In recent years, services in which shared articles are available in the form of renting or sharing the articles have become widespread. As an example, the use of vehicle sharing services (referred to as car sharing, a rental car service, and the like) is increasing and becoming widespread. In these services, technology for unlocking a door using an individual identification token such as a member card without exchanging a key in a face-to-face manner at the time of rental has been developed for convenience of users.
However, while it is possible to identify a user using only the individual identification token, it is impossible to manage authority of a use range or the like or determine the approval of the authority. To solve such a problem, a method of authenticating a user having use authority using information indicating the use authority is taken.
In addition, because it is impossible to confirm whether a person possessing the token is identified as a service user in the authentication method using the individual identification token, reliable personal authentication is difficult. To solve such a problem, authentication technology for reliable personal authentication according to authentication using biological information specific to an individual without imposing the burden of an operation or the like on the user is being developed.
Also, in an authentication method in which communication with a server device is necessary at the time of authentication, it is impossible to use the service in an environment in which communication with the server cannot be connected. Thus, authentication technology for providing a necessary minimum function for a vehicle even in a situation in which communication between an article (a vehicle or the like) and the server is not established is also being developed.
Therefore, when the authentication process is performed using biometrics or the like, it is necessary to reduce the burden on the side of a server device which manages an authentication element. Also, it is necessary to prevent information leakage from occurring when an authentication element is communicated between the user side and the server device.
Further, it is necessary to prevent a degree of the authentication process from being degraded even when communication between the user side and the server device is disconnected, in other words, even when the user side and the server device are not constantly connected.
Further, it is necessary to avoid a situation in which a service is unusable when the user loses a physical key (for example, a metallic key, an IC card having the function of a key, or the like).