JP2003309569A - Server device, network system and radio communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a security management method for a radio communication system capable of preventing reliably at a physical level unauthorized use of the communication system by a third party. <P>SOLUTION: A DHCP (dynamic host configuration protocol) server 102 which has received assignment request for IP (internet protocol) address from a radio client terminal 106 determines whether the request has been requested from the client terminal 106 or not with reference to a table preregistered by MAC (medium access control) address, if the request is from a client terminal 106, the DHCP server 102 rejects assignment of the IP address to disable access to resources in a network, or assigns IP address different from an IP address group to be assigned to cable client terminals to the client terminal 106. An HP (home page) server then prevents access from radio client terminal 106 with low security level by analyzing the IP address of the client terminal 106 which has requested access. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a server device, a network system, and a wireless communication system that prevent unauthorized access in a wireless communication system that provides a service to an access request via a wireless transmission path.

[0002]

2. Description of the Related Art Generally, a LAN (Local Area Network) is composed of various server devices that provide services such as a file server, a print server, and a FAX server, and client terminals that receive the service and modify or register information. . In such a LAN system, TCP /
Many use the IP protocol suite. In such a LAN system, DHCP (Dy) that dynamically assigns an address in response to a request from a client terminal is used.
Namic Host Configuration Protocol) server may be prepared in some cases. The DHCP server dynamically allocates a registered address to an address allocation request transmitted from a client terminal by using a MAC (Medium Access Control) layer address (simply called a MAC address) included in the request.

An example thereof will be described with reference to FIG. Figure 2
Is a description of a conventional technique, in which a request for address allocation / authentication processing between the address allocation server terminal (DHCP server) 102 and an arbitrary client terminal /
It is a sequence chart which shows transmission / reception of a response message.

First, when a client terminal is powered on, a message DHCPDISCOVER (M2
01) is broadcast (broadcast communication). It returns a message DHCPOFFER (M202) containing the IP address that the address allocation server may allocate. Next, the message DHCPOFFER received by the client
Broadcast a message to use the IP address assigned by (M202), DHCPREQEST (M203). The address assignment server returns a confirmation message DHCPACK (M204) and holds the assigned IP address. Further, the client transmits / receives IP data using the assigned IP address (M205), and when the IP address is no longer needed, broadcasts an address release message DHCPRLEASE (M206). The address allocation server is
Recognize that the assigned address has been returned and make it available again for address assignment.

Further, in such a LAN system, in order to prevent unauthorized access to a database or the like, unauthorized management of the LAN system is performed by performing user management with a password, user restriction by setting file read-only, etc. The use was prevented. Further, a server providing a service as a conventional host computer disclosed in Japanese Unexamined Patent Publication No. 7-56795 does not only perform a user check (a partner authentication process) using a password (personal identification number) and a user ID (identification number) but also each terminal. A terminal check (terminal authentication process) is performed using a unique terminal ID (MAC address), and a security management function by forced access control is realized.

Further, in the DHCP server which provides a service as a conventional host computer disclosed in Japanese Unexamined Patent Publication No. 9-130397, an arbitrary wireless client terminal in the network can use an information element or a password (password Number), correspondence table with terminal ID, or password (password) and terminal I
A user check (partner authentication process) is performed according to the correspondence table with D, and the access (security) level to different networks is determined.

On the other hand, in recent years, one of the LAN systems described above
As a form, a wireless LAN system has been proposed in which communication is performed via a wireless transmission line for the purpose of reducing wiring work, making an existing building intelligent, improving portability of terminals, and the like. Further, not only the wireless transmission line in one building, but also an example of introducing a wireless LAN using a stairwell in the building has been reported. A feature of this wireless LAN system is that a wired transmission line between the client terminal and the network is replaced with a wireless transmission line. Specifically, a plurality of wireless client terminals and a wireless AP (access point) that accommodates them are provided. ), The details are IEEE80
It is specified in 2.11.

