The prevent invention relates to an electronic authentication system for identifying a user who is going to use a recording medium in which information for making use of any kind of computerized service has been stored. More particularly, the invention relates to technology effective for application to an electronic authentication system for identifying a person who is going to use an IC card as the valid possessor of the IC card on which information has been stored for making use of any kind of computerized service. The invention is applicable, to e.g., a digital money system, a computerized certificate card of residence issued by a local government, or a home security system assuring lock/unlock conditions under centralized supervision.
Nowadays, systems have been devised to provide a certain kind of computerized service, such as, for example, a digital money system, a computerized certificate card of residence issued by a local government, or a home security system assuring lock/unlock conditions under centralized supervision, by storing the information for such service on a card-shaped recording medium and implementing the service, based on the information recorded on the card when the service is requested. When any of these systems provides service in this way through a card on which information for making use of the service has been stored, authentication is necessary to establish that the person who is going to use the card is a valid user of the card. For example, a system that allows a person to pay for purchased goods using a credit card generally uses an authentication method in which the system is given the code number of the person who is using the card for payment when identifying the card user.
Japanese Patent Prepublication No. Hei 10-149103 describes an authentication method and an authentication system in which it is possible to detect a counterfeit IC card offline from the central computer; i.e., there is no need for online communication between an electronic commerce and settlement terminal and the central computer for user authentication.
Japanese Patent Prepublication No. Hei 11-282998 describes a method of identifying a user of a communication system, which method is applied to communication systems comprising user cards, communication terminals and communication servers. According to this method, in the user authentication protocol to be completed when connecting a communication terminal to a communication server, the user operation is simple and data transmission and reception between the terminal and the server for user authentication are required only once.
Because the above-mentioned previous systems using cards carry out user authentication based on the code number of a specific user, a problem is encountered in that there is a possibility of cheating in settling an account using a stolen card, a counterfeit card, or the necessary code number acquired by dishonest means. In the present situation, there are no generally practicable methods which represent an alternative to the method of the present invention. In the future, electronic settlement and similar procedures using cards are expected to be prevalent, and so it will be important in carrying out such procedures to identify a person who is using the card.