This application is based on Japanese Patent Application No. 11-41564, filed Feb. 19, 1999, the contents of which are incorporated herein by reference.
The present invention relates to a personal authentication system using a portable unit such as an IC card and a portable unit and storage medium used for the system, more particularly, to a personal authentication system capable of preventing fraud based on tapping, and a portable unit and storage medium used for the system.
In general, in a field in which personal rights are verified, personal authentication systems are widely used to verify the rights of persons who hold portable ID card such as credit cards used in business transactions or entrance/exit management cards in restricted areas.
Magnetic cards are generally used as ID cards of this type. Recently, high-security, high-performance IC cards incorporating semiconductor chips have been used. As compared with a magnetic card, this IC card is designed to make it difficult to read/write internal information, and hence is expected to prevent frauds such as counterfeiting and leakage of information.
If, however, such an IC card is simply designed to hold internal information, it is difficult to prevent another person from fraudulently using the card upon loss or theft or pretending that the card is lost.
In order to prevent such frauds, an IC card is designed to register personal authentication information therein. This allows the collation section of a personal authentication unit to collate the personal authentication information transmitted from the IC card with input information separately obtained by input operation, thereby verifying the right of the person who holds the IC card. Note that the personal authentication information may be a password or the like.
In the above personal authentication system, however, there is a possibility that communication contents between the IC card and the IC card reader/writer and between the IC card reader/writer and the collation section of the sensor unit are tapped, and the personal authentication information is fraudulently read out and used.