1. Field of the Invention
The present invention relates to an authentication device and a network authentication system, a method for authenticating a terminal device and a program storage medium.
2. Related Art
As a network access authentication protocol, IEEE 802.1X (see IEEE802. IEEE-Std802.1X-2001, 2001. http://standards.ieee.org/getieee802/download/802.1X2001.pdf) is widely prevalent. However, since IEEE 802.1X is a link layer protocol and directed only to Ethernet, there is a problem that it cannot support various data link layers. To solve this problem, in IETF, PANA (Protocol for Carrying Authentication For Network Access) (see Dan Forsberg. Protocol for Carrying Authentication for Network Access (PANA). Internet Draft, March 2007. <draft-letf-pana-pana-14.txt>) has been proposed/standardized. PANA is a network access authentication protocol that operates on UDP(User Datagram Protocol)/IP(Internet Protocol).
When the PANA is introduced as a network access authentication protocol into a network in which IEEE 802.1X has already been operated, it is desirable that the network be smoothly shifted to a state where the PANA and IEEE 802.1X coexist. Even if the IEEE 802.1X and PANA coexist, each exists independently in a sub-layer and therefore they do not disturb each other. However, in a system where authentication is performed with respect to PANA in addition to IEEE 802.1X (in a case where a network of the IEEE 802.1X has already been built and additionally a device which requires PANA is introduced while the IEEE 802.1X is being kept), a terminal device needs authentication for an authentication server (AAA) multiple times in conformity to both of IEEE 802.1X and PANA. Therefore, there is a problem that a time at which service of the terminal device can start is delayed. In addition, the load on the authentication server is increased because authentication request to the server occurs multiple times.
FIG. 4 generally shows a procedure in which a terminal device supporting both of IEEE 802.1X and PANA receives authentication by EAP (Extensible Authentication Protocol) (EAP authentication) as an authentication protocol in a system where IEEE 802.1X and PANA are simultaneously in operation.
As understood from FIG. 4, this terminal device receives EAP authentication 101 by IEEE 802.1X and then receives EAP authentication 102 by PANA. Since two types of authentication are needed on IEEE 802.1X and PANA respectively until the terminal device is allowed to use service as described above, a time at which the terminal device can start service is delayed as well as the load on the authentication server is increased.
Therefore, when PANA is introduced into a network in which IEEE 802.1X has already been prevailing, it is desirable that:
in the terminal device supporting IEEE 802.1X and PANA, the time taken for authentication of the terminal device be reduced; and
operations of a terminal device and a device which supports only IEEE 802.1X be not affected.