1. Field of the Invention
The present invention relates to an information processing apparatus, an information processing method, and a storage medium and selection of an authentication method for communication of data with an external apparatus.
2. Description of the Related Art
Conventionally, when information processing apparatuses offered public presentation of information and services, authentication processing by the information processing apparatus was performed. In performing authentication processing, the authentication method used for authentication processing has to be chosen (except for a setup of the account information of a user name, a password, etc.).
For example, in the image processing apparatus disclosed in Japanese Patent Laid-Open No. 2003-084929 and Japanese Patent Laid-Open 2003-296085, the user set up the authentication method to be used.
In the authentication processing in which a server provides service to the partner via a network, suppose that there are two authentication methods which can be selected, a Basic authentication method and a Digest authentication method, for example.
The Basic authentication method is one in which the user authentication technology uses HTTP (Hyper Text Transfer Protocol), and the authentication information (user name and password) is transmitted over a network without being encrypted. By not encrypting the data transmitted over the network, the processing load in Basic authentication processing is reduced.
The Digest authentication method is one in which the user authentication technology uses HTTP, and the authentication information (user name and password) is encrypted and the encrypted authentication information is transmitted over the network. Therefore, even when a third party is watching the network, the danger that the authentication information will be decoded by the third party is reduced. There is added value that not only authentication but full protection of a message, a falsification check, and server authentication are realizable using the Digest authentication method. However, since it is necessary to encrypt authentication information and the Digest value of a message which transmits at every communication, the processing load in Digest authentication processing is increased.
Although it is useful that a server can support both of the types of authentication methods, the administrator who manages a server has to select an authentication method. Such a selection may be difficult for the administrator not only because the administrator must decide which method to use for a given user, but also because the administrator may not have the technical knowledge of each authentication method in order to make the proper selection.
In the two kinds of authentication methods described above, there are differences in whether encryption is performed and in the size of processing load. The effect of the selected authentication method changes based on whether encrypted communication is used between an information processor and its partner over the network.
FIG. 12 is a figure showing an example of an authentication setting screen 1200 for the authentication processing performed by a server. A server displays the authentication setting screen 1200 via a display etc., and a user performs a setup about a server's authentication function in this setting screen. As an example, in the exemplary setting screen 1200, the authentication processing can be performed by a server providing IPP (Internet Printing Protocol) service to a client PC (client personal computer).
A protocol button 1201 is used for selecting whether the IPP service in the server is used. When “ON” is selected, the IPP service is provided in the server, and when “OFF” is selected, the IPP service is no longer provided in the server.
When IPP service is provided, an SSL button 1202 is provided for selecting whether communication uses HTTP and SSL (Secure Sockets layer) (in cases where “ON” is selected), or only HTTP (in cases where “OFF” is selected). When the server provides IPP service for the client PC and the user selects the communication only using HTTP, the encryption communication by SSL is no longer performed between the server and the client PC.
Authentication button 1203 is a button for selecting whether authentication is to be performed (in cases where “ON” is selected) or authentication is not to be performed (in cases where “OFF” is selected), when the user uses the IPP service from the client PC.
Authentication method button 1204 is a button for selecting whether the Basic authentication method or the Digest authentication method is used as an authentication method.
Name box 1205 and password box 1206 are boxes for entering a user name and password, respectively, which are used for authentication.
In the Digest authentication method, in order to prevent the outflow by tapping of authentication information, including a user name, a password, etc., in authentication processing, the Digest value of authentication information is computed and the Digest value is used for authentication. Therefore, the processing which computes the Digest value of authentication information is required. Since it is necessary to compute the Digest value of the whole message when using completeness protection (method which includes the alteration prevention function of transmitting/receiving a message in addition to authentication) which is an expanded function of Digest authentication, the processing load becomes even higher. Therefore, it is better to select the Basic authentication method, in order to reduce the processing load. However, when a user does not know the technical contents of the authentication method, a Digest authentication method may be selected.
On the other hand, when the communication using only HTTP (not SSL) is selected, the Basic authentication method will transmit authentication information, without encrypting the user name and password.