Field of the Invention
The present invention relates to an authentication apparatus, system, and method using a plurality of authentication schemes.
Description of the Related Art
A mechanism of authenticating a user or device using a plurality of pieces of authentication information is known. There are provided, for example, a technique for ensuring high security using a plurality of pieces of authentication information, and a technique of improving the usability by only performing a first authentication step after a plurality of authentication steps are performed once.
U.S. Publication No. 2010/0241857 describes a system in which for each mobile terminal first authentication information unique to it and second authentication information generated for it are used, and if authentication using the first authentication information succeeds, communication with the mobile terminal is allowed and authentication processing using the second authentication information is executed.
Japanese Patent Laid-Open No. 2009-223739 describes an authentication apparatus including a first authentication unit for using an application installed on a terminal device, and a second authentication unit for using an external service. The authentication apparatus described in Japanese Patent Laid-Open No. 2009-223739 simplifies a user login operation using an authentication code obtained when authentication by the first authentication unit and that by the second authentication unit both succeed.
Furthermore, ONVIF Core Spec. Ver. 2.2 pp. 30-31 discloses a method of using two authentication schemes including HTTP digest authentication and WS-Security to maintain compatibility with an authentication scheme used in the previously released ONVIF specification.
In ONVIF Core Spec. Ver. 2.2 pp. 30-31, it is required to check the presence/absence of authentication information for HTTP digest and that for WSS (WS-Security) in a Web server. In ONVIF Core Spec. Ver. 2.2 pp. 30-31, if authentication information for WSS is included, even if no authentication information for HTTP digest authentication is included, authentication processing is executed using only the authentication information for WSS without performing HTTP digest authentication.
To check the presence/absence of authentication information for WSS in the Web server, it is necessary to analyze an HTML body, thereby imposing a high processing load.