JP4247109B2 - Network telephone system, main device of the network telephone system, and connection authentication method - Google Patents

Description

  The present invention relates to a network telephone system that performs connection authentication of a telephone terminal when the telephone terminal is connected on a packet network, for example, in an IP telephone system, a main apparatus of the network telephone system, and a connection authentication method.

  2. Description of the Related Art In recent years, network telephone systems (IP telephone systems) that transmit and receive images and sounds as packet data in both directions via a packet network have begun to spread.

  In this IP telephone system, for example, an IP telephone terminal is connected to a LAN (Local Area Network), and the LAN is connected to a general telephone network such as a public network or the Internet via a gateway. By performing data format conversion or the like, voice communication can be performed between IP telephone terminals and between an IP telephone terminal and a general telephone network or the Internet.

  In such a system, simple encryption processing and authentication processing are usually performed. However, at present, the security of the LAN or the Internet is not sufficient, and unauthorized connection or tampering by an unauthorized third party becomes a problem.

Therefore, the communication of a certain IP telephone terminal can be performed by setting and registering a table in which the IP address of each IP telephone terminal is associated with the security type for communication between IP telephone terminals in the main apparatus or gateway. In regard to the above, a system has been proposed in which security is enhanced to prevent eavesdropping of communication contents by a third party (for example, Patent Document 1).
JP 2001-298449 A.

  However, in the above system, security in communication between IP telephone terminals is enhanced, and security is insufficient for connection authentication of IP telephone terminals. Therefore, if the security level for connection authentication is set high, the security level for connection authentication is set high for LAN and the Internet under the same conditions. For this reason, it is difficult to set a security level according to each user. For example, even for an IP telephone terminal connected to a LAN, an input operation such as a user ID and a password is required for each connection in the same manner as an external terminal connected to the Internet, increasing the burden on the user. It will be. In addition, services that can be used by IP telephone terminals connected to a LAN are also restricted under the same conditions as external terminals connected to the Internet.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a network telephone system capable of sufficiently exerting a security function for connection authentication to a packet network for each user of a telephone terminal, and thereby efficiently providing a detailed service for each user of the telephone terminal. Another object of the present invention is to provide a main device and a connection authentication method for this network telephone system.

In order to achieve the above object, the present invention is configured as follows.
A plurality of telephone terminals connected to the internal communication network and the plurality of telephone terminals are accommodated via the internal communication network, and an external communication network can be connected to each other or between the telephone terminals or between the telephone terminal and the external communication network. And a main apparatus that performs communication by connecting to each other, the main apparatus comprising: terminal identification information assigned to each of a plurality of telephone terminals when using the internal communication network or the external communication network; Storage means for storing an authentication table representing a correspondence relationship with a plurality of connection authentication information having different security levels, and a connection request including terminal identification information from a telephone terminal, by referring to the authentication table, Determining means for determining connection authentication information corresponding to the terminal identification information; and connection authentication information Based on, in which respect the requesting telephone terminal has to include a connection control unit that performs control related to the connection.

  According to this configuration, the authentication table indicating the correspondence between the terminal identification information assigned to each of the plurality of telephone terminals when using the internal communication network or the external communication network and the plurality of connection authentication information having different security levels is provided. By preparing, when a connection request containing terminal identification information arrives from the telephone terminal, the connection authentication according to the connection authentication information of the corresponding security level is performed on the requesting telephone terminal with reference to this authentication table. Done. Therefore, by making the security level for connection authentication different for each telephone terminal, the telephone terminal of the internal communication network is directly connected without performing the connection authentication, while the user ID and the telephone terminal of the external communication network are connected. It is possible to efficiently perform connection authentication for each user of the telephone terminal, such as requiring input of a password.

  When it is determined from the determination result that there is no connection authentication information corresponding to the requesting telephone terminal in the authentication table, the connection control means has a predetermined security level when the requesting telephone terminal belongs to the internal communication network. Control related to the connection is performed on the requesting telephone terminal based on the connection authentication information.