This wireless LAN system is roughly classified into an optical communication system and a radio communication system depending on the type of the wireless transmission path. The wireless LAN based on the optical communication system is excellent in interception / interference due to the straightness of light, but conversely, the light is blocked by humans and objects, and there is no diffraction, so it is necessary to set the communication line precisely. Therefore, the setting and arrangement of the terminal device and the like become complicated, and the transmission distance cannot be set large. On the other hand, with the radio wave method, it is easy to set a large transmission distance and it is easy to arrange and set the terminal device to be connected, but on the other hand, it is necessary to take security measures against electromagnetic noise, interference, obstruction, and information leakage. is there.

Therefore, for the above-mentioned reason, in the wireless LAN adopting the radio wave communication system, due to the radio wave transparency, it is not necessary to directly enter the office or the building using the wireless LAN. A person may access the wireless LAN through a glass part such as a door. Further, when the wireless LAN is connected to the backbone network and is connected to a wide area via a leased line or a public network, the wireless LAN can be illegally accessed. Therefore, the wireless LAN is the wireless LAN. It is a "security hole" for the entire network connecting the systems. In addition, F of the wireless LAN by a third party
The line usage fee incurred due to the use of the AX server or the like or access to the public network will be a burden to the legitimate user.

In order to solve the above problems, in the method for preventing unauthorized use of the wireless communication system of the conventional example disclosed in Japanese Patent Laid-Open No. 8-97826, when the corresponding carrier is not in use (when leaving the conference room, etc.). ) To prevent unauthorized access at the physical level by transmitting a carrier wave in the frequency band used.

Further, in a general wireless network system standardized in IEEE 802.11,
A wireless AP (access point) accommodating a wireless client terminal has an identifier (ESSI) unique to a service area.
D) and WEP (authentication) keys are used to prevent unauthorized access.

[0012]

However, in such a wireless communication system, a password for the purpose of preventing unauthorized use at the application level, a MAC address for identifying a client terminal, and an identifier unique to a service area ( ESSID) and WEP (authentication)
Information that is important for access management such as keys may be known to a third party by leakage or interception because data is transmitted and received using the wireless transmission path that is the feature of the information.
There was a problem that unauthorized access could not be completely eliminated.

[0013]

In order to achieve the above object, the server device according to claim 1 is a server device for dynamically allocating a network address to a terminal. If the unique identifier of the requesting terminal is registered as the identifier of the terminal that restricts the address allocation, if the network address is not assigned to the terminal and it is registered as the identifier of the terminal that allocates the address. Assigns a network address to the terminal.

More preferably, a wireless communication terminal is registered as a terminal that restricts the allocation of the address, and a wired communication terminal is registered as an identifier of the terminal that allocates the address.

Alternatively, the address assigning server device dynamically assigns a network address to a wireless terminal accessing a network via an access point and a wired terminal accessing a network via wired communication. , Refer to the route information of the request included in the request for address assignment, and if the route information includes information indicating that the access point has been passed, specify the network address for the terminal. If it is not included and is not included, a network address is assigned to the terminal.

More preferably, the address allocation server device dynamically allocates the network address to the terminal, and is selected for the terminal requesting the address allocation according to the identifier unique to the terminal. A network address that belongs to a group of pre-classified network addresses is assigned.

More preferably, the group of network addresses is classified into a wireless communication terminal and a wired communication terminal.

Alternatively, the address assigning server device dynamically assigns a network address to a wireless terminal accessing a network via an access point and a wired terminal accessing a network via wired communication. , Is selected according to whether or not the route information of the request included in the request for address allocation includes information indicating that the route information has passed through the access point. Assign network addresses that belong to a group of classified network addresses.

