fails (No in S714), the connection is refused.

According to the present embodiment, when multi-link connection is selected, a high level of security can be maintained by performing control so that authentication is not performed using an authentication method other than WPA3.

(Display example 1)
FIG. 8 shows an example of a screen display of an authentication method and an encryption method displayed when Multi-Link communication is selected.

When the multi-channel column shown in FIG. 8 is checked, the network is constructed by Multi-Link communication, and when the multi-channel column is not checked, the network is constructed by Multi-Link communication. means no.

FIG. 8 shows a display screen when the multi-channel column is unchecked, that is, when Multi-Link communication is not performed. Since the communication device shown in FIG. 8 does not perform multi-link communication, it is possible to select a plurality of authentication/encryption methods including WPA2 and OPEN as security methods. Specifically, it is as shown in FIG. Some of the authentication methods to be displayed may not be displayed depending on the authentication method supported by the model. Additionally, SAE-PK and SAE hash-to-element options may be included. The notation may be Enterprise instead of EAP, or (TKIP/AES) or (AES) may be omitted. Furthermore, the WPA2-PSK/WPA3-SAE notation may be different. For example, WPA2/WPA3 or WPA2/PA3-Personal may be used. WPA3-SAE may similarly be WPA3, WPA3-Personal, or WPA3-SAE (Personal).

Also, OPEN (OWE) displayed in FIG. 8 may be different. For example, OPEN (ASE), OWE, and WPA/WPA2-PSK may be indicated as MIX. Also, WPA/WPA2/WPA3 may be displayed. Also, WPA/WPA2/WPA3 may be indicated as WPA-MIX. OWE (Opportunistic Wireless Encryption) is one of the security schemes, and enables users to perform encrypted communication without entering a password when using a public wireless LAN or the like. Therefore, security can be improved more than OPEN, which does not encrypt communication contents.

FIG. 9 shows an example of a screen display of authentication methods and encryption methods displayed when Multi-Link communication is selected. When the multi-channel column shown in FIG. 9 is checked, the network is constructed by Multi-Link communication, and when the multi-channel column is not checked, the network is constructed by Multi-Link communication. means no.

When constructing a network using Multi-Link communication, only WPA3 and OWE can be selected as security methods without displaying WPA2 or OPEN.

Further, as shown in FIG. 16, when Multi-Link communication is selected, WPA2 and OPEN may be grayed out so that they cannot be selected instead of being controlled not to be displayed.

In addition to OPEN and WPA3 displayed in FIG. 9, SAE-PK and SAE hash-to-element may be displayed.

If multi-link communication is selected while authentication using WPA2 is completed and communication is being performed when the multi-channel column is unchecked, the display is switched to that shown in FIG. good too.

Note that the encryption method displayed here may be combined with an example shown in another display example described later. Another word may be used for the encryption item. Authentication method, security method, encryption mode, etc. may be used.

As for the display of the wireless authentication method, an error may be displayed when setting, for example, WPA2-PSK with Multi-Link, to notify that the setting is not possible.

(Display example 2)
FIG. 10 shows an example of a screen display of an authentication method and an encryption method displayed when constructing a network using Multi-Link communication. If the wireless LAN advanced setting (2.4+6) is selected, it indicates that the network is constructed with Multi-Link at 2.4+6 GHz. In this case, as shown in FIG. 10, by displaying only OWE and WPA3, control is performed so that authentication by the authentication method before WPA3 is not performed.

(Display example 3)
FIGS. 11 and 12 show examples of UI when a multi-link network is constructed, but the frequency band of links to be constructed is not limited to one link per frequency band.

FIG. 11 shows an example of screen display when 2.4 GHz is selected. In the example shown in FIG. 11, since Multi-Link communication is not selected, multiple encryption methods including WPA2 and OPEN can be displayed as security methods.

FIG. 12 shows an example of a screen display when basic (multi) is selected. The example shown in FIG. 12 means constructing a network using Multi-Link. In the example shown in FIG. 12, since Multi-Link communication is selected, WPA2 and OPEN, which are authentication methods before WPA3, are not displayed. It should be noted that two channels of 6 GHz, for example, may be selected as the channels used above for performing Multi-Link communication. Alternatively, one from 2.4 GHz and two from 5 GHz may be selected. The specific authentication method and encryption method are the same as those in FIG.

