Printing apparatus, control method, and program
A dual authentication mechanism in printing devices ensures only authorized administrators can change network configurations, addressing security breaches by restricting unauthorized settings changes, thus maintaining network integrity and user convenience.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- CANON KK
- Filing Date
- 2022-04-18
- Publication Date
- 2026-06-19
AI Technical Summary
Existing wireless LAN communication systems in printing devices allow users with higher privileges to change settings that compromise the security and integrity of the network, even if they are not authorized administrators, leading to potential security breaches.
Implement a dual authentication mechanism in printing devices, using IEEE802.1X/EAP for initial authentication and a secondary authentication method to control access to configuration settings, ensuring only authorized administrators can change network configurations.
Preserves the settings of users with high privileges while preventing unauthorized changes, maintaining network security and integrity without compromising user convenience.
Smart Images

Figure 0007876324000001 
Figure 0007876324000002 
Figure 0007876324000003
Abstract
Description
Technical Field
[0001] The present invention relates to a device, a control method, and a program capable of communicating with an access point. printing
Background Art
[0002] In recent years, in printing devices such as multifunction devices and printers, those equipped with a wireless LAN function have been increasing. Such a printing device can perform wireless LAN communication with an information processing device such as a mobile phone or a personal computer operated by a user, and print the received print data. The printing device and the information processing device may be connected by an infrastructure connection that communicates via a wireless LAN access point. These information processing devices, printing devices, and access points can be interconnected by operating according to the standard specifications of IEEE802.11, and only devices permitted by the authentication process within the connection operation can be connected.
[0003] For the authentication method of wireless LAN, there are a PSK method using a pre-shared key (Pre Shared Key) and an SAE method using SAE (Simultaneous Authentication of Equals). Further, as an authentication method corresponding to both wireless LAN and wired LAN, there is an EAP method for authenticating a communication device connected to a network using an IEEE802.1X / EAP (Extensible Authentication Protocol)-compatible authentication server.
[0004] Authentication networks, such as the IEEE 802.1X / EAP compliant network mentioned above, which authenticate connected communication devices, are designed with the intention of improving security. Even in such environments, if the settings of an authenticated communication device are changed by a non-administrator without network knowledge, it may operate in a way that contradicts the intended purpose. For example, the IP address of a communication device may be set to a conflicting value, or communication that should be encrypted may be set to run in plain text. One example of a function to prevent such situations is one that authenticates the user making the setting change and applies the setting change only if the user is authenticated as an administrator. This function restricts setting changes by non-administrators and maintains the state in which the system operates as configured by the administrator.
[0005] Patent Document 1 discloses a method for managing network devices that restricts configuration changes by distinguishing between administrators and non-administrators and changing the display method and modifiable items accordingly. [Prior art documents] [Patent Documents]
[0006] [Patent Document 1] Japanese Patent Publication No. 2007-52740 [Overview of the Initiative] [Problems that the invention aims to solve]
[0007] Even if a communication device is not connected to a network requiring authentication, if the device operates according to settings configured by a user with relatively higher privileges, the use of the communication device by a user with relatively lower privileges will be restricted.
[0008] This invention preserves the settings of users with relatively high privileges without compromising the convenience of users with relatively low privileges. printing The objective is to provide devices, control methods, and programs. [Means for solving the problem]
[0009] To solve the above problems, the communication device according to the present invention is a printing device equipped with a display unit, and a first authentication is performed by the IEEE802.1X / EAP authentication method. The first includes network configuration information used for communication between the access point and the printing device after the completion of the first A first receiving means for receiving operations to change configuration information, and the 1 facility Based on the acceptance of an operation to change fixed information, a first display control means displays an input screen for accepting password input on the display unit, and when the password is entered on the input screen, the 1 facility A second display control means for displaying a screen for changing fixed information on the display unit, and a second authentication method which is an authentication method different from the IEEE802.1X / EAP authentication method. A second network configuration information used for communication between the access point and the printing device after the completion of the first step. A second receiving means for receiving operations to change configuration information, and the 2 facilities Based on the acceptance of an operation to change fixed information, the input screen is not displayed, 2 facilities A third display control means that displays a screen for changing fixed information on the display unit, The aforementioned Establishment means for establishing a connection between the access point and the printing device, and when the first authentication is used in the communication using the connection, 1 facility The printing device is operated using fixed information, and the second authentication is used in the communication using the connection, 2 facilities A control means for operating the printing device using fixed information, and a printing means for performing printing based on print data received from the information processing device via the access point, possess It is characterized by the following: [Effects of the Invention]
[0010] According to the present invention, the settings of users with relatively high privileges can be preserved without impairing the convenience of users with relatively low privileges. [Brief explanation of the drawing]
[0011] [Figure 1]It is a diagram showing the system configuration. [Figure 2] It is a diagram showing the external appearance configuration of the MFP. [Figure 3] It is a block diagram showing the configuration of the MFP. [Figure 4] It is a diagram schematically showing the configuration of the operation display unit of the MFP. [Figure 5] It is a diagram showing the external appearance configuration of the information processing apparatus. [Figure 6] It is a diagram showing the configuration of the information processing apparatus. [Figure 7] It is a block diagram showing the configuration of the access point. [Figure 8] It is a diagram showing the configuration of the authentication server. [Figure 9] It is a flowchart showing the outline of the process of connecting the MFP to the network composed of the access point. [Figure 10] It is a diagram for explaining the network between devices. [Figure 11] It is a diagram for explaining the screen transition in the operation display unit of the MFP. [Figure 12] It is a diagram for explaining the screen transition in the information processing apparatus. [Figure 13] It is a diagram showing the screen where the setting information can be changed. [Figure 14] It is a flowchart showing the process when the authentication connection setting information is changed. [Figure 15] It is a flowchart showing the process when the non - authentication connection setting information is changed. [Figure 16] It is a diagram showing the memory configuration. [Figure 17] It is a flowchart showing the process when the MFP is started up. [Figure 18] It is a flowchart showing the process when the authentication information is changed. [Figure 19] It is a diagram showing the screen where the authentication information can be changed. [Figure 20] It is a flowchart showing the process executed when the MFP is disconnected from the network. [Modes for carrying out the invention]
[0012] The embodiments will be described in detail below with reference to the attached drawings. Note that the following embodiments do not limit the invention as defined in the claims. While the embodiments describe multiple features, not all of these features are essential to the invention, and the features may be combined in any way. Furthermore, in the attached drawings, identical or similar configurations are given the same reference numerals, and redundant descriptions are omitted.
[0013] [First Embodiment] Figure 1 shows an example of the system configuration in this embodiment. This communication system 100 is a communication system in which multiple communication devices can communicate wirelessly with each other. As shown in Figure 1, the communication system 100 includes an information processing device 200, an MFP (Multi Function Peripheral) 300, an access point (AP) 400, and an authentication server 500 as communication devices. In the communication system 100, the information processing device 200 and the MFP 300 can perform processing corresponding to printing services using, for example, wireless LAN communication.
[0014] The information processing device 200 is an information processing device that has communication functions such as wireless LAN or wired LAN. Wireless LAN is sometimes referred to as WLAN (Wireless LAN). Examples of information processing devices 200 include smartphones, notebook PCs, tablet devices, and PDAs (Personal Digital Assistants).
[0015] The MFP300 is an example of a printing device with printing capabilities. The MFP300 may also have scanning, faxing, and telephone functions. Furthermore, the MFP300 has a communication function that allows it to communicate wirelessly with the information processing device 200. In this embodiment, the MFP300 is described, but devices of a different form may be used. For example, a facsimile machine, scanner, projector, mobile terminal, smartphone, notebook PC, tablet terminal, PDA, digital camera, music playback device, television, smart speaker, AR (Augmented Reality) glasses, etc., which have communication capabilities may be used. The MFP300 receives print data including image data from the information processing device 200 connected via the access point 400, for example, and forms an image based on that data. Alternatively, the MFP300 transmits image data read by the scanner function, for example, to the information processing device 200 connected via the access point 400. Other control information can also be exchanged with the network connected via the access point 400.
[0016] Access point 400 is a communication device that is installed separately (externally) from the information processing device 200 and MFP300 and operates as a base station device for the WLAN. Access point 400 may also be referred to as the external access point 400 or the external wireless base station. Communication devices with WLAN communication capabilities can communicate in WLAN infrastructure mode via access point 400. Wireless infrastructure mode may also be referred to as "wireless infrastructure mode." In other words, wireless infrastructure mode is a mode in which a communication device communicates with the information processing device 200 via the access point 400 to which it is connected. Access point 400 communicates with communication devices that it has authorized to connect to (authenticated) and relays wireless communication between those communication devices and other communication devices. Furthermore, access point 400 is connected to a wired LAN communication network and relays communication between communication devices connected to that network and other communication devices wirelessly connected to access point 400. Furthermore, if the network configured by access point 400 uses an authentication server (i.e., access point 400 supports authentication methods that use an authentication server), it will work in conjunction with the authentication server 500 to authenticate communication devices connected to the network and control access to them. Communication devices connected to the network configured by access point 400 will be restricted from communicating with devices other than the authentication server 500 until they are authenticated. Note that access point 400 may also support authentication methods that do not use an authentication server. Details on authentication methods that use an authentication server and authentication methods that do not use an authentication server will be described later.
[0017] The authentication server 500 is a communication device that is installed separately (externally) from the information processing device 200, MFP 300, and access point 400, and operates as an authentication server that centrally manages authentication information. The authentication server 500 works in cooperation with the access point 400 to authenticate terminals to be authenticated and controls terminal access based on the authentication results. The authentication server 500 is configured to perform authentication processing compliant with, for example, the IEEE 802.1X standard.