  According to this configuration, even when it is determined that there is no connection authentication information corresponding to the requesting telephone terminal in the authentication table, the requesting telephone terminal is used by using the connection authentication information of the determined security level. Connection authentication can be performed.

  The main device, when a connection request including terminal identification information is received from a telephone terminal whose terminal identification information is not registered, recording means that records the terminal identification information and connection authentication information of the highest security level in association with each other on a recording medium The connection control means determines whether or not terminal identification information corresponding to the request source is recorded on the recording medium when a connection request arrives from an unregistered telephone terminal, and the corresponding terminal identification When there is information, the requesting telephone terminal is controlled based on connection authentication information at a level lower than the security level of the connection authentication information on the recording medium.

  According to this configuration, prior to the execution of connection authentication for the telephone terminal, whether or not the terminal identification information of the requesting telephone terminal has been recorded on the recording medium, that is, the telephone terminal that has been previously authenticated for connection. It is determined whether or not there is, and the security level for connection authentication is changed based on the determination result. For this reason, the terminal identification information on the recording medium is used to authenticate connection according to the highest security level connection authentication information for telephone terminals that are connected to an external communication network and receive connection authentication for the first time. As for telephone terminals, connection authentication is performed in accordance with connection authentication information of a low security level. Even for unregistered telephone terminals, the security level can be varied for each connection authentication count.

  The main device stores service information storage means for storing a service table indicating available services for each security level, and the security level at the time of connection authentication at the requesting telephone terminal when a service use request is received from the telephone terminal. Security level determination means for determining, and service control means for referring to a service available at the determined security level from the service table and performing control related to the service to the requesting telephone terminal based on the reference result. It is a thing.

  According to this configuration, by preparing a service table indicating services that can be used for each security level, when a service use request arrives from a telephone terminal, it can be used for each telephone terminal by referring to this service table. Specific services can be identified. For this reason, for example, when multiple companies or individuals share one system, the services available to each company or individual can be limited, thereby clarifying the billing process for each company or individual. can do.

  As described above in detail, according to the present invention, the security function for authentication of connection to the packet network can be sufficiently exhibited for each user of the telephone terminal, thereby efficiently performing a detailed service for each user of the telephone terminal. A network telephone system, a main apparatus of the network telephone system, and a connection authentication method can be provided.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
(First embodiment)
FIG. 1 is a schematic configuration diagram showing a network telephone system according to a first embodiment of the present invention.

  This system has a LAN (Local Area Network) 1. A plurality of telephone terminals T11 to T1i (i is a natural number) are connected to the LAN1. The telephone terminals T11 to T1i are IP telephone terminals having a call processing function and a media information processing function.

  Further, the LAN 1 is connected to a main device 2A and a router RT1. The main apparatus 2A connects the plurality of telephone terminals T11 to T1i connected on the LAN 1 and the plurality of telephone terminals T11 to T1i and the router RT1.

  The router RT1 connects between the LAN1 and the Internet INW, and has a function of converting a communication protocol and a signal format between the LAN1 and the Internet INW. Furthermore, telephone terminals T21 and T31 are connected to the Internet INW. These telephone terminals T21 and T31 are IP telephone terminals having a call processing function and a media information processing function.

The main apparatus 2A has the following functions as functions related to the present invention. FIG. 2 is a block diagram showing the configuration.
That is, the main apparatus 2 </ b> A includes a LAN interface (I / F) unit 21, a control unit 22, and a storage unit 23.

  The LAN 1 is connected to the LAN interface unit 21 as necessary. The LAN interface unit 21 performs interface processing with the connected LAN 1 under the control of the control unit 22.

  The control unit 22 controls each unit of the main apparatus 2A by software processing. The storage unit 23 stores routing information and the like necessary for connection control of the control unit 22, and further includes an IP address compatible security level storage unit 231, a security level compatible terminal authentication method storage unit 232, and an IP extension terminal compatible terminal. A physical authentication storage unit 233, an IP extension terminal compatible user authentication storage unit 234, and a security level compatible service availability information storage unit 235 are provided.

