The present invention relates to a communication apparatus, program and method enabling selection of a network at the time of authentication.
At present, 802.1X authentication is used as a function of limiting a communications by a user to a network. In the 802.1X authentication, an authentication switch or the like (Authenticator) authenticates a user terminal (Supplicant) in combination with an authentication server. The “Authenticator” and the “Supplicant” are terms used in the 802.1X; however, in the description below, are termed as the “authentication switch” and the “user terminal”, respectively.
FIG. 22 is a flowchart showing a conventional procedure of user authentication processing in the 802.1X authentication. First, a user terminal 102 that is a computer or the like transmits a connection request to an authentication switch 104 by using an identification number (ID), a password, and the like. Upon receiving the connection request, the authentication switch 104 requests an authentication server 106 to authenticate the user terminal 102 that has transmitted the connection request. Upon receiving the authentication request from the authentication switch 104, the authentication server 106 authenticates the user terminal 102. The authentication server 106 notifies the user terminal 102 of an authentication result via the authentication switch 104. Then, it is made possible for the user terminal 102 to connect to the network.
Further, provided as an optional function to the 802.1X authentication is a function (Dynamic VLAN) of dynamically assigning a virtual LAN (VLAN) to each user terminal in the case of the user authentication. The dynamic VLAN function is a function in which the authentication server 106 assigns the VLAN to the authentication switch 104 by referring to a correspondence table between a user name registered in the authentication server 106 and the VLAN (“EAP Success” and “Radius Access Accept” of FIG. 22).
Further, as known technologies in which the authentication server selects authentication data under conditions designated by the user, the following are cited.
Patent document 1 discloses an authentication system that includes plural authentication modes, and allows selection and execution of the authentication mode according to attribute information other than a user name and a password which are inputted by the user.
Patent document 2 discloses a user authentication system that integrates user authentication systems for different services for use, thus enabling the user to enjoy various services by one ID and one password.
Patent document 3 discloses a user authentication system that shares the authentication server 106 and confidential information between a network A and a network B, and allows transmission of an authentication for the network B through the network A using the IEEE 802.1X and having high security.
[Patent document 1] JP 11-175476 A
[Patent document 2] JP 2003-132022 A
[Patent document 3] JP 2004-72631 A