1. Field of the Invention
The present invention relates to a communication device for communicating over networks, and a method for establishing a session for the communication.
2. Description of the Related Art
As more and more networks use broadband, varieties of communication services provided through public networks such as the Internet has been increasing. Various service providers (xSP) have sprung up in every provided communication service.
Every service provider usually provides a particular service only to users, who previously established an account. Therefore, the service providers are required to authenticate the users requesting the connection. As typical user authenticator systems, PPPoE (Point to Point over Ethernet) system and IEEE802.1x authenticator system are widely known. The Ethernet is, in fact, a registered trademark.
The PPPoE is a specification (RFC2516) for performing the link establishment procedures of PPP on the Ethernet frame, and comprises an authentication function for checking the user name and the password on the Ethernet. The PPPoE, currently, is widely prevalent as a method for user authentication and session management etc. in ADSL (Asymmetric Digital Subscriber Line) connection service or FTTH (Fiber to the Home) connection service provided by many of Internet service providers (ISP).
FIG. 1 is a diagram describing a configuration of communication system implementing the PPPoE. In FIG. 1, a user terminal 100 is connected to a service provider (ISP) 120 via a communications relay station 110. Here, the service provider 120 comprises a router device 121, a RADIUS (Remote Authentication Dial-In User Service) server 122, and various servers 123. The communications relay station 110 comprises a DSLAM (Digital Subscriber Line Access Multiplexer) 111, BRAS (Broadband Remote Access Server) 112 and so forth. The user terminal operates as a PPPoE client. The BRAS 112 is a subscriber management server, and operates as a PPPoE server. As one form of the BRAS 112, a device, holding several thousand to several ten thousand of users, is known for performing processes such as checking user names and passwords, connecting the signed users to a corresponding ISP and adjusting the bandwidth.
In the PPPoE, a session is identified using a source MAC address and a session ID set in each frame. Here, the PPPoE frame format is as it is shown in FIG. 2, and a session ID is stored in the PPPoE field. Therefore, in a communication by the PPPoE, it is possible even for a user terminal with only one MAC address to establish a plurality of sessions simultaneously by using a plurality of session IDs. Consequently, the user terminal 100, for example, can receive a plurality of services in parallel from a plurality of service providers as shown in FIG. 3. In the example shown in FIG. 3, a user receives HTTP (Hypertext Transfer Protocol) service from a service provider ISP-A while receiving VoIP (Voice over IP) service from a service provider ISP-B.
However, in the PPPoE, processing is slow because data is encapsulated in PPP during communication and an unnecessary header is added to each data frame. In addition, because traffic concentrates in BRAS of the communications relay station, loading of BRAS increases exponentially when many sessions exist at the same time. Additionally, there is a problem that the BRAS itself is costly.
For those reasons, in recent years, as PPPoE-alternative user authenticator system, IEEE802.1x has drawn a public attention. IEEE802.1x is the standard of a user authentication method, which judges accessibility of each port, and in particular, it is gaining in popularity for user authentication in a wireless LAN such as IEEE802.11b. The IEEE802.1x, unlike the PPPoE, does not encrypt communication data, and thus enables high-speed processing. The IEEE802.1x can also perform authentication by a layer 2 switch, which is relatively low price, and a proxy RADIUS server instead of a costly BRAS used in the PPPoE, therefore the whole system can be established at low cost.
FIG. 4 is an operation block diagram of the IEEE802.1x. Here, a system, allowing to use an EAP (Extensible Authentication Protocol), which is an extension protocol of PPP, on a LAN. Such system is referred to as EAPOL (EAP over LAN), and can support various authentication protocols.
In the above configuration, when a connection request is issued from an access request port (supplicant port access entity), an authenticator system determines authorization/unauthorization of the request in association with an authentication server. Then, it rejects the communication from a port, which failed the authentication, and only communication from a port, which succeeded the authentication, is authorized. Currently, a number of authenticator systems implement a function for performing the user authentication using a MAC address of the access request port. And by the authenticated MAC address, each communication can be identified.
As for PPPoE, the following Patent Documents 1 and 2 have descriptions. Patent Document 2 has a description of a system in which the PPPoE was replaced by the IEEE802.1x.    Patent Document 1: Japanese unexamined patent publication bulletin No. 2002-217998 (FIG. 1, FIG. 3, paragraphs 0003-0025)    Patent Document 2: Japanese unexamined patent publication bulletin No. 2003-60675 (paragraphs 0008-0046, 0071-0073)
As explained above, the IEEE802.1x has some advantageous effects compared with the PPPoE. However, the IEEE802.1x cannot establish a plurality of sessions simultaneously. That is because “session ID” does not exist in a frame used in the IEEE802.1x (EAPOL frame in this description), as shown in FIG. 5. The network side identifies a session based only on the source MAC address set in each frame.
In this manner, with the IEEE802.1x, because a session is identified according to only the source MAC address of each frame, a plurality of sessions cannot be established simultaneously to a single network interface (a physical port). Commonly used terminals comprise only one network interface (physical port). Therefore, in a system using the IEEE802.1x, users cannot enjoy a multi-session environment as shown in FIG. 3. An example of the existing communication mode in a system performing user authentication with the use of the IEEE802.1x is described in FIG. 6.