JP2006197462A - Portable communication terminal and user authenticating method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce influence upon the communication quality of an active application, which is caused by delay resulting from reauthentication. <P>SOLUTION: A monitoring unit 10 for periodically acquiring required information from a radio LAN communication software component and a control unit 12 for starting a reauthentication session at fortunate timing when delay is hardly affected on the basis of a monitor result by the monitoring unit 10 are provided. The monitoring unit 10 monitors the existence/absence of the execution of a real time application through a component 21 corresponding to a higher layer, monitors the communication quality of the real time application through a component 22 corresponding to a network layer and a transport layer, and monitors the state of radio communication with an external device through a component 24 corresponding to a physical layer. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a technology related to security and communication quality of a network system in which a plurality of computer terminals are integrated by a LAN (Local Area Network), in particular, a wireless LAN system using a user authentication technology of IEEE802.1x standard.

  In general, in a wireless LAN system, in order to prevent unauthorized access to the wireless LAN and unauthorized intrusion via the wireless LAN, access is made only to a legitimate mobile station terminal (station: hereinafter simply referred to as “STA”). Access restrictions such as permission are performed. In such access restriction, normally, when a STA accesses the wireless LAN, a process for authenticating the STA is executed. There are various methods for authenticating the STA, but in practice, a security system of the IEEE802.1x standard is often used.

  FIG. 5 is a conceptual diagram of a security system of the IEEE802.1x standard. Referring to FIG. 5, the security system includes a supplicant 100, an authenticator 101, a LAN 102, a service 103, and an authentication server 104 as main elements.

  The supplicant 100 accesses the service 103. The authenticator 101 permits or denies the supplicant 100 access to the service 103. The service 103 provides a service to the supplicant 100. The authentication server 104 authenticates the supplicant 100. The LAN 102 is a transmission medium, and each of the supplicant 100, the authenticator 101, and the service 103 is communicably connected via the LAN 102.

  In order to use a service on the network, the supplicant 100 first exchanges an EAP (Extended Authentication Protocol) packet with the authentication server 104 via the authenticator 101. Next, the authentication server 104 authenticates the supplicant 100 based on the information regarding the other party included in the EAP packet received from the supplicant 100. Although the supplicant 100 can authenticate the authentication server 104, the execution of the authentication is optional.

  When the authentication of the supplicant 100 in the authentication server 104 is successful, the authenticator 101 permits the supplicant 100 to access the service 103 and is required for data communication after authentication. Send the encryption key used to encrypt the data. If authentication of the supplicant 100 in the authentication server 104 fails, the authenticator 101 does not permit the supplicant 100 to access the service 103.

  FIG. 6 shows a general wireless LAN system in which the above-described IEEE 802.1x standard security system is introduced. This wireless LAN system includes a STA 200 that is a supplicant, a wireless LAN access point (AP) 201 that is an authenticator, a server 203 that implements a service, and a RADIUS (Remote Authentication Dial-in user service) server 204 that is an authentication server. Have. The AP 201 is connected to each of the server 203 and the RADIUS server 204 via a LAN 202 (or a communication network including a LAN or another LAN or WAN (Wide Area Network)).

  Normally, when a supplicant attempts to access a service, an authentication process is performed. However, an authentication process is performed again for a supplicant that is already authenticated and authorized to access the service. Sometimes. For example, in the IEEE802.1x standard, in order to enhance security, a setting in which an authenticator requests authentication to a supplicant at regular time intervals is defined as one option. In addition, in a wireless LAN system incorporating IEEE802.1x standard security, every time a STA moves from a communication area of a currently connected AP to a communication area of another adjacent AP, so-called handover is performed. Authentication is performed.

