(1) Field of the Invention
The present invention relates to a user authenticating system and method in a wide area distributed environment formed in a network, in which system and method registered information regarding a user is centrally managed and in which the security against tapping into the network and against successful impersonation of an authorized user by an unauthorized user is improved.
(2) Description of the Related Art
In recent years, in a distributed processing environment formed in a LAN (Local Area Network), a single user simultaneously uses many computer resources via the network so that a large amount of computing power is drawn from the distributed processing environment.
However, since each user must be recorded as a regular user in all of the computers, the load of management of the users in each computer is increased.
To cope with the increased load of management in each computer, conventionally, an information sharing service called by an NIS (Network Information System) has been widely used. FIG.1 shows an NIS having computers 51A, 51B and 51C, and a master database 52B, which database is employed by a user 53. In this system, the computer 51B is provided with the master database 52B. Other computers 51A and 51C refer to the master database 52B via a network, so that management information, such as passwords, stored in the master database 52B are shared by all computers 51A, 51B and 51C. The registration of a user is performed in the master database 52B connected to the computer 51B. The management of the user is unified. As a result, there may be no case where information for the same user in the respective computers is conflicting.
However, since information such as passwords needed in authentication of users is shared by all of the computers 51A, 51B and 51C in this system, it is possible to carry out tapping to obtain a password and pass-word-analysis in which a password is found using a dictionary. In addition, an illegitimate practice can occur in which an unauthorized user impersonating a regular user obtains access to a computer using false management information in which regular management information is changed in a computer for relaying packets. Thus, the conventional system has a problem concerning security.
Furthermore, in the system in which the database is shared by a plurality of computers, if faults occur in the network, the database cannot be used by any computers. Thus, the system has also a problem concerning reliability. Since many faults may occur in a wide area network in particular, a user authenticating system for authenticating a user without using information (e.g. a password) stored in the database is desired.