1. Field of the Invention
The present invention relates to authentication systems which authenticate a person who has already been known to the systems, and more particularly, to an authentication system, a fingerprint identification unit, and an authentication method used when stored information is manipulated.
2. Description of the Related Art
Encryption technologies used for information security in electronic money, electronic mail, and electronic settlement have undergone remarkable development in recent years.
In systems handling electronic money, such as electronic commerce using the Internet, it is necessary to prevent impersonation, which is a crime in which a person pretends to be another person and performs a false transaction, and a denial, which is a crime in which a party concerned denies a transaction after the party has performed the transaction to avoid the debt of the transaction. Encryption technologies are used to authenticate a person to prevent such an impersonation and to issue a certification using a digital signature technique to prevent such a denial.
A public-key encryption method is one encryption technology. In this method, a public key which is made public and a private key which the parties concerned hold confidentially are generated, text (including an order form and a bill) encrypted by the use of the public key is decrypted with the use of the private key. The features of this method are that text encrypted by the use of the public key can be decrypted only with the use of the private key, and conversely, text encrypted by the use of the private key can be decrypted only with the use of the public key. With the use of this feature, authentication and a digital signature are realized. As described above, information security is achieved with the use of the public-key encryption method on condition that the parties concerned keep the private key confidential. At present, the private key is stored in a hard disk of a computer or in a secondary storage medium such as an IC card, and is allowed to be read by the use of a password. Alternatively, the private key is kept by an authentication organization.
It is difficult, however, to keep the private key used in the public-key encryption method confidential, in other words, to keep the private key such that a third party cannot find it. Currently, there is no reliable apparatus or technology to safely keep the private key generated in the public-key encryption method.
When the private key is kept with an assigned password, for example, if the password is found, the private key is easily removed. A method for storing the private key in an IC card has been proposed. In this method, however, a password needs to be used as a trigger in encryption and decryption of the private key in the IC card. Therefore, in the same way as in the method in which the private key is stored in the host computer, if the password is found, the private key is easily removed. When an authentication organization stores the private key, it provides safety since it uses a very confidential system whereas it requires a reasonable amount of money.
Even if the private key is stored absolutely confidentially, the private key appears temporarily when encryption and decryption are performed in a computer. A special program which operates in such a condition could be created to find the private key. If this occurs, the public-key encryption method can be broken.
In the above description, the private key in the public-key encryption method needs to be confidentially stored. An encryption key used in a symmetric encryption method (an identical encryption key is used both in encryption and decryption), a password, and other important data also need to be stored safely.