FIG. 15 shows an example of a pop-out display when selecting a security method. The method of selecting Multi-Link communication is the same as in FIG. When selecting a security method, options may be displayed in a pop-out as shown in FIG.

(Display example 4)
13 and 14 show examples in which a screen for selecting Multi-Link communication and a screen for setting security are displayed on different screens.

FIG. 13 shows an example of a setting screen for determining the communication method.

At this time, by checking the box to use the wireless LAN function on the Multi-Link setting screen of the wireless LAN setting, it is indicated that the Multi-Link communication is selected. FIG. 14 shows an example of transition to a screen for setting a security method when Multi-Link communication is selected. In the Security setting screen of FIG. 14, since Multi-Link communication is selected, WPA3 and OWE, which are authentication methods before WPA3, are not displayed, but WPA2 and OPEN are displayed. The specific authentication method and encryption method are the same as in FIG. Incidentally, in FIG. 13, when the Multi-Link communication is not selected, in FIG. 14, authentication methods and encryption methods as shown in FIG. 8 are displayed.

(Display example 5)
FIG. 17 shows an example of a screen display of an authentication method and an encryption method displayed when constructing a network using Multi-Link communication. For example, when 2.4 GHz is selected for the wireless function, security schemes include WPA2 and OPEN in addition to WPA3. On the other hand, for example, when 2.4 GHz+5 GHz is selected, it is determined that Multi-Link communication is used, and options are given without including WPA2 and OPEN.

(Display example 6)
FIG. 18 shows an example of determining whether Multi-Link communication has been selected according to the number of selected frequency bands.

For example, in the wireless function of FIG. 18, if only 2.4 GHz is checked, it is determined that Multi-Link communication is not selected, and multiple encryption methods including WPA2 and OPEN are displayed as security methods. . On the other hand, for example, in the wireless function of FIG. 18, if at least two frequency bands are checked, it is determined that Multi-Link communication has been selected, and only OWE and WPA3 are displayed as security methods.

In this way, by limiting the security scheme that can be selected by the user to WPA3 depending on whether or not Multi-Link communication is selected, it is possible to improve security.

Note that even if Multi-Link communication is selected on the UI, the security method may be automatically switched by the communication device when the network is actually constructed without changing the options displayed for the security method. For example, when constructing a plurality of networks at the same time, assume that WPA2/3 is selected as the security method. A network that does not use Multi-Link communication may operate with WPA2/3, and a network that uses Multi-Link communication may operate with WPA3 only. In this case, when Multi-Link communication is selected, the WPA2-only option may be removed, or the WPA2-only option may not be selected for any network. In this case as well, when using Multi-Link communication, connection with a high security method is guaranteed.

(Embodiment 2)
In this embodiment, the flow of processing for controlling the security method so that only WPA3 is selected when Multi-AP communication is selected in the wireless settings will be described.

Multi-AP communication is a technology that allows multiple APs to cooperate and perform data communication with STAs to improve communication performance such as improving communication rates and reducing radio wave interference using beamforming. . APs participating in multi-AP communication are classified into one master AP that manages other APs and slave APs that operate under the control of the master AP.

Multi-AP communication is a technology under study in the IEEE802.11be standard, and there is a high possibility that communication devices capable of executing Multi-AP communication support WPA3. Therefore, when multi-AP communication is performed, authentication is performed using WPA3, which allows authentication to be performed more safely. When multi-AP communication is not performed, authentication is performed using the WPA2 or OPEN authentication method or WPA3, as in the first embodiment.

It should be noted that description of the contents already described in the above-described embodiment will be omitted in this embodiment.

In FIG. 19, the control unit 202 executes the program stored in the storage unit 201 of the communication device 101 so that only WPA3 is selected as the security method when Multi-AP communication is selected. The flow of processing to be performed will be described.

It is assumed that the communication device 101 has at least a wireless LAN control unit capable of communicating with Multi-AP communication.

The flowchart of FIG. 19 starts when the communication apparatus 101 constructs the network or when the user instructs to change the network settings.

Since most of the processing overlaps with FIG. 7 of the first embodiment, the description is omitted.

After the wireless display, the communication device 101 confirms whether or not Multi-AP communication has been selected (S1902). If the Multi-AP communication is selected, the processing moves to S1903. If not selected, the process moves to S708 in FIG.

