Generally a user validation method is adopted in a web site which provides predetermined online service to users who have registered in advance, wherein, a user who accesses the web site through a terminal device is caused to input a user ID and a password, and a confirmation whether or not the user who is accessing the web site is a valid user is made based on whether or not a combination of the inputted user ID and password is registered. However, in the case that the user ID and the password are leaked to another person, the above user validation method is disadvantageous because the person who knows the user ID and the password can illegally access the web site while disguising their identity as that of a valid user.
For example, Japanese Patent Application Laid-Open (JP-A) No. 2000-209284 discloses a technique of performing user authentication by determining whether or not, in addition to the user ID and the password, a telephone number of a caller received from a telephone exchange is verified against a telephone number of a telephone line which is used by a registered user.
Japanese Patent Application Laid-Open (JP-A) No. 2001-325229 discloses a technique, wherein an IP address (and link source URL) with which the usage of service is permitted is stored in a database along with ID and password and a determination whether or not the usage of service is permitted is made, in addition to determination with the ID and password, by determining whether or not the access source IP address is registered in the database (and when the link source URL exists in an access signal, by determining whether or not the link source URL is registered in the database).