As shown in FIG. 3, the IP address-corresponding security level storage unit 231 stores a table representing a correspondence relationship between an IP address type, an IP address, and a security level for connection authentication and service use.
As shown in FIG. 4, the security level compatible terminal authentication method storage unit 232 stores a table representing the correspondence between the security level and the terminal authentication method.

As shown in FIG. 5, the IP extension terminal compatible terminal physical authentication storage unit 233 is fixedly assigned to the terminal IDs of the telephone terminals T11 to T1i, T21, and T31 and the telephone terminals T11 to T1i, T21, and T31, respectively. A table representing a correspondence relationship with the MAC address is stored.
As shown in FIG. 6, the IP extension terminal-compatible user authentication storage unit 234 stores a table representing a correspondence relationship between user IDs as user authentication information and passwords.

  As shown in FIG. 7, the security level compatible service availability information storage unit 235 stores a table representing a correspondence relationship between available services and data indicating availability / non-availability for each security level.

  On the other hand, the control unit 22 includes a security level determination unit 221, a terminal authentication method selection unit 222, an IP extension terminal physical authentication unit 223, an IP extension terminal user authentication unit 224, and a service availability determination unit 225. ing.

  When a connection request including an IP address arrives from the telephone terminals T11 to T1i, T21, and T31, the security level determination unit 221 refers to the table stored in the IP address corresponding security level storage unit 231 to obtain the IP address The security level corresponding to is determined.

The terminal authentication method selection unit 222 reads the terminal authentication method corresponding to the determined security level from the security level compatible terminal authentication method storage unit 232.
The IP extension terminal physical authentication unit 223 requests the request source to send the IP extension terminal ID or MAC address in accordance with the read terminal authentication method, and the IP extension terminal ID or MAC address sent in response to this request. Is compared with the IP extension terminal ID or MAC address stored in the IP extension terminal compatible terminal physical authentication storage unit 233, and connection authentication is performed only when they match.

  The IP extension terminal user authentication unit 224 requests the request source to send a user ID and password in accordance with the read terminal authentication method, and sends the user ID and password sent in response to this request to the IP extension terminal compatible user. The user ID and password stored in the authentication storage unit 234 are compared and verified, and connection authentication is performed only when they match.

  When the service use request arrives from the telephone terminals T11 to T1i, T21, and T31 for which connection authentication has been performed, the service availability determination unit 225 determines the security level at the time of connection authentication at the request source, and can be used at that security level. The service is referred to from the table stored in the security level compliant service availability information storage unit 235, and based on the reference result, the request source is allowed to use the service.

  Next, the operation of the system configured as described above will be described. FIG. 8 is a flowchart showing a control procedure and its contents at the time of connection authentication by the control unit 22 of the main apparatus 2A.

  For example, when a registration request, that is, a connection request comes from the telephone terminals T11 to T1i, T21, T31 (step ST8a), the control unit 22 calls the telephone terminal T11 whose request source is connected to the LAN 1 based on the IP address included in the registration request. It is determined by referring to the table stored in the IP address corresponding security level storage unit 231 whether the terminal is T1i or the telephone terminals T21 and T31 connected to the Internet INW (step ST8b). Here, if it is the telephone terminals T11 to T1i connected to the LAN 1, the control unit 22 determines that the security level of the request source is “2” (step ST8c), and the telephone terminals T21, T31 connected to the Internet INW. If so, the security level of the request source is determined to be 3 (step ST8d).

  Subsequently, the control unit 22 selects an authentication method by referring to a table stored in the security level compatible terminal authentication method storage unit 232 according to the determined security level (step ST8e). If the security level is “2”, the control unit 22 requests the request source to transmit the extension terminal ID or MAC address (step ST8f). If an extension terminal ID or MAC address is sent in response to this request, it is compared with the IP extension terminal ID or MAC address stored in the IP extension terminal compatible terminal physical authentication storage unit 233, and whether or not they match (Step ST8g). If they match (Yes), the control unit 22 permits connection to the request source (steps ST8h and ST8i).

