However, the device must be able to communicate with a LAN server. All
    the users passwords, as well as time-keeping will be done by the
    server. The device will only "question" the server as of whether the
    password was right or not, and if right the server will send an
    authorization code, the machine will activate, and the server will start
    measuring the time the machine has been in use. When the user desires to
    stop using the machine, the machine is turned off and the time of use is
    recorded by the server.

First, you must find out whether there is particular type of server and/or
"authorization" protocol that you are expected to use.  There are many
standards for this sort of thing ("The great thing about standards is that
there are so many to choose from"), and they vary quite a bit in
complexity.  For example "xtacacs", "xtacacs" and "radius" operate over
UDP/IP, making them somewhat simpler than "tacacs+", which requires TCP/IP,
and "kerberos" is considerably more complex in several dimensions.  Those
are just IP-based protocols that will work over an IP network through
multiple routers and over various media, which is swell and politically
correcct, but useless if the user had in mind using an existing Novell or
netbios network.

I would suspect that most network tasks of this sort are beyond all but
the largest PICs, and pointlessly challenging on that sort of "embedded"
architecture.  The obvious "cheap" platform is an old PC running DOS and
one of the free network stacks, and the obvious "cool" platform is one of
those embedded network platforms that people are starting to sell, based
on things like the Motorola QUICC, Power-QuICC, and so on.

BillW