1. Field of the Invention
The present invention relates to a communication system, an authentication server, and a communication method for performing authentication of an access to a communication network via a radio base station.
2. Description of the Related Art
Generally, in a communication system in which a radio terminal accesses a communication network, such as the Internet, via a radio base station, an authentication server is provided to perform authentication of the access of the radio terminal to the communication network. When the authentication server permits the access to the communication network, the radio terminal can access the communication network.
In such a communication system, the authentication server manages authentication of the radio base station or of the overall radio communication system including the radio base station. A “management domain” is used below as appropriate to indicate a target (a radio base station or a radio communication system) to be managed for the authentication by a single authentication server.
During access to the communication network, the radio terminal performs handover for switching and connecting to a radio base station having better conditions. The handover is performed not only within the same management domain, but across different management domains in some cases.
When performing handover across different management domains, the radio terminal needs to perform authentication processing with an authentication server corresponding to a management domain being a handover destination. Specifically, after connected to the handover destination management domain, the radio terminal performs the authentication processing with the corresponding authentication server. Then, when the authentication server permits an access of the radio terminal to the communication network, the radio terminal can start access to the communication network (see, for example, Japanese Patent No. 4000933).
However, the following problems arise in handover performed across different management domains. Specifically, when performing handover from one management domain to a different management domain, the radio terminal is not always permitted to access the communication network in the different management domain, that is a handover destination. Accordingly, when the destination management domain is not usable by the radio terminal to access the communication network, the radio terminal is rejected for access to the communication network via the destination management domain, and so fails to access the communication network.
In addition, in handover across different management domains, the radio terminal cannot start access to the communication network between the time when the radio terminal is connected to the destination management domain and the time when the radio terminal is permitted to start access to the communication network by an authentication server corresponding to the destination management domain. Accordingly, handover performed across different management domains has a problem of requiring a long time between the time when the radio terminal is connected to the destination management domain and the time when the radio terminal is allowed to start access to the communication network.