[0018] Access point 400 supports authenticators in IEEE 802.1X. Information processing unit 200 and MFP300 support supplicants in IEEE 802.1X. The authentication server is sometimes referred to as the "Radius server."
[0019] Authentication server 500 performs authentication according to the IEEE 802.1X standard, for example, using the EAP-TLS, EAP-TTLS, and PEAP methods. EAP-TLS (EAP-Transport Layer Security) is an authentication method that utilizes the TLS handshake protocol and performs authentication using server certificates and client certificates. EAP-TTLS (EAP-Tunneled TLS) is an authentication method that utilizes the TLS handshake protocol and performs authentication using server certificates, usernames, and passwords. PEAP (Protected EAP) performs authentication using usernames and passwords. The information used for these IEEE 802.1X authentication methods is sometimes collectively referred to as "authentication information."
[0020] The information processing device 200 and the MFP300 can perform wireless communication using their respective WLAN communication functions, either via the external access point 400 in wireless infrastructure mode or via peer-to-peer mode without the external access point 400. The peer-to-peer mode is sometimes referred to as "P2P mode," or as "wireless direct mode" in contrast to wireless infrastructure mode. In other words, P2P mode is a mode for communication devices to communicate directly with the information processing device 200 without going through the access point 400. P2P mode includes Wi-Fi Direct® mode and software access point (soft AP) mode, among others. Wi-Fi Direct® is sometimes referred to as WFD. Therefore, wireless direct mode can also be considered a communication mode compliant with the IEEE 802.11 series.
[0021] Figure 2 shows an example of the external configuration of the MFP300. The power button 301 is a hard key that allows the user to turn the power on and off. The operation display unit 302 includes a display and buttons used by the user when operating the MFP300. The operation display unit 302 includes keys such as character input keys, cursor keys, select keys, and cancel keys, as well as LEDs (Light Emitting Diodes) and LCDs (Liquid Crystal Displays). The operation display unit 302 is configured to accept user input when activating individual functions of the MFP300, changing various settings, etc. The operation display unit 302 may also include a touch panel display.
[0022] The paper insertion slot 303 is an insertion slot that can accommodate paper of various sizes. Paper placed in the paper insertion slot 303 is transported to the printing unit one sheet at a time, printed as desired, and then ejected from the paper output slot 304. The document tray 305 is a transparent glass-like tray used when scanning a document. The document cover 306 is a cover that presses the document against the document tray to prevent it from lifting during scanning, and also prevents external light from entering the scanner unit.
[0023] The MFP300 has communication capabilities via WLAN and wired LAN, and includes a wireless communication unit 307 and a wired communication unit 321, which include antennas for wireless communication. Note that the wireless communication unit 307 and the wired communication unit 321 do not necessarily have to be configured to be visible from the outside. The USB communication unit 308 includes a circuit and USB connector for the MFP300 to communicate with an external information processing device 200 or the like via USB connection. The power supply unit 309 connects to an external power supply and supplies power to the MFP300.
[0024] Figure 3 is a block diagram showing an example of the configuration of the MFP300. The MFP300 includes a main board 310 that controls the entire device, a power button 301, an operation display unit 302, a wireless communication unit 307, a wired communication unit 320, a USB communication unit 308, and a power supply unit 309.
[0025] The main board 310 is equipped with a microprocessor-type CPU 311. The CPU 311 controls the MFP 300 according to the control program stored in the ROM-type program memory 313 connected via the internal bus 312 and the contents stored in the RAM-type data memory 314. The operation of the MFP 300 described in this embodiment is realized, for example, by the CPU 311 reading and executing the program stored in the program memory 313. The CPU 311 controls the scan unit 317 to read the document and stores the read data in the image memory 315 in the data memory 314. The CPU 311 controls the print unit 316 to print the image of the read data stored in the image memory 315 in the data memory 314 onto the recording medium. The CPU 311 controls the USB communication unit 308 via the USB communication control unit 320 to perform USB communication with the external information processing device 200 via a USB connection. The CPU 311 controls the operation control unit 319 to receive operation information from the power button 301 and the operation display unit 302. The CPU 311 controls the operation control unit 319 to display, for example, the status of the MFP 300 and the function selection menu on the operation display unit 302. The CPU 311 controls the wireless communication unit 307 and the wired communication unit 320 via the communication control unit 318 according to the operation information received by the operation display unit 302. The CPU 311 also changes the communication method settings and configures network connection settings according to the operation information.
[0026] The wireless communication unit 307 is a unit capable of providing WLAN communication functionality. Specifically, the wireless communication unit 307 converts data into packets according to the WLAN standard and transmits the packets to other communication devices. The wireless communication unit 307 also restores packets from other external communication devices back to their original data and outputs it to the CPU 311. The wireless communication unit 307 is configured to perform data (packet) communication in a WLAN system compliant with, for example, the IEEE 802.11 standard series (IEEE 802.11a / b / g / n / ac / ax, etc.). However, it is not limited to this configuration, and the wireless communication unit 307 may be capable of performing communication in WLAN systems compliant with other standards. In this embodiment, the wireless communication unit 307 is capable of communicating in both the 2.4GHz and 5GHz frequency bands. Furthermore, the wireless communication unit 307 is capable of performing communication in WFD mode, soft AP mode, wireless infrastructure mode, etc. Furthermore, the information processing device 200 and the MFP 300 are capable of wireless communication based on WFD mode, and the wireless communication unit 307 has a soft AP function or a group owner function. In other words, the wireless communication unit 307 can build a communication network in P2P mode and determine the channel to be used for communication in P2P mode.
[0027] The wired communication unit 321 is a unit for performing wired communication. The wired communication unit 321 can perform data (packet) communication in a wired LAN (Ethernet) system compliant with, for example, the IEEE 802.3 series. Furthermore, wired communication using the wired communication unit 321 is possible in wired communication mode. The wired communication unit 321 is connected to the main board 310 via a bus cable or the like.
[0028] Figure 4 is a schematic diagram showing an example of the configuration of the operation display unit 302 of the MFP300. Figure 4(a) shows an example where the operation display unit 302 is configured with a touch panel display 331. Power is turned on to the MFP300 when the user presses the power button 301. When power is turned on to the MFP300, the touch panel display 331 displays the home screen, which is the highest level of the menu that the user can operate. The home screen includes a copy area 335 for receiving instructions to execute copy processing, a scan area 336 for receiving instructions to execute scan processing, and a print area 337 for receiving instructions to execute print processing. The home screen also includes a status display area 332 that shows the settings for connection via wireless infrastructure mode and wireless direct mode of the MFP300, as well as the connection status. The home screen also includes a connection setting mode area 333 that allows the user to start the connection setting mode at any time, and a setting area 334 that allows the user to change various settings.
[0029] Figure 4(b) shows an example of an operation display unit 302 configured with a relatively small LCD display 341 and various hard keys 344-351. The MFP 300 is powered on when the user presses the power button 301. Once powered on, the LCD display 341 displays the home screen, the highest level of the user-operable menu. The user can operate the cursor displayed on the LCD display 341 by pressing the cursor movement buttons 346 and 347. The user presses the OK button 349 to perform an operation, and the back button 348 to return to the previous menu screen. Furthermore, when the user presses the QR button 344, a QR code containing information necessary for direct connection to the MFP 300 is displayed. When the displayed QR code (registered trademark) is read by the information processing device 200, a direct connection is established between the information processing device 200 and the MFP 300, enabling wireless communication between them. Note that the displayed code is not limited to a QR code; any two-dimensional code is acceptable. Additionally, the connection setting mode can be started by pressing the connection setting mode button 345. In connection setting mode, the MFP 300 can be connected to the access point 400 by sending connection information from the information processing device 200 to the MFP 300. If the user presses the stop button 350 while the MFP 300 is performing any of the processes, the processes will be canceled. When the user presses the copy start button 351, the document placed on the document glass 305 is scanned and printing is performed.
[0030] Figure 4(c) shows an example of an operation display unit 302 configured with a relatively small LCD display 361 and various hard keys 363-370. Power is turned on to the MFP 300 when the user presses the power button 301. When power is turned on to the MFP 300, the home screen, which is the highest level of the user-operable menu, is displayed on the LCD display 361. The user can operate the items displayed on the LCD display 361 by pressing the navigation buttons 364 and 365. The user presses the OK button 367 to perform an operation, and the back button 366 to return to the previous menu screen. In addition, the connection setting mode can be started when the user presses the connection setting mode button 363. In connection setting mode, the MFP 300 can be connected to the access point 400 by sending connection information from the information processing device 200 to the MFP 300. If the user presses the stop button 368 while the MFP 300 is executing any process, the process is canceled. When the user presses the copy start button 369, the document placed on the document glass 305 is scanned and printing is performed. When the user presses the settings button 370, the user can change various settings.
[0031] Figure 5 shows an example of the external configuration of the information processing device 200. In this embodiment, the information processing device 200 is described as a typical smartphone (mobile terminal). The information processing device 200 is composed of, for example, a display unit 202, an operation unit 203, and a power key 204. The display unit 202 is a display that includes, for example, an LCD (Liquid Crystal Display) type display mechanism. The display unit 202 may also display information using, for example, an LED (Light Emitting Diode). In addition to or instead of the display unit 202, the information processing device 200 may also have a speaker function that outputs information by sound. The operation unit 203 is composed of hard keys such as keys and buttons, a touch panel, etc., for detecting user operations. In this embodiment, since the information display on the display unit 202 and the reception of user operations by the operation unit 203 are performed using a common touch panel display, the display unit 202 and the operation unit 203 are realized by a single device. In this case, for example, button icons or a software keyboard are displayed using the display function of the display unit 202, and the operation reception function of the operation unit 203 detects when the user touches these areas. The display unit 202 and the operation unit 203 may be separated, with separate hardware for display and hardware for operation reception. The power key 204 is a hard key for receiving user input to turn the power of the information processing device 200 on or off.