  On the other hand, if they do not match (No), the control unit 22 notifies the request source that the authentication is impossible, and performs a disconnection process (step ST8j).

  If the security level is “3” in step ST8e, the control unit 22 requests the requester to send a user ID and a MAC address in parallel with the processing in step ST8f and step ST8g (step ST8e). ST8k). When a user ID and password are sent in response to this request, the user ID and password stored in the IP extension terminal corresponding user authentication storage unit 234 are compared and checked to determine whether or not they match (step ST81). Here, if they match (Yes), the control unit 22 permits the connection to the request source.

  On the other hand, if they do not match (No), the control unit 22 notifies the request source that the authentication is impossible, and performs a disconnection process (step ST8m).

  In the above processing, if the telephone terminals T11 to T1i are registered as the security level “1”, the control unit 22 permits the connection without authentication.

  FIG. 9 is a flowchart showing the control procedure and contents of the service using the control unit 22 of the main apparatus 2A.

  For example, when a service request arrives from the telephone terminals T11 to T1i, T21, T31 that have received connection authentication (step ST9a), the control unit 22 determines the security level at the time of connection authentication (step ST9b), and according to the determined security level. Whether or not the requested service can be used is determined by referring to the security level compatible service availability information storage unit 235 (step ST9c).

  Here, when the request source is the security level “2” and the service content to be used is “voice mail”, the control unit 22 permits the request source to use “voice mail” (step ST9d).

  On the other hand, when the request source is the security level “2” and the service content to be used is “local line transmission”, the control unit 22 rejects the execution of “local line transmission” to the request source (step ST9e). .

  As described above, in the first embodiment, in the main device 2A, the storage unit 23 is provided with the security level storage unit 231 corresponding to the IP address and the terminal authentication method storage unit 232 corresponding to the security level. When a connection request including an IP address arrives from the terminals T11 to T1i, T21, and T31, refer to the tables stored in the IP address corresponding security level storage unit 231 and the security level compatible terminal authentication method storage unit 232, respectively. Connection authentication is performed according to the connection authentication method of the corresponding security level for the request source.

  Accordingly, by making the security level for connection authentication different for each of the telephone terminals T11 to T1i, T21, and T31, for example, the telephone terminals T11 to T1i connected to the LAN 1 are not subjected to connection authentication, or the extension terminal ID or MAC address The telephone terminals T11 to T1i, T21, and T31 for each user are connected such that the telephone terminals T21 and T31 connected to the Internet INW require input of user IDs and passwords. Connection authentication can be performed efficiently. Thereby, about the user of telephone terminal T11-T1i, connection authentication can be received without input of a user ID and a password, and a user burden can be reduced significantly.

  In the first embodiment, a part of the IP address is connected to the Internet INW even when the IP address corresponding security level storage unit 231 does not have an IP address corresponding to the requesting telephone terminals T21 and T31. It can be determined that the terminal is a telephone terminal, and connection authentication can be reliably performed on the requesting telephone terminals T21 and T31 using a connection authentication method of security level “3”.

  Further, in the first embodiment, in the main apparatus 2A, the storage unit 23 is provided with the security level corresponding service availability information storage unit 235, and the control unit 22 receives the telephone terminals T11 to T1i, T21, When a service request arrives from T31, the service stored in the security level compliant service availability information storage unit 235 is referred to allow services available for each of the telephone terminals T11 to T1i, T21, and T31. Yes.

  Therefore, for example, when an employee of a company using the telephone terminals T11 to T1i and an individual who owns the telephone terminals T21 and T31 share one system, the services available for each company or individual may be limited. This makes it possible to clarify the billing process for each company or individual.

(Second Embodiment)
FIG. 10 is a block diagram showing the configuration of the main apparatus 2B in the network telephone system according to the second embodiment of the present invention. 10, the same parts as those in FIG. 2 are denoted by the same reference numerals, and detailed description thereof is omitted.

  That is, the RAM 24 is connected to the control unit 22. Then, when a connection request arrives from unregistered telephone terminals T21 and T31, the control unit 22 records the request source IP address and the security level “3” in the RAM 24 in association with each other.

