1. Field of the Invention
The present invention relates to an authentication apparatus, an authentication method, and a computer program product.
2. Description of the Related Art
Computer systems using personal computers (PC), workstations (WS), and servers are widely used by various users in various places. For example, computer systems are used in companies, research institutes, schools, public institutions, governments and public offices, and the like. The computer systems used in the above places generally handle various data containing confidential data such as personal information of employees and customers, new product information, technical information, and management information. Because such information is confidential, it is necessary to prevent leakage of information.
Meanwhile, communication environments using broadband has been widely enhanced, so that people can access resources used in their work environments even they are out of offices. Such environments enhance conveniences of use of communication terminals; however, risk of leakage of information increases at the same time. For example, information may be easily leaked from PCs in public places such as air ports, trains, and coffee shops. More specifically, even when eavesdropping is prevented with communication encryption techniques, if a user displays a design diagram of a new product on a screen of a PC, information on the new product may be leaked to other people only by taking a glance at the screen. With conventional techniques, it is difficult to assuredly prevent leakage of information, and prevention of the leakage of information is attempt by reminding users to be careful of handling of data.
Furthermore, wireless communication such as a wireless LAN has been widely used, so that convenient communication environments are realized. However, wireless communication is disadvantageous in that a large number of users including unknown users and fraudulent users can access resources within a service area of the wireless communication. High-secure encryption methods and authentication methods are developed for counteracting the above situation; however, they are not yet used in common.
A conventional access authentication method for authenticating a user to access predetermined contents data in a client terminal is disclosed in, for example, Japanese Patent Application Laid-open No. 2003-242042. Specifically, user authentication is performed such that identification information unique to a client is acquired in an environment where contents data is downloaded, the identification information is encrypted and then written to a password file, password information is extracted from the downloaded contents data, the password information is encrypted and then written to the password file, and determination is performed whether the acquired identification information and the extracted password information are identical to those pre-registered on the password file.
The above authentication method uses information on an environment (client) of the user upon performing authentication of users who accesses contents data on a client terminal. Therefore, the user is not required to perform operations for the authentication. However, it is still difficult to prevent leakage of information caused by accesses to resources from places out of permitted places and network connection by unknown users and fraudulent users.