Various technologies have been proposed regarding a configuration for performing certification with respect to a remote device. Japanese Patent Laid-Open No. 11-027750 describes problems relating to certification when connecting to a network from a mobile terminal such as a mobile phone. More specifically, it describes problems in a configuration that performs certification of a user using a user name and a password (PAP certification method) or a configuration that certifies the identity of a user on the basis of a connection to a certification IC card that the user possesses (IC card security method).
According to Japanese Patent Laid-Open No. 11-027750, the PAP certification method does not select the terminal which the user possesses. Therefore, in a case where the user name and password are leaked or stolen by another person, a person other than the actual user can easily access to a network from any other kind of terminal. Accordingly, Japanese Patent Laid-Open No. 11-027750 describes that a problem with the PAP certification method is that unauthorized connections cannot be effectively prevented.
Therefore, in order to solve this kind of security problem Japanese Patent Laid-Open No. 11-027750 discloses the use of a caller ID service for certification.
A caller ID service is a service that is provided to a user by the communication common carrier that provides the communication line. According to this service, when a call is made to an arbitrary telephone number from a mobile terminal such as a mobile phone, a unique code and a caller ID request are automatically sent to the base station communicating with the mobile terminal. The base station or telephone switching network that received this information determines a caller telephone number that was associated with the unique code of the mobile terminal from a telephone number database that it originally holds. The base station or telephone switching network also performs line connection switching so as to connect to the telephone number of the connection destination, to thereby connect the telephone network to the telephone set that is the reception target. Then, by sending the caller telephone number to the telephone set that is the reception object, the telephone number of the mobile terminal is displayed on the telephone set that is the reception object. A prerequisite for receiving this caller ID service is that settings for receiving the service are made in the telephone set that is the reception object.
According to Japanese Patent Laid-Open No. 11-027750, when a user connects a PC that the user possesses to a network to perform data communication, a mobile terminal that is connected to the PC is utilized. Further, a user ID name, a password and the user's telephone number are previously registered as certification data in a communication device. When connecting to the network, first a phone call is made to a connection destination through the mobile terminal. Upon receiving access information including the mobile terminal's unique code via a relay station for the mobile terminal, a telephone switching network accesses a telephone number database of a communication common carrier. It then determines the telephone number of the mobile terminal based on the mobile terminal's unique code. Thereafter, it sends the thus-determined telephone number of the mobile terminal to a receiving base station via a telephone network. A communication device of the receiving base station in which the caller ID service is set can acquire the telephone number of the mobile terminal. Thereafter, a user ID and a password are sent from the mobile terminal.
The communication device compares the telephone number, user ID and password that were notified from the mobile terminal with a user ID, password and user telephone number that were previously registered. When all of these match, the communication device starts the network connection.
That is, the technology disclosed in Japanese Patent Laid-Open No. 11-027750 focuses on the fact that, fundamentally, the telephone number of a mobile terminal that a user possesses is never duplicated, and utilizes the telephone number as a certification key. More specifically, Japanese Patent Laid-Open No. 11-027750 discloses a configuration in which a mobile terminal connects via a phone line to a server that is connected to the phone line, and which uses a telephone number of the mobile phone in addition to a user name and password for login certification.
Further, Japanese Patent Laid-Open No. 2002-171252 describes a configuration which determines the existence or non-existence of a keyboard for entry of a user name and password, and when a keyboard exists the certification information is entered from the keyboard, and when there is no keyboard the certification information is entered from a magnetic card or the like. More specifically, a configuration is disclosed which appropriately uses a physical certification system in accordance with the existence or non-existence of a keyboard. For example, in an environment in which a certification server which previously stores user IDs and passwords, a PC, and a printer are connected to a network, user certification at the PC is carried out by entering a user ID and a password from a keyboard. Further, when user certification is also required at the printer that is connected to the same network as the PC, the user certification for the person executing the printing job is carried out by inserting a magnetic card into the printer.
When entering a user name and password as certification information, that is, in the case of the PAP certification method described in Japanese Patent Laid-Open No. 11-027750, since it is a simple certification procedure, it is difficult to prevent an uncertified person masquerading as a certified user. Meanwhile, when performing certification using a magnetic card or the like as described in Japanese Patent Laid-Open No. 2002-171252, a special magnetic card is required and this leaves much to be desired with respect to convenience. Furthermore, since the magnetic card itself is not protected, it is also difficult to prevent an uncertified person masquerading as a certified user.
In contrast, utilizing a telephone set ID service for certification as described in Japanese Patent Laid-Open No. 11-027750 is an effective method from the viewpoint of the high level of security relating to the ID and the diffusion thereof.
However, in the above described Japanese Patent Laid-Open No. 11-027750 there is no consideration whatsoever given to the issue of what location a user logs in from. Based on only the telephone number of a mobile phone it is not possible to simultaneously assure the certification and user identification certifying what location the user logged in from. More specifically, for a case in which a user logs in by operating an information terminal installed in a public place, Japanese Patent Laid-Open No. 11-027750 does not give consideration to assuring that the user is actually operating that information terminal.
In the environment described in Japanese Patent Laid-Open No. 11-027750, it is taken as a premise that a mobile terminal and a PC form a set. For example, it is a usage method in which a user visits an outside location with a mobile terminal and a PC, and connects to the user's in-company network from that outside location.
However, a case in which a user utilizes an information terminal in a public place is simply a case in which the user possesses only the user's own mobile terminal. For example, consider a case in which a user prints a document stored in a server through a printer that is installed in a convenience store. In order to assure the security of the print document in this case, it is necessary for the user to specify the location in which the printer is installed.