  Next, the operation of the system configured as described above will be described. FIG. 11 is a flowchart showing a control procedure and its contents at the time of connection authentication by the control unit 22 of the main apparatus 2B.

  For example, when a registration request, that is, a connection request comes from the telephone terminals T11 to T1i, T21, T31 (step ST11a), the control unit 22 calls the telephone terminal T11 whose request source is connected to the LAN 1 based on the IP address included in the registration request. It is discriminated by referring to the table stored in the IP address-corresponding security level storage unit 231 to determine whether the terminal is T1i or the telephone terminals T21 and T31 connected to the Internet INW (step ST11b). Here, if the telephone terminals T11 to T1i are connected to the LAN 1, the control unit 22 sets the request source security level to “1” and performs connection without authentication.

  On the other hand, if the telephone terminals T21 and T31 are connected to the Internet INW, the control unit 22 determines whether or not an IP address is recorded in the RAM 24 (step ST11c). If the IP address is not recorded in the RAM 24 (No), the control unit 22 determines that the security level of the request source is “3” (step ST11d), and sets the IP address and the security level “3” in the RAM 24. Record in association.

  On the other hand, if the IP address is recorded in the RAM 24 (Yes), the control unit 22 determines the security level of the request source from “3” to “2” (step ST11e). If the security level recorded in the RAM 24 is “2”, the control unit 22 determines the security level of the request source from “2” to “1”.

  Subsequently, the control unit 22 selects an authentication method by referring to a table stored in the security level compatible terminal authentication method storage unit 232 according to the determined security level (step ST11f). If the security level is “2”, the control unit 22 requests the request source to transmit the extension terminal ID or MAC address (step ST11g). If an extension terminal ID or MAC address is sent in response to this request, it is compared with the IP extension terminal ID or MAC address stored in the IP extension terminal compatible terminal physical authentication storage unit 233, and whether or not they match (Step ST11h). If they match (Yes), the control unit 22 permits connection to the request source (steps ST11i and ST11j).

  On the other hand, if they do not match (No), the control unit 22 notifies the request source that the authentication is impossible, and performs a disconnection process (step ST11k).

  In step ST11f, if the security level is “3”, the control unit 22 requests the requester to transmit a user ID and a MAC address in parallel with the processing in steps ST11g and ST11h (step ST11f). ST11l). When a user ID and password are sent in response to this request, the user ID and password stored in the IP extension terminal corresponding user authentication storage unit 234 are compared and checked to determine whether or not they match (step ST11m). Here, if they match (Yes), the control unit 22 permits the connection to the request source.

  On the other hand, if they do not match (No), the control unit 22 notifies the request source that the authentication is impossible, and performs a disconnection process (step ST11n).

  Thereafter, in the case of using a service, the control unit 22 executes processing according to the same procedure as in the first embodiment.

  As described above, in the second embodiment, in the main apparatus 2B, for example, when a connection request arrives from the telephone terminals T21 and T31 on the Internet INW, is the request source IP address recorded in the RAM 24? It is determined whether or not the telephone terminals T21 and T31 have been previously authenticated for connection, and the security level for connection authentication is changed based on the determination result.

  Therefore, for the telephone terminal T21 that is connected to the Internet INW and receives connection authentication for the first time using the IP address on the RAM 24, connection authentication is performed according to the security level “3” authentication method, and the telephone terminal that has previously received connection authentication. As for T31, connection authentication is performed in accordance with an authentication method with a low security level “2”, so that the security levels of the telephone terminals T21 and T31 connected to the Internet INW can be varied depending on the number of times of connection authentication.

(Other embodiments)
The present invention is not limited to the above embodiments. In the first embodiment, when a connection request comes from a telephone terminal connected to the Internet, the telephone terminal on the Internet is specified based on partial information of the IP address stored in the storage unit. However, connection authentication may also be performed for a telephone terminal having an IP address that is not registered at all by an authentication method according to the security level “3”. In the case of an unregistered telephone terminal connected to the LAN, connection authentication may be performed using an authentication method according to a predetermined security level.

