1. Technical Field
The present invention relates to network authentication, and particularly to management of the network connection status of a terminal device for which network authentication is already done.
2. Related Art
Amid the infrastructure shift of communication networks, various methods for increasing network security have been proposed. Network authentication is one of these. Network authentication is an authentication mechanism for managing whether or not a terminal device such as a personal computer (PC) or the like can be connected to a specific network (see JP2003-348114A, for example).
As network authentication, for example, Web authentication and IEEE 802.1X authentication are known. Web authentication is an authentication method for which an authentication server performs authentication based on authentication information of a terminal device in response to an authentication request issued from the terminal device that runs a Web browser to a network relay device such as a switch or the like that has a Web authentication function. With Web authentication, the network relay device registers the MAC address, user ID, VLAN information or the like of the authenticated terminal device to the authenticated terminal registration table and judges whether it is permissible to relay communication data between a terminal device and nodes on a network with reference to the table. Web authentication can be realized as long as the terminal device is equipped with a Web browser even if it is not equipped with special authentication software such as is used with IEEE 802.1X authentication, so this authentication method has high degree of general versatility.
With Web authentication, in contrast to an authentication method for which a protocol is established such as IEEE 802.1X authentication, a technology for managing the network connection status of already authenticated terminal devices is not known. For example, with Web authentication, a technology for quickly detecting that the authenticated terminal device has been detached from the network has not been established. When the fact that the authenticated terminal device has been detached from the network is not detected quickly, after the authenticated terminal device is detached from the network, there are cases when another terminal device fraudulently using the MAC address is allowed to connect to the network, so there was room for improvement in terms of security.