1. Field of the Invention
The present invention relates to a security control technique including user certification and use period management in a network game.
2. Description of Related Art
Recently, a user can access a game server via the Internet with a terminal device such as a household game apparatus to enjoy various games by utilizing a network. Such a game environment is called a “network game environment” in a wide sense. There are various ways in which the user utilizes the network in practice.
The first method is that the user plays the game on-line. Namely, with keeping the game apparatus connected to the game server, the user communicates data for game processing with the game server and plays the game. In this manner, normally, whenever the user accesses the game server to start the game, a user certification process is needed. Namely, it is checked whether the user accessing the game server is a registered user who has completed a user registration or not, and whether the user actually accessing the game server is a real registered user or not. Such a user certification is generally executed in such a way that the user inputs a user ID and a password, which are generally issued during the user registration, to the game apparatus to transmit them to the game server. The game server checks whether the user ID and the password which are received are those of the registered user, and executes the user certification.
On the other hand, in the second method, the user does not play the game on-line, but utilizes the network as a distribution means of a game program. That is, the user accesses the game server via the network and selects a desired game to download a program of the desired game into his or her game apparatus. Once the downloading has been completed, as a rule, the user does not have to access the game server in order to play the game because the game program itself is already in the game apparatus of the user.
There are some problems in the game which utilizes the network. One of the problems is the user certification. As described above, in the first manner, the user certification is generally executed by a combination of the user ID and the password. However, in view of security, a user certification process which utilizes the user ID and the password is very weak for the following reasons.
First of all, it is easy for a third person to copy and falsify the user ID and the password. The user ID and the password are mere character strings. Besides, since the user ID and the password are determined on the assumption that the user inputs them to the game apparatus by hand, those lengths are usually 10 letters at most. Thus, if the third person unfairly pretending to be the registered user guesses and inputs various character strings to play the games, he or she can relatively easily guess the user ID and the password of others. Additionally, once known to the third person, the user ID and the password are in danger of being rapidly spread out to others. Since plural persons can use the single user ID and the single password at the same time, anyone can use the user ID and the password to unfairly play the game if the user ID and the password are spread out.
If the number of the letters of the user ID and the password is increased, it becomes difficult to guess them. However, since the user generally has to memorize and input the user ID and the password by hand, input errors and password loss (forgetting it) can easily happen if the user ID and the password are long. After all, such a long user ID and password cannot be used in practice, and there naturally exists a limit of the security.
Further, it is possible that the third person unfairly plays the game by intercepting and obtaining the user ID and the password which the user transmits from the game apparatus to the game server during communicating on the network and by transmitting false certification result information as if he or she succeeded in the user certification to the game apparatus by preparing and using a dummy certification server.
On the other hand, as in the second method, the use period management of the game to the user may be a problem when the network is utilized as the distribution means of the game program. The game program which the user downloads is usually not free, and a system which permits playing the game in a predetermined period (including an indefinite period) on condition that the user pays a necessary fee is common. In that case, one of the methods for managing an expiry date is, first of all, that the user is obliged to access the game server and perform the certification process before playing the game. As soon as the game server is accessed by the user, the game server checks the expiry date for the user to play the game. Before the expiry date, the game server transmits information to permit playing the game to the game apparatus. As a result, the user can play the game.
However, it is troublesome for the user to access the game server whenever he or she starts the game, and it costs money to communicate the data. Therefore, it is desirable that the user does not have to access the game server after paying the fee, and a use expiry date is managed only by the game apparatus side.