Alternatively, in the wireless communication system according to claim 13, a plurality of wired client terminals connected to a network and a plurality of wireless client terminals for performing data communication between the plurality of wired client terminals via the network, Establishes a wireless communication link with the wireless client terminal, and controls data transfer in the network.
An access point that provides a route selection function and an address allocation server terminal that connects the access point and exchanges request / response messages regarding address allocation / authentication processing with the wireless client terminal and a plurality of server terminals having a database function And a network for accommodating the network, the address allocation server terminal, when the address allocation request from the arbitrary client terminal, analyzing means for analyzing an identifier unique to the client terminal, and the result of the analysis. When the assignment requesting terminal is a wireless client terminal, the assignment requesting terminal is provided with an address control means for setting an IP address unset.

The radio communication system according to claim 14, wherein in the radio communication system, as a result of the analysis, if the assignment requesting terminal is a wireless client terminal, an address to which an IP address having an attribute different from that of the wired client terminal is assigned. It is characterized in that the allocating means and the server include access control means for restricting access when the arbitrary client terminal is determined to be a wireless client terminal when an access request is made from the arbitrary client terminal.

A wireless communication system according to claim 15 includes: a plurality of wired client terminals connected to a network; a plurality of wireless client terminals for performing data communication between the plurality of wired client terminals via the network; An access point for establishing a wireless communication link with a client terminal and providing a data carrying control / route selection function in a network, and a request / response message relating to an address allocation / authentication process for connecting the access point and the wireless client terminal In a wireless communication system including an address allocation server terminal for delivering and receiving an address, and a network accommodating a plurality of server terminals having a database function, the address allocation server terminal is required to allocate an address from the arbitrary client terminal. Analysis means for analyzing the route selection information of the address allocation request message at the time of requesting,
As a result of the analysis, when the information indicating that the access point has been passed is detected in the route selection information, an address control unit for setting the IP address to be unset is provided.

According to a sixteenth aspect of the invention, in the wireless communication system, when the result of the analysis detects information indicating that the route selection information has passed through the access point, the wired client terminal is Address assigning means for assigning IP addresses having different attributes,
When the server requests access from any client terminal, the server includes access control means for restricting access when the client terminal is determined to be a wireless client terminal.

With the above configuration, the DHCP server that receives the IP address allocation request from the client terminal is registered in advance by the M of the client terminal.
If the client terminal that analyzes the AC address or the route selection information and activates the allocation request is identified as the wireless client terminal, the allocation of the IP address is rejected,
Disables access to resources within the network.

Alternatively, an IP address having a security level different from the IP address group assigned to the wired client terminal is assigned to the wireless client terminal. After that, the HP server analyzes the IP address of the access-requested terminal to prevent access from a wireless client terminal with a low security level.

[0025]

BEST MODE FOR CARRYING OUT THE INVENTION (First Embodiment) A wireless communication system according to a first embodiment of the present invention will be described below with reference to FIGS. 1 and 3 to 5. FIG. 1 is a system configuration example according to an embodiment of the present invention. In FIG. 1, a wired client terminal 104, an address assignment server terminal (DHCP server) 102, an HP server terminal 103, and an access point 105 are connected by wire to a network 101, and the access point 105 is a wireless communication link with a wireless client terminal 106. To provide data transport control / route selection function in the network. The address allocation server terminal (DHCP server) 102 transmits / receives request / response messages regarding address allocation / authentication processing to / from any client terminal in the network 101. FIG. 3 is a flow chart for explaining the processing of the address allocation (DHCP) server 102 in the first embodiment. FIG. 4 is a sequence chart for explaining the first embodiment. Figure 5 shows address allocation (DHCP)
3 is a MAC address management table in the server 102.
It should be noted that the messages in the sequence diagrams shown in the drawings only show the main ones relating to the embodiment, and some of the basic messages are omitted.

The operation of the system shown in FIG. 1 will be described below. Regarding the operation of the DHCP server,
Description will be given with reference to FIG.

First, the wireless client terminal 106
IP address allocation request message (M401) via access point 105 Address allocation (DHCP) server
Send to 102.