  The time from the start to the completion of execution of the authentication process depends on factors such as the type of EAP, network traffic, and network configuration, but often takes several seconds. For this reason, if the authentication process is executed during data communication by the STA, a large delay occurs in the data communication. This delay is fatal for a real-time application such as VoIP (Voice-over-IP) and greatly deteriorates the voice quality. Various measures have been proposed to reduce this delay. Non-Patent Document 1 and Non-Patent Document 2 propose methods for simplifying the re-authentication process when PEAP and EAP-TTLS are used as EAP authentication protocols, respectively. By simplifying the re-authentication process, the delay that occurs during re-authentication can be reduced.

  In a wireless LAN system incorporating IEEE802.1x standard security, authentication is usually performed every time a handover is performed. At the time of handover, in addition to the delay due to authentication, there is also a delay caused by the switching process to the handover destination AP, so the total delay is large. Also, at the time of handover, since the electric field strength of the received signal is generally small, data loss is likely to occur. For this reason, the delay at the time of handover is larger than that at the normal time.

For the above reasons, it is not desirable to perform an authentication process at every handover. In order to solve the problem of authentication at the time of handover, the STA described in Non-Patent Document 3 is required for authentication between the STA and the handover destination AP via the connected AP and the wired LAN. It introduces a way to complete the authentication process before the handover takes place by exchanging data.
Protected EAP Protocol (PEAP) Version 2, IETF Internet-Draft, October 2003. EAP Tunneled TLS Authentication Protocol (EAP-TTLS), IETF Internet-Draft, February 2002. IEEE Standard for Information technology--Telecommunications and information exchange between system--Local and metropolitan area networks? Specific requirements--Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications--Amendment 6: Medium Access Control (MAC) Security Enhancements, IEE Std 802.11i-2004 Amendment to IEEE Std 802.11, 1999 Edition (Reaff 2003).

  As described above, in a wireless LAN system in which IEEE802.1x security is introduced, in order to enhance security, the STA is often set to request re-authentication at regular time intervals. However, in such a setting, the re-authentication process is unconditionally executed at a specified time interval regardless of the communication status of the STA. Communication quality will be greatly reduced. In order to prevent this problem, it is necessary to solve the following technical problems.

  (1) When a re-authentication process is executed when a real-time application such as VoIP that transmits data requiring real-time properties such as voice and video is executed on the STA, the re-authentication process The communication quality of the real-time application is greatly deteriorated due to the delay associated with the execution of. For this reason, it is desirable to avoid performing the re-authentication process when a real-time application is running.

  (2) When the re-authentication process is performed when the communication status of the STA is not good, such as when the STA is in a noisy environment or when the received signal strength indicator (RSSI) is small, The delay in the re-authentication process is greater than when the communication status of the STA is good. For this reason, when the re-authentication process is executed during execution of the real-time application and the communication state of the STA is not good, it is desirable to avoid the execution of the re-authentication process.

  (3) Even when there is a large amount of network traffic, it is desirable to avoid the execution of the re-authentication process because the delay associated with the execution of the re-authentication process increases as in the problem (2).

  A system capable of solving the above-described problems (1) to (3) has not been proposed so far.

  An object of the present invention is to solve the problems (1) to (3) described above, and to reduce the influence of delay due to re-authentication on the communication quality of an application being executed, a mobile communication terminal, a LAN system, and a user It is to provide an authentication method and a program.

  In order to achieve the above object, according to one aspect of the present invention, a mobile communication terminal (corresponding to an STA) transmits / receives information necessary for user authentication to / from an external device, and at least A monitoring unit that periodically monitors whether or not a predetermined application (real-time application) is executed; and when the monitoring unit detects that the predetermined application is not being executed, And a control unit for initiating a re-authentication session for re-executing user authentication. According to this configuration, since the authentication processing unit starts a re-authentication session during a period when the real-time application is not executed, a delay due to re-authentication does not affect the communication quality of the real-time application. Thereby, the above-described problem (1) is solved.

  In the present invention, when the execution of the predetermined application is detected over a first predetermined period, the monitoring unit monitors a communication state with the external device at a constant time interval over a second predetermined period, The control unit determines whether or not the communication with the external device is good based on the monitoring result of the communication state by the monitoring unit. You may make it start. According to this configuration, the re-authentication process is executed during the execution of the real-time application, but the re-authentication process is executed only when the communication with the external device is good. Thereby, the above-mentioned problems (2) and (3) are solved.