[0032] The information processing device 200 has a wireless communication unit 201 that provides WLAN communication functionality, as shown in Figure 6. The wireless communication unit 201 is configured to perform data (packet) communication in a WLAN system compliant with, for example, the IEEE 802.11 standard series (IEEE 802.11a / b / g / n / ac / ax, etc.). However, it is not limited to this, and the wireless communication unit 201 may be able to perform communication in a WLAN system compliant with other standards. In this embodiment, the wireless communication unit 201 is capable of communicating in both the 2.4GHz and 5GHz frequency bands. Furthermore, the wireless communication unit 201 is capable of performing communication in WFD mode, soft AP mode, wireless infrastructure mode, etc.
[0033] Figure 6 shows an example of the configuration of the information processing device 200. The information processing device 200 includes a main board 211 that controls the entire device, a wireless communication unit 201 that performs WLAN communication, a display unit 202, an operation unit 203, and a short-range wireless communication unit 205 that performs wireless communication different from that of the wireless communication unit 201. The main board 211 includes, for example, a CPU 212, ROM 213, RAM 214, image memory 215, data conversion unit 216, telephone unit 217, GPS 219, camera unit 221, non-volatile memory 222, data storage unit 223, speaker unit 224, and power supply unit 225. GPS is an abbreviation for Global Positioning System. Each functional unit within the main board 211 is interconnected via a system bus 228. In addition, the main board 211 and the wireless communication unit 201, and the main board 211 and the short-range wireless communication unit 205 are connected, for example, via a dedicated bus. Furthermore, the main board 211 and the display unit 202, and the main board 211 and the operation unit 203 are connected, for example, via a dedicated bus.
[0034] The CPU 212 is the system control unit and controls the entire information processing device 200. The operation of the information processing device 200 described in this embodiment is realized, for example, by the CPU 212 reading and executing a program stored in the ROM 213. Dedicated hardware may be provided for each process. The ROM 213 stores control programs and embedded operating system (OS) programs executed by the CPU 212. Software control such as scheduling and task switching is performed by the CPU 212 executing each control program stored in the ROM 213 under the management of the embedded OS stored in the ROM 213. The RAM 214 is composed of SRAM (Static RAM) or the like. The RAM 214 stores data such as program control variables, user-registered settings, and management data for the information processing device 200. The RAM 214 may also be used as a buffer for various work. The image memory 215 is composed of memory such as DRAM (Dynamic RAM). The image memory 215 temporarily stores image data received via the wireless communication unit 201 and image data read from the data storage unit 223 for processing by the CPU 212. The non-volatile memory 222 is composed of memory such as flash memory and continues to store data even when the power to the information processing device 200 is turned off. Note that the memory configuration of the information processing device 200 is not limited to the above configuration. For example, the image memory 215 and RAM 214 may be shared, or data backup may be performed using the data storage unit 223. In this embodiment, DRAM is given as an example of image memory 215, but other storage media such as hard disks or non-volatile memory may be used.
[0035] The data conversion unit 216 performs data analysis of various data formats and data conversions such as color conversion and image conversion. The telephone unit 217 controls the telephone line and processes voice data input and output via the speaker unit 224, which includes a microphone and speaker, to realize telephone communication. The GPS 219 receives radio waves transmitted from satellites and acquires positional information such as the current latitude and longitude of the information processing device 200. The camera unit 221 has the function of electronically recording and encoding images input through the lens. Image data obtained by imaging by the camera unit 221 is stored in the data storage unit 223. The speaker unit 224 has the function of inputting or outputting voice for telephone functions and controls other functions such as alarm notifications. The power supply unit 225 is, for example, a portable battery and controls the power supply to the device. The power state of the information processing device 200 can be, for example, a battery-dead state where there is no remaining battery power, a power-off state where the power key 204 is not pressed, a power-on state (startup state) where the power key 204 is pressed, or a power-saving state where it is running but power consumption of individual elements is suppressed. The display unit 202 electronically controls the display content and performs control to display various input contents, the operating status of the MFP300, status status, etc. The operation unit 203 receives user operation and performs control such as generating an electrical signal corresponding to that operation and outputting it to the CPU 212.
[0036] The information processing device 200 performs wireless communication using the wireless communication unit 201 and communicates data with other communication devices such as the MFP 300. The wireless communication unit 201 converts data into packets and transmits the packets to other communication devices. The wireless communication unit 201 also restores packets from other external communication devices to their original data and outputs it to the CPU 212. The wireless communication unit 201 is a unit for realizing communication compliant with standards such as WLAN. The short-range wireless communication unit 205 communicates using a different communication method than the wireless communication unit 201, for example, Bluetooth (registered trademark). The configuration of the main board 211 is not limited to the above. For example, the individual functions of the main board 211 realized by the CPU 212 may be realized by processing circuits such as ASICs (Application-Specific Integrated Circuits), and may be realized by either hardware or software.
[0037] Figure 7 is a block diagram showing an example configuration of an access point 400 having wireless LAN access point functionality. The access point 400 includes a main board 410 that controls the access point 400, a wireless communication unit 420, a wired communication unit 421, and operation buttons 422. These are connected to each other via an internal bus 419 so that they can communicate with one another.
[0038] The main board 410 is equipped with a microprocessor-type CPU 411. The CPU 411 operates according to the control program stored in the ROM-type program memory 412, which is connected via the internal bus 418, and the contents stored in the RAM-type data memory 413. In this embodiment, the operation of the access point 400 is realized, for example, by the CPU 411 reading and executing the program stored in the program memory 412. The CPU 411 performs wireless LAN communication with other communication devices by controlling the wireless communication unit 420 via the wireless communication control unit 414. The CPU 411 also performs wired LAN communication with other communication devices by controlling the wired communication unit 421 via the wired communication control unit 415. The CPU 411 accepts user operations via the operation button 422 via the operation control circuit 416.
[0039] The access point 400 includes a terminal access control unit 417. The terminal access control unit 417 protects the network by authenticating communication devices connected to the network. The terminal access control unit 417 authenticates communication devices connected to the network using various methods. These methods include, for example, the PSK method using a pre-shared key, the SAE method using SAE (Simultaneous Authentication of Equals), and the EAP method using an IEEE 802.1X / EAP-compatible authentication server 500. Since EAP is used in the IEEE 802.1X authentication method, the IEEE 802.1X authentication method is also referred to as the IEEE 802.1X / EAP authentication method. The IEEE 802.1X / EAP authentication method is also referred to as the EAP method. The communication channel authenticated in this way can be changed or switched by the channel change unit 418. In this embodiment, authentication methods that do not use an authentication server are the PSK method and the SAE method, and authentication methods that use an authentication server are the EAP method. Furthermore, authentication methods that do not use an authentication server are also called personal methods, while authentication methods that use an authentication server are also called enterprise methods.
[0040] Figure 8 shows an example of the configuration of the authentication server 500. The authentication server 500 includes a main board 511 that controls the authentication server 500, a communication unit 501 that performs wired LAN communication, etc., a display unit 502, and an operation unit 503. The main board 511 includes a CPU 512, ROM 513, RAM 514, image memory 515, non-volatile memory 516, data storage unit 518, and communication control unit 517. Each functional unit within the main board 511 is interconnected via a system bus 519. Furthermore, the main board 511 and the communication unit 501, the main board 511 and the display unit 502, and the main board 511 and the operation unit 503 are each connected via, for example, a dedicated bus.
[0041] The CPU 512 is the system control unit and controls the entire authentication server 500. In this embodiment, the operation of the authentication server 500 is realized, for example, by the CPU 512 reading and executing a program stored in the ROM 513. Dedicated hardware may be provided for each process. The ROM 513 stores control programs and embedded operating system (OS) programs executed by the CPU 512. By the CPU 512 executing each control program stored in the ROM 513 under the management of the embedded OS stored in the ROM 513, software control such as scheduling and task switching is performed. The RAM 514 is composed of SRAM (Static RAM) or the like. The RAM 514 stores data such as program control variables, user-registered settings, and management data for the authentication server 500. The RAM 514 may also be used as a buffer for various work tasks. The image memory 515 is composed of memory such as DRAM (Dynamic RAM). The image memory 515 temporarily stores image data received via the communication unit 501 and image data read from the data storage unit 518 for processing by the CPU 512. The data storage unit 518 is composed of a storage medium such as an SSD (Solid State Drive) and continues to store data even when the authentication server 500 is powered off. In this embodiment, an SSD is given as an example of the data storage unit 518, but other storage media such as a hard disk or non-volatile memory may be used. The display unit 502 electronically controls the display content and performs control for displaying various input content and status information. The operation unit 503 receives user operations and performs control such as generating electrical signals corresponding to those operations and outputting them to the CPU 512.
[0042] The CPU 512 controls the communication control unit 517 to perform communication using the communication unit 501, and communicates data with other communication devices such as the access point 400. The communication unit 501 converts data into packets and sends the packets to other communication devices. The communication unit 501 also restores packets from other external communication devices back to their original data and outputs it to the CPU 512. The communication unit 501 is capable of data (packet) communication in a wired LAN (Ethernet) system compliant with, for example, the IEEE 802.3 series.
[0043] The following describes the communication modes in which the communication device in the communication system 100 can operate.
[0044] [Wireless Direct Mode (P2P Mode)] This document describes a communication method using wireless direct mode in WLAN communication, where devices communicate directly wirelessly without going through an external access point. Wireless direct mode communication can be implemented using multiple methods; for example, a communication device can selectively use one of the wireless direct modes described above to perform wireless direct mode communication. Wireless direct mode communication is sometimes referred to as "wireless direct communication" or "P2P communication."
