1. Field of the Invention
The present invention relates to a switching apparatus, an authentication server, an authentication system, an authentication method, and a computer program product.
2. Description of the Related Art
In an enterprise network and the like, when a terminal is connected to the network, some authentication may be typically performed to ensure security of the network. For example, IEEE (Institute of Electrical and Electronic Engineers) 802.1X is an access authentication protocol for devices standardized by the IEEE. The IEEE802.1X is defined as a protocol for three parties, i.e., for a Supplicant that is a terminal to be authenticated, an Authenticator that is an authenticating switch, and an Authentication Server that manages authentication information.
For example, JP-A 2006-345205 (KOKAI) and JP-A 2007-74297 (KOKAI) disclose inventions relating to a method of easily setting an IEEE802.1X Supplicant function.
Recently, Authenticator-compliant switches have become increasingly widespread. Accordingly, a method of preparing the Authenticator-compliant switch is becoming a practical option in terms of cost to increase the number of terminals that can be connected to a network. In this case, restrictions on installation of connection terminals imposed by cable routing or the number of ports, or limitations to IEEE802.1X utilization cause no problem.
However, the Authenticator-compliant switch has following problems.
(A) The Authenticator-compliant switch needs to perform setting related to an authentication method, setting on an Authentication Server that exchanges information with the Authenticator-compliant switch at authentication, and the like, to authenticate a Supplicant. Management and operation of these settings of the Authenticator-compliant switch with respect to each user places heavy burdens on an administrator. JP-A 2006-345205 (KOKAI) and JP-A 2007-74297 (KOKAI) do not disclose a method of easily setting the Authenticator function.(B) Information on the settings of the Authenticator-compliant switch includes “Shared Secret information” (hereinafter, also “SS information”). The SS information is password information for establishing a communication with ensured security between the Authenticator-compliant switch and the Authentication Server. The SS information is critical to ensure security of information to be exchanged with the Authentication Server that holds core information of an enterprise system. Storage of such critical information in the Authenticator-compliant switch, which is allocated to each user, constitutes a large risk in terms of security. For example, when the Authenticator-compliant switch is stolen or physically destroyed to steal the SS information, communication security in the Authentication Server of the enterprise system is not ensured.