In recent years, the Internet is widely used. Thus, a huge number of information processing apparatuses are connected to the Internet communication network, and transmit and receive information to and from each other. Increasing number of information processing apparatuses connected to communication networks poses a problem that safety of the information processing apparatuses and reliability of information transmitted and received thereamong are reduced.
Thus, to enhance safety of the information processing apparatuses, attempts have been made to incorporate a biometric authentication function utilizing fingerprint, iris, vein, and the like in the information processing apparatuses. It is preferable to first ensure safety before performing business transaction when engaging in electronic commerce by using the information processing apparatus. More specifically, it should be confirmed that a valid owner uses the information processing apparatus, the owner uses for the business transaction the information processing apparatus that the owner owns, and a device or software such as an operating system (OS), a browser, and plug-in software that may impair the safety is not installed in the information processing apparatus.
Besides the authentications described above, time authentication, user authentication, or device authentication utilizing an electronic signature technology is performed separately. In International Publication Pamphlet No. WO 2005/106620, an information management apparatus is proposed that can flexibly and strictly update a computer program and data for executing an authentication process.
In authentication performed in a conventional information processing apparatus or information processing system, time authentication, user authentication, and device authentication utilizing electronic signature technology are performed separately, and thus, it is problematic in that multiple authentication of “when”, “who”, and “from which device” can not be safely performed. Thus, it is very difficult to construct a system that can provide services which require multiple authentication, and such a service is yet to be provided.