  In the above case, as the communication state with the external device, the communication quality in the communication path of the predetermined application, specifically, the communication quality in each of the network layer and the transport layer that provide communication by the predetermined application You may monitor. Based on the communication quality on the communication path of a predetermined application, the network traffic volume can be checked.

  In addition to the communication quality of the predetermined application, the electric field strength of the received signal from the external device may be monitored as the communication state with the external device. Based on the electric field strength of the received signal from the external device, it is possible to check whether the STA is in a noisy environment and whether the RSSI (Received Signal Strength Indicator) of the received signal is smaller than a reference value.

  According to the present invention, since the STA starts the re-authentication session at a convenient timing that is not easily affected by the delay, the re-authentication is unconditionally executed at the re-authentication time set in the AP or the authentication server. You can avoid that.

  Further, since the re-authentication is performed when the real-time application is not used on the STA, the communication quality of the real-time application such as VoIP can be improved.

  Next, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing a schematic configuration of a mobile communication terminal according to an embodiment of the present invention. This portable communication terminal is applied to an existing wireless LAN system, for example, a STA of the wireless LAN system shown in FIG. 6, and its main parts are a monitoring unit 10, a set value input unit 11, and a control unit 12. Consists of. These units 10 to 11 are all software components. Although not shown in FIG. 1, the mobile communication terminal communicates with an authentication processing unit that transmits and receives information necessary for user authentication with a wireless LAN access point that is an external device. There is also a configuration provided in existing STAs such as a wireless communication unit that performs wireless communication and an electric field strength detection unit that detects the electric field strength of a signal received by the wireless communication unit.

  The monitoring unit 10 periodically acquires necessary information from the wireless LAN communication software component of the STA. In FIG. 1, a communication software model 20 is a protocol definition model related to a wireless LAN communication software component. The communication software model 20 includes a component 21 corresponding to an upper layer such as an application layer, a component 22 corresponding to a transport layer and a network layer, a component 23 corresponding to a data link layer such as IEEE802.11 and IEEE802.1x, and physical It consists of components 24 corresponding to layers.

  The monitoring unit 10 monitors whether or not a real-time application such as VoIP is being executed by the component 21. In addition, the monitoring unit 10 acquires a value indicating communication quality such as a packet delay from the component 22. Whether or not the communication quality of the real-time application is good can be determined based on whether or not the acquired value indicating the communication quality exceeds a preset reference value. In addition, the monitoring unit 10 acquires association state information indicating whether the STA and the AP are associated with each other from the component 23. Furthermore, the monitoring unit 10 acquires the RSSI of the received signal or the ratio of the received signal and noise (SN ratio) from the component 24. The RSSI value and the S / N value are obtained from the electric field strength of the received signal detected by the electric field strength detector.

  The set value input unit 11 receives an input of a set value for a re-authentication request in each AP on the network.

  The control unit 12 controls the operation of each unit including the monitoring unit 10 and determines whether or not to start a re-authentication session from the STA based on information acquired by the monitoring unit 10 from the wireless LAN communication software component of the STA. To do. If it is determined that a re-authentication session is started from the STA, the control unit 12 requests the IEEE 802.11 software component 23 to perform re-authentication.

  Next, the operation of the STA of this embodiment will be specifically described. FIG. 2 shows a time frame for explaining the operation of the monitoring unit 10 controlled by the control unit 12. In the example shown in FIG. 2, the operation of the monitoring unit 10 is divided into four phases on the time axis.

