1. Field of the Invention
This invention relates to an authentication system and method, an identification information inputting method and apparatus and a portable terminal. More particularly, it relates to an authentication system and method which, in the process of a service provider authenticating a user, render unauthorized acquisition of the personal information on the user by a third party difficult. This invention also relates to an identification information inputting method and apparatus and a portable terminal which, in the process of a user inputting an encryption key, render unauthorized acquisition of the personal information on the user by a third party difficult.
2. Description of Related Art
Heretofore, in recognizing whether or not a user is authorized to exploit a given service entity, a method has basically been used in which a service provider issues a physical ticket or a member's card for the user in advance and, at the point in time of the user exploiting the service, the ticket or the member's card is checked by way of performing the authentication.
For example, in a credit sale system, typified by a credit card sale system, the service provider identifies a user by the card information recorded on a card presented by the user, that is, the personal information, in order to carry out credit trading. In this case, the user is authenticated by simply causing a card reader to read the credit card owned by the user.
On the other hand, a so-called debit payment system in which the debit has the opposite meaning to that of credit is also becoming accepted as being among the various payment methods. In the debit payment service, a user inserts a bank cashing card in a sale point information management terminal, or point-of-sale (POS) terminal, and enters a secret identification number and amount. In this case, the charge is instantly transferred from the user's account by way of performing a liquidation.
Also, with the coming into widespread use of the Internet, a user is able to purchase goods through the Internet and to make corresponding payments. For example, the user is able to make payment on simply transmitting the preset information of a credit card to the service provider.
The present Assignee has already proposed encrypting a key signal using a random number for preventing unauthorized use (Japanese Laying-Open Patent Publication 2000-332748).
However, the above-described payment methods are low in reliability for a authentication procedure, such that acquisition by a third party of the card information may occur at any point in time in the process of the authentication procedure.
For example, the authentication procedure by a credit card simply resides in causing the card reader to read-in the card. When shopping in a store and using a credit card for payment, the user hands his or her credit card to a sales clerk for the payment procedure. At this time, the sales clerk is able to cause another card readercapable of holding the credit card information to read-in the card information, while being able to exchange willfully the card with another one. That is, the risk is high that the personal information stored in the card may be illicitly acquired (skimmed) by a third party.
In the case of the Internet, in particular, it may be a frequent occurrence that payment may be finished simply by the user transmitting the preset information stated on the credit card to the service provider. Up to now, there was the risk that the credit card information could be intercepted and stolen by a third party in the communication process. Moreover, in the case of the Internet, there is no direct contact between the service provider and the user, so that there is the risk that a third party could feign being the card owner in the communication process for payment and make an unauthorized false payment or could adulterate payment data, thus lowering reliability.
Also, in debit payment, a caching card is inserted into a POS terminal. Since the user inputs a secret identification number via input means in the POS terminal, the number may be illicitly acquired by a third party in the case where the input means, etc., of the POS terminal is willfully modified. On the other hand, should there be no physical screening means around the POS inputting means, a third party may be in a position to acquire illicitly the secret identification number by simply and secretly peeping at the figures of the numbers being input by the user. Moreover, if the secret identification number is skimmed, stolen or exchanged with another one, there is the risk that the card can be repeatedly used in an unauthorized manner until this state is recognized by the card owner.
Although there is known a technique of encrypting the key number by a random number, as described in the aforementioned Japanese Laying-Open Patent Publication 2000-332748, there is not a service system that is improved so that skimming of the secret identification number of the card may be prevented.
The above-described servicing system suffers from many drawbacks in connection with reliability, such that, if this problem is seen in the perspective of a business, the user may feel anxious about its safe service utilization due to this flaw in operational reliability. As a result, the number of users may not increase as expected, despite the fact that a large installment investment is needed for POS equipment, thus leading to low profitability for the business.
In view of the above-described prior art technique, it is an object of the present invention to provide an authentication system and method which, in the process of the service provider authenticating a user, render it difficult for a third party to acquire illicitly the user's personal information.
It is another object of the present invention to provide an identification information inputting method and apparatus which, in the process of the user inputting identification information, render it difficult for a third party to acquire illicitly the user's personal information.
It is still another object of the present invention to provide a portable terminal which, in the course of the user inputting identification information, renders it difficult for a third party to acquire illicitly the user's personal information.
It is a further object of the present invention to provide an authentication system and method, an identification information inputting method and apparatus and a portable terminal which remove the marked apprehension entertained by users at large about service exploitation, increase the number of latent users and improve the profitability of business.