As an encrypting technique, a method of confirming IDs by using public keys is well known. This method called “Public Key Infrastructure (PKI)” uses a pair of encrypting keys with which information encrypted on one side can be decrypted only on the other side. One of the keys is saved confidentially as a secret key of a user to an IC card or the like, and the other is opened as a public key.
Encrypted texts that can be decrypted with the public key of the user are the texts encrypted with the secret key of the user. Through checking whether or not an encrypted text such as an electronic signature can be decrypted with the open key of the user by utilizing such mechanism, it is possible to clarify whether or not the signature is encrypted with the secret key that makes a pair with the public key. However, with this method, it is difficult to check whether or not a person who has presented the encrypted text such as the signature is a legitimate user, since it is possible for other parties to obtain the secret key by stealing the IC card to which the secret key is recorded, or by lending or borrowing the IC card between the user and the others.
Normally, the secret key is protected by a password or the like so as to secure a link between the secret key and the user with the password. However, it is also possible to tell the password itself to the others. Further, the password can be analogized or stolen by fishing or the like. Therefore, it is difficult to guarantee the link between the secret key and the user by simply protecting the key with the password.
Recently, biometric authentication that confirms ID of a person by using biometric features such as a fingerprint, iris, face, or vein has become well known. This is a method which confirms the ID of the user by comparing a template that is biometric information recorded in advance and biometric information inputted by a subject user.
There is a method which uses this biometric authentication as the basis for authenticating the public key to protect the secret key through the biometric authentication. In a client server system, the biometric authentication is conducted on the client side. When the authentication is successful, the secret key can be made available. Thus, the signature encrypted with that secret key is sent to the server. The server performs individual authentication of the user by using the received signature. However, it is not known in this case whether or not the secret key is obtained through actually performing the biometric authentication, even though it is possible to recognize that the client has the secret key.
In view of the foregoing issues, Patent Document 1 depicts an example of a conventional ID system in which a server checks that the biometric authentication is conducted on a client side, and performs user authentication. In the ID system depicted in Patent Document 1, a biometric authentication device connected to the client gives a signature on a result of the biometric authentication. Then, the client gives a user signature on the signed collation result, and sends it to the server as collation related data.
Patent Document 1: Japanese Unexamined Patent Publication 2003-143136.