  In the second embodiment, it is determined whether or not an IP address is recorded in the RAM for a telephone terminal connected to the Internet. However, for an unregistered telephone terminal connected to a LAN. Can be similarly implemented.

In each of the above embodiments, an example in which a LAN is used as an internal communication network and the Internet is used as an external communication network has been described. However, a communication network other than a LAN or a communication network other than the Internet may be used.

  In the first embodiment, the example in which the user ID and the password are used as the personal information has been described. However, a fingerprint, a handwriting, or the like may be used.

  Further, in each of the above embodiments, the security level is divided into three, but may be divided into a plurality of security levels higher than that.

  In addition, the system configuration, main unit configuration, control unit functions, table contents stored in the storage unit, usable service contents, connection authentication procedure and its contents, service control procedure and its contents, etc. Various modifications can be made without departing from the scope of the invention.

1 is a schematic configuration diagram showing a network telephone system according to a first embodiment of the present invention. The block diagram which shows the function structure of the main apparatus in the 1st Embodiment. The figure which shows an example of the memory content of the IP address corresponding | compatible security level memory | storage part shown in FIG. The figure which shows an example of the memory content of the security level corresponding | compatible terminal authentication method memory | storage part shown in FIG. The figure which shows an example of the memory | storage content of the IP extension terminal corresponding | compatible terminal physical authentication memory | storage part shown in FIG. The figure which shows an example of the memory content of the IP authentication terminal corresponding | compatible user authentication memory | storage part shown in FIG. The figure which shows an example of the memory content of the security level corresponding | compatible service availability information storage part shown in FIG. The flowchart which shows the control procedure at the time of the connection authentication by a control part, and the content in the said 1st Embodiment. The flowchart which shows the control procedure at the time of service utilization by a control part, and the content in the said 1st Embodiment. The block diagram which shows the structure of the main apparatus in the network telephone system concerning the 2nd Embodiment of this invention. The flowchart which shows the control procedure and the content at the time of the connection authentication by a control part in the said 2nd Embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... LAN, 2A, 2B ... Main apparatus, 21 ... LAN interface (I / F) part, 22 ... Control part, 23 ... Memory | storage part, 24 ... RAM, 221 ... Security level determination part, 222 ... Terminal authentication method selection part 223 ... IP extension terminal physical authentication section, 224 ... IP extension terminal user authentication section, 225 ... service availability determination section, 231 ... IP address correspondence security level storage section, 232 ... security level correspondence terminal authentication method storage section, 233 ... IP Extension terminal compatible terminal physical authentication storage unit, 234... IP extension terminal compatible user authentication storage unit, 235... Security level compatible service availability information storage unit, T11 to T1i, T21, T31.

Claims (8)

