A wireless LAN network system using a wireless LAN standard such as IEEE802.11b is operated in a local area network system at an office or company, etc., and a public network system in recent years.
In such a wireless LAN network system, the radio terminal apparatus is authenticated using an ESSID or MAC address and then the radio signal transmitted through the radio section is encrypted by means of WEP (Wired Equivalent Protocol).
However, security vulnerability is pointed out in the case of such access authentication of the radio terminal apparatus and encryption of the radio signal. For this reason, such a network system is being constructed recently that carries out encryption of the radio signal using devices supporting access authentication and a dynamic distribution of WEP keys of the radio terminal apparatus by a RADIUS (Remote Authentication Dial-In User Service) server using IEEE802.1X (EAP: Extensible Authentication Protocol).
On the other hand, with the widespread use of such a network system, there is a growing necessity for the radio terminal apparatus to achieve the handover smoothly between a plurality of network systems in order to realize a more comfortable communication for the user who uses the network system.
As a conventional communication scheme for realizing this handover speed enhancement, there is a proposal on a scheme which creates an access authenticated state of the radio terminal apparatus beforehand at an access point section to which the user's radio terminal apparatus is likely to carry out handover and eliminates the necessity of access authentication for the access point section during the handover of the radio terminal apparatus (e.g., see “A study for a speedy handover in a radio Local Area Network” 2003 Institute of Electronics, Information and Communication Engineers General Assembly B-6-194).
This conventional communication scheme executes the following operations:
(1) According to this communication scheme, normal access authentication is realized between the user's radio terminal apparatus and an authentication server which performs access authentication of the radio terminal apparatus when the user's radio terminal apparatus firstly logs into the access point section.(2) The access point section into which the user's radio terminal apparatus has logged and the authentication server will keep a certificate (session key) at the time of access authentication as an authentication header which will be used for communications by the user's radio terminal apparatus thereafter.(3) The authentication server searches for an access point section to which the user's radio terminal apparatus is likely to carry out handover from geographic information of the access point section kept beforehand and distributes the session key to the corresponding access point section.(4) The nearby access point section to which the user's radio terminal apparatus is likely to carry out handover keeps the session key notified from the authentication server.(5) When the radio terminal apparatus carries out handover, the access point section which communicates with the user's radio terminal apparatus allows a communication when the session key kept by the access point section matches the session key kept by the radio terminal apparatus.(6) The access point section which has detected a packet communication from the user's radio terminal apparatus for the first time notifies the authentication server of the login of the user's radio terminal apparatus.(7) The authentication server notifies the access point section in the communication area into which the user's radio terminal apparatus has newly entered of the session key and requests the access point section which has gone out of the communication area to release the session key.
This communication scheme eliminates the necessity for access authentication for the access point section to which the user's radio terminal apparatus is likely to carry out handover and enables immediate communication between the radio terminal apparatus and the access point.
As the wireless LAN network system, a network system which integrates, for example, an in-house wireless LAN network system and a public wireless LAN network system and provides a continuous seamless communication service for the radio terminal apparatus which moves across these network systems is attracting attention. A possible mode of such a network system integrating a plurality of wireless LAN network systems is a network system which places the authentication server at a center station communicating with the plurality of wireless LAN network systems and controls the radio terminal apparatus in a centralized manner.
Here, a case where in a network system in which the center station controls the radio terminal apparatus in a centralized manner, the radio terminal apparatus moves across the plurality of wireless LAN network systems carrying out handover to a new access point section will be considered.
In this case, a wireless LAN access authentication system using the current IEEE802.1X needs to exchange an authentication number (authentication signal) between the radio terminal apparatus and the authentication server of the center station every time the access point section accessed by the radio terminal apparatus is changed.
For this reason, the conventional wireless LAN access authentication system has a problem that procedures for access authentication of the radio terminal apparatus and an access authentication carried out accompanying the distribution of a WEP key which is a cryptographic key for encrypting a radio signal transmitted through the radio section result in an increase in the time necessary for handover of the radio terminal apparatus, causing a packet loss.
Moreover, the conventional wireless LAN access authentication system has a problem that due to the exchange of the authentication signal between the radio terminal apparatus and the center station carried out every time the radio terminal apparatus moves across a plurality of access point sections, the proportion of a control signal such as the authentication signal in the transmission path between the center station and each of the wireless LAN network system increases, preventing effective utilization of frequency bands in the transmission path.
The aforementioned communication scheme (see “A study for a speedy handover in a radio Local Area Network” 2003 Institute of Electronics, Information and Communication Engineers General Assembly B-6-194) is intended to solve such a problem.
However, as described above, it is difficult to apply the communication scheme to a large-scale network system which integrates the plurality of wireless LAN network systems and controls user IDs and the WEP keys, etc., used for access authentication of the radio terminal apparatus by the center station in a centralized manner.
That is, when the communication scheme is applied to a large-scale network system in which the user IDs and the WEP keys, etc., are controlled by the center station in a centralized manner, it is necessary to distribute the WEP keys to an access point section near each wireless LAN network system every time the radio terminal apparatus moves so that the radio terminal apparatus can move across the plurality of wireless LAN network systems seamlessly.
For this reason, even when the communication scheme is adopted, such a large-scale network system still needs to frequently exchange control signals such as the authentication signal through the transmission path between the center station and each of the plurality of wireless LAN network systems.
Furthermore, in the communication scheme, the authentication server of the center station needs to control position information of the radio terminal apparatus and geographic information of each access point section of the wireless LAN network system. However, the authentication server of the center station performing such control of geographic information of each access point section leads to a further increase of load on the authentication server.
For the above described reasons, it is extremely difficult for the aforementioned large-scale network system integrating a plurality of wireless LAN network systems to apply the communication scheme.