1. Field of the Invention
The present invention relates to a network configuration method for configuring a high security network and a communication system and apparatus.
2. Related Background Art
Conventionally, in the wireless LAN or Bluetooth, radio wave is employed as its communication medium, whereby it was difficult to restrict the communication destinations. Therefore, in these specifications, protective means was taken to prevent a packet from being decoded by changing a cipher key for each communication destination, even though the packet was peeped through. At present, the most general wireless communication encryption means is a Wired Equivalent Privacy (WEP) key (40 bit, 128 bit) in the case of IEEE802.11 method, or a 128 bit cipher key (128 bit) that is automatically generated from the Personal Identification Number (Pin) code in the case of Bluetooth method.
However, it is pointed out that these encryption methods have a weak point, whereby the encryption methods for enhancing the security of the wireless communication were examined and partially practiced, including a higher encryption method such as a dynamic WEP key conversion (EAP) or a TKIP, AES after practicing authentication of the 802.1x base in the case of the 802.11 method, and an authentication/encryption method on an upper level application layer of the 802.1x base in the case of the Bluetooth method.
Among others, authentication and encryption means called an EAP (Extensible Authentication Protocol) on the 802.1x base is packaged as the standard for the 802.11 method in a part of the OS environments.
In the EAP method of the wireless LAN (802.11), in making a network connection request, the client terminal makes the data communication with an authentication server (RADIUS server) provided within the Intranet, employing the TCP/IP, and conducts a request for certification or a challenge from the authentication server to the client.
The client proves the certification, or returns an account name and a password to the challenge, and when they are matched with data within the authentication server, the authentication server returns a cipher key of 128 bits or cipher key generating means for encrypting the wireless communication to the access point and the client. If the client passes the authentication through this process, the following wireless communication is encrypted using the cipher key of 128 bits as the WEP key between the client and the access point. Moreover, the above process is performed periodically at every fixed interval to update the cipher key.
Also, in the Bluetooth method, it is recommended to employ 802.1x authentication/encryption means in the PAN profile to enhance the security. In the case of the Bluetooth method, since generation of the key to encrypt the radio wave as the wireless medium is automatically performed through the mutual authentication with the Pin code between the devices for making the communication according to the Bluetooth method, the cipher key information received from the authentication server is not employed as the cipher key for radio wave itself, such as the WEP key in the wireless LAN, but may be employed as the key for encrypting the packet at a former stage of generating the radio wave as wireless medium. Thereby, it is possible to enhance the security of communication by dual encryption.
In this way, the authentication server for making the authentication exists in the network to centrally administer the account of client in the same server in an authentication/cipher process of the 802.1x method. Therefore, employing the 802.1x method, it is possible to connect to the network such as the Intranet using the same account and password so long as the communication with the TCP/IP can be made with the authentication server, irrespective of where the client resides.
However, in the conventional wireless connection system, employing the authentication/encryption process of the 802.1x method, the client can implement the safe network connection through the wireless communication, but it is required that the authentication server is installed within the network and the account of the client is registered in advance within the authentication server.
That is, in the 802.1x method, a relatively large-scale operation was supposed for the Intranet or the like, in which there was a restriction that the client making the network connection over the wireless was limited to the member having the account on the authentication server.
Therefore, when conducting a meeting in which the outsiders having no account on the authentication server participate, or in a conference room outside the company without having connection means to the Intranet, there was an inconvenience that the safe network configuration could not be made through the wireless communication making use of the authentication/cipher process based on the 802.1x method.
In this case, though the wireless communication having no authentication/encryption can be implemented, there are naturally some problems from the point of security. Also, when the wireless communication parameters are set manually, the client must manually operate the connection means that is totally different from the automatic connection by entering the account and password of the 802.1x method that is normally employed within the Intranet, although the encryption of the wireless communication is possible. Consequently, the operation method is less uniform, complex and inferior in expediency.