In recent years, there has been known an authentication system that uses biometric authentication such as fingerprint authentication or vein authentication to perform, for example, personal authentication of a user in front of an automated teller machine (ATM) of a bank. The biometric authentication is an authentication technique that uses organism information including physical and behavioral features of a user. There is no possibility of forgetting or losing the organism information of the user that is used for authentication. However, the organism information is unchangeable over lifetime of a user and hence, it is not preferable that the organism information is leaked. Accordingly, there has been proposed authentication in a state that organism information of a user is protected by random number addition, encryption, or the like.
Patent Document 1: International Publication Pamphlet No. WO 2011/052056
However, even when organism information of a user is encrypted by using public key encryption in a terminal unit, an authentication server having a secret key is capable of decoding a code and hence, when the security of the authentication server is compromised, the organism information of the user is leaked. Therefore, it becomes impossible hereafter to use the leaked organism information of the user. That is, to consider a case where the organism information is only encrypted, when the security of an authentication server is compromised, the authentication system per se fails.