[0045] For example, a communication device capable of performing wireless direct communication is configured to support at least one of two modes: soft AP mode and Wi-Fi Direct (WFD) mode. On the other hand, even a communication device capable of performing wireless direct communication does not have to support all of these modes; it may be configured to support only some of them. In this embodiment, the communication device can also support wireless infrastructure mode in addition to wireless direct mode.
[0046] A communication device (e.g., an information processing device 200) with WFD mode communication capabilities receives user input via its control panel, thereby calling an application to implement its communication function. Based on the user input received through the user interface screen provided by that application, it then executes communication in WFD mode. When operating in P2P mode, the MFP300 acts as a master in connection and communication with other devices. That is, in soft AP mode, the MFP300 acts as a soft AP (access point). In WFD mode, the MFP300 acts as the group owner. However, this is not limited to WFD mode; the MFP300 may also act as a slave device by performing group owner negotiation. Figure 10(c) shows the state in which the MFP300 operates in P2P mode. In this state, communication between the MFP300 and the information processing device 200 can be achieved without going through the authentication server 500 or the access point 400.
[0047] [Wireless Infrastructure Mode] In contrast to wireless direct mode, wireless infrastructure mode connects communication devices that communicate with each other to an external access point that manages the network, and communication between communication devices takes place via the external access point. Here, "communication between communication devices" refers to, for example, the communication between the information processing device 200 and the MFP300. In other words, communication between communication devices is performed via the network established by the external access point. Furthermore, the MFP300 operating in wireless infrastructure mode acts as a slave device (station) in connection and communication with the access point 400. In wireless infrastructure mode, each communication device searches for an external access point by sending a device discovery request (ProbeRequest). When each communication device receives a device discovery response (ProbeResponse) from the external access point, it displays the SSID included in the ProbeResponse. For example, if the information processing device 200 and the MFP300 each discover access point 400 and send connection requests to this access point 400, communication between these communication devices in wireless infrastructure mode via access point 400 becomes possible. Note that multiple communication devices may connect to separate access points. In this case, data transfer between each access point enables communication between communication devices. The commands and parameters sent and received during communication between communication devices via the access points are those specified in the Wi-Fi standard. In the configuration described above, access point 400 determines the frequency band and frequency channel. Therefore, access point 400 selects which frequency band to use from 5GHz and 2.4GHz, and which frequency channel to use within that frequency band.
[0048] When the information processing device 200 or MFP300 connects to a wireless LAN configured by the access point 400, authentication is performed by the access point 400. The information processing device 200 and MFP300 can connect to the wireless LAN after being authenticated by the authentication method of the wireless LAN configured by the access point 400. Wireless LAN authentication methods include the PSK method using a pre-shared key, the SAE method using SAE, and the EAP method using an IEEE802.1X / EAP compliant authentication server.
[0049] Figure 10(a) shows the MFP300 operating in wireless infrastructure mode, connected to an access point 400 that supports IEEE 802.1X authentication. In this state, communication between the MFP300 and the information processing device 200 can be achieved based on authentication performed in cooperation with the access point 400 by the authentication server 500.
[0050] Figure 10(b) also shows the state in which the MFP300 operates in wireless infrastructure mode, connected to an access point 400 that does not support IEEE802.1X authentication. In this state, communication between the MFP300 and the information processing device 200 can be achieved without authentication performed by the authentication server 500 in cooperation with the access point 400.
[0051] [Wired communication mode] Wired communication mode is a communication mode for communication between communication devices via a wired LAN, etc. When the MFP300 is operating in wired communication mode, it cannot operate in wireless infrastructure mode. In wired communication mode, data (packet) communication is performed over a wired LAN (Ethernet) compliant with, for example, the IEEE 802.3 series. When the MFP300 is operating with IEEE 802.1X / EAP settings enabled, authentication by IEEE 802.1X is performed when connecting to a wired LAN configured by an access point 400.
[0052] Next, we will describe the user interface screens displayed on the operation display unit 302 of the MFP300 and the display unit 202 of the information processing device 200, in order to connect the MFP300 to the network of the access point 400 using an authentication method with an authentication server 500.
[0053] Figure 11 is a diagram illustrating the screen transitions when LAN settings 343 is selected from the settings menu on screen 341 in Figure 4(b) on the operation display unit 302 of the MFP300. Screen 1100 shown in Figure 11(a) is displayed when "LAN settings" 342 is selected on screen 341 in Figure 4(b), and is a screen where the user can change the LAN settings. Screen 1100 displays, for example, Wireless LAN 1101, Wired LAN 1102, Wireless Direct 1103, and Common Settings 1104. When connecting an access point that supports the Personal method to the MFP300, the user selects Wireless LAN 1101.
[0054] The screen 1110 shown in Figure 11(b) is displayed when "Wireless LAN" 1101 is selected in the screen 1100 of Figure 11(a), and allows the user to change the wireless LAN settings. Screen 1110 displays, for example, Wireless LAN Enable / Disable 1111, Wireless LAN Setup 1112, Wireless LAN Settings Display 1113, and Advanced Settings 1114. The Wireless LAN Enable / Disable 1111 is an area for setting whether to enable or disable the state in which the MFP300 can communicate using wireless LAN. When this area is selected, user operation is accepted on the displayed screen, and the state in which the MFP300 can communicate using wireless LAN is set to disabled or enabled. When this state is set to disabled, the MFP300 will not perform wireless LAN communication or connection.
[0055] Screen 1120, shown in Figure 11(c), is displayed when "Advanced Settings" 1114 is selected in screen 1110 of Figure 11(b), and allows the user to change the LAN advanced settings. Screen 1120 displays, for example, TCP / IP settings 1121 and 802.1X / EAP settings 1122. Screen 1130, shown in Figure 11(d), is displayed when "802.1X / EAP Settings" 1122 is selected in screen 1120 of Figure 11(c), and allows the user to change the IEEE802.1X / EAP settings. Screen 1130 displays, for example, enable / disable IEEE802.1X / EAP 1131, search for EAP routers 1132, and check the previous authentication result 1133.
[0056] Screen 1140, shown in Figure 11(e), is displayed when IEEE802.1X / EAP settings are enabled, "Search for EAP routers" 1132 is selected on screen 1130, and a wireless access point search using the authentication server 500 is being performed. Wireless access point search is the process of searching for access points in the vicinity of the MFP300. Screen 1140, shown in Figure 11(e), is also displayed when "Wireless LAN setup" 1112 is selected on screen 1110 in Figure 11(b), and a wireless access point search using an authentication method that does not use the authentication server 500 is being performed.
[0057] The screen 1150 shown in Figure 11(f) displays a list of wireless access point identifiers (SSID: Service Set Identifier) as a result of searching for wireless access points. If "EAP Router Search" 1132 is selected, the screen 1150 shown in Figure 11(f) performs an EAP router search and displays only the SSIDs of wireless access points using the IEEE802.1X / EAP authentication method. In this embodiment, since the access point is, for example, a router, the router search is equivalent to a wireless access point search. If "Wireless LAN Setup" 1112 is performed, only the SSIDs of wireless access points that do not use the IEEE802.1X / EAP authentication method are displayed. The screen 1150 shown in Figure 11(f) displays SSIDs 1151 to 1153, namely SSIDWPA-EAP0001, WPA2-EAP005, and WPA3-EAP003. These correspond to the WPA-EAP, WPA2-EAP, and WPA3-EAP methods, respectively. In addition, other examples of the display may include well-known methods such as WPA-PSK, WPA3-SAE, etc., or the OPEN method may be indicated as an ancillary example.
[0058] The screen 1160 shown in Figure 11(g) is displayed while one of the wireless access point's SSIDs 1151, 1152, or 1153 is selected in the screen 1150 of Figure 11(f) and the connection process with the wireless access point is being performed. The screen 1170 shown in Figure 11(h) is displayed after the screen 1160 of Figure 11(g) is displayed, when the attempt to connect to the access point is completed and the connection is successful or the connection has progressed to a predetermined stage.
[0059] Screen 1180, shown in Figure 11(i), is the screen where "Enable / Disable IEEE802.1X / EAP" 1131 is selected in screen 1130 of Figure 11(d), allowing the user to change the IEEE802.1X / EAP setting between enabled and disabled. Screen 1180 displays both "Enable" 1151 and "Disable" 1152. When the IEEE802.1X / EAP setting is disabled, the MFP300 does not attempt to connect to an access point via IEEE802.1X / EAP. Screen 1190, shown in Figure 11(j), is the screen displayed when "Search for EAP routers" 1132 is selected in screen 1130 of Figure 11(d) when the IEEE802.1X / EAP setting is disabled. In other words, in this embodiment, even if "Search for EAP routers" 1132 is selected when the IEEE802.1X / EAP setting is disabled, the router search is not performed. The screen 1195 shown in Figure 11(k) is displayed when "Wireless Direct" 1103 is selected in the screen 1100 of Figure 11(a) while the IEEE802.1X / EAP setting is enabled. Thus, in this embodiment, when Wireless Direct 1103 is selected while the IEEE802.1X / EAP setting is enabled, a message is displayed indicating that the connection will not be made in Wireless Direct mode.
[0060] The control performed when IEEE802.1X / EAP settings are disabled to prevent connection to access points using IEEE802.1X / EAP authentication is not limited to the control described above. For example, the MFP300 may perform a router search, but may not display access points with IEEE802.1X / EAP authentication enabled in the list of access points found by the router search. Alternatively, access points with IEEE802.1X / EAP authentication enabled may also be displayed in the list, but even if selected by the user, the MFP300 may not perform the connection process with access points with IEEE802.1X / EAP authentication enabled.
[0061] When connecting the MFP300 to a network where IEEE802.1X / EAP authentication is enabled, it is necessary to configure the MFP300 with the authentication information required before performing authentication. The outline of the process for connecting the MFP300 to a network where IEEE802.1X / EAP authentication is enabled, which is configured by the access point 400 in this embodiment, will be explained with reference to Figure 9.
