The widespread use of mobile wireless communication terminals such as cellular telephones and PHS (personal handy-phone system)-compliant telephones has been accompanied by the provision of many additional services besides the usual voice conversation service. Data communication services, such as e-mail service and Internet connection service, have become the focus of interest recently as examples of such additional services.
Using a data communication service makes possible data communication between a mobile wireless communication terminal and a computer network such as the Internet or an in-house intra-network. Web pages can be browsed and e-mails can be sent and received at a mobile wireless communication terminal using a browser application or mail application that has been installed in the mobile wireless communication terminal.
It is important for the so-called contents provider that provides such a mobile wireless communication terminal with information or services to validate the party to whom the information or services to be provided. Validation of the party is essential in a case where a charge is collected for provision of the information or service and in a case where the information or service is provided only to registered users.
Ordinarily, a mobile wireless communication terminal is assigned terminal-specific information, e.g., a subscriber number. Authentication of a party can be performed with ease if terminal-specific information is used. With the conventional mobile wireless communication systems, however, there are instances where such terminal-specific information is utilized only within the system and is not supplied to an external network such as a computer network.
In a case where a contents provider cannot acquire terminal-specific information, the user is allowed to enter a combination of a user ID, which is assigned to each registered user in advance, and a password that each registered user is allowed to set, and the user can be authenticated based upon a match with the registered particulars.
However, there is the danger that a user ID and password may become known to another person and even if they are entered from a completely different mobile wireless communication terminal, this cannot be distinguished. Accordingly, authentication based solely upon a user ID and password is undesirable in terms of reliability. In particular, since it is troublesome to enter an ID or password using the small keys on a mobile wireless communication terminal, the user tends to set an ID and password that are too simple and there is a greater possibility of surreptitious use in comparison with authentication by user IDs and passwords set ordinarily.
The present invention has been devised in view of the foregoing problem of the prior art and its object is to provide a user authentication apparatus that is easy for the user of a mobile wireless communication terminal to use and that makes it possible to authenticate a user reliably, and to provide a method of controlling this apparatus.