In a network communication, because the party on the other end of the communication cannot be directly checked, a processing for checking whether or not the party on the other end of the communication is a person in question or a genuine object, that is, an authentication processing is important. Conventionally, in order to increase authentication strength, three-type integrated authentication including not only user authentication, and but also device authentication and environment authentication (here, which means checking whether or not a security function implemented and/or performance of the device to be used is sufficient) have been proposed (for example, refer to US 2004/0139316). This three-type integrated authentication is favorable in respect of increasing the authentication strength. However, in case of an urgent communication and/or various abnormal states, if strengthened authentication is always required, it is difficult to immediately process a request with high priority and/or carry out a processing with high priority in an abnormal state, such as a disaster. However, considering that a crime under a disaster frequently occurs, we can never omit the authentication.
In addition, JP-A-2003-248661 discloses a processing for changing an authentication level or the like according to user context information such as whether a requested processing is a private service for the user, whether a requested processing is a service requiring a small settlement, whether a requested processing is a service requiring a settlement within a predetermined price range, whether a requested processing is a service requiring a settlement with more than a predetermined amount, whether a processing to be carried out is an authentication processing to enter a room or pass through a gate or to access predetermined information, whether a former authentication was successful and the authentication processing was successively carried out within a predetermined time, and whether a service content for the user satisfies a predetermined condition. However, in this publication, an abnormal state is not detected at all and security related with the abnormal state is not considered.
As described above, the conventional technologies have a problem that there is no mechanism to dynamically change an authentication strength level and/or a communication priority (including access authority and the like) according to various abnormal states, and a connection setup procedure necessary at the abnormal state such as disasters cannot be carried out immediately. On the other hand, there is also a problem that uniformly lowering the authentication strength level allows a criminal to catch a chance.