[0062] First, in S901, a connection is established between the information processing device 200 and the MFP300 using a connection method that does not employ IEEE802.1X / EAP authentication. In S901, the information processing device 200 and the MFP300 are connected to a network that does not employ IEEE802.1X / EAP authentication, which is configured by an access point 400 as shown in Figure 10(b), enabling communication between the communication devices via the access point 400. A network that does not employ IEEE802.1X / EAP authentication is, for example, a network with an authentication method that does not employ an authentication server 500. Alternatively, the connection between the information processing device 200 and the MFP300 may be realized by connecting the information processing device 200 to a network configured by the MFP300 as a master station in wireless direct mode, as shown in Figure 10(c). Specifically, in S901, for example, the MFP300 receives a connection request from the information processing device 200 and establishes a connection between the MFP300, which operates in P2P mode, and the information processing device 200.
[0063] Next, in S902, as explained in Figure 12, the information processing device 200 transmits IEEE802.1X / EAP authentication information to the MFP300. The MFP300 then uses this information to perform the IEEE802.1X / EAP authentication settings. Then, in S903, the MFP300 connects to the IEEE802.1X / EAP authentication enabled network configured by the access point 400. In other words, the MFP300 establishes a connection with an access point that enables IEEE802.1X / EAP authentication. In S903, the MFP300 is connected to the IEEE802.1X / EAP authentication enabled network (for example, using an authentication server 500) configured by the access point 400 as shown in Figure 10(a), and communication devices can communicate with each other via the access point 400.
[0064] Figure 12 is a diagram illustrating the screen transitions in the information processing device 200. Figure 12(a) shows an example of the settings screen for the MFP300 displayed on the information processing device 200. Screen 1200 in Figure 12(a) is displayed when a web browser or application program (hereinafter referred to as "application") running on the information processing device 200 communicates with an HTTP server running on the MFP300. Screen 1200 displays, for example, the printer status 1201, main unit settings 1202, LAN settings 1203, and security settings 1204. Note that screen 1200 shown in Figure 12(a) may also be displayed by the USB communication control unit 320 of the MFP300 waiting for and responding to HTTP requests via USB communication.
[0065] If "Security Settings" 1204 is selected on screen 1200 in Figure 12(a), screen 1210 shown in Figure 12(b) will be displayed. Screen 1210 will display, for example, SSL / TLS settings 1211 and IEEE802.1X / EAP settings 1212. If "IEEE802.1X / EAP settings" 1212 is selected on screen 1210 in Figure 12(b), screen 1220 shown in Figure 12(c) will be displayed.
[0066] If "Authentication Method" 1221 is selected on screen 1220 in Figure 12(c), screen 1230 shown in Figure 12(d) will be displayed. On screen 1230 in Figure 12(d), selecting either "EAP-TLS" 1231, "EAP-TTLS" 1232, or "PEAP" 1233 will set the authentication method to be used for IEEE802.1X / EAP authentication on the MFP300. Also, if a login name is entered in "Username" 1234 and a password in "Password" 1235 on screen 1230 in Figure 12(d), the login name and password to be used for IEEE802.1X / EAP authentication will be set on the MFP300.
[0067] On screen 1220 in Figure 12(c), the user selects "Key and Certificate Settings" 1222, and on screen 1240 in Figure 12(e), the user selects "Upload Key and Certificate" 1241, which displays screen 1250 in Figure 12(f). On screen 1250, the user can register the certificate to be used for IEEE802.1X / EAP authentication to the MFP300. On screen 1250 in Figure 12(f), the user selects a file using "Select File" 1251, thereby selecting the certificate to be used for IEEE802.1X / EAP authentication. Then, on screen 1250, the user enters a password in "Password" 1252 and selects "Upload" 1253, setting the certificate and password to be used for IEEE802.1X / EAP authentication to the MFP300.
[0068] On screen 1240 in Figure 12(e), the user can delete the certificate stored on the MFP300 by selecting "Delete keys and certificates" 1242. Additionally, on screen 1240 in Figure 12(e), the user can view a list of certificates stored on the MFP300 by selecting "View keys and certificates" 1243.
[0069] When the user selects "Enable / Disable IEEE802.1X / EAP" 1223 on screen 1220 in Figure 12(c), screen 1260 shown in Figure 12(g) is displayed. On screen 1260 in Figure 12(g), the user can enable or disable IEEE802.1X / EAP on the MFP300 using Enable 1261 or Disable 1262.
[0070] Through the user operations described above, the user can configure authentication information used for IEEE 802.1X / EAP authentication for the MFP300. The MFP300 can connect to the network using the authentication server 500, which is configured with access points 400, by being authenticated by the authentication server 500 using the configured authentication information. In this embodiment, the connection in each mode is managed as enabled (ON state) / disabled (OFF state). For example, in the MFP300, the switching of enabled connections and control of communications can be performed by controlling the wireless communication unit 307 and the wired communication unit 321.
[0071] Next, the authentication connection settings and non-authentication connection settings stored in the MFP300 will be described. In this embodiment, settings that can be changed by a specific user with higher authority to change settings than other users are called authentication connection settings. In this embodiment, authentication connection settings are information about the settings used for communication between the MFP300 and an access point after the MFP300 connects to an access point where IEEE802.1X / EAP authentication is enabled and the authentication is completed. The specific user is, for example, the network administrator. Authentication connection settings can only be changed by the administrator; non-administrator users cannot change them. On the other hand, settings that can be changed by both the administrator and non-administrator users are called non-authentication connection settings. In this embodiment, non-authentication connection settings are information about the settings used for communication between the MFP300 and an access point after the MFP300 connects to an access point that does not use IEEE802.1X / EAP authentication and the Personal authentication is completed. In this embodiment, the settings information for authenticated connections and the settings information for unauthenticated connections are stored separately in the memory area. Furthermore, if any of this information is changed, the changed information is stored separately in the memory area.
[0072] Figure 16 shows an example of a memory configuration in which authentication connection configuration information 1601 and non-authentication connection configuration information 1602 are stored. Figure 16 shows how authentication connection configuration information 1601 and non-authentication connection configuration information 1602 are stored in the storage area 1600 within the data memory 314.
[0073] Items 1603 and 1606 indicate the configuration items in the configuration information. Item 1603 indicates how to obtain an IPv4 address, and item 1606 indicates how to obtain an IPv6 address. Configuration information 1604 is the configuration information for authenticated connections for item 1603 and indicates "DHCP". Configuration information 1605 is the configuration information for unauthenticated connections for item 1603 and indicates "Manual setting". Configuration information 1607 is the configuration information for authenticated connections for item 1606 and indicates "DHCPv6". Configuration information 1608 is the configuration information for unauthenticated connections for item 1606 and indicates "Disabled".
[0074] As shown in Figure 16, in this embodiment, the authentication connection setting information 1601 and the non-authentication connection setting information 1602 are stored separately in the storage area of the data memory 314, and as will be described later, it is determined which one is used based on whether or not the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled.
[0075] The authentication connection configuration information 1601 and the non-authenticated connection configuration information 1602 are not limited to the example shown in Figure 16. They may be any configuration items different from the method for obtaining an IPv4 address and the method for obtaining an IPv6 address. In this embodiment, the method for obtaining an IPv4 address and the method for obtaining an IPv6 address are described as examples of configuration items.
[0076] Figures 13(a) to 13(g) show examples of screens where configuration information can be changed. Screen 1300 shown in Figure 13(a) is displayed when detailed settings 1114 is selected on screen 1110 in Figure 11(b), and is a screen for selecting the information to change. Screen 1300 displays the configuration information for authenticated connections 1301 and the configuration information for unauthenticated connections 1302.
[0077] The screen 1310 shown in Figure 13(b) is displayed when the authentication connection settings information 1301 is selected on screen 1300 in Figure 13(a). Screen 1310 is used to authenticate whether the user currently operating the screen is an administrator. Screen 1310 displays a password input field 1311. Authentication is performed to determine whether the user operating the screen is an administrator when the administrator password is entered in the password input field 1311.
[0078] Screen 1320, shown in Figure 13(c), is displayed when the user currently operating the screen in Screen 1310, shown in Figure 13(b), is authenticated as an administrator. Screen 1320 is used to select the configuration information to change from the configuration information used when the MFP300 is connected to a network with IEEE802.1X / EAP authentication enabled. Screen 1320 displays item 1321, "IPv4 address acquisition method," and item 1322, "IPv6 address acquisition method."
[0079] Screen 1330, shown in Figure 13(d), is displayed when the setting information for unauthenticated connection 1302 is selected in screen 1300, shown in Figure 13(a). Screen 1330 is used to select the setting information to change from the setting information used when the MFP300 is not connected to a network with IEEE802.1X / EAP authentication enabled. On screen 1330, item 1331, "IPv4 address acquisition method," and item 1332, "IPv6 address acquisition method," are displayed.
[0080] If "IPv4 Address Acquisition Method" is selected on screen 1320 shown in Figure 13(c), or on screen 1330 shown in Figure 13(d), screen 1340 shown in Figure 13(e) will be displayed. In other words, if you transition from screen 1320, you can change the setting for how to acquire an IPv4 address used when the MFP300 is connected to a network with IEEE802.1X / EAP authentication enabled. If you transition from screen 1330, you can change the setting for how to acquire an IPv4 address used when the MFP300 is not connected to a network with IEEE802.1X / EAP authentication enabled. On screen 1340, item 1341 "DHCP" and item 1342 "Manual Setting" are displayed.
