In recent years, a magnetic card which incorporates an IC for wireless communication by an electromagnetic wave or the like has been used for an entry management system or an accounting system which utilizes electronic money or the like.
FIG. 18 shows a conventional system for personal authentication using a password. A user 21 holds an ID card 22 near a terminal 23 so that the ID card 22 is read. Then, the user 21 inputs a password to the terminal 23. Then a management server 24 conducts a check 25 of the password against data for a check 26, which the user 21 has registered in advance. When they match, the ID card identifies the user 21 as an authorized user and transmits the information. Thus, with the conventional system, data for a check is stored in the management server, therefore two-way communication between the terminal and the management server is conducted.
Details of the system are described with reference to a flow chart of personal authentication in an entry management system shown in FIG. 19. When a user holds an ID card near a reader terminal placed near a door (30), the ID card receives an electromagnetic wave transmitted from an authentication server 37 through the reader terminal and starts operation. The ID cards receives a signal of ID number requirement 31 and transmits (32) the ID number stored in the ID card to the authentication server through the reader terminal. Then, the authentication server identifies (33) the ID number stored in advance and provides a password corresponding to the ID number as data for a check. At the same time, the authentication server requires the user to input a password (34). When the user inputs a password using a key board or the like provided for the reader terminal (35), the authentication server conducts a check 36 of the inputted password against the password which has been stored in advance. When the passwords match (38), the user is identified as the authorized user and the door is unlocked (39). On the other hand, when the passwords do not match (40), the user is not identified as the authorized user and the door remains locked. The steps of 38, 39 and 40 are identified as authentication steps 49. In an entry management system with lower security, a password is not required to be inputted and a user is authenticated or not authenticated only by identifying an ID number.
As described above, in a conventional personal authentication system, a user holding an ID card is identified as an authorized user by a check of a name of the user, an ID number such as a personal authentication number, a password, and the like.
However, a person holding an ID card is not always the authorized user registered in the ID card. That is, when the genuine ID card is used, using the ID card by deputy or spoofing can be conducted. To judge the person holding the ID card is the authorized user registered in the ID card, many kinds of techniques for personal authentication by checking a biological feature (biometrics) (for example, see Patent Document 1) have been suggested.
[Patent Document 1] Japanese Patent Laid-Open No. 2002-269050