The address assignment (DHCP) server 102
When the IP address assignment request message (M401) is received (step S301: YES), M of the wireless client terminal 106 is read using the MAC address management table (FIG. 5).
The AC address is analyzed (step S302). MAC
If the address is not registered (step S303: YE
S) or if the MAC address is registered as a wireless terminal in the MAC address management table of FIG. 5, the requesting terminal is determined to be “wireless” (step S303:
(YES), the IP address allocation process is interrupted and ends. For example, if the MAC address is "Address B",
Since the terminal type is registered in advance in the MAC address management table of FIG. 5 as “wireless client”, in this case, the requesting terminal is determined to be a wireless terminal, and the process ends.

On the other hand, the wired client 104 assigns the IP address assignment request message (M402) to the address assignment (DH
When sent to the CP) server 102, it is as follows.

The address assignment (DHCP) server 102
When the IP address assignment request message (M402) is received (step S301: YES), the MA of the wired client terminal 104 is checked using the MAC address management table (FIG. 5).
The C address is analyzed (step S302). If the MAC address is not registered (step S303: YES),
The process is interrupted and ends. If the MAC address has already been registered (step S303: NO), MA of FIG.
If the MAC address is registered as a wired terminal by referring to the C address management table, the requesting terminal is determined to be "wired" (step S304: NO), and the authentication request message (M403) is sent to the wired client terminal 104. It is transmitted (step S305). For example, when the MAC address is “address A”, the terminal type is registered in advance in the MAC address management table of FIG. 5 as “wired client”. In this case, the requesting terminal is determined to be a wired terminal, and authentication is performed. A request message is sent.

The wired client terminal 104, which has received the authentication request message (M403), transmits an authentication response message (M404) to the address allocation (DHCP) server 102 as a response message containing authentication data.

The address assignment (DHCP) server 102
When the authentication response message (M404) is received, the authentication process is performed by collating the message contents and the like, and if succeeded (step S306: YES), the IP address assignment message (M405: DHCPOFFER) is transmitted to the wired client terminal 104 ( Step S307). If the authentication response message (M404) cannot be received or the authentication fails (step S306: NO), the IP address allocation process is interrupted and ended.

After receiving the address allocation response, the wired client terminal 104 which has received the IP address allocation message (M405) sets the IP address as its own IP address, and then starts the IP data communication.

As described above, by configuring the DHCP server so as not to respond to the IP address allocation request from the wireless client terminal 106 having a low security level, the wireless terminal cannot access the network resource. Therefore, unauthorized access to a highly confidential HP server or the like is easily (simple) and surely restricted, and network security and convenience are improved.

In the table of FIG. 5, "wired" and "wireless" are registered for each terminal, which means "permission" and "prohibition" of IP address allocation. In other words, Therefore, even for a wireless terminal, the IP address can be assigned to the wireless terminal by registering “wired client” in the MAC address management table. Further, since a terminal that acquires an IP address using a DHCP server and a terminal to which a fixed IP address is assigned are allowed to coexist in the network, a wireless terminal to which a fixed IP address is assigned is a network. Access to.

As described above, the DHCP server configured as in the present embodiment does not shut out all wireless terminals from the network, but also flexibly copes with permission of access from the wireless terminals to the network. Is possible. Therefore, for some wireless terminals that have been adequately equipped with safety measures, the IP address is set by the DHCP server.
By assigning an address or assigning a fixed IP address in advance, and configuring a DHCP server so as not to assign an IP address to other wireless terminals as in the present embodiment, Safety measures,
It is also possible to configure a network system that is compatible with the convenience of the wireless terminal.