When constructing a network with multi-AP communication, it is determined whether or not there is an STA or AP already participating in the network (S1903). If it is determined in S1903 that there is already a communication apparatus to establish connection, the process proceeds to S704 in FIG. If it is determined in S1903 that it does not exist, the process proceeds to S707 in FIG.

It is determined whether or not the STA requesting connection to the network constructed by Multi-AP communication is transmitting a connection request using WPA3 (S1911). The authentication proceeds (S713). If it is determined in S1911 that the connection request is not WPA3, the connection is refused (S712). Note that SAE-PK or SAE hash-to-element may be used instead of WPA3. Alternatively, similar to the first embodiment, determination may be made based on a connection request using Passowrd ID.

Also, the opposite device that transmits the connection request in S1911 may be the AP. When constructing a network with a plurality of APs as Multi-AP communication, control may be performed only for WPA3 connection.

The UI display method for controlling so that only WPA3 is selected and the way of displaying each Element indicating that only WPA3 is supported are the same as in the first embodiment, so description thereof will be omitted.

According to this embodiment, it is possible to improve security by limiting the security scheme that can be selected by the user to WPA3 when constructing a network that supports multi-AP communication.

(Embodiment 3)
In this embodiment, a flow of processing for controlling to select only WPA3 as a security method when performing communication conforming to the IEEE802.11be standard will be described.

A communication device capable of executing communication conforming to the IEEE802.11be standard is highly likely to support WPA3. Therefore, when performing communication conforming to the IEEE802.11be standard, authentication is performed using WPA3, which allows authentication to be performed more safely. When communication conforming to the IEEE802.11be standard is not performed, authentication is performed using an authentication method before WPA2 or WPA3 as in the first embodiment.

It should be noted that description of the contents already described in the above-described embodiment will be omitted in this embodiment.

In FIG. 19, when the control unit 202 executes the program stored in the storage unit 201 of the communication device 101, only WPA3 is selected when the communication conforming to the IEEE802.11be standard is selected. The flow of processing to be controlled will be described.

It is assumed that the communication device 101 has at least a wireless LAN control unit capable of communication conforming to the IEEE802.11be standard.

The flowchart in FIG. 20 starts when the communication apparatus 101 constructs the network or when the user instructs to change the network settings.

Since most of the processing overlaps with that of the first and second embodiments, the description is omitted.

After the wireless display, the communication device 101 determines whether or not IEEE802.11be has been selected (S2002). A case where it is determined in S2002 that IEEE802.11be is not selected may be a case where a legacy standard such as IEEE802.11ax is selected, for example.

If it is determined in S2002 that communication conforming to the IEEE802.11be standard is to be performed, it is determined whether or not there is an STA or AP already participating in the network (S2003). If it is determined in S2003 that there is already an STA or AP to establish connection with, the process proceeds to S704 in FIG. If it is determined in S2003 that it does not exist, the process proceeds to S707 in FIG.

It is determined whether or not the STA requesting connection to the network constructed by IEEE802.11be is transmitting a connection request in WPA3 (S2011). advances authentication (S713). If it is determined in S2011 that the connection request is not WPA3, the connection is refused (S712). As in the first embodiment, SAE-PK or SAE hash-to-element may be used instead of WPA3. Alternatively, it may be determined based on a connection request using Passowrd ID.

Also, the opposite device that transmits the connection request in S2011 may be the AP. For example, when constructing a network with multiple APs or a mesh, only WPA3 connections may be used.

The UI display method for controlling so that only WPA3 is selected and the way of displaying each Element indicating that only WPA3 is supported are the same as in the first embodiment, so description thereof will be omitted.

According to this embodiment, it is possible to improve security by limiting the security scheme that can be selected by the user to WPA3 when performing communication conforming to the IEEE802.11be standard.

(Other embodiments)
In each embodiment, the method of setting the communication method and the security method is based on the screen, but it is not limited to this. For example, it may be set by voice input. Alternatively, it may be set by command input using a character string. In the case of command input, for example, when attempting to set only WPA2 in spite of Multi-Link, Error may be displayed to indicate that the setting is not possible.

In each embodiment, an error message is displayed when the user selects an option that cannot be selected, but a beep sound may be output accordingly.

The communication devices 101 and 102 described in this embodiment may be printers having printing means. When operating as a printer, it is possible to print data obtained by communicating with a partner device, for example.