[0081] If item 1341 is selected after transitioning from screen 1320, "DHCP" is stored in data memory 314 as setting information 1604 in Figure 16. In this case, when the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, the address obtained by DHCP is used as the IPv4 address. Also, if item 1341 is selected after transitioning from screen 1330, "DHCP" is stored in data memory 314 as setting information 1605 in Figure 16. In this case, when the MFP300 is not connected to a network where IEEE802.1X / EAP authentication is enabled, the address obtained by DHCP is used as the IPv4 address.
[0082] The screen 1350 shown in Figure 13(f) is displayed when "Manual Setting" for item 1342 is selected on the screen 1340 shown in Figure 13(e). Screen 1350 is a screen where the IPv4 address can be manually set. On screen 1350, the manual address input field 1351 is displayed. When the IPv4 address acquisition method is set to "Manual Setting", the address entered in the manual address input field 1351 is used as the IPv4 address. If item 1342 is selected after transitioning from screen 1320, "Manual Setting" is stored in the data memory 314 as setting information 1604 in Figure 16. Also, if item 1342 is selected after transitioning from screen 1330, "Manual Setting" is stored in the data memory 314 as setting information 1605 in Figure 16.
[0083] If item 1322, "IPv6 Address Acquisition Method," is selected on screen 1320 shown in Figure 13(c), or if item 1332, "IPv6 Address Acquisition Method," is selected on screen 1330 shown in Figure 13(d), then screen 1360 shown in Figure 13(g) will be displayed. In other words, if you transition from screen 1320, you can change the setting for how to acquire an IPv6 address used when the MFP300 is connected to a network with IEEE802.1X / EAP authentication enabled. If you transition from screen 1330, you can change the setting for how to acquire an IPv6 address used when the MFP300 is not connected to a network with IEEE802.1X / EAP authentication enabled. On screen 1360, item 1361, "Disabled," item 1362, "Link-Local Address (LLA) Only," item 1363, "DHCPv6," and item 1364, "Manual Setting" are displayed.
[0084] If you transition from screen 1320 and select any of items 1361 to 1364, the above setting information will be stored in setting information 1607 in Figure 16. If "Disabled" is selected, when the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, the IPv6 address will not be used. If "LLA only" is selected, when the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, only the link-local address will be used as the IPv6 address. If "DHCPv6" is selected, when the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, both the link-local address and the address obtained by DHCPv6 will be used as the IPv6 address. If "Manual setting" is selected, when the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, both the link-local address and the address entered by the user will be used as the IPv6 address.
[0085] If you transition from screen 1330 and select any of items 1361 to 1364, the above setting information will be stored in setting information 1608 in Figure 16. If "Disabled" is selected, the IPv6 address will not be used when the MFP300 is not connected to a network with IEEE802.1X / EAP authentication enabled. If "LLA only" is selected, only the link-local address will be used as the IPv6 address when the MFP300 is not connected to a network with IEEE802.1X / EAP authentication enabled. If "DHCPv6" is selected, both the link-local address and the address obtained by DHCPv6 will be used as the IPv6 address when the MFP300 is not connected to a network with IEEE802.1X / EAP authentication enabled. If "Manual setting" is selected, both the link-local address and the address entered by the user will be used as the IPv6 address when the MFP300 is not connected to a network with IEEE802.1X / EAP authentication enabled.
[0086] The following describes the process when applying the authentication connection configuration information 1601, which has been modified by the administrator, to the actual operation of the MFP300.
[0087] Figure 14 is a flowchart showing the processing when the authentication connection configuration information 1601 is changed. The processing in Figure 14 is achieved, for example, by the CPU 311 reading and executing the program stored in the program memory 313.
[0088] In S1401, the CPU 311 modifies the authentication connection configuration information 1601 stored in the data memory 314 with the configuration information entered via the screens shown in Figures 13(e) and 13(f), or Figure 13(g). For example, the IPv4 address acquisition method 1603 and the IPv6 address acquisition method 1606 are changed to the configuration information entered by the administrator. There may be other configuration information items. For IPv4 address acquisition method 1603, for example, it is changed to either "DHCP" (item 1341) or "Manual setting" (item 1342) in Figure 13(e). Similarly, for IPv6 address acquisition method 1606, for example, it is changed to either "Disabled (Do not use IPv6 address)" (item 1361), "Use link-local address only" (item 1362), "Obtain by DHCPv6" (item 1363), or "Manual setting" (item 1364) in Figure 13(g).
[0089] In S1402, the CPU 311 determines whether the IEEE802.1X / EAP setting is enabled or disabled. The determination in S1402 is made, for example, based on the setting information entered via the screen shown in Figure 11(i) on the MFP 300. If it is determined to be enabled, the process proceeds to S1403. On the other hand, if it is determined to be disabled, the process in Figure 14 is terminated. In other words, in that case, even if the authentication connection setting information 1601 is changed, the changes will not be applied to the actual operation.
[0090] In S1403, the CPU 311 determines whether the MFP 300 is connected to a network established by the access point 400 that has IEEE 802.1X / EAP authentication enabled. If it is determined that it is connected, the process proceeds to S1404. On the other hand, if it is determined that it is not connected, the process shown in Figure 14 is terminated. In other words, in that case, even if the authentication connection configuration information 1601 is changed, the changes will not be applied to the actual operation. The determination of whether or not it is connected may be made, for example, based on whether or not it has received a packet indicating successful authentication from the access point 400.
[0091] In S1404, CPU311 applies the authentication connection configuration information 1601, which was modified in S1401, to actual operation. For example, an IPv4 address or IPv6 address is obtained based on the configuration information set for the IPv4 address acquisition method 1603 and the IPv6 address acquisition method 1606.
[0092] Thus, according to this embodiment, the authentication connection configuration information 1601 modified by the administrator is applied to the actual operation of the MFP300, provided that the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, in other words, authentication is completed. On the other hand, if the IEEE802.1X / EAP setting is disabled, or if the MFP300 is not connected to a network where IEEE802.1X / EAP authentication is enabled, the authentication connection configuration information 1601 modified by the administrator is not applied to the actual operation of the MFP300. Therefore, it is possible to prevent non-administrator users from having their use of the communication device restricted by configuration information modified by the administrator. In this case, the authentication connection configuration information 1601 modified by the administrator is stored in the data memory 314 and is therefore preserved.
[0093] The following describes the process when applying the unauthenticated connection configuration information 1602, modified by an administrator or a non-administrator user, to the actual operation of the MFP300.
[0094] Figure 15 is a flowchart showing the processing when the unauthenticated connection configuration information 1602 is changed. The processing in Figure 15 is achieved, for example, by the CPU 311 reading and executing the program stored in the program memory 313.
[0095] In S1501, the CPU 311 modifies the unauthenticated connection configuration information 1602 stored in the data memory 314 with the configuration information entered via the screens shown in Figures 13(e) and 13(f), or Figure 13(g). For example, the IPv4 address acquisition method 1603 and the IPv6 address acquisition method 1606 are changed to the configuration information entered by the administrator. There may be other configuration information items. For IPv4 address acquisition method 1603, for example, it is changed to either "DHCP" (item 1341) or "Manual setting" (item 1342) in Figure 13(e). Similarly, for IPv6 address acquisition method 1606, for example, it is changed to either "Disabled (Do not use IPv6 address)" (item 1361), "Use link-local address only" (item 1362), "Obtain by DHCPv6" (item 1363), or "Manual setting" (item 1364) in Figure 13(g).
[0096] In S1502, the CPU311 determines whether the IEEE802.1X / EAP setting is enabled or disabled. This determination in S1502 is based, for example, on the setting information entered via the screen shown in Figure 11(i) on the MFP300. If it is determined to be enabled, the process proceeds to S1503. If it is determined to be disabled, the process proceeds to S1504.
[0097] In S1503, the CPU 311 determines whether the MFP 300 is connected to a network established by the access point 400 that has IEEE 802.1X / EAP authentication enabled. If it is determined that it is connected, the process shown in Figure 15 is terminated. In other words, in this case, even if the unauthenticated connection configuration information 1602 is changed, the changes will not be applied to the actual operation. On the other hand, if it is determined that it is not connected, the process proceeds to S1504. The determination of whether or not it is connected may be made, for example, based on whether or not it has received a packet indicating successful authentication from the access point 400.
[0098] In S1504, CPU311 applies the unauthenticated connection configuration information 1602, which was modified in S1501, to actual operation. For example, an IPv4 address or IPv6 address is obtained based on the configuration information set for the IPv4 address acquisition method 1603 and the IPv6 address acquisition method 1606.
[0099] Thus, according to this embodiment, when the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, the modified unauthenticated connection configuration information 1602 is not applied to the actual operation of the MFP300. Therefore, the configuration information entered by the administrator for that network is preserved. On the other hand, when the IEEE802.1X / EAP setting is disabled, or when the MFP300 is not connected to a network where IEEE802.1X / EAP authentication is enabled, the modified unauthenticated connection configuration information 1602 is applied to the actual operation. Therefore, it is possible to prevent non-administrator users from having their use of the communication device restricted by configuration information modified by the administrator.
[0100] The following describes the process for determining the configuration information that is applied when the MFP300 starts up.
[0101] Figure 17 is a flowchart showing the process for determining the configuration information to be applied when the MFP300 starts up. For example, this is achieved by the CPU 311 reading and executing a program stored in the program memory 313. The process in Figure 17 starts up when the MFP300 is started.
[0102] In S1701, the CPU 311 initializes the data memory 314. However, at this time, the contents of the authentication connection setting information 1601 and the non-authentication connection setting information 1602 shown in Figure 16 are maintained. In S1702, the CPU 311 initializes the communication control unit 318.
[0103] In S1703, the CPU311 determines whether the IEEE802.1X / EAP setting is enabled or disabled. The determination in S1703 is made, for example, based on the setting information entered via the screen shown in Figure 11(i) on the MFP300. If it is determined to be enabled, the process proceeds to S1704. On the other hand, if it is determined to be disabled, the process proceeds to S1706.
