When using a service provided on a server connected in a network from a terminal such as a personal computer (PC) and a mobile telephone, a user logs into the service with an ID and a password to identify the user himself/herself. Then, the user who is going to use the service is identified by a service provider, which allows the user is able to use the service according to a contract between the user and the service provider.
When using each service provided on a plurality of servers, the user logs into the service with IDs and passwords different for each service. However, since this complicates login procedure, a system called a “single sign-on” may be employed. The “single sign-on” is a system in which, once logging into a service using an ID and a password, the user can log into other services without inputting IDs and passwords again. The system of “single sign-on” is achieved by identification information of the user being shared by the service which the user logged in first and the service which the user logs in next.
Each service provider holds user information corresponding to each user. The user information here includes contract information including the content of the service registered when the user makes a contract with the service provider, personal information including the name, the address, the phone number of the user, and information including an identifier to allow the service provider to identify the user. The service provider manages the user information in association with the ID and the password of the user. Described below are examples in which techniques related to the single sign-on are disclosed.
An authentication system disclosed in Patent literature 1 is configured so that a user terminal holds identification information to identify the user terminal, and an authentication server includes a sign-on management table that stores identification information of the user terminal already subjected to login authentication. When receiving a login request from the user terminal, an application server determines whether the identification information of the user terminal is included in the sign-on management table based on the identification information transmitted from the user terminal. When the identification information is included, the application server determines that the login authentication has been successfully performed; when the identification information is not included, the application server operates to acquire login authentication information from the user terminal. According to such processing, the single sign-on is achieved in the authentication system disclosed in Patent literature 1.
An authentication system disclosed in Patent literature 2 is a login proxy system connected to a plurality of application servers, and includes a login proxy server, an authentication server, and a DB server including a login template table and a URL conversion table. The user logs into the authentication server in the login proxy system in advance. Then, when the user desires to log into the application server from a user terminal, the login proxy server responds to the login request to the application server by the user transmitted from the user terminal to generate a request including login authentication information to the application server by the user using authentication information of the authentication server and the DB server, and logs into the application server in place of the user. For the response sent back from the application server, the login proxy server converts the content using the DB server so as to achieve the same function as a case in which the user terminal directly receives the response from the application server, and sends it back to the user terminal. A single sign-on is thus achieved in the authentication system disclosed in Patent literature 2 according to such processing.