Also, the communication devices 101 and 102 described in this embodiment may be cameras having imaging means. When operating as a camera, it is possible to transmit imaged data by communicating with a partner device, for example.

In the present embodiment, WPA3 has been described, but WPA4 or the like is also applicable in the future as a successor standard to WPA3.

A recording medium recording the program code of the software that realizes the above functions is supplied to the system or apparatus, and the computer (CPU, MPU) of the system or apparatus reads and executes the program code stored in the recording medium. may In this case, the program code itself read out from the storage medium implements the functions of the above-described embodiments, and the storage medium storing the program code constitutes the above-described device.

Examples of storage media for supplying program codes include flexible disks, hard disks, optical disks, magneto-optical disks, CD-ROMs, CD-Rs, magnetic tapes, non-volatile memory cards, ROMs, and DVDs. can.

In addition, by executing the program code read by the computer, not only the above functions are realized, but also based on the instructions of the program code, the OS running on the computer may perform part or all of the actual processing. may be performed to implement the functions described above. OS is an abbreviation for Operating System.

Furthermore, the program code read out from the storage medium is written into a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer. Then, based on the instructions of the program code, the CPU provided in the function expansion board or function expansion unit may perform part or all of the actual processing to realize the above functions.

The present invention supplies a program that implements one or more functions of the above-described embodiments to a system or apparatus via a network or a storage medium, and one or more processors in the computer of the system or apparatus reads and executes the program. It can also be realized by processing to It can also be implemented by a circuit (for example, ASIC) that implements one or more functions.

The disclosure of this embodiment includes the following configurations.

(Configuration 1)
A communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method, and establishing a link between the communication device and another communication device via a frequency channel. and control means for controlling authentication for executing communication with the other communication device, wherein the control means establishes an authentication between the communication device and the other communication device by the establishment means A communication device that performs authentication using the WPA3 scheme based on communication with the other communication device with a plurality of links established therebetween.

(Configuration 2)
The communication device further has reception means for receiving an instruction to communicate with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device, and the reception means receives the Authentication is performed using the WPA3 method based on an instruction to communicate with the other communication device with a plurality of links established between the communication device and the other communication device. The communication device according to configuration 1, wherein the display unit is controlled by

(Composition 3)
The communication performed with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device by the establishing means is multi-link communication conforming to the IEEE802.11 standard series. The communication device according to configuration 1 or 2, characterized by:

(Composition 4)
A communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method and operating as a communication access point, and another communication device operating as a communication access point and a control means for controlling authentication of communication with the other communication device, wherein the control means enables cooperative operation between the communication device and the other communication device. A communication device that performs authentication using the WPA3 scheme based on the above-described WPA3 method.

(Composition 5)
The communication device further includes receiving means for receiving an instruction to perform a cooperative operation between the communication device and the other communication device, and the receiving means causes the communication device and the other communication device to: The communication device according to configuration 4, wherein the display unit is controlled to perform authentication using the WPA3 method based on the instruction to perform the cooperative operation.

(Composition 6)
6. The configuration 4 or 5, wherein the communication in which the communication device and the other communication device perform cooperative operation by the communication means is Multi-AP communication conforming to the IEEE802.11 standard series. communication equipment.

(Composition 7)
A communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method, and a communication means for communicating with another communication device, and the other communication device and a control means for controlling communication authentication, wherein the control means is in a state in which the communication device is capable of executing communication conforming to the first communication method and the second communication method of the IEEE802.11 standard series. 1. A communication device, wherein authentication using the WPA3 system is executed based on communication with the other communication device in compliance with the first communication system by the communication means.

(Composition 8)
The communication device further includes receiving means for receiving an instruction to perform communication conforming to the first communication method or the second communication method, and the receiving means enables communication conforming to the first communication method. 8. The communication device according to configuration 7, wherein the display unit is controlled to perform authentication using the WPA3 method based on the instruction to perform.

(Composition 9)
9. The communication device according to configuration 7 or 8, wherein the first communication method is the IEEE802.11be standard of the IEEE802.11 standard series.

(Configuration 10)
The communication device according to any one of Structures 1 to 9, wherein the communication device receives from the other communication device a frame containing information indicating that authentication is to be performed using the WPA3 method.

