In order to implement mutual communication between communication apparatuses, there is information that has to be shared between the communication apparatuses.
For example, in wireless-LANs typified by IEEE (Institute of Electrical and Electronic Engineers) 802.11 series standards, security measures are taken by means of encryption in an attempt to conceal communication contents. To implement encrypted wireless-LAN communication, it is necessary to mutually share a cryptographic key between the transmission/reception communication apparatuses.
In wireless-LANs, a WEP (Wired Equivalent Privacy) method is usually adopted as the encryption method. The WEP method is an encryption technique that allows only communication apparatuses having the same pre-shared key to communicate with each other. In the WEP method, a 64-bit or 128-bit cryptographic key is shared between a wireless-LAN terminal (STA: Station) and a wireless-LAN access point (AP: Access Point), and their communication contents are encrypted/decrypted by using that cryptographic key. When a wireless-LAN is constructed in an ordinary home, the user of the wireless-LAN equipment includes only the user himself/herself and his/her family. Therefore, it is easy to set the same cryptographic key in the STA and the AP in advance. Further, in the case of public wireless-LANs used in public places such as train stations, airports, hotels, and restaurants, a user sets a cryptographic key, which is notified in advance and is the same for each user, in the AP in order to implement encrypted communication.
Meanwhile, there is a technique to facilitate the setting of information to be shared between communication apparatuses. Patent literature 1 discloses a communication apparatus capable of facilitating various settings including a device setting and a network setting. A communication apparatus disclosed in Patent literature 1 reads a 2D (two-dimensional) barcode containing device profile information such as a device serial number, a product name, a model number, a manufacturer name, a MAC (Media Access Control) address, and a PIN (Personal Identification Number) code in the form of image information, and carries out various settings based on the obtained barcode information. This 2D barcode is output or displayed by an output/display unit of the terminal to be registered/configured, or is stuck on the terminal to be registered/configured as a sticker. This communication apparatus disclosed in Patent literature 1 operates in the following manner.
A registering/managing terminal (e.g., mobile terminal) reads and takes in 2D barcode information stuck on a terminal to be registered/managed (e.g., wireless-LAN access point) by using a camera unit as an image-reading unit (step 1). The mobile terminal establishes a temporary connection, which is a temporary connection used to exchange wireless security setting information with the wireless-LAN access point, by using a wireless-LAN interface based on device profile information specified by the obtained barcode information (step 2).
Next, a user authentication processing unit performs an authentication process for the terminal at the other end by using the obtained device profile information (step 3). Next, key-sharing processing units (cryptographic key generation units) of the mobile terminal and the wireless-LAN access point exchange a key therebetween by using, for example, Diffie-Hellman method or the like, and thereby generate an encryption key. As a result, the mobile terminal and the wireless-LAN access point share that encryption key (step 4). Next, a setting information generation unit of the mobile terminal or the wireless-LAN access point automatically generates a cryptographic key such as WEP and/or wireless security setting information such as SSID (Service Set Identifier) (step 5). Next, this wireless security setting information is encrypted with the encryption key generated in the step 4, and then transferred according to a registration protocol (step 6).
The wireless security information setting has been completed in the above-described temporary connection, and wireless communication starts in the form of regular connection by using the wireless security setting information transferred in the step 5 (step 7).
Further, Patent literature 2 discloses a technique to display a pseudo-subject image in an external display device as an object that is used to detect the focus of a camera, and thereby to detect the focus.
Wireless-LAN access points in the above-described related-art are fixedly installed in public places such as train stations, airports, hotels, and restaurants, and provide wireless-LAN services in those public places. However, as the usability of wireless-LANs is improved, new ways of using wireless-LANs that are different from the conventional usage become feasible.
For example, by adding a wireless-LAN access point function in a mobile terminal capable of performing mobile communication, it is possible to use a wireless-LAN at any given place. That is, a mobile terminal having a wireless-LAN access point function and another terminal capable of implementing a wireless-LAN interface connection can access a backbone network at any given place by using a mobile communication function of the mobile terminal having the wireless-LAN access point function. In this case, the mobile terminal having the wireless-LAN access point function functions as an AP while the another terminal capable of implementing a wireless-LAN interface connection with this AP functions as an STA.
In the form of usage like this, it is naturally assumed that the user of the AP and the user of the STA are probably not complete strangers but are some acquaintances such as friends, associates, and colleagues. For example, there might be such a situation that two persons who are friends of each other and happen to meet with each other access the Internet at a given place such as a park, a restaurant, and a train station by using a mobile terminal having a wireless-LAN access point function possessed by one of them as an AP and a terminal (STA) possessed by the other of them. Even for the encryption of communication performed in the form of usage of wireless-LANs like this situation, it is necessary to share a cryptographic key between the mobile terminal having a wireless-LAN access point function possessed by one of them and the terminal possessed by the other of them. In addition, since it is rare that the same cryptographic key has been shared in advance between their devices, it is necessary to carry out an operation for establishing shared setting on the spot.
Further, in the form of usage of mobile terminals like this, it is also necessary that the mobile terminal on the STA side notifies not only the cryptographic key but also other secret information such as user identification information and a password to the mobile terminal on the AP side in advance.
The communication apparatus disclosed in Patent literature 1 can carry out various settings including a device setting and a network setting by using a 2D barcode with ease. In this case, a 2D barcode is displayed in a display device of a terminal to be registered/configured, and a registering/managing terminal reads the display. By doing so, the various settings are carried out.