From the past, in the case where a plurality of devices and various kinds of network services operate in cooperation with each other through a network, user authentication therefor has been processed in the following way.
(1) The concept of user is eliminated, and devices/services freely cooperate with each other (e.g. DLNA (Digital Living Network Alliance)).
(2) A device that performs control performs user authentication on a device/service at user's hand, which is controlled, and the device/service that is controlled does not perform user authentication (Remote reservation for TV program recording apparatus).
(3) Although a user authentication process is executed via another device, a user ID/password is input for each device/service every time the device/service cooperation function is used (e.g., network file sharing on PC).
(4) In (3) above, the ID/password for another device/service, which has been input once, is stored in the device at user's hand, and automatically used from the next time.
However, the method such as (1) and (2) above causes a security problem in the case where user data exists on a device/service to be controlled. On the other hand, in the method such as (3) above, because the user has to input an ID/password every time for each device to be controlled, the convenience is lost. Moreover, in the case where many devices are treated, the method is impractical. Furthermore, in the method such as (4), important information such as user's password is stored in the individual device, which causes a security problem. Even if the information is encrypted, the same problem is caused in the case where it is decoded because it is stored in a form that can be decrypted to the original form.
In addition, from the past, various protocols for a service to be able to use a function of another service without being directly given a user's ID/password that is managed therein have been proposed to easily create a mashup between network services. Examples of a typical protocol therefor include Oauth, which has been used in a service such as Facebook (registered trademark). In Oauth, a service provider that manages a user's ID/password transfers the access right to the service provider to a service (consumer) that uses the function thereof without providing any ID or password (see, for example, Patent Document 1).
Furthermore, such a protocol is useful when a service on a network is used from a device because it does not need to store a user's ID/password, and is used by many applications such as PC and smartphone.