(Composition 11)
The communication device controls not to establish a connection with the other communication device when it does not receive from the other communication device a frame containing information indicating authentication by the WPA3 method. 10. The communication device according to any one of Configurations 1 to 9.

(Composition 12)
Establishing a communication device capable of performing authentication using a first security method and authentication using a second security method, wherein a link is established between the communication device and another communication device via a frequency channel and control means for controlling authentication for executing communication with the other communication device, wherein the control means controls authentication between the communication device and the other communication device by the establishing means. performing authentication using the second security method based on communicating with the other communication device with a plurality of links established; A communication device that performs authentication using the first security method or the second security method based on communication with the other communication device with one link established.

(Composition 13)
The communication device further has reception means for receiving an instruction to communicate with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device, and the reception means receives the authentication using the second security method based on an instruction to communicate with the other communication device with a plurality of links established between the communication device and the other communication device; executing the first security method or the second security method based on communicating with the other communication device with a single link established between the communication device and the other communication device 13. The communication device according to configuration 12, wherein the display unit is controlled to perform authentication using a security scheme.

(Composition 14)
The communication performed with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device by the establishing means is multi-link communication conforming to the IEEE802.11 standard series. 14. The communication device according to configuration 12 or 13, characterized by:

(Composition 15)
A communication device capable of performing authentication using a first security method and authentication using a second security method and operating as a communication access point, and communicating with another communication device operating as a communication access point. and a control means for controlling authentication of communication with the other communication device, wherein the control means cooperates between the communication device and the other communication device by the communication means performing authentication using the second security method based on performing an operation, and performing authentication using the second security method based on not performing a cooperative operation between the communication device and the other communication device; Alternatively, the communication device is characterized in that authentication is performed using the second security method.

(Composition 16)
The communication device further includes receiving means for receiving an instruction to perform a cooperative operation between the communication device and the other communication device, and the receiving means causes the communication device and the other communication device to: performing authentication using the second security method based on the instruction to perform cooperative operation, and instructing not to perform cooperative operation between the communication device and the other communication device; 16. The communication device according to configuration 15, wherein authentication is performed using the first security scheme or the second security scheme based on.

(Composition 17)
Communication according to configuration 15 or 16, wherein the communication in which the other communication device and the communication device cooperate by the communication means is Multi-AP communication conforming to the IEEE802.11 standard series. Device.

(Composition 18)
A communication device capable of executing authentication using a first security method and authentication using a second security method, wherein communication means for communicating with another communication device and communication between the other communication device and a control means for controlling authentication, wherein the control means controls the communication device to perform communication conforming to the first communication method and the second communication method of the IEEE802.11 standard series. Authentication using the second security method is performed based on communication compliant with the first communication method with the other communication device by communication means, and communication compliant with the second communication method is performed. A communication device that performs authentication using the first security method based on the performance of the communication device.

(Composition 19)
The communication device further includes receiving means for receiving an instruction to perform communication conforming to the first communication method or the second communication method, and the receiving means enables communication conforming to the first communication method. Based on the instruction to perform, authentication using the second security method is performed, and based on the instruction to perform communication in compliance with the second communication method, the first security method is performed. 19. The communication device according to configuration 18, wherein the display unit is controlled to perform authentication using the security scheme or the second security scheme.

(Configuration 20)
20. The communication device according to configuration 18 or 19, wherein the first communication method is the IEEE802.11be standard of the IEEE802.11 standard series.

(Composition 21)
21. The communication according to any one of configurations 12 to 20, wherein the communication device receives from the other communication device a frame containing information indicating authentication by the second security method. Device.

(Composition 22)
The communication device controls not to establish a connection with the other communication device when a frame containing information indicating authentication by the second security method is not received from the other communication device. 21. A communication device as in any one of features 12-20.

(Composition 23)
23. The communication according to any one of configurations 12 to 22, wherein the first security scheme is WPA (Wi-Fi Protected Access) or WPA2, and the second security scheme is WPA3. Device.

(Composition 24)
A program for causing a computer to function as each means of the communication device described in any one of configurations 1 to 23.