  In FIG. 2, t is a variable representing time. “T = 0” indicates a time point when the previous authentication is completed, and this time point is set as a start time of the phase 1. T0 represents a re-authentication request time interval set by the AP or the authentication server. The re-authentication request time interval needs to be registered in advance in the set value input unit 11. When the re-authentication request time interval is not registered in the set value input unit 11, a default value is used as the re-authentication request time interval. In the case of the IEEE802.1x standard, this default value is the minimum value of the re-authentication request time interval that can be set by the AP or the authentication server, for example, 3600 seconds.

T1, T2, and T3 represent the start times of Phase 2, Phase 3, and Phase 4, respectively.
0 <T1 <T2 <T3 <T0
It is a variable that satisfies the condition. Specifically, it is desirable that T1 is T0 / 2, T2 is (4 · T0) / 6, and T3 is (5 · T0) / 6.

X1, X2, and X3 represent monitoring intervals in Phase 2, Phase 3, and Phase 4, respectively.
X1 <T2-T1
X2 <T3-T2
X3 <T0-T3
It is a variable that satisfies the condition. Specifically, it is desirable that X1 is (T2-T1) / n, X2 is (T3-T2) / n, and X3 is (T0-T3) / n. Here, n corresponds to the number of times of monitoring in each phase, and is an integer of 2 or more.

  FIG. 3 shows a flowchart for explaining the operation of the control unit 12. Hereinafter, the operation of the STA shown in FIG. 1 will be described with reference to FIGS.

  Phase 1 starts when the previous authentication is completed and ends when the time T1 has elapsed (step 300 in FIG. 3). In this phase 1, the monitoring unit 10 does not perform monitoring and waits until the end.

The control unit 12 resets the value (time t) of the timer provided in the self unit or the STA at the start of phase 1 (step 316 in FIG. 3). Then, after step 300 (phase 1), the control unit 12 determines that the time t measured by the reset timer is
T1 ≦ t <T2
It is determined whether or not the first condition is satisfied (step 301 in FIG. 3). When it is determined that the first condition is satisfied, the control unit 12 causes the monitoring unit 10 to perform the following phase 2 operation.

  Phase 2 starts at time T1 and ends at time T2. In this phase 2, the monitoring unit 10 monitors the associated state and the presence / absence of a running real-time application at X1 second intervals.

  The control unit 12 first determines whether the STA and the AP are associated with each other based on the result of monitoring by the monitoring unit 10 in phase 2 (step 302 in FIG. 3). If it is determined in step 302 that the STA and the AP are associated with each other, the control unit 12 subsequently determines whether or not the real-time application in the STA is being executed (step 303 in FIG. 3).

  If it is determined in step 303 that there is no real-time application being executed, the control unit 12 sends an “EAPOL-START” packet to the AP to the IEEE802.1x software component 23 (authentication processing unit). (Step 305 in FIG. 3). When the component 23 sends an “EAPOL-START” packet to the AP in response to this request, an authentication process is executed between the STA and the AP or the authentication server (step 315 in FIG. 3).

  If it is determined in step S302 that the STA and the AP are not associated with each other, or if it is determined in step 303 that there is a real-time application being executed in the STA, the control unit 12 waits for X1 seconds ( The determination in step 304) and step 300 in FIG. 3 is executed again.

If it is determined in step 300 that the first condition is not satisfied, the control unit 12 subsequently determines that the time t measured by the timer is
T2 ≦ t <T3
It is determined whether or not the second condition is satisfied (step 306 in FIG. 3). When it is determined that the second condition is satisfied, the control unit 12 causes the monitoring unit 10 to perform the following phase 3 operation.

  Phase 3 starts at time T2 and ends at time T3. In this phase 3, monitoring by the monitoring unit 10 is executed at intervals of X2 seconds. The data monitored by the monitoring unit 10 is an association state, a reference value (delay, packet loss, transmission / reception data rate, etc.) indicating communication quality between the network layer and the transport layer, an RSSI value, or an S / N value. From these, it is possible to determine whether or not the communication quality of the real-time application and the state of wireless communication with the external device (AP) are good.

