1. Field of the Invention
The present invention relates to a person authentication system, a person authentication method, an information processing apparatus, and a program providing medium. More particularly, the present invention relates to a person authentication system, a person authentication method, an information processing apparatus, and a program providing medium, which can be advantageously employed, in a communication network such as the Internet or in data communication performed via a medium, to identify a person at a receiving end or to authenticate a person who uses a particular information apparatus such as a personal computer.
2. Description of the Related Art
A data processing apparatus such as a personal computer (PC) is widely used in a company or by a person. In some cases, secret data is stored in such an apparatus. To prevent such secret data from being accessed by an unauthorized user, techniques of preventing information stored in a PC from being leaked have been developed. One known technique for this purpose is to identify a user on the basis of a password input by the user or on the basis of biotic information of the user.
Now, it is popular to distribute various kinds of software data such as a game program, audio data, image data, and a document generating program (hereinafter, such software data will be referred to as a content) via a network such as the Internet or a storage medium such as a DVD or a CD which can be distributed. In such a situation, it is highly desired to quickly identify a user in a highly reliable fashion in various processes such as distribution of a content or reception of a fee for usage of a content. Furthermore, in the user identification process, it is very important to prevent personal information from being leaked.
One widely-used user identification method is to compare input data with preassigned data such as a user ID or a password. However, in this method, there is always a possibility that a registered user ID or password is leaked. Once a user ID or password has been leaked, the same user ID or password becomes unusable. One known method to avoid the above problem is to identify a user using biotic information.
An example of a conventional process of identifying a person using biotic information is described below. A representative example of biotic information for the above purpose is a fingerprint. A person authentication apparatus which reads a fingerprint and verifies it is described below with reference to FIG. 1. In FIG. 1, a user of a PC 20 registers his/her fingerprint information in a person authentication apparatus 10 including a reading apparatus, and data indicating the fingerprint is stored in a secure memory 14. The fingerprint information stored therein is called a template. When the user uses data on the personal computer 20, his/her fingerprint is read and compared with the template by the person authentication apparatus 10 serving as a fingerprint reading apparatus.
More particularly, reading of fingerprint information of a user is performed by a personal information acquisition unit 11 formed of a CCD camera or the like. After being read, the fingerprint information is subjected to a feature extraction process performed by an information conversion unit 12, and resultant data is compared, by a comparator 13, with the template stored in the secure memory 14.
The comparator 13 determines whether or not the data is identical to the template on the basis of a threshold value preset in the comparator. If the data and the template match with each other to a degree higher than the threshold value, the comparator 13 outputs an OK signal, while a NG signal is output when the matching degree is lower than the threshold value. The fingerprint information is stored in the form of fingerprint image data, and the data indicating the feature extracted by the information converter 12 is compared with the image data to check the matching degree relative to the threshold value.
In the case where the comparator 13 determines that the input information and the registered information match with each other, an authentication success message is transmitted to the personal computer 20 via a communication unit 16, and the user is permitted to access the personal computer 20. If it is determined that the input data does not match with the registered information, an authentication failure message is transmitted, and accessing to the personal computer 20 is refused. The person authentication apparatus 10 may include fingerprint information templates of a plurality of users (user ID=ID1 to IDn) stored in the secure memory as shown in FIG. 1, and a user may be permitted to access the PC if the person authentication apparatus 10 determines that a fingerprint of the user matches with some stored template. This makes it possible for a single person authentication apparatus to deal with a plurality of users.
However, the above-described person authentication apparatus has the following problems arising from the construction in which templates are stored in a memory of the fingerprint reading/comparing apparatus.
(a) To use the comparison result, it is required that a template be included in the fingerprint reading/comparing apparatus.
(b) In the case where a fingerprint is compared at a plurality of different locations, it is required to register, beforehand, the fingerprint in a plurality of fingerprint read/comparison apparatuses.
(c) Because templates are stored in the fingerprint reading/comparing apparatus, there is a risk that data representing templates may be tampered with or may be read by an unauthorized person.
(d) When the comparison result is transmitted to a PC or the like, the comparison result can be easily attacked.
As described above, the conventional person authentication system is coupled in an inseparable fashion to a particular data processing apparatus such as a personal computer which deals with secret information, in which the person authentication system is assumed to authenticate only users who deal with that personal computer, and thus the person authentication system cannot be used to authenticate a user who uses another device in which no template is stored. Furthermore, because templates are stored in the fingerprint reading/comparing apparatus itself, there is a problem in terms of security and reliability of templates.
Furthermore, in data transmission in which encrypted data is transmitted via a network or in data distribution via a medium, data is generally encrypted using a public key, and a public key certificate is widely used to guarantee the reliability of the public key. However, although a public key certificate certifies a public key itself, the public key certificate cannot guarantee the relationship between the public key and a person who owns that public key. That is,
(e) No technique is known to guarantee the relationship between a public key used in transmission of encrypted data or the like and an owner of that public key, and a good enough means for identifying the owner of the public key is not known.
As described above, the conventional person authentication system has various problems to be solved. In particular, in a recent social situation in which advanced communication systems via networks such as the Internet have become very popular, a large amount of secret information and personal information are frequently dealt with using various communication devices and data processing devices at various locations and at various times. Furthermore, in pay contents distribution systems/services in which contents are distributed to specific users such as registered members, it is required to identify users when contents are distributed or services are provided. Thus, it is highly desired to realize a person authentication system which is usable without having limitations in terms of locations, times, and devices used.