Conventionally, when a service providing server, which provides services only for specific users, receives an access from a user terminal, it carries out an authentication processing by using a user ID and a password to confirm whether or not the access source is the specific user. In such a conventional technique, it is supposed that the correct user ID and password have been distributed to the specific users. However, because a problem such as leakage of the password might occur when the same password has been used for a long time, there is a case where an administrator of the service providing server changes the passwords. In such a case, properly, it is necessary to safely distribute the new password to the specific users. Incidentally, there is case where plural users share one set of the user ID and password. However, when the change of the password is not completely informed to all of the users in such a case, a failure in the authentication for a certain user who does not know the change occurs, and the certain user cannot receive the service from the service providing server. Especially, when the failures in the authentication successively occur predetermined times, the account may be locked. Therefore, a large problem may occur.
For example, JP-A-2001-117879 discloses a technique to efficiently carry out a product sales service and customer management by reducing the load of the store manager and the cost for the system development, its operation or like, and enabling to provide services, which are determined by the store manager, for individual customers. Specifically, a store terminal apparatus transmits an authentication key, which allows the user to utilize the store's service, to a server, in addition to specific information (information concerning good treatment or the like) concerning the service. When the authentication key issued by the store terminal apparatus is inputted by the user, the server allows the user to utilize the store's service based on the authentication key. There is no special device for the distribution of the authentication key.
In addition, JP-A-2003-223398 discloses a technique enabling a Web server to reflect the update to associated other user terminals when the contact destination information is managed on the Web server and one user terminal updates the contact destination information registered on the Web server. Specifically, when one user terminal updates the contact destination information registered on the Web server, the Web server updates the contact destination information on other user terminals whose storage area on the Web server stores a public ID associated with the contact destination information based on the updated contact destination information or the Web server transmits a message about the update to other user terminals, and in response to a request from a certain user terminal, it transmits the updated contact destination information to the certain user terminal, and the certain user terminal updates the contact destination information the certain user terminal holds based on the received contact destination information. The contact destination information is updated. However, an object of this application is to update the distributed data in order to hold the consistency, and information used for the authentication is not updated.
Furthermore, JP-A-2004-302869 discloses a network system, which enables the flexible control of a login state for each service, immediately reflects the change of the login state to other services, suppresses the influence of the performance to the minimum and, furthermore, does not need any special portal. Specifically, each of SSO applications holds login state information in a login state information database, and can flexibly manage the login state. In addition, an access to the SSO application by a client is held as access information into an SSO access information database in an SSO server. When a change request of the login state such as a login or log-out is received from a client, the SSO server utilizes the access information to notify the SSO applications to which the client of the requesting source accessed until then of the login state information. Thus, the login state can be reflected to other service. However, the distribution after the change of the authentication information is not considered.
Moreover, JP-A-2004-295711 discloses a user account management method in a network system, which enables to reduce the user management load by carrying out user uniform management and to reduce the user management load of plural passwords while securing the security by setting different password for each device. Specifically, an authentication server carries out uniform management of the user information of the network system, and a password manager generates and manages a device-unique password combining a basic password determined by a user and a token the user can easily recognize. Furthermore, a function to store the password information and to present a password for a server desired by the user is provided to a portable terminal. Even in this publication, the distribution after the change of the authentication information is not considered.
In addition, JP-A-2005-165418 discloses a technique to carry out authentication at a login by using an ID, a password and an individual ID. Specifically, when a portable terminal accesses a server computer via the Internet and an in-house LAN, the unique individual ID assigned to the portable terminal and an ID and password inputted if necessary are transmitted to a terminal authentication system via a firewall A apparatus. The terminal authentication system carries out the authentication of the portable terminal by using the individual ID held by the portable terminal to compare the individual ID received from the portable terminal with the individual ID registered in advance in an individual ID storage DB, and controls the access to the in-house LAN. Although the access is controlled by introducing the individual ID, the distribution of the authentication information is not considered.
Furthermore, JP-A-2005-149341 discloses a technique in which it is not necessary to share secret information in advance, and an authentication processing and/or an access control for a service providing request is carried out even from a network for which the account is not held. Specifically, first, a service providing server for which a user requests the login accepts user authentication information and management apparatus information (authentication server information), identifies an authentication server, which is a management apparatus of an inquiry destination, based on the management apparatus information, transmits the user's authentication information to the identified authentication server of the inquiry destination, and the authentication server of the inquiry destination managing the user account carries out the authentication processing. The service providing server refers to the authentication result returned from the authentication server of the inquiry destination, and carries out the authentication processing for the user requesting the login. After this user authentication, it responds to the service request desired by the user. Although it is described that the authentication is not carried out by itself, the distribution of the authentication information is not considered.
Thus, such publications does not disclose a configuration to safely and surely distribute the authentication information to users or user terminals in a case where an administrator changes the password regardless of the user's intention, although the authentication information, especially the password, is mainly updated by the user.