Note that FIG. 10 shows an example of the configuration of a computer which is a DHCP server and a client terminal.
In FIG. 10, a computer 3000 includes a CPU 1 that executes a program stored in the ROM 3 and the RAM 2, for example, a program for implementing the procedure of FIGS. 3, 6, and 7, and each device connected to the system bus 4. Is centrally controlled by the CPU 1. RAM2 is CPU
1 functions as a main memory, a work area, etc. A keyboard controller (KBC) 5 controls key inputs from the keyboard 9 and a pointing device (not shown). A CRT controller (CRTC) 6 controls display on a display 10 such as a CRT. The disk controller (DKC) 7 accesses the external memory 11 such as a hard disk (HD), a floppy (registered trademark) disk (FD), which stores a boot program, various applications, font data, user files, edit files, and the like. Control. The program to be executed is stored as a program file in these external memories, and the network interface card (NIC) 8 is connected to the network by a predetermined communication interface and communicates with other terminals or servers on the network.

(Second Embodiment) The second embodiment of the present invention will be described below.
The wireless communication system in the embodiment will be described with reference to FIGS. 1 and 5 to 9. FIG. 6 is a flow chart for explaining the processing of the address allocation (DHCP) server 102 in the second embodiment. FIG. 7 is a flowchart illustrating processing of the HP server 103 according to the second embodiment. FIG. 8 is a sequence chart for explaining the second embodiment. FIG. 9 is an IP address management table of the HP server in the second embodiment. 1 and 5 are common to the first embodiment.

First, the wireless client terminal 106
IP address assignment request message (M801) via access point 105 Address assignment (DHCP) server
Send to 102.

The address assignment (DHCP) server 102
When the IP address assignment request message (M801) is received (step S601: YES), M of the wireless client terminal 106 is read using the MAC address management table (FIG. 5).
The AC address is analyzed and the terminal attribute is stored (step S602). When the MAC address is not registered in the MAC address management table (step S603: YES), the process is interrupted and ends.

On the other hand, when the MAC address has been registered (step S603: NO), the address assignment (DHCP) server 102 determines that the client terminal being authenticated is wireless (step S604: YES) based on the stored terminal attributes.
Referring to the IP address management table (FIG. 9), the IP address for the wireless client (128.0.0.128 to 128.0.0.255)
Unused address is selected in the range (step S6).
05). If the client terminal being authenticated is wired (step S604: NO), the IP address management table (FIG. 9) is also referred to, and the IP for the wired client is displayed.
An unused address is selected from the addresses (range 128.0.0.1 to 128.0.0.127) (step S606). The address assignment (DHCP) server 102 is a wireless client terminal (10
An authentication request message (M802) including the IP address information is transmitted to 6) (step S607).

Upon receiving the authentication request message (M802), the wireless client terminal 106 transmits an authentication response message (M803) to the address allocation (DHCP) server 102 as a response message including authentication data. If the authentication response message (M803) cannot be received or the authentication fails (step S608: NO), the IP address allocation process is interrupted and ended. When the authentication response message (M803) is received and the authentication is successful (step S608: Y
ES), address assignment (DHCP) server 102 is IP
The address allocation process is completed (step S60).
9).

The wireless client terminal 106, which has received the IP address assignment message (M804), receives the assigned IP address after receiving the address assignment response.
It is set as an address, and IP data communication is started thereafter. Similarly to the wireless client terminal 106, the wired client terminal 104 also performs steps S601 to S609 to acquire an IP address.

By the above procedure, an IP address that can identify the wired client and the wireless client is assigned to each of the wired client and the wireless client.

Next, access control from any client terminal to the HP server, which is a resource in the network, will be described with reference to FIG.

IP trying to access HP server
Wireless client terminal that has been assigned an address
The 106 sends an access request message (M805) to the HP server 103 via the access point 105.

The HP server 103 receives the access request message (M805) (step S701: YE).
S), IP using the IP address management table (FIG. 9)
The address is analyzed (step S702). That is,
It is determined which of the IP address columns in the table of FIG. 9 the source IP address of the received message corresponds to,
By reading the value in the corresponding terminal type column, it is determined whether "wired client" or "wireless client". When it is determined that the IP address is “for wireless client” (step S703: NO), the access control process for the HP server 103 is interrupted and ended.

