1. Field of the Invention
The present invention relates to a method for preventing unauthorized connection in a network system; particularly, the present invention relates to a method for preventing unauthorized connection in a network system that utilizes an authentication key in a LLDP packet transmitted in accordance with the 802.1ab communication protocol in a LAN so as to achieve the security mechanism for connection authentication.
2. Description of the Prior Art
As people have higher demands in the accessibility of information as well as vast quantity of data transmission, network communication has become an important technology in daily life of human.
With respect to an area network communication system, user is capable of acquiring information from a host computer at any remote location where network connection is applicable. Due to the fact that, the modern technology allows the speed of data transmission in the area network communication system to be as fast as 1 Giga bits per second, which eventually arises a risk that some unauthorized users might be able to connect to the area network communication system and download vast quantity of precious data without permission, or even hack into the system and make damages. As a result, how to prevent unauthorized network devices from illegitimately connecting to the data transmission service provided by the system is an important issue.
Currently, IEEE 802.1X communication protocol is the most commonly used security authentication mechanism in the local area network (LAN) under the IEEE 802 structure. The 802.1X standard uses user account or user device as the basis for network user (port) authentication. This type of authentication procedure is known as “port-level authentication”, which divides the “Remote Authentication Dial-In User Service; RADIUS” into three parts: namely, requesting end (end user), authentication end and authentication server. When a terminal device, such as a computer, and the requesting end attempts to connect to other connection ports or devices, such as authentication end, the adoption of the 802.1X standard can complete the authentication and authorization task to the requesting end in the connection communication of the authentication server. However, the 802.1X standard only focuses on the authorization procedure and management, and does not impose restrictions on data encryption and computing method of the connection authentication. On the contrary, it defines periodic updates of encryption key and detailed procedures to further perform authentication.
The 802.1X standard indeed provides a good security authentication and authorization mechanism; however, it thus needs to perform more complex computation and authentication procedures. For a light-weighted network device, such as a dongle or a network card, it is thus limited to the hardware specification and computing power and may not be able to provide or support the 802.1X technology. Thus, it is necessary to provide a simplified authentication mechanism for network connections for this type of light-weighted network device.
With respect to 802.1X, IEEE 802.1ab communication protocol provides a simplified network communication mechanism, and is more suitable for light-weighted network devices that have limited hardware specification. However, conventional IEEE 802.1ab technology cannot provide authentication for network connection, nor can it prevent unauthorized network device from using the data transmission service provided by the system.