As a method for specifying a user for receiving services provided on a network, personal identification using an ID and a password is often employed. Normally, the authentication mode is independent for each service. If five different services are received, five IDs and five passwords are required, and the user has to select the ID and password according to the service.
Since the user has to employ the different IDs and passwords for the individual services, as described above, it is usually necessary for the user to write down the IDs and the passwords for the individual services, which is inconvenient. The user is able to memorize the IDs and passwords for services that he/she frequently accesses. However, the user tends to forget the IDs and passwords for services that he/she rarely accesses, and in order to access such services, the user is required to check the IDs and passwords, thereby making it difficult to speedily access the services.
In order to solve the above-described problem, a method for disposing an authentication proxy server between service providing servers and client computers so as to allow the authentication proxy server to perform simultaneous authentication for a plurality of service providing servers, and a method for installing an authentication proxy module in a service providing server are known. The first method is referred to as the “reverse proxy type”, and the second method is referred to as the “agent type”. Integrating a plurality of IDs and passwords into one ID and one password as stated above is referred to as “SSO (Single Sign On)”. FIG. 1 illustrates the concept of SSO of the reverse proxy type.
In FIG. 1, a client 2 is a personal computer, a personal digital assistant (PDA) employed by a user, or a household electrical appliance, such as a television receiver, an audio player, a video cassette recorder, a car navigation system, a microwave oven, a refrigerator, or a washing machine, which is provided with a function for connecting to a network. In the following description, television receivers, audio players, video cassette recorders, car navigation systems, microwave ovens, refrigerators, washing machines, and other household electrical appliances provided with functions for connecting to networks are referred to as CE (Consumer Electronics) devices.
When receiving a request to connect to the Internet 1 from the client 2 with a predetermined network-connecting ID and password 6, an access server 3 conducts authentication for connecting the client 2 to the Internet 1. A web authentication proxy server 4 manages IDs and passwords required for receiving services from web servers 5-1 and 5-2 (hereinafter simply referred to as a “web server 5” when it is not necessary to individually distinguish between the web servers 5-1 and 5-2—the same applies to other devices). When receiving a request to receive a service possessed by the web server 5 from the client 2 with a predetermined representative ID and password 7, the web authentication proxy server 4 accesses the web server 5 designated by the client 2 by using the predetermined ID and password, and performs authentication for the client 2.
The web servers 5-1 and 5-2 individually possess unique services, and provide the services to the client 2 which has accessed the web servers 5-1 and 5-2 by using the predetermined ID and password.
The operation is as follows. When accessing the web server 5-1 to receive a service, the client 2 first accesses the access server 3 by using the network-connecting ID and password 6, and obtains authentication for connecting to the Internet 1. After obtaining authentication for connecting to the Internet 1 from the access server 3, the client 2 accesses the web authentication proxy server 4 via the Internet 1 by using the representative ID and password 7 so as to receive authentication from the web authentication proxy server 4.
Upon completing the authentication processing, the web authentication proxy server 4 sends an ID and a password for web server A to the web server 5-1 via the Internet 1, and requests the web server 5-1 to conduct authentication for the client 2. After authenticating the client 2 in response to this request, the web server 5-1 provides the service to the client 2.
When subsequently receiving a service by accessing the web server 5-2, the client 2 first accesses the web authentication proxy server 4 by using the representative ID and password 7 to receive authentication. When authentication is successfully conducted, the web authentication proxy server 4 sends an ID and a password for the web server 5-2 to the web server 5-2, and requests the web server 5-2 to conduct authentication for the client 2. After authenticating the client 2 in response to this request, the web server 5-2 provides the service for the client 2.
As described above, the client 2 is able to receive the services from both web servers, i.e., the web server 5-1 and the web server 5-2, by using the single representative ID and password 7.
As stated above with reference to FIG. 1, in known SSO, the network-connecting ID and password 6 for connecting to the Internet 1, and the representative ID and password 7 for connecting to the web server 5 are different, and the user has to change between the two IDs and two passwords, which is inconvenient.
Particularly when the device (client 2) employed by the user to connect to the Internet 1 is a CE device provided with an insufficient input interface for receiving input operations from the user, which is different from personal computers, inputting the network-connecting ID and password 6 or the representative ID and password 7 into the CE device every time the user connects to the access server 3 or the web authentication proxy server 4 imposes a heavy burden on the user.
In order to receive services from the web server 5, the user is sometimes required to perform user registration in the web server 5 in advance. More specifically, when receiving services from the web server 5-1, the user has to send via the client 2 his/her name, address, email address, and other information required for receiving the services from the web server 5-1 so as to receive an ID and a password. Similarly, when receiving services from the web server 5-2, the user has to send via the client 2 his/her name, address, email address, and other information required for receiving the services from the web server 5-2 so as to receive an ID and a password.
Accordingly, when performing user registration in the web server 5, the user is required to register user information in the web server 5. In this case, basic information, such as his/her name, address, and email address, is common information for registering in many web servers 5. Accordingly, if the user does not have to input the same information for performing user registration in the web server 5-2 as the information input for performing user registration in the web server 5-1, the ease of operation for the user is enhanced. Particularly when performing user registration by using a CE device provided with an insufficient input interface, it is very convenient for the user if the amount of information to be input is reduced.