On the other hand, the wired client 104 trying to access the HP server also receives the access request message (M80
6) is transmitted to the HP server 103. HP server 103
When the access request message (M806) is received (step S701: YES), the IP address of the wired client terminal 104 is analyzed using the IP address management table (FIG. 9) (step S702). When it is determined that the IP address is "for wired client" (step S70)
3: YES), and transmits a password request message (M807) to the wired client terminal 104 (step S70).
4).

Upon receiving the password request message (M807), the wired client terminal 104 receives the password authentication message (M808) as a message including password data.
Is transmitted to the HP server 103.

The HP server 103 receives the password authentication message (M808) (step S705: YE).
S), an access confirmation message (M809) is transmitted to the wired client terminal 104 (step S706). When the password authentication message (M808) cannot be received or the authentication has failed (step S705: NO), the access processing to the HP server terminal is interrupted and terminated. Wired client terminal that received the access confirmation message (M809)
104 starts data communication with the HP server 103
(M810).

As described above, the server determines whether the client terminal of the access request source is a wired client or a wireless client, and restricts access by the wireless client, so that the wireless client terminal 106 with a low security level can access it. Unauthorized access to a highly confidential HP server or the like can be easily (simplely) and surely restricted, and network security and convenience are improved.

Particularly in this embodiment, since each server on the network can restrict access, a server that allows access regardless of whether it is a wireless client or a wired client and a server that does not allow access to the wireless client are provided. Can be mixed on the same network.

Furthermore, the IP of FIG. 9 provided for each server
"For wireless clients" in the address management table
If we consider "for wired clients" to mean "with access restriction" and "without access restriction",
Access can be restricted for each server according to the MAC address of the terminal.

[Other Embodiments] In the first and second embodiments, when an address allocation request message is received from an arbitrary client terminal, the MAC address of the client terminal is analyzed (steps S302 and S602), and the client terminal The connection type is determined to be wireless or wired. Instead of this, a route for analyzing the route selection information included in the address allocation request message from any client terminal, and determining the connection form of the client terminal as “wireless connection” when passing through the access point 105. You may replace with a selection information analysis means and may be comprised. With this configuration, the M
Even if the AC address is not registered in advance, it is possible to distinguish between the wireless terminal and the wired terminal.

In the above embodiment, the wireless LA
Although the wireless communication system including the method of restricting access to network resources from the client terminal has been described by taking the N network as an example, the present invention is not limited to this, and the client terminal connects to the network using the wireless transmission path. Any system can be applied as long as it composes the form described above, regardless of whether the signal to be handled is analog or digital. In addition, the present invention can be variously modified and implemented within the scope of the present invention.

As described above, in the network accommodating the wireless LAN system, which is conventionally considered to have a lower security level than the wired LAN, the unique MAC address given to each client terminal is set to DHC.
A wireless LA with a low security level is managed by the P server and controls the security level of wired and wireless LAN client terminals in the network.
Unauthorized access to a highly confidential server or the like from N client terminals is easily (simplely) and surely restricted at the physical level, and network security and convenience are improved.

That is, it is important for access control of a password for the purpose of preventing unauthorized use at the application level, a MAC address for identifying a client terminal, a service area unique identifier (ESSID) and a WEP (authentication) key. It is expected that such information can be prevented from being illegally accessed by "spoofing" in the case where such information is obtained by a third party due to leakage or interception due to the use of the wireless transmission path.

Even when the present invention is applied to a system composed of a plurality of devices (for example, host computer, interface device, reader, printer, etc.), a device composed of one device (for example, copying machine, facsimile). Device).

Further, an object of the present invention is to supply a storage medium (or recording medium) recording a program code of software for realizing the functions of the above-described embodiments to a system or apparatus, and to supply a computer of the system or apparatus ( Alternatively, it is achieved by the CPU or MPU) reading and executing the program code stored in the storage medium.

