A conventional Web service that implements various services via the Internet is provided on a server and, in general, users use the Web service via a Web browser of a client. However, in recent years, attention has been given to the technology of Packaged Web applications (Packaged Web Apps) that is used by downloading archived files that are created by using languages, such as the Hypertext Markup Language (HTML) 5, JavaScript™, Cascading Style Sheets (CSS), or the like. Specifically, in the World Wide Web Consortium (W3C) that is the standards organization for the technology related to the World Wide Web (WWW), standardization of the Packaged Web applications technology has been developed, for example. Because the Packaged Web applications are downloaded to a client and then used, the Packaged Web applications have a feature in that the applications can be used in an offline state in which the connection between the client and a server is disconnected.
Patent Document 1: Japanese Laid-open Patent Publication No. 2012-216162
Patent Document 2: Japanese National Publication of International Patent Application No. 2011-523243
In order to prevent an unauthorized use of applications, such as the Packaged Web applications, user authentication in which authentication is performed on a user who uses an application is preferably performed. However, there is a problem in that a mechanism of user authentication that is used to prevent an unauthorized use of the Packaged Web applications that are also used in an offline state is not currently present.
A specific example of the user authentication includes, for example, a screen lock function in a smart phone. The screen lock function is a function of requesting an input of a PIN code or a password every time the screen of the smart phone is in an ON state or is a function of executing biometric authentication by using a fingerprint or the like. However, the screen lock function is used to protect the entirety of a terminal device, such as a smart phone or the like, and user authentication is performed every time the terminal device is used. Consequently, introducing the user authentication that is performed by a complicated method into the screen lock function is impractical. In contrast, because some applications, such as the Packaged Web application or the like, are used, for example, for business, the applications are preferably protected by user authentication in which the security can be ensured at a certain level or more. Accordingly, with the user authentication performed by using the screen lock function, protection of the applications is insufficient.
Furthermore, there is a known technology that sets a password to a file in order to protect, for example, the contents that are downloaded. However, in order to execute the user authentication by using the password when an application is started up, in addition to the primary function of the application, the function of the user authentication needs to be included in the application. Consequently, for example, in a case of the Packaged Web application, the same function used for the user authentication needs to be installed in all Web applications, which is inefficient. Furthermore, for example, if a password for authentication is changed, the password needs to be changed for all of the applications, which is inconvenient.