  The control unit 12 first determines whether the STA and the AP are associated with each other based on the result of monitoring by the monitoring unit 10 in phase 3 (step 307 in FIG. 3). If it is determined in this step 307 that the STA and the AP are associated, then the control unit 12 has good network layer and transport layer traffic based on the reference value of communication quality (QoS). (“Pass” or “fail”) is determined (step 308 in FIG. 3). If the determination result in step 308 is “pass”, the control unit 12 subsequently determines whether the RSSI value or S / N value is greater than the reference value (“strong” or “weak”). (Step 308 in FIG. 3).

  If the determination result in step 309 is “strong”, the control unit 12 proceeds to step 305 and sends an “EAPOL-START” packet to the AP to the IEEE802.1x software component 23. To request.

  When it is determined in step S307 that the STA and the AP are not associated with each other, or the determination result in step 308 is “fail”, or the determination result in step 309 is “weak” After waiting for X2 seconds (step 310 in FIG. 3), the control unit 12 executes the determination in step 306 again.

If it is determined in step 306 that the second condition is not satisfied, the control unit 12 subsequently determines that the time t measured by the timer is
T3 ≦ t <T0
It is determined whether or not the third condition is satisfied (step 311 in FIG. 3). If it is determined that the third condition is satisfied, the control unit 12 causes the monitoring unit 10 to perform the following phase 4 operation.

  Phase 4 starts at time T3 and ends at time T0. In this phase 4, monitoring by the monitoring unit 10 is executed at intervals of X3 seconds. Data monitored by the monitoring unit 10 is an association state, an RSSI value, or an S / N value.

  The control unit 12 first determines whether or not the STA and the AP are associated based on the monitoring result of the monitoring unit 10 in the phase 4 (step 312 in FIG. 3). If it is determined in step 312 that the STA and the AP are associated, the control unit 12 subsequently determines whether the RSSI value or the S / N value is larger than the reference value (“strong” or “ 3) (step 313 in FIG. 3).

  If the determination result in step 313 is “strong”, the process proceeds to step 305, and the control unit 12 sends an “EAPOL-START” packet to the AP to the IEEE802.1x software component 23. To request.

  If it is determined in step S312 that the STA and the AP are not associated with each other, or if the determination result in step 313 is “weak”, the control unit 12 waits for X3 seconds (step in FIG. 3). 314), the determination in step 311 is executed again.

  If it is determined in step 311 that the third condition is not satisfied (if the communication status of the STA is poor and authentication is not performed even after the end of phase 3), the control unit 12 returns to step 316 above. Reset the timer.

  If authentication is not performed even after the end of phase 4, and if the value of the AP re-authentication request time interval is registered, the AP starts at the time when phase 4 ends (t = T0). A re-authentication request may be sent to the STA for re-authentication. However, if T0 is set to the default value of 3600 seconds, re-authentication is performed by a re-authentication request from the AP, and re-authentication is performed by sending an “EAPOL-START” packet when the STA is convenient for the station The processes to be performed may be executed together.

  Also, although not shown in the flowchart of FIG. 3, when authentication is performed because the link is disconnected and reconnected, a handover occurs, or there is a re-authentication request from the AP. Regardless of which procedure in the flowchart is executed, the process returns to the timer reset block in step 316.

  According to the present embodiment described above, not only the reception quality of the physical layer but also the presence / absence of a real-time application being executed, the communication quality in each of the network layer and the transport layer that provide communication by the real-time application are monitored. Based on the monitoring results, the STA itself starts the re-authentication session at a timing that is not easily affected by the delay, so re-authentication is performed at the re-authentication time interval set at the wireless LAN access point. In this case, it is possible to reduce the influence that the delay caused by re-authentication has on the real-time application.

  In addition, since re-authentication is performed preferentially when a delay-sensitive application such as a real-time application is not being executed, the effect of the delay due to re-authentication on the real-time application is more effective. Can be reduced.

  Furthermore, even if re-authentication is unavoidable when a real-time application is in use, re-authentication is performed only when the communication state is good, so the delay due to re-authentication adds to the quality of the real-time application. The influence can be suppressed.