A plurality of telephone terminals connected to an internal communication network, and the plurality of telephone terminals are accommodated via the internal communication network, and an external communication network can be connected, and the plurality of telephone terminals or between the telephone terminals A network telephone system comprising a main device for connecting and communicating with the external communication network,
The main unit is
A storage for storing an authentication table representing a correspondence relationship between terminal identification information assigned to each of the plurality of telephone terminals when using the internal communication network or the external communication network and a plurality of connection authentication information having different security levels. Means,
A determination unit that determines connection authentication information corresponding to the terminal identification information by referring to the authentication table when a connection request including the terminal identification information arrives from the telephone terminal;
When a connection request including terminal identification information comes from a telephone terminal whose terminal identification information is not registered, a recording unit that records the terminal identification information and connection authentication information of the highest security level in association with each other on a recording medium;
Based on the connection authentication information determined by the determination means, control is performed on the connection to the requesting telephone terminal, and a request is made on the recording medium when the connection request arrives from the unregistered telephone terminal. It is determined whether or not the terminal identification information corresponding to the original is recorded, and if there is corresponding terminal identification information, the requesting telephone terminal has a level lower than the security level of the connection authentication information on the recording medium. A network telephone system comprising connection control means for performing control related to connection based on connection authentication information . The connection control means, when it is determined from the determination result that there is no connection authentication information corresponding to the requesting telephone terminal in the authentication table, when the requesting telephone terminal belongs to the internal communication network, 2. The network telephone system according to claim 1, wherein control relating to connection is performed for a telephone terminal as a request source based on connection authentication information of a security level. The main device has service information storage means for storing a service table indicating services available for each security level;
Security level determination means for determining a security level at the time of connection authentication in the requesting telephone terminal when a service use request arrives from the telephone terminal;
5. Service control means for referring to a service that can be used at the determined security level from the service table, and for performing control related to the service to the requesting telephone terminal based on the reference result. 1. The network telephone system according to 1. The connection control means requests the requesting telephone terminal to send a fixed identifier specific to the telephone terminal based on the connection authentication information, and the fixed identifier sent in response to the request and the fixed registration registered in advance. 2. The network telephone system according to claim 1, wherein the identifier is compared with the identifier, and connection authentication is performed when the identifier matches. The connection control means requests the requesting telephone terminal to transmit a fixed identifier specific to the telephone terminal based on the connection authentication information, and requests the user to transmit personal information for identity verification. 2. The network telephone system according to claim 1, wherein the fixed identifier and the principal information sent in response to the request are compared with a fixed identifier and the principal information registered in advance, and connection authentication is performed when they match. . A plurality of telephone terminals connected to an internal communication network, and the plurality of telephone terminals are accommodated via the internal communication network, and an external communication network can be connected, and the plurality of telephone terminals or between the telephone terminals A main device used in a network telephone system comprising a main device for connecting and communicating with the external communication network;
A storage for storing an authentication table representing a correspondence relationship between terminal identification information assigned to each of the plurality of telephone terminals when using the internal communication network or the external communication network and a plurality of connection authentication information having different security levels. Means,
A determination unit that determines connection authentication information corresponding to the terminal identification information by referring to the authentication table when a connection request including the terminal identification information arrives from the telephone terminal;
When a connection request including terminal identification information comes from a telephone terminal whose terminal identification information is not registered, a recording unit that records the terminal identification information and connection authentication information of the highest security level in association with each other on a recording medium;
Based on the connection authentication information determined by the determination means, control is performed on the requesting telephone terminal, and when the connection request arrives from the unregistered telephone terminal, it is stored on the recording medium. It is determined whether or not terminal identification information corresponding to the request source is recorded, and if there is corresponding terminal identification information, a level lower than the security level of the connection authentication information on the recording medium for the request source telephone terminal And a connection control means for controlling connection based on the connection authentication information . Service information storage means for storing a service table indicating available services for each security level;
Security level determination means for determining a security level at the time of connection authentication in the requesting telephone terminal when a service use request arrives from the telephone terminal;
5. Service control means for referring to a service that can be used at the determined security level from the service table, and for performing control related to the service to the requesting telephone terminal based on the reference result. 6. The main device of the network telephone system according to 6 . A plurality of telephone terminals are accommodated via the internal communication network and an external communication network is connectable, and communication is performed by connecting the telephone terminals to each other or between the telephone terminals and the external communication network. A connection authentication method used in a device,
Preparing an authentication table representing a correspondence relationship between terminal identification information assigned to each of the plurality of telephone terminals when using the internal communication network or the external communication network, and a plurality of connection authentication information having different security levels;
When a connection request including the terminal identification information arrives from the telephone terminal, the connection authentication information corresponding to the terminal identification information is determined by referring to the authentication table,
When a connection request including terminal identification information is received from a telephone terminal whose terminal identification information is not registered, the terminal identification information and connection authentication information of the highest security level are associated with each other and recorded on a recording medium,
Based on the connection authentication information, control related to the connection to the requesting telephone terminal, and when the connection request arrives from the unregistered telephone terminal, the terminal identification corresponding to the requesting source on the recording medium It is determined whether information is recorded, and if there is corresponding terminal identification information, based on the connection authentication information of a level lower than the security level of the connection authentication information on the recording medium for the requesting telephone terminal A connection authentication method characterized by performing control related to connection.

Images