As a result of an increase in use of Internet and mobile communication systems, a large number of people now use a variety of services provided by e-commerce sites via networks, such as music data distribution and merchandise retailing services. When providers of such services (hereinafter referred to as “service providers”) need to identify an individual user of the services (hereinafter referred to as a “service user”), the service user has to be authenticated in some way.
One of the most common ways to perform user authentication is to check a combination of user identification and password. According to such a method, a service user transmits from his/her terminal device his/her user identification and his/her password, which have been provided by a service provider and are unique to the service user, to a server device managed by the service provider. When a combination of user identification and password is transmitted from the terminal device verification is carried out at the server device of the service provider by reference to a combination of user identification and password pre-registered in the server device. When the verification is successfully executed, the server device of the service provider determines that the service user using the terminal device is authenticated as a service user.
In a service of providing, for example, music data, after user authentication is successfully executed, distribution of music data from the server device of the service provider to the terminal device of the service user is started. Similarly, in a transaction of purchasing merchandise from an e-commerce site, after user authentication is successfully executed, the service provider can arrange shipping of purchased merchandise to a postal address designated by the service user.