  Furthermore, if the re-authentication process is not executed in any of Phases 2 and 3, Phase 4 does not monitor the quality of the network layer and the transport layer and whether or not there is a real-time application being executed. Re-authentication is decided only by the reception quality. As a result, re-authentication can be prevented as much as possible when the state of wireless communication with the wireless LAN access point, which is an external device, is not good.

(Other embodiments)
In the wired LAN system, as in the case of the wireless LAN system, re-authentication should be avoided when a real-time application such as VoIP is being executed. Also, re-authentication should not be performed even when the network load is heavy and the communication quality of the transport layer and the network layer is poor. Here, a mobile communication terminal applied to a wired LAN system will be described as an STA of another embodiment of the present invention.

The configuration of the STA of the other embodiment is basically the same as the configuration of the STA of the above-described embodiment, but part of the operation is different. In the wired LAN system, the STA is connected to the wired LAN through a network device typified by a router, but unlike the wireless LAN, the STA and the network device are connected via a communication cable. The data link layer is stable. For this reason, in the STA of this other embodiment, the operation of monitoring the physical layer and the data link layer and confirming the communication quality is not performed. Specifically, in the STA of the other embodiment, the monitoring unit performs the operations of phases 1 to 3 except for phase 4 among phases 1 to 4 shown in FIG. However, the data monitored in phase 3 is transport and network layer QoS. The start time T1 of phase 2 and the start time T2 of phase 3 are
0 <T1 <T2 <T0
It is set to satisfy the condition. The monitoring intervals X1, X2 are
X1 <T2-T1
X2 <T0-T2
It is set to satisfy the condition.

  FIG. 4 is a flowchart for explaining the operation of the STA according to the other embodiment. The operations up to phases 1 and 2 are the same as the operations shown in FIG. When the authentication process is not executed in Phase 2, the control unit 12 causes the monitoring unit 10 to perform the following Phase 3 operation.

  Phase 3 starts at time T2 and ends at time T0. In this phase 3, monitoring by the monitoring unit 10 is executed at intervals of X2 seconds. The data monitored by the monitoring unit 10 is a reference value (delay, packet loss, transmission / reception data rate, etc.) indicating the association state, the communication quality of the network layer and the transport layer.

  Based on the result of monitoring by the monitoring unit 10 in phase 3, the control unit 12 first determines whether or not the STA and the AP are associated (step 307). If it is determined in this step 307 that the STA and the AP are associated, then the control unit 12 has good network layer and transport layer traffic based on the reference value of communication quality (QoS). Is determined (determination of “pass” or “fail”) (step 308). If the determination result in step 308 is “pass”, the control unit 12 proceeds to step 305 and sends an “EAPOL-START” packet to the AP to the IEEE802.1x software component 23. To request.

  If it is determined in step S307 that the STA and the AP are not associated with each other, or if the determination result in step 308 is “fail”, the control unit 12 waits for X2 seconds (step 310). The determination in step 306 is executed again.

  If it is determined in step 306 that the second condition is not satisfied, the control unit 12 returns to step 316 and resets the timer.

  According to the above processing, in the wired LAN system, the presence or absence of a real-time application being executed and the communication quality of the network layer and the transport layer are monitored, and based on the results, the AP or the authentication server (certifier) re- Before authentication is requested, the STA (supplicant) can perform re-authentication at a convenient timing, and a delay problem due to re-authentication can be avoided.

  The re-authentication operation according to the present invention described above can be basically realized by software, and can be easily applied to an existing IEEE 802.1x standard wireless LAN without using new hardware.

  Further, according to the present invention, there is an advantage that the security level is not lowered in order to solve the problem of delay due to re-authentication. If the IEEE802.1x re-authentication function is simply disabled at the AP and the re-authentication is not executed unconditionally without applying the present invention, the security level is lowered.

  The configurations and operations described in the embodiments of the present invention are examples of the present invention, and can be changed as appropriate. For example, in FIG. 3, the processing corresponding to phase 4 can be omitted. In the process corresponding to phase 3, step 309 may be omitted. However, in this case, although re-authentication can be performed in a state where the communication quality of the real-time application is good, re-authentication is performed in a state where the wireless communication state with the wireless LAN access point is poor because step 309 is omitted. There is a case.

  The STA of the present invention is configured by a computer terminal represented by a notebook personal computer. When the computer operates according to a program prepared in advance, the re-authentication operation described in each embodiment can be executed.

It is a block diagram which shows schematic structure of the mobile communication terminal which is one Embodiment of this invention. It is a time frame figure for demonstrating the monitoring operation | movement of the portable communication terminal shown in FIG. It is a flowchart for demonstrating the process of re-authentication of the mobile communication terminal shown in FIG. It is a flowchart for demonstrating the process of re-authentication of the mobile communication terminal which is this other embodiment. It is a conceptual diagram of the security system of IEEE802.1x standard. 1 is a block diagram illustrating a configuration of a general wireless LAN system in which an IEEE 802.1x standard security system is introduced. FIG.

Explanation of symbols

10 Monitoring Unit 11 Set Value Input Unit 12 Control Unit 20 Communication Software Model 21-24 Component

Claims (24)

An authentication processing unit that transmits and receives information necessary for user authentication with an external device;
A monitoring unit that periodically monitors whether or not a predetermined application is being executed,
Mobile communication having a control unit that causes the authentication processing unit to start a re-authentication session to re-execute the user authentication when the monitoring unit detects that the predetermined application is not being executed Terminal. When the monitoring unit detects execution of the predetermined application over a first predetermined period, the monitoring unit monitors a communication state with the external device at a predetermined time interval,
The control unit determines whether or not the communication with the external device is good based on the monitoring result of the communication state by the monitoring unit, and if it determines that the communication is good, the control unit sends the re-authentication session to the authentication processing unit. The mobile communication terminal according to claim 1, which is started.   The mobile communication terminal according to claim 2, wherein the monitoring unit monitors at least communication quality in a communication path of the predetermined application as a communication state with the external device.   The mobile communication terminal according to claim 3, wherein the communication quality is communication quality in each of a network layer and a transport layer that provide communication by the predetermined application. Communication with the external device is wireless communication, a wireless communication unit for performing the wireless communication,
An electric field strength detection unit for detecting the electric field strength of the signal received by the wireless communication unit;
The mobile communication terminal according to claim 3 or 4, wherein the monitoring unit further monitors an electric field strength detected by the wireless communication unit as a communication state with the external device. If the control unit cannot determine that the communication with the external device is good within the second predetermined period, the monitoring unit further increases the electric field strength detected by the wireless communication unit at regular time intervals. Monitor
The control unit determines whether or not wireless communication with the external device is good based on a monitoring result of the electric field strength by the monitoring unit. The mobile communication terminal according to claim 5, wherein a session is started. A mobile communication device,
A network device for connecting the portable communication terminal to a LAN,
The mobile communication terminal is
An authentication processing unit that transmits and receives information necessary for user authentication with the network device;
A monitoring unit that periodically monitors whether or not a predetermined application is being executed,
A LAN system comprising: a control unit that causes the authentication processing unit to start a re-authentication session for re-execution of the user authentication when the monitoring unit detects that the predetermined application is not being executed . When the monitoring unit detects the execution of the predetermined application over a first predetermined period, the monitoring unit monitors a communication state with an external device at a certain time interval,
The control unit determines whether or not the communication with the network device is good based on the monitoring result of the communication state by the monitoring unit, and if the control unit determines that the communication is good, the control unit sends the re-authentication session to the authentication processing unit. The LAN system according to claim 7, wherein the LAN system is started.   The LAN system according to claim 8, wherein the monitoring unit monitors at least communication quality on a communication path of the predetermined application as a communication state with the external device.   The LAN system according to claim 9, wherein the communication quality is a communication quality in each of a network layer and a transport layer that provide communication by the predetermined application. The network device is a wireless LAN access point;
The mobile communication terminal is
A wireless communication unit for performing wireless communication with the wireless LAN access point;
An electric field strength detection unit for detecting the electric field strength of the signal received by the wireless communication unit;
The LAN system according to claim 9 or 10, wherein the monitoring unit further monitors an electric field strength detected by the wireless communication unit as a communication state with the network device. If the control unit cannot determine that the communication with the network device is good within the second predetermined period, the monitoring unit further increases the electric field strength detected by the wireless communication unit at a constant time interval. Monitor
The control unit determines whether or not the wireless communication with the wireless LAN access point is good based on the monitoring result of the electric field strength by the monitoring unit. The LAN system according to claim 11, wherein a re-authentication session is initiated. A user re-authentication method performed in a mobile communication terminal that transmits and receives information necessary for user authentication with an external device,
A first step of periodically monitoring at least the execution of a predetermined application;
A second step of starting a re-authentication session for re-executing the user authentication when it is detected in the monitoring in the first step that the predetermined application is not being executed. Authentication method. A third step of monitoring a communication state with the external device at a fixed time interval when execution of the predetermined application is detected over a first predetermined period in the monitoring in the first step;
A fourth step of determining whether or not communication with the external device is good based on the monitoring result in the third step;
The user re-authentication method according to claim 13, further comprising a fifth step of starting the re-authentication session when it is determined to be good in the fourth step.   15. The user re-authentication method according to claim 14, wherein the third step includes a step of monitoring a communication quality in a communication path of at least the predetermined application as a communication state with the external device.   The user re-authentication method according to claim 15, wherein the communication quality is a communication quality in each of a network layer and a transport layer that provide communication by the predetermined application. Communication with the external device is wireless communication,
The user re-authentication method according to claim 15, wherein the third step further includes a step of detecting an electric field strength of a reception signal from the external device as a communication state with the external device at a constant time interval. If it is not determined in the fourth step that the communication with the external device is good within the second predetermined period, the electric field strength of the received signal from the external device is further monitored at regular time intervals. And the steps
A seventh step of determining whether or not wireless communication with the external device is good based on a monitoring result in the sixth step;
The user re-authentication method according to claim 14, further comprising an eighth step of starting the re-authentication session when it is determined to be good in the sixth step. A program used in a mobile communication terminal that transmits and receives information necessary for user authentication with an external device,
A first process for periodically monitoring whether at least a predetermined application is executed;
A second process for starting a re-authentication session for re-executing the user authentication when it is detected that the predetermined application is not executed in the monitoring in the first process; A program to be executed by the terminal computer. A third process for monitoring a communication state with the external device at a fixed time interval when the execution of the predetermined application is detected over a first predetermined period in the monitoring in the first process;
A fourth process for determining whether or not the communication with the external device is good based on a monitoring result in the third process;
The program according to claim 19, further causing a computer of the mobile communication terminal to execute a fifth process for starting the re-authentication session when it is determined that the fourth process is good.   21. The program according to claim 20, wherein the third process includes a process of monitoring communication quality in a communication path of at least the predetermined application as a communication state with the external device.   The program according to claim 21, wherein the communication quality is a communication quality in each of a network layer and a transport layer that provide communication by the predetermined application. Communication with the external device is wireless communication,
The program according to claim 21, wherein the third process further includes a process of detecting an electric field strength of a reception signal from the external apparatus at a constant time interval as a communication state with the external apparatus. If the fourth process cannot determine that the communication with the external device is good within the second predetermined period, the electric field strength of the received signal from the external device is further monitored at regular time intervals. And processing
A seventh process for determining whether wireless communication with the external device is good based on a monitoring result in the sixth process;
21. The program according to claim 20, further causing the computer of the mobile communication terminal to further execute an eighth process for starting the re-authentication session when it is determined that the sixth process is good.

Images