[0104] In S1704, the CPU 311 determines whether the MFP 300 is connected to the IEEE 802.1X / EAP authentication enabled network established by the access point 400. If it is determined that it is connected, the process proceeds to S1705. On the other hand, if it is determined that it is not connected, the process proceeds to S1706. The determination of whether or not it is connected may be based, for example, on whether or not it has received a packet indicating successful authentication from the access point 400.
[0105] In S1705, the CPU 311 applies the authentication connection configuration information 1601 to the actual operation of the MFP 300. On the other hand, in S1706, the CPU 311 applies the non-authentication connection configuration information 1602 to the actual operation of the MFP 300.
[0106] As described above, according to this embodiment, when the MFP300 is started up, if the IEEE802.1X / EAP setting is enabled and the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, the authentication connection setting information 1601 is applied to the actual operation. In this case, if it was changed in, for example, S1401 in Figure 14, the changed authentication connection setting information 1601 is applied to the actual operation. The non-authenticated connection setting information 1602 is stored in a separate memory area of the data memory 314 and can be changed by the user. On the other hand, when the MFP300 is started up, if the IEEE802.1X / EAP setting is disabled, or if it is enabled but the MFP300 is not connected to a network where IEEE802.1X / EAP authentication is enabled, the non-authenticated connection setting information 1602 is applied to the actual operation. In this case, if it was changed in, for example, S1501 in Figure 15, the changed non-authenticated connection setting information 1602 is applied to the actual operation. The authentication connection configuration information 1601 is stored in a separate memory area of the data memory 314 and can be modified by the administrator.
[0107] As described above, the authentication connection configuration information 1601 set by the administrator is preserved, and it is possible to prevent non-administrator users from having their use of the communication device restricted by the administrator's settings.
[0108] Figure 17 illustrates the process for determining the configuration information applied when the MFP300 starts up. Figure 18 shows how to determine the configuration information applied when the authentication information is changed by the administrator. In this embodiment, the 802.1X authentication information can only be changed by the administrator. For example, if there is an item called "Change Authentication Information" on screen 1130 in Figure 11, selecting this item will display an administrator authentication screen where a username and password can be entered. Once the predetermined username and password are entered and authentication is completed, a screen for changing authentication information, as shown in Figure 19, will be displayed, allowing the administrator to change the authentication information.
[0109] Figure 18 is a flowchart showing the process for determining the configuration information to be applied when 802.1X authentication information is changed. For example, this can be achieved by the CPU 311 reading and executing a program stored in program memory 313.
[0110] In S1801, CPU311 modifies the 802.1X authentication information based on input via the authentication information change screen shown in Figure 19.
[0111] In S1802, the CPU311 determines whether the IEEE802.1X / EAP setting is enabled or disabled. This determination in S1802 is based, for example, on the setting information entered via the screen shown in Figure 11(i) on the MFP300. If it is determined to be enabled, the process proceeds to S1803. On the other hand, if it is determined to be disabled, the process proceeds to S1805.
[0112] In S1803, the CPU 311 determines whether the MFP 300 is connected to the IEEE 802.1X / EAP authentication enabled network established by the access point 400. If it is determined that it is connected, the process proceeds to S1804. On the other hand, if it is determined that it is not connected, the process proceeds to S1805. The determination of whether or not it is connected may be based, for example, on whether or not it has received a packet indicating successful authentication from the access point 400.
[0113] In S1804, the CPU 311 applies the authentication connection configuration information 1601 to the actual operation of the MFP 300. On the other hand, in S1805, the CPU 311 applies the non-authentication connection configuration information 1602 to the actual operation of the MFP 300.
[0114] Thus, according to this embodiment, the authentication connection setting information 1601 is applied to the actual operation only if the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled, in other words, if authentication has been completed. Therefore, the setting information entered by the administrator is preserved. As shown in Figure 18, even if the authentication information is changed by the administrator, if authentication has not been completed, the non-authenticated connection setting information 1602 is applied to the actual operation. Therefore, it is possible to prevent non-administrator users from having their use of the communication device restricted by setting information changed by the administrator.
[0115] Figure 20 is a flowchart showing the processes executed when the MFP300, which is connected to a network wirelessly or via a wired connection, is disconnected from the network. For example, this can be achieved by the CPU311 reading and executing a program stored in the program memory313. The processes shown in Figure 20 are executed when the wireless communication unit307 detects a disconnection of the wireless connection or when the wired communication unit320 detects that the cable has been unplugged.
[0116] In S2001, CPU311 attempts to reconnect to the network from which it detected a disconnection.
[0117] In S2002, CPU311 determines whether the reconnection was successful. If it is determined that the reconnection was successful, the process proceeds to S2005. On the other hand, if the reconnection fails, the process proceeds to S2003.
[0118] In S2003, CPU311 determines whether the number of repeated reconnection failures is 6 or more. If it is determined to be 6 or more, the process proceeds to S2007. Note that the threshold used for this determination is not limited to 6; any number such as 1 or 10 can be set. On the other hand, if it is determined to be less than 6, the process proceeds to S2004.
[0119] In S2004, CPU311 waits for 10 seconds.
[0120] In S2005, CPU311 determines whether the IEEE802.1X / EAP setting is enabled or disabled. This determination in S2005 is based, for example, on the setting information entered via the screen shown in Figure 11(i) on the MFP300. If it is determined to be enabled, the process proceeds to S2006. On the other hand, if it is determined to be disabled, the process proceeds to S2007.
[0121] In S2006, CPU311 applies authentication connection configuration information 1601 to the actual operation of MFP300. Then, it attempts to reconnect to the network using authentication connection configuration information 1601. However, in this case, it is also possible that only the application of authentication connection configuration information 1601 is performed without attempting to reconnect. On the other hand, in S2007, CPU311 applies non-authenticated connection configuration information 1602 to the actual operation of MFP300. Then, it attempts to reconnect to the network using non-authenticated connection configuration information 1602. However, in this case, it is also possible that only the application of non-authenticated connection configuration information 1602 is performed without attempting to reconnect.
[0122] For example, suppose the MFP300 is connected to a network where IEEE802.1X / EAP authentication is enabled (i.e., a network using authentication connection configuration information 1601), and that network is disconnected, and attempts to reconnect to that network fail multiple times. In this case, S2003 will determine YES, and the non-authenticated connection configuration information 1602 will be applied to the actual operation. As a result, the MFP300 will connect to a network that does not use IEEE802.1X / EAP authentication (i.e., a network using non-authenticated connection configuration information 1602). This process prevents non-administrator users from having their use of the communication device restricted by configuration information changed by the administrator.
[0123] In the configuration described above, authentication was performed to determine whether the user performing the operation was an administrator, in order to ensure that only administrators could change the authentication connection settings information 1601. Specifically, authentication was performed by accepting a password input on screen 1310, which was displayed after the authentication connection settings information 1301 was selected on screen 1300. However, the configuration is not limited to this. For example, authentication of whether the user is an administrator may be performed by a method other than password input on screen 1310. Specifically, for example, authentication may be performed by reading an IC card held by the administrator using the IC card reader held by the MFP300, and obtaining information corresponding to the administrator from the IC card. Furthermore, the timing of authentication of whether the user is an administrator is not limited to after the authentication connection settings information 1301 is selected on screen 1300. Authentication of whether the user performing the operation is an administrator may be performed at any time before the authentication connection settings information 1301 is selected on screen 1300. Furthermore, if the user performing the operation is authenticated as an administrator and the authentication connection setting information 1301 is selected on screen 1300, screen 1320 may be displayed without screen 1310 being shown.
[0124] Furthermore, while the above states that information that can only be modified by the administrator is information related to the settings used for communication between the MFP300 and the access point after IEEE802.1X / EAP authentication is completed, this is not the only possible form. Specifically, for example, information related to the settings used for IEEE802.1X / EAP authentication may be treated as information that can only be modified by the administrator. More specifically, for example, information that is changed by input to Figures 12(c) to (g) may be treated as information that can only be modified by the administrator. In that case, for example, if IEEE802.1X / EAP setting 1212 in Figure 12(b) is selected, authentication will be performed to determine whether the user performing the operation is an administrator or not. Note that both information related to the settings used for communication between the MFP300 and the access point after IEEE802.1X / EAP authentication is completed and information related to the settings used for IEEE802.1X / EAP authentication may be treated as information that can only be modified by the administrator.
[0125] Furthermore, operations to connect the MFP300 to an access point using IEEE802.1X / EAP authentication, and operations to switch the MFP300 from being connected to an access point using IEEE802.1X / EAP authentication to being connected to an access point using Personal authentication, may also be made executable only by administrators. That is, for example, the input for Figure 11(d) may be made executable only by administrators. In that case, for example, if the 802.1X / EAP setting 1122 in Figure 11(c) is selected, authentication will be performed to determine whether the user performing the operation is an administrator. Also, for example, when the MFP300 is connected to an access point using IEEE802.1X / EAP authentication, the input after the wireless LAN setup 1112 is selected may also be made executable only by administrators. In that case, for example, when the MFP300 is connected to an access point using IEEE802.1X / EAP authentication, if the wireless LAN setup 1112 is selected, authentication will be performed to determine whether the user performing the operation is an administrator.
[0126] The present invention can also be realized by supplying a program that implements one or more of the functions of the above-described embodiments to a system or device via a network or storage medium, and by having one or more processors in the computer of that system or device read and execute the program. It can also be realized by a circuit (e.g., an ASIC) that implements one or more functions.
