This invention relates to a network authentication system.
As communication networks become more important as an infrastructure, more various functions for enhancing security are proposed. One of the functions is network authentication. A network authentication system mainly includes an authentication switch coupled to a terminal and an authentication server for authenticating the terminal. In the conventional network authentication system, the terminal transmits an authentication request packet to the authentication switch. The authentication switch uses authentication information included in the received authentication request packet to inquire of the authentication server whether or not the received authentication information is registered therein. When notified by the authentication server that the authentication information has been already registered therein, the authentication switch allows communications of a source MAC address of the authentication request packet.
As background arts in this technical field, there are JP 2006-33206 A and JP 2010-62667 A.
JP 2006-33206 A discloses the following authentication system. Specifically, in the authentication system, a DHCP server dispenses an IP address in response to a request received from a terminal apparatus. The authentication server receives an authentication frame transmitted from the terminal apparatus, and performs authentication of the terminal apparatus. After completing the authentication, the authentication server notifies a registration information database within an authentication hub of communication permission for the terminal apparatus. In the authentication hub, a frame receiving circuit part receives a frame transmitted by the terminal apparatus. The authentication hub refers to the registration information database based on transmission source information of the frame, to thereby determine transmission of the frame, rewriting-and-transmission thereof, and discarding thereof, and transmits the transmission frame whose transmission or rewriting-and-transmission is permitted to a transmission buffer.
Further, JP 2010-62667 A discloses a network system in which a switching hub having an authentication function for authenticating a user terminal includes authentication means for transferring a packet for requesting authentication received from the user terminal to the authentication server, and transfers a packet of authentication response received from the authentication server to the user terminal, while determining that the above-mentioned user terminal has been authenticated when information on successful authentication is read out with reference to the packet of the authentication response.