In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the program code itself and the storage medium storing the program code constitute the present invention. Become.

Further, by executing the program code read by the computer, not only the functions of the above-described embodiment are realized, but also the operating system (OS) running on the computer is executed based on the instruction of the program code. ) And the like perform a part or all of the actual processing, and the processing realizes the functions of the above-described embodiments.

Further, after the program code read from the storage medium is written in the memory provided in the function expansion card inserted in the computer or the function expansion unit connected to the computer, based on the instruction of the program code. It also includes a case where a CPU or the like included in the function expansion card or the function expansion unit performs a part or all of the actual processing, and the processing realizes the functions of the above-described embodiments.

[0063]

As described above, according to the present invention,
Since it is determined whether or not the network address is given to the terminal according to the unique identifier of the terminal, network access can be restricted for each terminal, and the security of the network can be improved.

Further, by making the above determination depending on whether the terminal is a wireless terminal or a wired terminal, access can be restricted depending on whether the terminal is wireless or wired.

Further, by referring to the route information of the request for the network address allocation from the terminal, since the network address is not assigned to the wireless terminal, the network access can be restricted for each terminal and the security of the network can be improved. Can be improved.

Further, since the group to which the network address to be given belongs is determined according to the identifier unique to the terminal, the network access can be restricted in the server that receives the network address, and the security of the network can be improved. it can.

Further, by referring to the route information of the request for the network address allocation from the terminal, the network addresses belonging to different groups are assigned to the wireless terminal and the wired terminal, so that the network receiving server receives the network address. Access can be restricted and network security can be improved.

[Brief description of drawings]

FIG. 1 is a configuration diagram of a wireless communication system according to an embodiment of the present invention.

FIG. 2 is a sequence chart showing a conventional technique.

FIG. 3 is a flowchart illustrating a process of an address allocation server according to the first embodiment.

FIG. 4 is a sequence chart illustrating a first embodiment.

[Figure 5] MAC in the address allocation (DHCP) server
It is an address management table.

FIG. 6 is a flowchart illustrating a process of an address allocation server according to the second embodiment.

FIG. 7 is a flowchart illustrating processing of an HP server according to the second embodiment.

FIG. 8 is a sequence chart illustrating a second embodiment.

FIG. 9 is a DHCP server according to the second embodiment and
It is an IP address management table of the HP server.

FIG. 10 is a block diagram of a computer.

[Explanation of symbols]

101 ・ ・ ・ Network 102 ... Address assignment (DHCP) server 103 ... HP server 104 ... Wired client terminal 105 ・ ・ ・ Access point 106 ... Wireless client terminal

Claims (16)