[0127] This embodiment includes the following communication device, control method, and program. (Item 1) A communication device capable of communicating with an access point, A storage means for storing first configuration information that can be modified by the first user but cannot be modified by the second user, who has lower authority to modify network configuration information than the first user, and second configuration information that can be modified by the second user. A means for establishing a connection between the access point and the communication device, A control means which, when a predetermined authentication method is used in communication using the connection established by the establishment means, operates the communication device using the first setting information stored in the storage means, and when the predetermined authentication method is not used in communication using the connection established by the establishment means, operates the communication device using the second setting information stored in the storage means. A communication device characterized by comprising: (Item 2) The communication device according to claim 1, characterized in that even if the second setting information is changed by the second user, the changed second setting information is not used when the connection is established using the predetermined authentication method by the establishment means. (Item 3) The communication device according to claim 1 or 2, characterized in that even if the first setting information is changed by the first user, if the connection is established by the establishment means without using the predetermined authentication method, the changed first setting information is not used. (Item 4) The communication device according to any one of claims 1 to 3, characterized in that when the communication device is started up, the control means determines whether or not authentication has been performed between the access point and the communication device according to the predetermined authentication method, and if it is determined that authentication has been performed, it operates the communication device using the first setting information stored in the storage means. (Item 5) The system further comprises acquisition means for acquiring authentication information relating to the predetermined authentication method from an information processing device different from the communication device and the access point, The storage means further stores the authentication information acquired by the acquisition means, The communication device according to any one of claims 1 to 4, characterized in that the control means determines whether or not authentication has been performed between the access point and the communication device according to the predetermined authentication method when the authentication information stored in the storage means is changed, and if it is determined that authentication has been performed, it operates the communication device using the first setting information stored in the storage means. (Item 6) The communication device according to claim 4 or 5, characterized in that, if the control means determines that the authentication has not been performed, it operates the communication device using the second setting information stored in the storage means. (Item 7) The system further comprises setting means for enabling or disabling the establishment of the connection using the predetermined authentication method by the establishment means, The communication device according to claim 6, characterized in that if it is determined that the authentication has not been performed, this includes the case where it has been disabled by the setting means. (Item 8) The communication device according to any one of claims 1 to 7, characterized in that the predetermined authentication method is an authentication method that uses an authentication server different from the access point. (Item 9) The communication device according to claim 8, characterized in that the predetermined authentication method is an authentication method defined in IEEE 802.1X / EAP. (Item 10) The communication device according to any one of claims 1 to 9, characterized in that the communication device is a printer. (Item 11) The communication device according to any one of claims 1 to 10, characterized in that, if the connection between the access point using the predetermined authentication method and the communication device is disconnected, and the re-establishment process for re-establishing the connection between the access point using the predetermined authentication method and the communication device fails, the communication device is operated using the second setting information stored in the storage means. (Item 12) The communication device according to claim 11, characterized in that if the re-establishment process fails more than a predetermined threshold number of times, the communication device is operated using the second setting information stored in the storage means. (Item 13) A method for controlling a communication device that can communicate with an access point, A storage step of storing in a storage means first configuration information which can be modified by the first user but cannot be modified by the second user whose authority to modify network configuration information is lower than that of the first user, and second configuration information which can be modified by the second user, respectively. A connection establishment step for establishing a connection between the access point and the communication device, A control step which, if a predetermined authentication method is used in the communication using the connection established in the establishment step, operates the communication device using the first setting information stored in the storage means, and if the predetermined authentication method is not used in the communication using the connection established in the establishment step, operates the communication device using the second setting information stored in the storage means; A control method characterized by having the following features. (Item 14) A program for causing a computer to function as each means of the communication device according to any one of claims 1 to 12.
[0128] The invention is not limited to the embodiments described above, and various modifications and variations are possible without departing from the spirit and scope of the invention. Accordingly, claims are attached to disclose the scope of the invention. [Explanation of Symbols]
[0129] 100 Communication Systems: 200 Information Processing Devices: 300 MFPs: 400 Access Points: 500 Authentication Servers
Claims
1. A printing apparatus equipped with a display unit, A first receiving means for receiving an operation to change first configuration information, including network configuration information used for communication between the access point and the printing device, after the completion of first authentication, which is authentication by the IEEE 802.1X / EAP authentication method, Based on the acceptance of an operation to change the first setting information, a first display control means displays an input screen for accepting password input on the display unit, When the password is entered on the input screen, a second display control means displays a screen for changing the first setting information on the display unit. A second receiving means for receiving an operation to change second configuration information, which includes network configuration information used for communication between the access point and the printing device, after the completion of a second authentication, which is an authentication method different from the IEEE 802.1X / EAP authentication method, A third display control means that, based on the acceptance of an operation to change the second setting information, displays a screen for changing the second setting information on the display unit without displaying the input screen, Establishment means for establishing a connection between the access point and the printing device, A control means that operates the printing device using the first setting information when the first authentication is used in the communication using the connection, and operates the printing device using the second setting information when the second authentication is used in the communication using the connection, A printing means that performs printing based on print data received from an information processing device via the aforementioned access point, A printing apparatus characterized by having the following features.
2. The printing apparatus according to claim 1, characterized in that the authentication method different from the IEEE 802.1X / EAP authentication method is an authentication method that does not use an authentication server.
3. The printing apparatus according to claim 1, characterized in that the authentication method different from the IEEE 802.1X / EAP authentication method is at least one of the PSK method using PreShared Key and the SAE method using SAE (Simultaneous Authentication of Equals).
4. The printing apparatus according to claim 1, further comprising a fourth display control means for displaying a screen on the display unit that includes an area for receiving an operation to change the first setting information and an area for receiving an operation to change the second setting information.
5. The printing apparatus according to claim 1, characterized in that the connection between the access point corresponding to the first authentication and the printing apparatus is a wireless LAN connection.
6. The printing apparatus according to claim 1, characterized in that the connection between the access point corresponding to the first authentication and the printing apparatus is a wired LAN connection.
7. The first configuration information is configuration information that can be modified by the first user, but cannot be modified by a second user whose authority to modify network configuration information is lower than that of the first user. The second configuration information is configuration information that can be changed by the second user. The printing apparatus according to feature 1.
8. The printing apparatus according to claim 1, characterized in that even if the second setting information is changed, the changed second setting information is not used if the connection based on the first authentication is established.
9. The printing apparatus according to claim 1, characterized in that even if the first setting information is changed, the changed first setting information is not used when the connection based on the second authentication is established.
10. When the printing device is started, a determination means for determining whether the first authentication has been performed by communication between the access point and the printing device, If it is determined that the first authentication has been performed, the printing device is operated using the first setting information. The printing apparatus according to feature 1.
11. The printing device according to claim 1, characterized in that if the connection between the access point corresponding to the first authentication and the printing device is disconnected, and the re-establishment process for re-establishing the connection between the access point corresponding to the first authentication and the printing device fails, the printing device is operated using the second configuration information.
12. The printing apparatus according to claim 11, characterized in that if the re-establishment process fails more than a predetermined threshold number of times, the printing apparatus is operated using the second setting information.
13. The printing apparatus according to claim 1, characterized in that the screen for changing the first setting information includes at least one of an area for changing the IPv4 address acquisition method and an area for changing the IPv6 address acquisition method.
14. The printing apparatus according to claim 1, wherein the screen for changing the second setting information includes at least one of an area for changing the IPv4 address acquisition method and an area for changing the IPv6 address acquisition method.
15. The printing apparatus according to claim 1, further comprising a fifth display control means that displays on the display unit a screen different from the input screen, which accepts the input of a password used for the first authentication.
16. The printing apparatus according to claim 15, wherein the screen that accepts input of a password used for the first authentication further accepts input of a login name used for the first authentication.
17. A control method for a printing apparatus equipped with a display unit, A first reception step for receiving an operation to change first configuration information, which includes network configuration information used for communication between the access point and the printing device, after the first authentication, which is authentication using the IEEE 802.1X / EAP authentication method, has been completed, A first display control step, based on the acceptance of an operation to change the first setting information, displays an input screen for entering a password on the display unit, If the password is entered on the input screen, a second display control step is performed, in which a screen for changing the first setting information is displayed on the display unit. A second reception step for receiving an operation to change second configuration information, which includes network configuration information used for communication between the access point and the printing device, after the completion of a second authentication, which is an authentication method different from the IEEE 802.1X / EAP authentication method, A third display control step, based on the acceptance of an operation to change the second setting information, displays a screen for changing the second setting information on the display unit without displaying the input screen, A connection establishment step for establishing the connection between the access point and the printing device, A control step in which, when the first authentication is used in the communication using the connection, the printing device is operated using the first setting information, and when the second authentication is used in the communication using the connection, the printing device is operated using the second setting information. A printing process that performs printing based on print data received from an information processing device via the aforementioned access point, A control method characterized by having the following features.
18. In the computer of a printing device equipped with a display unit, A first reception step for receiving an operation to change first configuration information, which includes network configuration information used for communication between the access point and the printing device, after the first authentication, which is authentication using the IEEE 802.1X / EAP authentication method, has been completed, A first display control step, based on the acceptance of an operation to change the first setting information, displays an input screen for entering a password on the display unit, If the password is entered on the input screen, a second display control step is performed, in which a screen for changing the first setting information is displayed on the display unit. A second reception step for receiving an operation to change second configuration information, which includes network configuration information used for communication between the access point and the printing device, after the completion of a second authentication, which is an authentication method different from the IEEE 802.1X / EAP authentication method, A third display control step, based on the acceptance of an operation to change the second setting information, displays a screen for changing the second setting information on the display unit without displaying the input screen, A connection establishment step for establishing the connection between the access point and the printing device, A control step in which, when the first authentication is used in the communication using the connection, the printing device is operated using the first setting information, and when the second authentication is used in the communication using the connection, the printing device is operated using the second setting information. A printing process that performs printing based on print data received from an information processing device via the aforementioned access point, A program characterized by causing the execution of a specific action.