An authentication technology for authenticating a user on a network is available. Password information, biometric information, or other information to be checked during an authentication is preregistered so that input information is compared against the preregistered information during the authentication. The authentication is determined to be either successful or unsuccessful depending on the result of comparison. The authentication technology described above is used, for instance, for an authentication function exercised in a banking system and for an authentication function for electronic commerce and electronic payment.
In some cases, the information to be checked and the input information are encrypted. In a biometric authentication system, for example, encrypted biometric data is registered as registration information. The biometric authentication system uses the degree of similarity between authentication target information, which is obtained by encrypting separately measured biometric data, and the registration information to perform an authentication with the biometric data kept secret. The above-described biometric authentication system is disclosed, for instance, in Japanese Laid-open Patent Publication No. 2005-130384 and in Haruki Ota et al., “Proposal of an Iris Identification Scheme Protecting Privacy”, Computer Security Symposium 2003, October 2003.
More specifically, a terminal in the biometric authentication system acquires an iris code from an image having biometric information at the time of registration and computes the exclusive OR of a random number and the iris code. Further, the terminal transmits the result of computation to a server. The server then registers the received computation result in a database as registration information.
Next, at the time of authentication, the terminal acquires the iris code from the image and computes the exclusive OR of the same random number and iris code used at the time of registration. Next, the terminal transmits the result of computation, that is, the authentication target information, to the server. The server then computes the exclusive OR of the authentication target information and the registration information. The result of computation represents a hamming vector of the iris code derived from the image used at the time of registration and the iris code derived from the image used at the time of authentication. This hamming vector removes the effect of the random number. Consequently, the server is able to determine whether or not the authentication is successful without decryption of the encrypted biometric data.