[Claims] 1. An address allocation server device for dynamically allocating a network address to a terminal, wherein an identifier unique to the terminal requesting address allocation is:
If it is registered as an identifier of a terminal that restricts address allocation, it does not assign a network address to that terminal.If it is registered as an identifier of a terminal that assigns an address, it allocates a network address to that terminal. A server device characterized by being applied. 2. The server device according to claim 1, wherein a wireless communication terminal is registered as a terminal that restricts the allocation of the address, and a wire communication terminal is registered as an identifier of the terminal that allocates the address. 3. An address allocation server device for dynamically allocating a network address to a wireless terminal accessing a network via an access point and a wired terminal accessing the network via wired communication. , If the route information of the request included in the address allocation request is referred to, and the route information includes information indicating that the route has passed through the access point,
A server device, wherein a network address is not assigned to the terminal, and if not included, a network address is assigned to the terminal. 4. An address allocation server device for dynamically allocating a network address to a terminal, which is selected for a terminal requesting address allocation according to an identifier unique to the terminal. A server device for allocating a network address belonging to a group of pre-classified network addresses. 5. The server device according to claim 4, wherein the group of network addresses is classified into a wireless communication terminal and a wired communication terminal. 6. An address allocation server device for dynamically allocating a network address to a wireless terminal accessing a network via an access point and a wired terminal accessing a network via wired communication. , Is selected according to whether or not the route information of the request included in the request for address allocation includes information indicating that the route information has passed through the access point. A server device, characterized by allocating a network address belonging to a group of classified network addresses. 7. A network system comprising the address assignment server device according to claim 1 and a terminal device. 8. The address allocation server device according to claim 4, a terminal device, and, in response to an access request from the terminal, to which of the groups the network address attached to the access request belongs. And a server device that restricts access according to the group to which the network system belongs. 9. A program for dynamically allocating a network address to a terminal by a computer, wherein an identifier unique to the terminal requesting the address allocation is:
If it is registered as an identifier of a terminal that restricts address allocation, it does not assign a network address to that terminal.If it is registered as an identifier of a terminal that assigns an address, it allocates a network address to that terminal. A program that causes a computer to function so that it can be applied. 10. A program for dynamically allocating a network address to a terminal by a computer, which is selected in advance for a terminal requesting address allocation according to an identifier unique to the terminal. A program that causes a computer to assign network addresses that belong to a group of classified network addresses. 11. A method for dynamically assigning a network address to a terminal by a computer, wherein an identifier unique to the terminal requesting the address assignment is:
If it is registered as an identifier of a terminal that restricts address allocation, it does not assign a network address to that terminal.If it is registered as an identifier of a terminal that assigns an address, it allocates a network address to that terminal. Address allocation method characterized by applying. 12. A method for dynamically allocating a network address to a terminal by a computer, wherein the terminal requesting the address allocation is selected according to an identifier unique to the terminal in advance. An address assigning method characterized by assigning a network address belonging to a group of classified network addresses. 13. A wireless communication link between a plurality of wired client terminals connected to a network and a plurality of wireless client terminals for performing data communication between the plurality of wired client terminals via the network, and a wireless communication link with the wireless client terminal. For establishing data transfer control / route selection function in the network, and an address assignment server for connecting the access point and for passing request / response messages regarding address assignment / authentication processing with the wireless client terminal In a wireless communication system including a terminal and a network accommodating a plurality of server terminals having a database function, the address allocation server terminal, when the address allocation request is made from the arbitrary client terminal, the arbitrary client Analyzing means for analyzing a terminal-specific identifier, the result of the analysis, the case allocation request terminal is a wireless client terminal, a wireless communication system, comprising an address control means to unset the IP address. 14. As a result of the analysis, when the assignment requesting terminal is a wireless client terminal, an address assigning means for assigning an IP address having an attribute different from that of the wired client terminal; The access control means for restricting access when the arbitrary client terminal is determined to be a wireless client terminal when making an access request.
3. The wireless communication system according to 3. 15. A wireless communication link between a plurality of wired client terminals connected to a network and a plurality of wireless client terminals for performing data communication between the plurality of wired client terminals via the network, and a wireless communication link with the wireless client terminal. For establishing data transfer control / route selection function in the network, and an address assignment server for connecting the access point and for passing request / response messages regarding address assignment / authentication processing with the wireless client terminal In a wireless communication system including a terminal and a network accommodating a plurality of server terminals having a database function, the address allocation server terminal, when the address allocation request is made from the arbitrary client terminal, An analysis unit that analyzes the route selection information of the message, and an address control unit that does not set an IP address when the information indicating that the route has passed through the access point is detected in the route selection information as a result of the analysis. A wireless communication system comprising: 16. If, as a result of the analysis, information indicating that the route selection information has passed through the access point is detected, an IP having an attribute different from that of the wired client terminal is detected.
The system further comprises address allocation means for allocating an address, and access control means for restricting access when the server makes an access request from an arbitrary client terminal and at the time when the arbitrary client terminal is determined to be a wireless client terminal. The wireless communication system according to claim 15, wherein: