JP2010153998A - Terminal device, and system, method and program for isolating network failure cause - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a terminal device capable of collecting data for isolating a failure part from a terminal side at a failure after verification, and a system, method and program for isolating a network failure cause. <P>SOLUTION: When user authentication information of a specific terminal device is registered in a user authentication information registration step 41, user authenticated information corresponding to the information is stored in an optional number of communication devices or the like constituting a communication route from the terminal device to an authentication device in a user authenticated information storage step 42 in advance. At a failure of a communication route between the specific terminal device and an authentication device, access by simplified authentication from the terminal device side to the respective communication devices with the user authenticated information stored therein and a communication path connected to them is approved, and data related to a zone allowing communication from the terminal device are collected in an isolating data collection step 43 to be used for isolation. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a terminal device, a network failure cause isolation system, a network failure cause isolation method, and a network failure cause isolation program for specifying a location that causes a failure when a failure occurs in communication using a network.

  Communication is often performed using various communication networks such as the Internet and a LAN (Local Area Network). When a failure occurs in communication with the other party, the user of the communication terminal may request the network administrator to recover the failure. Upon receiving this request, the network administrator performs fault isolation work for identifying where the fault has occurred in the network in order to recover from the fault.

  As the fault isolation work, as a first related technique related to the present invention, there is a method of confirming communication between a terminal device used by a user and a communication device of a communication partner using a “ping” command. . In this method, a packet incorporating the address of a communication device whose communication is to be confirmed is transmitted from the terminal device, a response from the other communication device is waited, and the network environment is checked from the presence / absence of the response and the response time.

  However, depending on the network administrator, there is a case where a packet using the “ping” command is excluded in order to prevent unauthorized access, and the use is limited. Also, sufficient fault isolation cannot be performed for a fault that temporarily becomes unstable in the network state, such as when a network congestion or a Dos (Denial of Services) attack occurs. In addition, depending on the location of the failure, it may be difficult to isolate only by checking from a specific location.

  In view of this, when there is an abnormality in communication between two points, a proposal has been made as a second related technique of the present invention to accurately identify the location of failure (see, for example, Patent Document 1).

FIG. 20 shows an outline of the second related technique of the present invention. The fault monitoring apparatus 100 according to the second related technology of the present invention is configured to input monitoring information 101 for designating a transmission source and a destination to be monitored by an input unit 102. The generation unit 103 communicates between a plurality of transmission sources and a plurality of destinations in each layer both before and after the communication state between the transmission source and the destination to be monitored changes from communication enabled to communication disabled. Communication availability information 104 indicating availability is generated. The communication availability information 104 is stored in the storage unit 105. The specifying unit 106 compares the communication enable / disable information 107 and 108 before and after the monitoring target communication state changes, and groups destinations of routes that have changed from communication enabled to communication disabled. Then, the communication network is divided into a plurality of affected ranges affected by the failure, and the process of estimating the interface of the device on the boundary of the affected range as the failure occurrence point is performed for each layer from the search start layer to the lower layer. repeat. In this way, the identification unit 106 supplies the output unit 110 with identification information 109 that identifies the device and layer that cause the failure. The output unit 110 outputs information about a plurality of affected ranges and failure locations based on the specific information 109.
Japanese Patent Laying-Open No. 2006-222808 (paragraphs 0006 to 0009, FIG. 1)

  However, according to the second related technique, it is necessary to store the communication availability information 107 before the failure occurs in the storage unit 105. Therefore, even if the network manager starts storing the communication availability information for identifying the fault location in the storage unit 105 for the first time after receiving the notification of the occurrence of the fault, the specifying unit 106 performs comparison processing before and after the lifetime. I can't.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a terminal device, a network failure cause isolation system, a network failure cause isolation method, and a network failure cause isolation program that can collect data for identifying a failure location from the terminal side when a failure occurs after authentication. Is to provide.

In the present invention, (a) when the user of the device itself needs user authentication when accessing a predetermined communication path constituting the communication network, the authentication device that performs the authentication corresponds to the user authentication information authenticated by the user. User-authenticated information storage means for storing user-authenticated information to be stored in a communication device arranged on a specific communication path connecting between the above-described own device and the above-described authentication device; and (b) failure of the specific communication path described above When communication to the authentication device becomes impossible in the above, each communication device storing user authenticated information corresponding to the user authentication information of the own device and the communication device connected to these communication devices from the own device described above A communication device operation screen display means for displaying an operation screen for fault isolation prepared for a desired communication device among the above-described communication devices on the own device. An operation unit that collects data for identifying a place where a failure has occurred from a desired communication device among the communication devices described above by operating the operation screen displayed by the communication device operation screen display unit, and a terminal device Comprise.

  In the present invention, (b) a plurality of communication paths for transmitting signals for communication, and (b) connecting means for connecting the communication paths to each other to constitute a predetermined communication network as a whole. A plurality of communication devices, and (c) a specific terminal device connected to a specific communication device as any one of the plurality of communication devices described above, the specific communication device described above among the plurality of communication devices described above When communicating with other terminal devices connected to other than the above, the plurality of communications described above for performing user authentication when user authentication is required for access to a predetermined communication path arranged between them. An authentication device connected to a device other than the specific communication device, and (d) the plurality of communication devices described above when the specific terminal device registers user authentication information for authentication in the authentication device. In User authentication completed corresponding to the user authentication information of the specific terminal device for all communication devices arranged on the communication path used when the specific communication device requests authentication from the authentication device. A user authenticated information storage means for storing information; and (e) an authentication request made by the specific terminal device to the authentication device is not due to a failure in a communication path used when requesting the authentication. When enabled, each communication device storing user authenticated information corresponding to the user authentication information of the specific terminal device described above and access from the specific terminal device to the communication path connected thereto are permitted. Isolation data collection for collecting data relating to a section in which communication can be performed from the specific terminal device to the authentication device as data for isolating the location where the failure has occurred A stage network failure cause isolation system comprises.

  Furthermore, in the present invention, (a) user authentication information registration means for registering user authentication information for permitting a specific user to access a predetermined communication path constituting a communication network in an authentication device; When this user authentication information registration means registers user authentication information, a specific terminal that requests authentication by inputting user authenticated information corresponding to the user authentication information when accessing the predetermined communication path. User-authenticated information storage means for storing the above-mentioned user-authenticated information for an arbitrary number of communication devices arranged as connection means for connecting the respective communication paths constituting the communication path from the device to the authentication device; (C) A request for authentication performed by the specific terminal device to the authentication device described above is a failure in the communication path from the specific terminal device to the authentication device described above. From the specific terminal device described above to each communication device storing the user authenticated information corresponding to the user authentication information of the specific terminal device described above and the communication path connected thereto, The network failure cause isolation system includes an isolation data collection unit that collects data relating to a section in which communication is allowed from the specific terminal device to the authentication device as described above as data for identifying the location where the failure occurred. To do.

  Furthermore, in the present invention, (a) a user authentication information registration step for registering user authentication information in an authentication device for permitting a specific user to access a predetermined communication path constituting the communication network; ) When the user authentication information is registered in this user authentication information registration step, the above-mentioned authentication is performed from a specific terminal device that requests the authentication by inputting the above-mentioned user authentication information when accessing the predetermined communication path. User authenticated information storage step for storing user authenticated information corresponding to the user authentication information described above for an arbitrary number of communication devices arranged as connecting means for connecting the respective communication paths that constitute the communication path leading to the device And (c) an authentication request made by the specific terminal device to the authentication device is sent from the specific terminal device to the authentication device. Each communication device storing user authenticated information corresponding to the user authentication information of the specific terminal device described above and the specific terminal described above in the communication path connected thereto An isolation data collection step for collecting data related to a section in which communication from the specific terminal device to the authentication device described above by allowing access from the device as data for isolating the location where the failure has occurred A dividing method is provided.

  In the present invention, (b) when a user of a specific terminal device requires user authentication when accessing a predetermined communication path constituting the communication network, the authentication device that performs the authentication is used for user authentication. User authenticated information storage step for storing user authenticated information corresponding to the user authentication information stored in all of the communication devices arranged on the specific communication path connecting between the specific terminal device and the authentication device described above; (B) Each communication device storing user authenticated information corresponding to the user authentication information of the specific terminal device described above when communication with the authentication device becomes impossible due to the failure of the specific communication path described above, and these Operation screen for fault isolation prepared for a desired communication device among the above-described communication devices by permitting access from the specific terminal device to the communication path connected to A communication device operation screen display step for displaying the above-mentioned specific terminal device, and (c) each of the above-described operations by operating the operation screen displayed by the communication device operation screen display step from the above-described specific terminal device side. A network failure cause isolation method includes an operation step of collecting data for identifying a location where a failure has occurred starting from a desired communication device of the communication devices.

  Furthermore, in the present invention, as a network failure cause isolation program, the computer constituting the terminal device requires (i) user authentication when the user of the terminal device accesses the predetermined communication path constituting the communication network. When the authentication device that performs the authentication is configured to communicate the user authenticated information corresponding to the user authentication information used for user authentication on the specific communication path that connects between the specific terminal device and the authentication device. User authenticated information storage processing stored in all of the devices, and (b) user authentication information of the specific terminal device described above when communication with the authentication device becomes impossible due to the failure of the specific communication path described above. Among the communication devices described above, the access from the specific terminal device described above is permitted to the stored communication devices and the communication paths connected to them. A communication device operation screen display process for displaying the operation screen for fault isolation prepared for a desired communication device on the specific terminal device, and (c) the operation screen displayed by the communication device operation screen display process By operating from the specific terminal device side, the above-described operation processing for collecting data for identifying the location where the failure has occurred from the desired communication device among the respective communication devices is executed.

  As described above, according to the present invention, user-authenticated information corresponding to user authentication information used for authentication to a predetermined communication device such as a communication device arranged on a communication path used for authentication by a terminal device. Decided to store. Therefore, when a failure occurs in the communication path between the terminal device and the authentication device and authentication processing cannot be performed, the terminal device between the communication devices storing the user authenticated information Alternatively, access from other terminal devices can be performed, a section where communication is possible is examined, and this can be used as data for isolating the location where the failure has occurred. Therefore, by using data that cannot be obtained from the authentication device side, the network administrator can quickly identify the cause and take countermeasures.

  FIG. 1 is a diagram corresponding to claims of the terminal device of the present invention. The terminal device 10 of the present invention uses the user authentication information that is authenticated by the authentication device that performs authentication when the user of the device itself needs user authentication when accessing the predetermined communication path constituting the communication network. Corresponding user-authenticated information is stored in a communication device arranged on a specific communication path connecting between the above-described own device and the above-described authentication device, and a failure in the specific communication path described above When communication to the authentication device described above becomes impossible, each communication device that stores user authenticated information corresponding to the user authentication information of the own device described above, and a communication path connected thereto from the own device described above Communication device operation screen display means 12 for allowing access to display an operation screen for fault isolation prepared in a desired communication device among the above-described communication devices upon allowing access. An operation unit 13 for collecting data for identifying a place where a failure has occurred from a desired communication device among the communication devices described above by operating the operation screen displayed by the communication device operation screen display unit 12; It has.

  FIG. 2 is a diagram corresponding to claims of the network failure cause isolation system of the present invention. The network failure cause isolation system 20 according to the present invention is arranged as a plurality of communication paths 21 for transmitting signals for communication, and connection means for connecting the communication paths to form a predetermined communication network as a whole. A plurality of communication devices 22 and a specific terminal device connected to a specific communication device as any one of the plurality of communication devices 22 are connected to a plurality of communication devices 22 other than the specific communication device described above. When communicating with other terminal devices, when user authentication is required for access to a predetermined communication path arranged between them, among the plurality of communication devices described above for performing this user authentication When the authentication device 23 connected to a device other than the specific communication device described above and user authentication information for authentication are registered in the authentication device 23 by the specific terminal device, a plurality of communication devices are used. User authentication corresponding to the user authentication information of the specific terminal device described above for all communication devices arranged on the communication path used when the specific communication device in the device 22 requests authentication from the authentication device 23 Authentication information stored in the user authentication information storage means 24 for storing the completed information and the authentication request made by the specific terminal device to the authentication device 23 due to a failure in the communication path used when requesting the authentication. Each communication device storing user authenticated information corresponding to the user authentication information of the specific terminal device described above, and the above-described communication device connected to these communication devices are permitted access from the specific terminal device described above. Isolation data collection that collects data related to a section in which communication can be performed from a specific terminal device toward the authentication device 23 as data for isolating the location where the failure occurred And a stage 25.

  FIG. 3 is a diagram corresponding to claims of another network failure cause isolation system of the present invention. Another network failure cause isolation system 30 according to the present invention is a user authentication information registration means for registering, in an authentication device, user authentication information for permitting a specific user to access a predetermined communication path constituting a communication network. 31 and when the user authentication information registration means 31 registers user authentication information, the user authentication information corresponding to the user authentication information described above is input and requested for authentication when accessing the predetermined communication path. User-authenticated storing the above-mentioned user-authenticated information for an arbitrary number of communication devices arranged as connection means for connecting the respective communication paths constituting the communication path from the specific terminal device to the authentication device The information storage means 32 and the authentication request that the above-mentioned specific terminal device makes to the above-mentioned authentication device are sent from the above-mentioned specific terminal device. Each communication device storing user authenticated information corresponding to the above-mentioned user authentication information of the specific terminal device when communication becomes impossible due to a failure of the communication path to the described authentication device, and communication connected thereto A data collection unit for separation that collects data relating to a section where communication from the specific terminal device to the authentication device can be performed by allowing access from the specific terminal device to the road as data for separating the location where the failure has occurred 33.

  FIG. 4 is a diagram corresponding to claims of the network failure cause isolation method of the present invention. The network failure cause isolation method 40 of the present invention includes a user authentication information registration step 41 for registering user authentication information for permitting a specific user to access a predetermined communication path constituting a communication network in an authentication device. When the user authentication information is registered in the user authentication information registration step 41, the user authentication information is input from the specific terminal device that requests the authentication by inputting the user authentication information when accessing the predetermined communication path. User authenticated information storage for storing user authenticated information corresponding to the user authentication information described above for an arbitrary number of communication devices arranged as connection means for connecting the respective communication paths that constitute the communication path leading to the authentication device Step 42 and a request for authentication that the above-mentioned specific terminal device makes to the above-mentioned authentication device is the above-mentioned specific terminal device Each communication device storing user authenticated information corresponding to the user authentication information of the specific terminal device, and the communication path connected thereto, when it becomes impossible due to a failure in the communication route to the authentication device A data collection step 43 for collecting data relating to a section in which communication from the specific terminal device to the authentication device described above is permitted as access data for identifying the location where the failure occurred. And.

  FIG. 5 shows a claim correspondence diagram of another network failure cause isolation method of the present invention. According to another network failure cause isolation method 50 of the present invention, an authentication device that performs authentication when a user of a specific terminal device requires user authentication when accessing a predetermined communication path constituting a communication network. User authenticated information for storing user authenticated information corresponding to user authentication information used for user authentication in all of the communication devices arranged on the specific communication path connecting the specific terminal device and the authentication device. Storage step 51 and each communication device storing user authenticated information corresponding to the user authentication information of the specific terminal device when communication to the authentication device becomes impossible due to the failure of the specific communication path In addition, the communication path connected to these is permitted to be accessed from the specific terminal device described above, and prepared for a desired communication device among the communication devices described above. The communication device operation screen display step 52 for displaying the operation screen for fault isolation on the specific terminal device described above, and the operation screen displayed in the communication device operation screen display step 52 is operated from the specific terminal device side. Thus, an operation step 53 is provided for collecting data for identifying a place where a failure has occurred, starting from a desired communication device among the communication devices described above.

  FIG. 6 is a diagram corresponding to claims of the network failure cause isolation program of the present invention. The network failure cause isolation program 60 according to the present invention is used when a computer constituting a specific terminal device requires user authentication when the user of the terminal device accesses a predetermined communication path constituting the communication network. The authentication apparatus that performs the authentication on the communication apparatus disposed on the specific communication path that connects the user authentication information corresponding to the user authentication information used for user authentication between the specific terminal apparatus and the authentication apparatus described above. User-authenticated information storage processing 61 stored in all, and each communication storing user authentication information of the specific terminal device described above when communication with the authentication device becomes impossible due to the failure of the specific communication path described above The access from the specific terminal device described above is permitted to the devices and the communication paths connected to them, and the desired communication among the communication devices described above is accepted. Communication device operation screen display processing 62 for displaying the operation screen for fault isolation prepared in the device on the specific terminal device described above, and the specific terminal described above on the operation screen displayed by the communication device operation screen display processing 62 An operation process 63 for collecting data for identifying a place where a failure has occurred, starting from a desired communication device among the communication devices described above, is performed by operating from the device side.

  <Embodiment of the Invention>

  Next, an embodiment of the present invention will be described.

  FIG. 7 shows an example of a communication network to which the network failure cause isolation system according to the embodiment of the present invention is applied. In this communication network 200, a 1-1 communication device 211 is connected between a first communication network 201 and a second communication network 202 as a relay device for connecting networks such as routers and switches to each other. Yes. An authentication server 231 and a network manager terminal device 232 are connected to the first communication network 201. The second communication network 202 is connected with a 2-1 terminal device 241 via a 2-1 communication device 221 as a relay device such as a router or a switch. A 2-2 terminal device 242 is connected via a 2-2 communication device 222.

FIG. 8 shows the configuration of the 1-1 communication apparatus. 1-1 of the communication device 211, CPU and (Central Processing Unit) 251 _1-1, a main control unit which includes a memory 252 _1-1 for storing a control program which the CPU 251 _1-1 executes the part 253 _1-1 . The main control unit 253 _1-1 connects the terminal user authentication result data storage unit 254 _1-1 , the authentication result data copy unit 255 _1-1 , the fault isolation unit 256 _1-1, and the web server unit 257 _1-1 . Thus, the overall control of the 1-1 communication device 211 is performed in cooperation with these.

Here, for example, when the terminal user of the 2-1 terminal device 241 in FIG. 7 accesses the 2-1 communication device 221 using the authentication server 231, the terminal user authentication result data storage unit 254 _1-1 The authentication result regarding this terminal user is stored.

The authentication result data copy unit 255 _1-1 is connected to, for example, the first communication device 211 when the terminal user authentication result data stored in the terminal user authentication result data storage unit 254 _1-1 is changed. The update contents of the data are transferred to the terminal user authentication result data storage unit of a predetermined communication device (not shown) so as to replace the latest data.

The fault isolation unit 256 _1-1 is a circuit part that presents a menu and guidance for supporting fault isolation, and a network screen showing the fault site. The fault isolation portion 256 _1-1, various settings are made as to isolate the fault. For example, a value indicating whether or not to adopt a method of checking the arrival confirmation result using the “ping” command and a measurement result of the data transfer amount in units of ports or flows is set.

Web server 257 _1-1 above-described terminal user authentication result data storage unit 254 _1-1, the authentication result data copy unit 255 _1-1 and fault isolation portion 256 _1-1, 1-1 of the communication device 211 has a function of linking with a terminal device connected to the mobile phone 211. However, the 1-1st communication apparatus 211 of this Embodiment is demonstrated on the assumption that the terminal user who uses this directly does not exist.

FIG. 9 shows the configuration of the 2-1 communication apparatus and its surroundings. The 2-1st communication device 221 has a main control unit 253 _2-1 having a CPU 251 _2-1 and a memory 252 _2-1 for storing a control program executed by the CPU 251 _{2-1 in a} part thereof. is doing. The main control unit 253 _2-1 connects the terminal user authentication result data storage unit 254 _2-1 , the authentication result data copy unit 255 _2-1 , the fault isolation unit 256 _2-1 and the web server unit 257 _2-1 Thus, the overall control of the 2-1st communication device 221 is performed in cooperation with these. Each of the terminal user authentication result data storage unit 254 _2-1 , the authentication result data copy unit 255 _2-1 , the web server unit 257 _2-1 and the fault isolation unit 256 _2-1 stores the terminal user authentication result data in FIG. The unit 254 _1-1 , the authentication result data copy unit 255 _1-1 , the web server unit 257 _1-1, and the fault isolation unit 256 _1-1 are provided with the same functions, and thus description thereof is omitted. In the case of the 2-1st communication device 221, the 2-1 terminal device 241 is connected, and there is a terminal user who uses it.

  The configuration of the 2-2 communication apparatus 222 shown in FIG. 7 is substantially the same as that of the 2-1 communication apparatus 221 shown in FIG. Therefore, when each component of the 2-2 communication device 222 is used for the description, a subscript “2-” is attached to each component of the 2-1 communication device 221 shown in FIG. “1” is changed to the subscript “2-2”, and the illustration of the 2-2 communication device 222 is omitted. In the case of the 2-2 communication apparatus 222, the 2-2 terminal apparatus 242 used by the terminal user is connected.

FIG. 10 shows an outline of the 2-1 terminal device. 2-1 of the terminal device 241, the CPU 261 _1, has a main control unit 263 ₁ provided with a memory 262 ₁ for storing a control program which the CPU 261 ₁ executes the part. The main control unit 263 ₁ includes a web browser unit 264 ₁ realized by a web browser that is application software as a part of the control program, a display unit 265 ₁ that visually displays various data to the terminal user, and a terminal user a keyboard and a pointing device for inputting various data, and an operation input unit 266 ₁ made of a touch panel or the like. Although not shown, the 2-1 terminal device 241 may be provided with various devices for use by a terminal user, such as an audio output device and an image input device.

  The configuration of the 2-2 terminal apparatus 242 illustrated in FIG. 7 is substantially the same as that of the 2-1 terminal apparatus 241. Therefore, when each component of the 2-2 terminal device 242 is used for the description, the subscript “1” attached to each component of the 2-1 terminal device 241 shown in FIG. "Is changed to the subscript" 2 ", and the illustration of the 2-2 terminal device 242 is omitted. The network manager terminal device 232 is substantially the same in configuration as the 2-1st terminal device 241. Therefore, illustration and description of the network manager terminal device 232 are also omitted. Further, since the authentication server 231 is a general server for performing authentication, this illustration and description are also omitted.

  By the way, in the communication network 200 of the present embodiment, the terminal user of the 2-1 terminal device 241 or the 2-2 terminal device 242 accesses another device via the second communication network 202. , Launch a web browser and perform authentication. Here, the process at the time of normal use in which no malfunction has occurred in the communication network 200 will be described first by taking the 2-1 terminal device 241 as an example.

  FIG. 11 shows a state of authentication processing of the terminal device during normal use. This will be described with reference to FIGS. Since the 2-2nd terminal device 242 performs the same process as the 2-1 terminal device 241, the description of this process will be omitted.

When an instruction by the terminal user of the 2-1 of the terminal device 241 accesses other devices via the second communication network 202 from the operation input unit 262 ₁ (step S301: Y), the 2-1 terminal device 241 launches the web browser instructs the web browser unit 264 ₁ (step S302). Then, in order to verify the authority terminal user accesses the first communication network 201 and the second communication network 202, (not shown.) Network authentication screen on the display unit 265 ₁ is displayed (step S303). The network authentication screen is provided with columns for inputting user ID (identifier) information and password information of the terminal user. This network authentication screen is displayed by communication with the web server unit 257 _2-1 mounted on the 2-1 communication device 221 to which the 2-1 terminal device 241 is connected.

  When the terminal user inputs user ID information and password information (step S304: Y), the 2-1 terminal device 241 transmits these to the connected 2-1 communication device 221 (step S305). . And it waits for an authentication result to be returned from the 2nd-1 communication apparatus 221 (step S306).

  FIG. 12 shows a state of authentication processing for the network of the terminal device under the control of the 2-1 communication device. This will be described with reference to FIGS. Since the 2-2nd communication apparatus 222 performs the same process as the 2-1 communication apparatus 221, description of this process will be omitted.

  When the user ID information and password information of the terminal user are sent from the subordinate 2-1 terminal device 241 in step S305 of FIG. 11 from the subordinate 2-1 terminal device 241 (step S321: Y), The authentication server 231 that manages access to the first and second communication networks 201 and 202 is set as a destination, and the user ID information and the password information are transmitted to request authentication (step S322). Then, it waits for the reception of authentication result data representing the authentication result from the authentication server 231 (step S323).

When the authentication result data is sent from the authentication server 231 (Y), the 2-1st communication device 221 stores this in the terminal user authentication result data storage unit 254 _2-1 (step S324). Then, this authentication result data is also sent as a copy to a predetermined communication device that has been recognized in advance by the network administrator as being effective in isolating the cause of the network failure, and stored therein (step S325). For example, if the network administrator determines that the separation work using the 2-2 communication device 222 is valid, the authentication result data is transferred from the 2-1 communication device 221 to the 2-2. Is transmitted to the communication device 222 and stored in the terminal user authentication result data storage unit 254 _2-2 . Similarly, the 1-1 communication device 211 arranged between the first communication network 201 and the second communication network 202 is also an important device for access from the terminal device side at the time of failure. Therefore, in the present embodiment, the authentication result data relating to the terminal user of the 2-1 terminal device 241 is also stored in the terminal user authentication result data storage unit 254 _1-1 of the 1-1 communication device 211. .

  If the process of step S325 as described above is performed as necessary, the 2-1 communication apparatus 221 determines whether the authentication result data sent from the authentication server 231 permits authentication (OK). It is checked whether or not (step S326). If the authentication is permitted (Y), the authentication OK data is transmitted to the 2-1 terminal device 241 to which the authentication is requested, and the 2-1 terminal device 241 Access to the first and second communication networks 201 and 202 is permitted (step S327), and the process ends (END).

  On the other hand, when the authentication result data does not permit the authentication in the check in step S326 (N), authentication impossible data indicating that the authentication is not permitted is transmitted to the 2-1 terminal device 241. (Step S328), the process returns to Step S321.

  Returning to FIG. 11, the processing on the 2-1 terminal 241 side will be described. When the authentication result is received in step S306 (Y), if this is authentication OK data indicating authentication OK (step S307: Y), the 2-1 terminal device 241 receives the authentication result (Y). Access to the first and second communication networks 201 and 202 by the device 241 is executed (step S308), and the process is ended (END).

  When the authentication fails (step S307: N), the terminal user may input either the user ID information or the password information by mistake. In such a case, when the terminal user re-enters the user ID information and the password information (step S309: Y), the process proceeds to step S305 and the authentication process is performed again. However, when the 2-1 terminal device 241 restricts the re-input of the user ID information and the password information, it follows that. When the terminal user selects to cancel the authentication (step S309: N, step S310: Y), the processing for authentication ends at this point (end).

In addition, the authentication result data regarding the same terminal user demonstrated above shall overwrite the newest data on old data. As a result, for example, when a certain terminal user cannot access the first communication network 201 and the second communication network 202 due to the end of the network use contract period, the terminal user authentication result at the time of the same authentication request. The authentication result data is rewritten in the data storage units 254 _2-1 , 254 _2-2, and 254 _1-1 . Of course, each time the terminal user's network usage contract is terminated, the network manager terminal device 232 notifies the terminal user authentication result data storage units 254 _2-1 , 254 _2-2 and 254 _1-1 of the fact. You may make it do.

  As described above, in the communication network 200 according to the present embodiment, the 2-1 terminal device 241 or the 2-2 terminal device 242 authenticates access to the first and second communication networks 201 and 202, respectively. In this case, information regarding the terminal user who is allowed to authenticate when the authentication is normally completed is stored in the communication device necessary for identifying the cause of the network failure.

  By the way, it is assumed that some kind of network failure occurs while the terminal user is using the first communication network 201 using the 2-1 terminal device 241. At this time, the terminal user uses a communication means such as e-mail, telephone, or facsimile to notify the network administrator of the network failure and request recovery. At this time, the network administrator directly predicts the cause of the first communication network 201, the second communication network 202, the 2-1 communication device 221, the 2-2 communication device 222, or the terminal user directly. An operation for isolating the cause of the failure is required from those that may cause a failure such as the used 2-1 terminal device 241.

  FIG. 13 is a diagram for explaining the cause separation when a failure occurs in the communication network of the present embodiment. In FIG. 13, the same parts as those in FIG.

  In the case of the example shown in the present embodiment, the network administrator connects the network administrator terminal device 232 to be used to the first communication network 201. Therefore, the communication path from the first communication network 201 to the authentication server 231 and the communication path between the information processing apparatus such as the server to be accessed by the terminal user and the first communication network 201 connecting the communication path are normal. The network administrator can check the validity.

  For example, it is assumed that a failure has occurred in a first location 411 as a connection location between a LAN (Local Area Network) 401 in which the authentication server 231 and the network manager terminal device 232 are arranged and the first communication network 201. . In this case, the network manager terminal device 232 can identify a failure at the first location 411 by attempting to communicate with an information processing device (not shown) connected to the first communication network 201. Even when the communication cable constituting the LAN 401 is disconnected at the second location 412 and the communication path between the first communication network 201 and the authentication server 231 is disconnected, the network manager terminal device 232 is authenticated. The fault location can be identified by a method such as directly communicating with the server 231.

  However, the operation of confirming the normality of the communication path from the first communication device 211 to the second communication network 202, the 2-1 communication device 221 and the 2-1 terminal device 241 is the first operation. The communication network 201 cannot be implemented. For example, when a failure has occurred in the third location 413 connecting the first communication network 201 and the 1-1 communication device 211, a failure has occurred in the 1-1 communication device 211 itself. It cannot be distinguished from the case. The same applies to a case where a failure has occurred in the fourth location 414 connecting the second communication network 202 and the 2-1 communication device 221.

  Therefore, when the location of the network failure is not specified even when the network manager terminal device 232 is used, the network manager is directed to the terminal user of the 2-1 terminal device 241 or the 2-2 terminal device 242. Request confirmation of information for fault isolation.

  At this time, the network administrator acquires information for fault isolation using the procedure described below for the terminal user of the 2-1st terminal device 241.

First, the terminal user of the 2-1 terminal device 241 once disconnects the communication cable 431 that connects the 2-1 terminal device 241 and the 2-1 communication device 221 in which a problem has occurred. As a result, the current communication path is disconnected. Thereafter, the communication cable 431 is connected again between the 2-1 terminal device 241 and the 2-1 communication device 221, and the terminal of the 2-1 terminal device 241 as described with reference to FIG. The user gives an instruction to access another device from the operation input unit 266 ₁ via the second communication network 202 (step S301: Y). Thus, a web browser is rising by a web browser 264 ₁ shown in FIG. 10 (step S302), the network authentication screen is displayed on the display unit 265 ₁ (step S303).

Here, the terminal user of the 2-1 terminal device 241 uses the operation input unit 266 ₁ to input user ID information and password information for using the first communication network 201 and the second communication network 202. (Step S304: Y). In this case, if a network failure has occurred in any of the communication paths from the 2-1 communication device 221 to the authentication server 231, an inquiry from the 2-1 communication device 221 to the authentication server 231 is made. I can't. Therefore, in this case, the terminal user operates the operation input unit 266 ₁ to set the 2-1 communication device 221 to the network diagnosis mode.

  FIG. 14 illustrates an example of a display screen displayed on the 2-1 terminal device when the network diagnosis mode is set. This will be described with reference to FIG.

The network diagnostic window 441 displayed on the display unit 265 ₁ shown in FIG. 10, characters are displayed 442 "Network diagnostic mode", the underlying, column 444 for inputting the user ID and password information, 445 is provided. The terminal user inputs the user ID information and the password information determined at the time of the contract for access to the first and second communication networks 201 and 202 in these fields 444 and 445.

On the right side of the columns 444 and 445, a connection diagnosis button 446 is arranged. The connection diagnosis button 446 is a button for starting diagnosis of a network up to the 2-1st communication device 221 as a communication device connected to the 2-1st terminal device 241. A remote operation button 447 is arranged below the connection diagnosis button 446. The remote operation button 447 is the second on condition that other devices such as the 2-1 communication device 221 allow access when there is no problem in the diagnosis of the network up to the 2-1 communication device 221. -1 of the terminal device 241 displays a display screen of the host device to the display unit 265 ₁ is a button for remotely operating (remote assistant). On the right side of the remote operation button 447, an end button 448 for ending the network diagnosis mode is arranged.

  FIG. 15 shows a state of processing of the 2-1 terminal device when the network diagnosis mode is set. This will be described with reference to FIGS. 10, 13, and 14.

2-1 of the terminal device 241, waiting to connect diagnostics button 446 or exit button 448 with network diagnostic window 441 is displayed as shown in FIG. 14 on the display unit 265 ₁ is depressed ( Step S341, Step S342). It is assumed that the terminal user presses the connection diagnosis button 446 according to an instruction from the network administrator after inputting user ID information and password information in the fields 444 and 445 (step S341: Y). Then, the main control unit 263 ₁ is the user ID information and password information by detecting the depression, send to the 2-1 communication device 221 to connect to, and requests the virtual authentication (step S343). Incidentally, if the terminal user presses the end button 448 without pressing the connection diagnostics button 446 (step S341: N, Step S342: Y), terminates the network diagnostic mode the main control unit 263 ₁ detects this (End) In this case, the network diagnosis window 441 is closed.

When a request for a virtual authentication in step S343 is sent to the communication cable 431 for connecting the first 2-1 of the terminal device 241 to the 2-1 of the communication device 221, the main control unit 263 ₁ is the destination of the first 2-1 or virtual authentication result data from the communication device 221 is received (step S344), checks whether the reception of a predetermined time t ₁ has elapsed before is performed (step S345) performed.

  FIG. 16 shows the state of processing of the 2-1st communication device that has received the virtual authentication request. This will be described with reference to FIG.

When receiving the virtual authentication request based on step S343 in FIG. 15 (step S361: Y), the main control unit 253 _2-1 of the 2-1st communication device 221 receives the terminal user authentication result data storage unit 254 _2-1. It is checked whether any of the successfully authenticated user ID information and password information pair stored in the ID matches the user ID information and password information pair sent together with the virtual authentication request (step S362). . If there is a match (step S363: Y), virtual authentication result data indicating the match is returned to the 2-1 terminal device 241 that made the request (step S364), and the virtual authentication result data is returned. End processing for the request (END).

On the other hand, the result of the collation in step S362, if a pair of the user ID information and password information do not match (step S363: Y), the main control unit 253 _2-1 2-1 communications device 221, mismatch Is returned to the requesting 2-1 terminal device 241 (step S365), and the processing for the virtual authentication request is terminated (END).

  Returning to FIG. 15, the description will be continued. When the virtual authentication result data is received from the 2-1 communication device 221 (step S344: Y), the 2-1 terminal device 241 matches the pair of the user ID information and password information with the 2nd. It is determined whether it is stored in one communication device 221 (step S346). If it is determined that a matching pair of user ID information and password information has been stored (Y), a communication cable connecting the 2-1 terminal device 241 and the 2-1 communication device 221 It can be seen that 431 is normal and the 2-1 communication device 221 is functioning normally. Therefore, in this case, “OK display” indicating that there is no abnormality in the communication path to the 2-1st communication device 221 is performed in the empty space of the network diagnosis window 441 (step S347). Instead, a text such as “The route to the directly connected communication device is normal. Press the remote control button to check further routes.” Voice guidance with the contents of may be output.

  On the other hand, if it is determined that the matching pair of the user ID information and the password information has not been stored on the 2-1 communication device 221 side (step S346: N), the 2-1 terminal device It can be seen that the communication function of 241 itself or the 2-1st communication device 221 does not function normally. Therefore, in this case, “NG display” indicating that there is a possibility that there is an abnormality in the communication path to the 2-1st communication device 221 is performed in the empty space of the network diagnosis window 441 (step S348). Instead, in this empty space, for example, a sentence such as "There is a possibility of an abnormality in the transmission function of this terminal device or a communication device directly connected to this terminal." Guidance may be output.

  Also, if the 2-1st communication device 221 is normal and the virtual authentication result data is not sent in the time zone for transmitting the virtual authentication result data (step S344: N, step S345: Y), The 2-1st terminal device 241 performs “access not possible display” in the above-described empty space (step S349). Instead, in this empty space, for example, a sentence such as “There is a possibility of an abnormality in the transmission function of this terminal device or the communication cable connecting this terminal and the communication device.” Guidance may be output. In this case, the terminal user can isolate the fault by exchanging the communication cable 431.

  By the way, when “NG display” is performed in step S348 or “access not possible display” is performed in step S349, the communication path closer to the authentication server 231 than the 2-1 communication device 221 is selected. The presence or absence of abnormality cannot be checked on the 2-1 terminal device 241 side. Therefore, the processing by the 2-1st terminal device 241 ends with these displays (END).

On the other hand, when “OK display” is performed in step S347, there is a possibility that a failure exists in the communication path from the 2-1 communication device 221 to the authentication server 231. In this case, it is confirmed by virtual authentication that the terminal user of the 2-1 terminal device 241 has the authority to access the first communication network 201 and the second communication network 202. Therefore, the terminal user is displayed on the display unit 265 ₁ of the 2-1 terminal device 241 the display screen of the first 2-1 communication device 221 virtually, and the 2-1 of the communication device 221 as the starting point Operations that help isolate the fault are possible. Therefore, on the condition that “OK display” is performed in step S347, the terminal user can press the remote operation button 447 (step S350: Y) and execute the host device operation mode for fault isolation ( Step S351). On the other hand, when the terminal user presses the end button 448 without pressing the remote operation button 447 (step S350: N, step S352: Y), a series of processes in the network diagnosis mode ends (end). ).

The process of searching for the cause of the network failure by the terminal user of the 2-1 terminal device 241 is reported to the network administrator. If there is no possibility that a failure exists in the communication path from the 2-1 terminal device 241 to the 2-1 communication device 221, the network administrator can proceed to step S <b> 351 if the terminal user cooperates. The execution of the device operation mode is requested. In the higher-level device operation mode, an operation using the 2-1st communication device 221 for which virtual authentication has been completed is performed as the first stage. At this time, the fault isolation unit 256 _2-1 is used, and the terminal user operates the operation input unit 266 ₁ of the 2-1 terminal device 241 to perform measurement useful for network fault isolation. Measurement results of fault isolation portion 256 _2-1 are displayed on the display unit 265 _1, the terminal user may submit to the network administrator.

  If there is a shortage of data relating to the isolation of the network failure even if this result is used, the network administrator gives access to the higher-level 1-1 communication device 211 to the terminal user of the 2-1 terminal device 241. There is a possibility of requesting. Therefore, these operations by the terminal user will be specifically described.

  FIG. 17 shows an example of a host device access window displayed on the 2-1 terminal device when the host device operation mode is entered. This will be described with reference to FIGS. 9, 10 and 13 to 16.

Host device access window 451 is displayed on the display unit 265 ₁ in place of the network diagnostic window 441 shown in FIG. 14. In the upper apparatus access window 451, a character 452 of “upper apparatus operation mode” is displayed, and below that, fields 444 and 445 for inputting user ID information and password information are provided. In these fields 444 and 445, the user ID information and password information already input in the network diagnosis window 441 are displayed as they are. When the terminal user directly opens the host device access window 451 without going through the network diagnosis window 441 for some reason, these fields 444 and 445 are blank. Therefore, in this case, the terminal user needs to input user ID information and password information in these fields 444 and 445.

On the right side of the columns 444 and 445, an upper device access button 456 and an end button 458 are arranged. When the terminal user presses the remote operation button 447 in step S350 in FIG. 15 to switch to the host device access window 451 and then presses the host device access button 456, the 2-1st communication device 221 connected as the host device is displayed. Access for remote control is performed. Thus perform a first depressed for the upper device access button 456, the display screen of the 2-1 communication device 221 (not shown) is virtually displayed as a separate window on the display unit 265 _1. With this 2-1 display screen of the communication device 221, the terminal user operates the operation input unit 266 _1, helps to isolate network failures starting from the 2-1 of the communication device 221 as described above Perform the measurement. At this time, the fault isolation unit 256 _{2-1 of the} 2-1st communication device 221 is operated by the terminal user.

  It is assumed that the network administrator requests the terminal user to access the higher-level 1-1 communication device 211 based on the measurement result thus obtained. In this case, the terminal user presses the host device access button 456 displayed in the host device access window 451 for the second time. Then, the user ID information and password information input in the columns 444 and 445 of the host device access window 451 are sent from the 2-1 communication device 221 toward the 1-1 communication device 211, and the virtual device access window 451 is displayed. Authentication is required. This is substantially the same request as the virtual authentication request (step S343) to the 2-1 communication device 221 described in FIG.

In a 1-1 communications device 211, when there is a request for the virtual authentication, any pair of successful user ID and password information for authentication stored on the terminal user authentication result data storage unit 254 _1-1 Is matched with the pair of user ID information and password information sent together with the virtual authentication request (see step S362 in FIG. 16). If there is a match (see step S363: Y), the display screen (not shown) of the 1-1 communication device 211 is displayed on the 2-1 terminal device 241 on the condition that they match. It is virtually displayed as a separate window on the display unit 265 _1. Thus, isolation of the terminal user by using the display screen of the first 1-1 communication device 211, by operating the operation input unit 266 _1, a network failure starting from the first 1-1 of the communication device 211 as described above Perform useful measurements. At this time, the fault isolation unit 256 _1-1 (FIG. 8) of the 1-1st communication device 211 is operated by the terminal user.

Moreover, the fact that the display screen of the 1-1 communication device 211 is virtually displayed as a separate window on the display unit 265 ₁ of the 2-1 of the terminal device 241, the 2-1 of the communication device 221 This means that the communication path including the second communication network 202 extending from the first to the first communication device 211 is normal. Therefore, it is proved that no failure has occurred in the fourth location 414 connecting the second communication network 202 and the 2-1 communication device 221. Further, when the terminal user operates the fault isolation unit 256 _1-1 of the 1-1 communication apparatus 211 from the 2-1 terminal apparatus 241, the first communication network 201 and the 1-1 communication apparatus There is a possibility that useful information regarding the presence / absence of a failure at the third location 413 connecting 211 may be obtained.

  In the above, the fault isolation | separation by the terminal user using the 2-1 terminal device 241 was demonstrated. Further, the network administrator can execute the same processing with the cooperation of the terminal user using the 2-2 terminal device 242 and further collect information on fault isolation. Since the configuration of the 2-2 terminal device 242 is substantially the same as that of the 2-1 terminal device 241, the description of the control from the 2-2 terminal device 242 side is omitted.

For example, the terminal user is able to virtually display a display screen of the 1-1 communication device 211 (not shown) on the display unit 265 ₂ of the 2-2 terminal apparatus 242. Even if the same operation is performed, it is assumed that the display screen of the 1-1 communication device 211 cannot be displayed on the display unit 2651 of the 2nd- ₁ terminal device 242, and the terminal user is the 2nd-1 terminal. on the display unit 265 ₁ of the device 241 the first 2-1 communication device 221 and could be virtually displayed. In this case, the network administrator can determine that a failure has occurred in the fourth location 414 connecting the second communication network 202 and the 2-1 communication device 221.

  As described above, according to the present embodiment, when a network administrator reports a possibility of a network failure from a terminal user, the network administrator uses information that cannot be examined from the network administrator terminal device 232 side. It is possible to obtain information that is useful for the separation of each terminal user in cooperation with individual terminal users. Moreover, even if the terminal user of the 2-1 terminal device 241 or the 2-2 terminal device 242 does not have high network skills, the cause of the network failure can be identified by a simple operation such as a click operation by a web browser. This is useful for reducing the operational load on the network operator and for quick failure recovery. In addition, since the network administrator can acquire various data for identifying the cause, it is possible to more accurately specify not only the fault location of the network but also the presence or absence of the fault of each terminal device.

  In the present embodiment, the terminal user displays a screen for operating another communication device on the display screen of the terminal device used by the terminal user, and performs a click operation according to an instruction from the network administrator, or displayed information The terminal user can easily obtain the detailed information necessary for fault isolation even with complicated network faults while maintaining security by simply performing a rudimentary work such as notifying the user. Furthermore, since it is possible to finely set the necessary fault isolation settings according to the configuration of the network or the adjacent communication device, it is possible to efficiently cope with various faults. Also, when a change occurs in the network, it is only necessary to change the settings for the communication devices located around the relevant change location, so that the operability of the network administrator is not significantly impaired. Furthermore, since there is a function of storing user authentication information for authenticating a specific communication terminal in a different communication device, even if the terminal device moves to a different communication device, it is possible to access the network and perform fault isolation.

  <Deformability of invention>

  FIG. 18 illustrates an example of a display screen displayed on the 2-1 terminal device when the network diagnosis mode is set in the modification of the embodiment described above. This will be described with reference to FIG. In this modification, network diagnosis is performed on communication devices (2-1 communication device 221 for the first layer, 1-1 communication device 211 for the second layer, and the communication devices arranged in the respective layers. If there is a higher-order device, the same applies to the virtual authentication request). In FIG. 18, the same parts as those in FIG. 14 are denoted by the same reference numerals.

The network diagnostic window 441A is displayed on the display unit 265 ₁ shown in FIG. 10 in this modification, that the character 442 of "Network diagnostic mode" is displayed, "is the upper first level of diagnosis" underneath A sentence 443 is displayed. Here, “one layer” refers to the 2-1 communication device as the communication device on the one layer from the 2-1 terminal device 241 that is the starting point of diagnosis toward the authentication server 231 located in the uppermost layer here. 221. In the case of the example described in the present embodiment, the communication device on the second hierarchy is the first-first communication device 211.

  Below the sentence 443 indicating the hierarchy, fields 444 and 445 for inputting user ID information and password information are provided. The terminal user inputs the user ID information and the password information determined at the time of the contract for access to the first and second communication networks 201 and 202 in these fields 444 and 445. When performing network diagnosis in order for a plurality of hierarchies, the user ID information and password information entered in the fields 444 and 445 are stored until the final hierarchy diagnosis is completed. In addition, while the network diagnosis is performed step by step from the lower layer without finding the fault location, the number indicating the layer in the sentence 443 is incremented by one.

The diagnosis button 446A is a button for starting diagnosis of the set hierarchy. When this diagnosis button 446A is clicked, the user ID information and the password that have been successfully authenticated and stored in the terminal user authentication result data storage unit 254 _2-1 or the terminal user authentication result data storage unit 254 _1-1 of the corresponding communication device It is determined whether any of the information pairs matches the user ID information and the password information input in the fields 444 and 445. Then, the result lights one of the three types of characters in the diagnosis result column 461.

Here, when the characters “OK” are lit, the user ID information matches the password information. In this case, a “Next” button 462 is displayed in the network diagnosis window 441. The terminal user can proceed to the next layer by pressing the “next” button 462. When the character “NG” is lit, the 2-1 terminal device 241 can access the terminal user authentication result data storage unit 254 _2-1 of the 2-1 communication device 221, This is a case where the user ID information and password information successfully authenticated did not correspond to any pair. In this case, the user ID information and password information input in the fields 444 and 445 may be incorrect. Alternatively, there is a possibility that a terminal user who does not have a valid authority has input wrong user ID information and password information. Therefore, in this case, no further network diagnosis is performed. In this case, the network diagnosis mode can be ended by pressing an “end button” 449.

  Finally, when the word “inaccessible” is lit, it indicates that the 2-1 terminal device 241 has not been able to access the 2-1 communication device 221 in the diagnosis of the first layer. . In this case, when the 2-1 terminal device 241 itself is out of order, the communication cable 431 connecting the 2-1 terminal device 241 and the 2-1 communication device 221 is disconnected, and The case where the communication apparatus 221 of 2-1 has failed is considered. If the communication cable 431 is replaced with another functioning communication cable and the 2-1 communication device 221 can be accessed, it is understood that the communication cable 431 has been disconnected. Note that whether or not the 2-1 communication device 221 is out of order can be inferred using the result of accessing the 1-1 communication device 211 from the 2-2 terminal device 242.

  FIG. 19 shows a state of processing of the 2-1 terminal device when the network diagnosis mode is set. This will be described with reference to FIGS. 9, 10, 13 and 18.

When the network diagnosis mode is designated (step S501: Y), the 2-1st terminal device 241 initially sets the parameter L representing the hierarchy to “1” (step S502). And displaying the network diagnostic window 441A of network diagnostic mode shown in FIG. 18 on the display unit 265 ₁ (step S503).

In this state, the main control unit 263 ₁ of the 2nd- ₁ terminal device 241 waits for the diagnosis button 446A or the end button 448 to be pressed (steps S504 and S505). Assume that the terminal user inputs the user ID information and password information in the fields 444 and 445 and then presses the diagnosis button 446A according to the instruction of the network administrator (step S504: Y). Then, the main control unit 263 ₁ is the user ID information and password information by detecting the depression, send to the 2-1 communication device 221 to connect to, and requests the virtual authentication (step S506). Incidentally, if the terminal user presses the end button 448 without pressing the diagnosis button 446A to terminate (step S504: Y: N, step S505), the network diagnostic mode the main control unit 263 ₁ detects this (End). In this case, the network diagnosis window 441A is closed.

When the virtual authentication request in step S506 is sent to the communication cable 431 connecting the 2-1 terminal device 241 and the 2-1 communication device 221, the main control unit 263 ₁ connects the first layer of the connection destination. whether virtual authentication result data from the 2-1 of the communication device 221 is received (step S507), checks whether the reception of a predetermined time t ₂ has elapsed before is performed (step S508).

The state of the processing of the (2-1) communication device in response to the virtual authentication request in step S506 is as described in FIG. Therefore, illustration and description of the state of processing of the 2-1 communication device in this modification are omitted. In FIG. 16, when the pair of the user ID information and the password information does not match as a result of the collation in step S362 (step S363: Y), the main control unit 253 _2-1 of the 2-1 communication device 221 is The virtual authentication result data indicating the mismatch is returned to the 2-1 terminal device 241 that made the request (step S365), and the process for the virtual authentication request is ended (END).

  When the virtual authentication result data is received from the 2-1 communication device 221 (step S507: Y), the 2-1 terminal device 241 matches the user ID information and the password information with the 2-1 It is determined whether it is stored in the communication device 221 (step S509). If it is determined that a matching pair of user ID information and password information has been stored (Y), a communication cable connecting the 2-1 terminal device 241 and the 2-1 communication device 221 It can be seen that 431 is normal and the 2-1 communication device 221 is functioning normally. Therefore, in this case, the “OK” display in the diagnosis result column 461 of the network diagnosis window 441A is turned on (step S510). Instead, for example, “The path to the directly connected communication device is normal in a predetermined space in the network diagnosis window 441A in the network diagnosis mode. Please press. Or a voice guidance with the same content may be output.

  On the other hand, if it is determined that the matching pair of the user ID information and the password information is not stored on the 2-1 communication device 221 side (step S509: N), the 2-1 communication device Although the communication path up to 221 is normal, since the terminal user does not have the authority to access the second communication network 202, no further diagnosis is possible. Therefore, the character “NG” in the diagnosis result column 461 is turned on (step S511). Thereby, the processing in the network diagnosis mode may be terminated. However, in this modified example, the processing is returned to step S503 in consideration of the case where the terminal user inputs user ID information and password information in the fields 444 and 445 by mistake. Instead of lighting the word “NG” in step S511, “The communication path from this terminal device to the communication device is normal, but the user ID or password is incorrect. "You can't do it" or a similar voice guidance may be output.

If the predetermined time t ₂ has elapsed in the process of step S508 (Y), it means that the response of the 2-1 communication device 221 to the virtual authentication request was not within the expected time. Therefore, in this case, the character “not accessible” in the diagnosis result column 461 is turned on (step S512). In this case, the processing in the network diagnosis mode ends (end). In step S512, instead of turning on the characters “inaccessible”, for example, a text such as “There is a possibility of a transmission function of this terminal device or a communication device directly connected to this terminal.” , Voice guidance with similar contents may be output.

When the “OK” display is turned on in step S510, if there is a higher-level communication device, it may be necessary to search for a failure with respect to this. In this state, a “Next” button 462 is newly displayed in the network diagnosis window 441A in the network diagnosis mode (step S513). At this stage, the terminal user can select whether to press the “next” button 462 to advance the diagnosis to the next stage or press the “end” button 448 (steps S514 and S515). If the terminal user presses the "Exit" button 448, the main control unit 263 ₁ detects this (step S514: N, Step S515: Y), terminates the network diagnostic mode (END).

On the other hand, when the terminal user presses the "Next" button 462, the main control unit 263 ₁ detects this (step S514: Y), then adding "1" parameters L representing the hierarchy, the In the case of an example, “2” is set (step S516). Then, the process proceeds to step 503. As a result, the sentence 443 “diagnosis of the upper first layer” is switched to the sentence “diagnosis of the upper second layer”. In this case, user ID information and password information are sent to the first-first communication device 211 as the second-layer communication device in the process of step S506, and virtual authentication is requested.

Similarly, in this modification, the terminal user displays only the network diagnosis window 441A shown in FIG. 18 on the display unit 265 ₁ of his / her 2-1 terminal device 241 and displays the operation input unit 266 ₁ . By simply operating, it is possible to easily check to what extent the communication path leading to all communication devices 221, 211,... Existing on the communication path leading to the authentication server 231 is normal. Therefore, once a normally operating network becomes malfunctioning, it is possible to find a deficiency in wiring, particularly in a home or office, without consulting the network administrator. For this reason, the burden on the network administrator can be reduced.

  In the embodiment described above and the modifications thereof, the communication network is shown in a simplified manner. Of course, the present invention is applied to various communication networks. The target communication network may be a wired network or a wireless network.

  In the embodiment and its modification, both the terminal device 241 that has performed authentication when performing the fault isolation work and the other terminal device 242 that cooperates in the fault isolation work are also configured with user ID information as user authentication information. The password information is used as authentication result data (user authenticated information). As described above, the user authentication information and the user authenticated information used when performing the fault isolation work may be the same. In this case, however, there is a problem in causing the other terminal device 242 to use the user authentication information. There is. Therefore, it is preferable that the user authenticated information is not the same as the user authenticated information of the terminal device 241 but is the user authenticated information corresponding thereto. In this case, user authenticated information is stored in predetermined communication devices such as the communication devices 221 and 211. As the user authenticated information, data related to previously authenticated user authentication information or an authentication algorithm such as a one-time password can be registered.

It is a claim corresponding | compatible figure of the terminal device of this invention. It is a claim corresponding | compatible figure of the network failure cause isolation system of this invention. It is a claim corresponding | compatible figure of the other network failure cause isolation system of this invention. It is a claim corresponding | compatible figure of the network failure cause isolation method of this invention. It is a claim corresponding | compatible figure of the other network failure cause isolation method of this invention. It is a claim corresponding | compatible figure of the network failure cause isolation program of this invention. 1 is a system configuration diagram of a communication network to which a network failure cause isolation system according to an embodiment of the present invention is applied. It is a block diagram showing the structure of the 1-1st communication apparatus in this Embodiment. It is a block diagram showing the structure of the 2nd-1 communication apparatus and its periphery in this Embodiment. It is a block diagram showing the outline | summary of the 2nd-1 terminal device in this Embodiment. It is a flowchart showing the mode of the authentication process of the terminal device at the time of normal use in this Embodiment. It is a flowchart showing the authentication process with respect to the network of the subordinate terminal apparatus by the 2nd-1 communication apparatus in this Embodiment. FIG. 2 is a system configuration diagram for explaining cause isolation when a failure occurs in the communication network according to the present embodiment. It is a top view of the display screen displayed on a terminal device at the time of network diagnosis mode in this Embodiment. It is a flowchart showing the mode of the process of the 2nd-1 terminal device when it sets to network diagnosis mode in this Embodiment. It is a flowchart showing the mode of processing of the 2nd-1 communication apparatus which received the request | requirement of virtual authentication in this Embodiment. It is a top view of the display screen displayed on the 2nd-1 terminal device at the time of shifting to higher access mode in this embodiment. It is a top view which shows the display screen displayed on the 2nd-1 terminal device when it sets to the network diagnosis mode in the modification of embodiment. It is a flowchart showing the situation of the process of the 2nd-1 terminal device when setting to network diagnosis mode. It is the block diagram which showed the outline | summary of the 2nd related art of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Terminal device 11, 24, 32 User authenticated information storage means 12 Communication device operation screen display means 13 Operation means 20, 30 Network failure cause isolation system 21 Multiple communication paths 22 Multiple communication devices 23 Authentication devices 25, 33 Data collection means 31 User authentication information registration means 40, 50 Network failure cause isolation method 41 User authentication information registration step 42, 51 User authenticated information storage step 43 Isolation data collection step 52 Communication device operation screen display step 53 Operation step 60 Network Fault cause isolation program 61 User authenticated information storage process 62 Communication device operation screen display process 63 Operation process 200 Communication network 201 First communication network 202 Second communication network 211 First 1- Communication device 221 2-1 communications device 222 2-2 communications device 241 2-1 of the terminal device 242 2-2 of the terminal device 251 and 261 CPU
252 and 262 Memory 253 and 263 Main control unit 254 Terminal user authentication result data storage unit 255 Authentication result data copy unit 256 Fault isolation unit 257 and 264 Web server unit 265 Display unit 266 Operation input unit 411 First location 412 2nd Location 413 Third location 414 Fourth location 431 Communication cable 441, 441A Network diagnostic window

Claims (12)

The user authentication information corresponding to the user authentication information authenticated by the authentication device that performs user authentication when user authentication is required when the user of the device itself accesses a predetermined communication path constituting the communication network User-authenticated information storage means for storing in a communication device arranged on a specific communication path connecting between the own device and the authentication device;
When communication with the authentication apparatus becomes impossible due to a failure in the specific communication path, the communication apparatuses storing user authenticated information corresponding to the user authentication information of the own apparatus and communication paths connected thereto A communication device operation screen display means for recognizing an access from the own device and displaying on the own device an operation screen for fault isolation prepared in a desired communication device among the communication devices;
Operation means for collecting data for identifying a place where a failure has occurred from a desired communication device among the communication devices by operating the operation screen displayed by the communication device operation screen display means A terminal device characterized by the above. A plurality of communication paths for transmitting signals for communication;
A plurality of communication devices arranged as connection means for connecting these communication paths together to constitute a predetermined communication network as a whole;
A specific terminal device connected to a specific communication device as any one of the plurality of communication devices communicates with another terminal device connected to the communication device other than the specific communication device. When user authentication is required for access to a predetermined communication path arranged between them, the user is connected to a communication device other than the specific communication device among the plurality of communication devices to perform the user authentication. Authentication device,
When the specific terminal device registers user authentication information for authentication in the authentication device, the specific communication device in the plurality of communication devices is arranged on a communication path used when the authentication device requests authentication from the authentication device. User-authenticated information storage means for storing user-authenticated information corresponding to the user authentication information of the specific terminal device for all the communication devices that have been made,
Corresponds to the user authentication information of the specific terminal device when the authentication request made by the specific terminal device to the authentication device becomes impossible due to a failure of the communication path used when requesting the authentication There is a failure in data related to each communication device storing user-authenticated information and a section in which communication from the specific terminal device is permitted to the communication path connected to the communication device and communication from the specific terminal device toward the authentication device. A network failure cause isolation system comprising: an isolation data collection unit that collects the location where the occurrence occurred as isolation data.   The user authenticated information storage means is a communication device other than a communication device arranged in a communication path used when requesting the authentication, and one end is connected to the communication path and the other end is a terminal other than the specific terminal device. User authenticated information corresponding to the user authentication information of the specific terminal device is also stored in all other communication devices arranged in other communication paths having other terminal devices connected to the device via a communication path. 3. The isolation data collection means is means for further collecting data relating to a section in which communication can be performed from the other terminal device toward the authentication device as data for isolating a place where a failure has occurred. The network failure cause isolation system described.   The terminal device includes display means for visually displaying an image and authentication request means for inputting the user authentication information and requesting authentication from the authentication apparatus. User authenticated information is stored by the user authenticated information storage means. The communication apparatus storing the user authentication information comparing means for comparing the user authentication information indicated by the authentication requesting means at the time of the request with the user authenticated information stored in the user authenticated information storing means, and the user authenticated information comparing means Comprises an operation screen information sending means for sending information representing an operation screen for fault isolation of its own device to the display means of the terminal device when detecting a correspondence relationship with the user authentication information shown at the time of requesting authentication. The network failure cause isolation system according to claim 2 or claim 3, wherein   The communication device that stores the user-authenticated information includes a failure isolation unit that performs a search for isolating a failure in a communication path with the authentication device, and the terminal device includes the communication device on the display unit. 5. The network according to claim 4, further comprising operation means for performing a search for isolating a failure in a communication path between the communication device and the authentication device in a state where an operation screen for failure isolation is displayed. Fault cause isolation system.   3. The network failure cause isolation system according to claim 2, wherein the user authentication information and the user authenticated information have a correspondence relationship including a match. User authentication information registration means for registering user authentication information for permitting a specific user to access a predetermined communication path constituting a communication network in an authentication device;
When the user authentication information registering means registers user authentication information, the user authentication information corresponding to the user authentication information is input and requested for authentication when accessing the predetermined communication path. User-authenticated information storage means for storing the user-authenticated information for an arbitrary number of communication devices arranged as connection means for connecting the respective communication paths constituting the communication path to the authentication device;
The user authentication information of the specific terminal device when the authentication request made by the specific terminal device to the authentication device becomes impossible due to a failure in the communication path from the specific terminal device to the authentication device Data relating to sections in which user-authenticated information corresponding to each of the communication devices and the communication paths connected thereto can be communicated from the specific terminal device to the authentication device by allowing access from the specific terminal device. A network failure cause isolation system comprising: a data collection unit for isolation that collects data as data for isolating a location where a failure has occurred. The user authenticated information storage means is a communication device other than the communication device arranged on the communication path from the specific terminal device to the authentication device, and one end is connected to the communication path and the other end is other than the specific terminal device. User authenticated information corresponding to the user authentication information of the specific terminal device with respect to all other communication devices arranged on other communication paths having further other terminal devices connected to the terminal device via the communication path Is a means for storing
8. The classification data collection unit is a unit that further collects data related to a section in which communication can be performed from the other terminal device toward the authentication device as data for identifying a location where a failure has occurred. The network failure cause isolation system described. A user authentication information registration step of registering in the authentication device user authentication information for permitting a specific user to access a predetermined communication path constituting the communication network;
When user authentication information is registered in this user authentication information registration step, communication from a specific terminal device that requests authentication by inputting the user authentication information when accessing the predetermined communication path. A user authenticated information storage step for storing user authenticated information corresponding to the user authentication information for an arbitrary number of communication devices arranged as connection means for connecting the respective communication paths constituting the path;
When a request for authentication performed by the specific terminal device to the authentication device becomes impossible due to a failure in a communication path from the specific terminal device to the authentication device, user authentication information of the specific terminal device is included. Each communication device storing corresponding user-authenticated information and data relating to a section in which communication from the specific terminal device to the communication path connected to these communication devices is permitted and communication from the specific terminal device to the authentication device is permitted. A network failure cause isolation method, comprising: an isolation data collection step for collecting the location of the failure as data for isolation. The user authenticated information storing step includes a communication device other than the communication device arranged on the communication path from the specific terminal device to the authentication device, and one end connected to the communication path and the other end other than the specific terminal device. User authenticated information corresponding to the user authentication information of the specific terminal device with respect to all other communication devices arranged on other communication paths having further other terminal devices connected to the terminal device via the communication path Is the step of storing
10. The network according to claim 9, wherein in the data collection step for separation, data relating to a section in which communication can be performed from the other terminal device toward the authentication device is further collected as data for separating a place where a failure has occurred. How to isolate the cause of failure. User authentication corresponding to user authentication information used for user authentication by an authentication device that performs authentication when user authentication is required when a user of a specific terminal device accesses a predetermined communication path constituting the communication network User-authenticated information storage step for storing completed information in all communication devices arranged on a specific communication path connecting the specific terminal device and the authentication device;
Each communication device storing user authenticated information corresponding to user authentication information of the specific terminal device when communication with the authentication device becomes impossible due to a failure of the specific communication path, and a communication path connected thereto A communication device operation screen display step for allowing the specific terminal device to display an operation screen for fault isolation prepared in a desired communication device among the communication devices by allowing access from the specific terminal device;
By operating the operation screen displayed in this communication device operation screen display step from the specific terminal device side, data for identifying the location where the failure has occurred from the desired communication device among the communication devices is collected. A network failure cause isolation method comprising: an operation step. A computer constituting a specific terminal device
When the user of the terminal device requires user authentication when accessing a predetermined communication path that constitutes a communication network, the authentication device that performs the user authentication corresponding to the user authentication information used for user authentication User authenticated information storage processing for storing information in all communication devices arranged on a specific communication path connecting the specific terminal device and the authentication device;
When communication with the authentication device becomes impossible due to a failure in the specific communication path, each communication device that stores user authentication information of the specific terminal device and a communication path connected thereto from the specific terminal device A communication device operation screen display process for displaying on the specific terminal device an operation screen for fault isolation prepared in a desired communication device among the communication devices.
By operating the operation screen displayed by the communication device operation screen display process from the specific terminal device side, data for identifying the location where the failure has occurred from the desired communication device among the communication devices is collected. A network failure cause isolation program characterized by executing operation processing.

Images