100 network 101 communication device (AP)
102 communication equipment (STA)
103 link 104 link

Claims (30)

A communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method,
establishing means for establishing a link between said communication device and another communication device via a frequency channel;
control means for controlling authentication for executing communication with the other communication device;
has
The control means uses the WPA3 method based on communicating with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device by the establishing means. A communication device characterized by performing authentication. The communication device further comprises receiving means for receiving an instruction to communicate with the other communication device with a plurality of links established between the communication device and the other communication device,
using the WPA3 method based on the receiving unit instructing to communicate with the other communication device in a state where a plurality of links are established between the communication device and the other communication device; 2. The communication device according to claim 1, wherein the display unit is controlled so that authentication is performed by the user. The communication performed with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device by the establishing means is multi-link communication conforming to the IEEE802.11 standard series. 3. The communication device according to claim 1 or 2, characterized by: A communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method and operating as a communication access point,
a communication means for communicating with another communication device that operates as a communication access point;
a control means for controlling authentication of communication with the other communication device;
has
The communication device, wherein the control means executes authentication using the WPA3 scheme based on cooperative operation between the communication device and the other communication device. The communication device further has reception means for receiving an instruction for cooperative operation between the communication device and the other communication device,
Controlling the display unit to perform authentication using the WPA3 method based on the receiving unit instructing cooperative operation between the communication device and the other communication device. 5. The communication device according to claim 4, characterized by: 6. The communication device according to claim 4, wherein the communication for cooperative operation between the communication device and the other communication device is Multi-AP communication conforming to the IEEE802.11 standard series. Communication device as described. A communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method,
a communication means for communicating with another communication device;
a control means for controlling authentication of communication with the other communication device;
has
The control means controls the communication means to communicate with the other communication device and the first communication device by the communication means in a state in which the communication device is capable of executing communication conforming to the first communication method and the second communication method of the IEEE802.11 standard series. A communication device characterized by executing authentication using the WPA3 system based on communication conforming to the communication system of . The communication device further has reception means for receiving an instruction to perform communication conforming to the first communication method or the second communication method,
The display unit is controlled to perform authentication using the WPA3 method based on the instruction by the reception unit to perform communication conforming to the first communication method. Item 8. The communication device according to item 7. 9. The communication device according to claim 7, wherein the first communication system is the IEEE802.11be standard of the IEEE802.11 standard series. 8. The communication device according to claim 1, wherein said communication device receives from said other communication device a frame containing information indicating authentication by said WPA3 method. The communication device controls not to establish a connection with the other communication device when it does not receive from the other communication device a frame containing information indicating authentication by the WPA3 method. 8. The communication device according to claim 1 or 4 or 7. A communication device capable of performing authentication using a first security method and authentication using a second security method,
establishing means for establishing a link between said communication device and another communication device via a frequency channel;
control means for controlling authentication for executing communication with the other communication device;
has
The control means performs the second security method based on communication with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device by the establishing means. and performing communication with the other communication device while establishing a single link between the communication device and the other communication device, the first security method Alternatively, a communication device characterized by executing authentication using the second security method. The communication device further comprises receiving means for receiving an instruction to communicate with the other communication device with a plurality of links established between the communication device and the other communication device,
The second security based on the receiving unit instructing to communicate with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device The first security is based on performing authentication using a method and communicating with the other communication device while establishing a single link between the communication device and the other communication device. 13. The communication device according to claim 12, wherein the display unit is controlled so as to perform authentication using the security method or the second security method. The communication performed with the other communication device in a state in which a plurality of links are established between the communication device and the other communication device by the establishing means is multi-link communication conforming to the IEEE802.11 standard series. 14. The communication device according to claim 12 or 13, characterized by: A communication device capable of executing authentication using a first security method and authentication using a second security method and operating as a communication access point,
a communication means for communicating with another communication device that operates as a communication access point;
a control means for controlling authentication of communication with the other communication device;
has
The control means executes authentication using the second security method based on cooperative operation between the communication device and the other communication device by the communication means, and authentication using the first security scheme or the second security scheme based on the fact that cooperative operation is not performed with the communication apparatus. The communication device further has reception means for receiving an instruction for cooperative operation between the communication device and the other communication device,
