1. Field of the Invention
The present invention relates to an information processing system suitable for safe password authentication by a password managing apparatus on a terminal apparatus that makes a remote log-in to a server apparatus, and to a computer-readable information recording medium that stores a program for realizing the server apparatus or the password managing apparatus that constitutes the information processing system.
2. Description of the Related Art
Techniques that allow a terminal apparatus to make a remote log-in to a server apparatus via a computer communication network have conventionally been proposed.
Users can make a direct log-in to a server apparatus by using an input/output device that is directly connected to the server apparatus. Users can also use any other kind of computer that is connected to the server apparatus via the Internet or the like as their terminal, and can access the server apparatus from this terminal apparatus, which provides a remote desktop.
That is, the remote desktop relays an input entered by the users from the terminal apparatus to the server apparatus, and displays the result output from the server apparatus on the terminal apparatus.
Meanwhile, user authentication techniques that have conventionally been proposed include password authentication using a one-way hash function and authentication using a predetermined transformation rule. Such authentication techniques are disclosed in Patent Literature 1 identified later.
According to the technique disclosed in Patent Literature 1, a password deriving pattern for each user is pre-registered in an authentication server. When a user intends to use a system, the authentication server generates a presentation pattern and presents it to the user to let the user enter a password corresponding to the user's password deriving pattern in response to the presentation pattern, authenticates the entered password based on the presentation pattern presented and the user's pre-registered password deriving pattern, and notifies the authentication result to the system of which use is intended.
A “domain” technique in which a plurality of computers use a common user name and a common password has also been proposed. In such a “domain”, a password managing apparatus that manages the password notifies an authentication result to each computer.
[Patent Literature 1] Unexamined Japanese Patent Application KOKAI Publication No. 2005-196800
In a case where the technique disclosed in Patent Literature 1 is applied to a remote desktop service, it is often insufficient for a server apparatus (corresponding to the “system of which use is intended” of Patent Literature 1) to only receive an authentication result from a password managing apparatus (corresponding to the “authentication server” of Patent Literature 1).
Particularly, in a case where the server apparatus encrypts a file system by using a password assigned to a given user, the server apparatus has to somehow acquire the very password of the user.
Also in a case where a server apparatus and a password managing apparatus are independently operated and managed, e.g., in a case where they are managed by different bodies, a safe remote log-in is highly requested.
The present invention aims for solving the above problem, and an object of the present invention is to provide an information processing system suitable for safe password authentication by a password managing apparatus on a terminal apparatus that makes a remote log-in to a server apparatus, and a computer-readable information recording medium that stores a program for realizing the server apparatus or the password managing apparatus that constitutes the information processing system.