In a general authentication system, when a service providing server authenticates a user, the service providing server does not authenticate the user directly, and a method to authenticate the user based on user authentication information which an authentication server has issued is considered. For such authentication method, there are “SAML (Security Assertion Markup Language)” indicated by non-patent document 1 and “OpenID (Open Identifier)” indicated by non-patent document 2, or the like.
By adopting such authentication method, the service providing servers do not need to have an authentication function such as the password administrative function, and the service providing servers do not need to individually mount the authentication function respectively.
An example of a system using such authentication server will be described. As shown in FIG. 21, the system is composed of a terminal equipped with an input/output device with the user, an authentication server, and a service providing server. FIG. 22 is a sequence diagram showing an operation of the system. Using FIG. 21 and FIG. 22A, the operation which the service providing server authenticates the user using the authentication server will be described.
First, in order to receive service from a service providing server, the user inputs “user ID (IDENTIFIER)”, “address of a service providing server”, and “information on the authentication server” to a terminal (Step S401).
Next, the terminal which received the input makes access to the service providing server and passes “user ID” and “information on the authentication server” (Step S402).
The service providing server requests the authentication server “the user authentication information” which indicates the effect that the user indicated by “user ID” was authenticated (Step S403).
Next, if the user indicated by “user ID” has already been authenticated, the authentication server sends “the user authentication information” to the service providing server (this step is not shown). If the user indicated by “user ID” has not been authenticated yet, the authentication server requests the terminal to display a screen which requests a password input for authentication to the user (Step S404).
Next, the terminal displays a screen of password prompt and sends “password” which the user inputted to the authentication server (Steps S405 and S406).
Next, the authentication server judges whether “password” matches the value set in advance, and when matching, authenticates the user.
Next, when the user is authenticated, the authentication server sends “the user authentication information” to the service providing server (Step S407).
The service providing server, by receiving “the user authentication information” from the authentication server, authenticates the user.
By the above mentioned operation, an authentication method using the authentication server authenticating the user not by the service providing server authenticating the user directly but by trusting the user authentication information issued by the authentication server, is provided.
The authentication method using the above-mentioned authentication server, when the authentication server has been managed by a specific telecommunications carrier, information on the authentication server which the user is using is known by the service providing server. As a result, there was a problem that a service provider can guess information on which telecommunications carrier the user is belonging to.
Technology to solve such problem is disclosed in patent document 1. Technology of patent document 1, in order to hide information on the authentication server which the user is using from a service providing server, has an authentication mediation server which mediates the transmission and reception of authentication information between a service providing server and an authentication server.
Technology of patent document 1, for example has a system configuration as FIG. 23, and a logical connection of the authentication server and the service providing server is performed via the authentication mediation server. By mediating the authentication mediation server, because the service providing server does not communicate with the authentication server directly, the service providing server can hide information on the authentication server from the service provider.
FIG. 24 is a sequence diagram showing an operation of the system. Using FIG. 23 and FIG. 24A, the operation of the service providing server to authenticate the user via the authentication mediation server will be described.
First, the user, in order to receive authentication by the authentication mediation server, inputs “user ID”, “address of the authentication mediation server” and “information on the authentication server” to a terminal (Step S501).
Next, the terminal which received this input makes access to the authentication mediation server and passes “user ID” and “information on the authentication server” (Step S502). Then, by the same operation as an example of the authentication method using the authentication server, the user is authenticated from the authentication server, and the user authentication information is sent to the authentication mediation server (Steps S503-S507). The user authentication information hereof is information that the user indicated by “user ID” is authenticated by the authentication server.
In addition, the authentication mediation server, by trusting the user authentication information from the authentication server, has the user to be authenticated.
Next, the user, in order to receive service from the service providing server, inputs “user ID”, “address of the service providing server” and “information on the authentication mediation server” to a terminal (Step S508).
Next, the terminal which received this input makes access to the service providing server and passes “user ID” and “information on the authentication mediation server” (Step S509).
Next, the service providing server, to the information on the authentication mediation server, requests “the user authentication information” which indicates the effect that the user indicated by “user ID” was authenticated (Step S510).
Then, the authentication mediation server, because it has already authenticated the user, sends “the user authentication information” to the service providing server (Step S511). The user authentication information hereof is the information that the user indicated by “user ID” is authenticated by the authentication mediation server. In other words, in the user authentication information hereof, information on the authentication server is not included.
The service providing server, by trusting the user authentication information from the authentication mediation server, has the user to be authenticated.
As seen as above, by having the authentication mediation server mediating authentication information between the service providing server and the authenticate server, the service providing server does not communicate directly with the authentication server. Further, because information on the authentication server is not included in the user authentication information which the authentication mediation server issues, information on the authentication server can be hidden from the service providing server. As a result, which authentication server the user is using can be hidden from a service provider, and the user's privacy can be protected.
On the other hand, technology that selects an appropriate certificate authority from a plurality of certificate authorities is disclosed in patent document 2. Technology described in patent document 2 is a technology that a user device obtains a certificate authority list for stores from a store device, and compared with a certificate authority list for visitors which one has, selects a suitable certificate authority.
Further, another technology that selects an appropriate certificate authority from a plurality of certificate authorities is disclosed in patent document 3. Technology described in patent document 3 is a technology that, based on a record of the number of successful authentication corresponding to each authentication server, selects an authentication server.