authentication using the second security scheme is executed based on an instruction by the accepting means to perform cooperative operation between the communication device and the other communication device, and 16. The method according to claim 15, wherein authentication is executed using the first security scheme or the second security scheme based on an instruction not to perform cooperative operation with another communication device. Communication device as described. 17. The communication device according to claim 15, wherein the communication in which the other communication device and the communication device cooperate with each other is Multi-AP communication conforming to the IEEE802.11 standard series. Communication device. A communication device capable of performing authentication using a first security method and authentication using a second security method,
a communication means for communicating with another communication device;
a control means for controlling authentication of communication with the other communication device;
has
The control means controls the communication means to communicate with the other communication device and the first communication device by the communication means in a state in which the communication device is capable of executing communication conforming to the first communication method and the second communication method of the IEEE802.11 standard series. Execute authentication using the second security method based on performing communication in accordance with the communication method, and perform authentication using the second security method based on performing communication in accordance with the second communication method. Alternatively, a communication device that performs authentication using the second security method. The communication device further has reception means for receiving an instruction to perform communication conforming to the first communication method or the second communication method,
Authentication using the second security method is executed based on the instruction to perform communication in compliance with the first communication method by the reception means, and the authentication is performed in compliance with the second communication method. 19. The method according to claim 18, wherein the display unit is controlled to perform authentication using the first security method or the second security method based on the instruction to perform communication. communication equipment. 20. The communication device according to claim 18, wherein the first communication system is the IEEE802.11be standard of the IEEE802.11 standard series. 19. The communication device according to claim 12, wherein said communication device receives from said another communication device a frame containing information indicating authentication by said second security scheme. The communication device controls not to establish a connection with the other communication device when a frame containing information indicating authentication by the second security method is not received from the other communication device. 19. A communication device according to claims 12, 15 and 18. 19. The communication device according to claim 12, 15 or 18, wherein the first security scheme is WPA (Wi-Fi Protected Access) or WPA2, and the second security scheme is WPA3. A communication method for a communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method,
establishing a link between the communication device and another communication device over a frequency channel;
a control step of controlling authentication for executing communication with the other communication device;
has
The control step uses the WPA3 scheme based on communicating with the other communication device with a plurality of links established between the communication device and the other communication device by the establishing step. A communication method for a communication device, characterized by performing authentication. A communication method for a communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method and operating as a communication access point,
a communication step of communicating with another communication device operating as a communication access point;
a control step of controlling authentication of communication with the other communication device;
has
The communication method for a communication device, wherein the control step executes authentication using the WPA3 scheme based on cooperative operation between the communication device and the other communication device. A communication method for a communication device capable of executing authentication using the WPA (Wi-Fi Protected Access) 2 method and authentication using the WPA3 method,
a communication step of communicating with another communication device;
a control step of controlling authentication for executing communication with the other communication device;
has
In the control step, in a state in which the communication device is capable of executing communication conforming to the first communication method and the second communication method of the IEEE802.11 standard series, the other communication device and the first communication device are controlled by the communication step. A communication method for a communication device, characterized in that authentication using the WPA3 system is performed based on communication conforming to the communication system of (1). A communication method for a communication device capable of performing authentication using a first security method and authentication using a second security method,
establishing a link between the communication device and another communication device over a frequency channel;
a control step of controlling authentication for executing communication with the other communication device;
has
The control step performs the second security method based on communicating with the other communication device with a plurality of links established between the communication device and the other communication device by the establishing step. and performing communication with the other communication device while establishing a single link between the communication device and the other communication device, the first security method Alternatively, a communication method characterized by executing authentication using the second security method. A communication method for a communication device capable of performing authentication using a first security method and authentication using a second security method and operating as a communication access point,
a communication step of communicating with another communication device operating as a communication access point;
a control step of controlling authentication for executing communication with the other communication device;
has
The control step executes authentication using the second security method based on cooperative operation between the communication device and the other communication device, and and performing authentication using the first security scheme or the second security scheme on the basis that no cooperative operation is performed between. A communication method for a communication device capable of performing authentication using a first security method and authentication using a second security method,
a communication step of communicating with another communication device;
a control step of controlling authentication for executing communication with the other communication device;
has
In the control step, in a state in which the communication device is capable of executing communication conforming to the first communication method and the second communication method of the IEEE802.11 standard series, the other communication device and the first communication device are controlled by the communication step. performing authentication using the second security method based on performing communication in accordance with the communication method; and performing communication in accordance with the second communication method, performing the first security method A communication method, characterized in that authentication is performed using a method or the second security method. A program for causing a computer to function as each means of the communication device according to any one of claims 1, 4, 7, 12, 15 and 18.

Images