A portable information recording medium typified by an IC card has rapidly spread in conjunction with downsizing of technology, and it is only a matter of time before IC cards become prevalent on an individual general user basis one by one. Thus, as portable information recording media such as IC cards have increasingly come to be used as a tool that is essential in social life, security comes into important question. To access an IC card, a so-called reader/writer device is used, and a computer system carries out an exchange of data with the inside of the IC card via this reader/writer device. Normally, when an IC card is inserted into a reader/writer device, processing is executed for authenticating each other.
Authentication of an IC card from a reader/writer device is normally made according to a method in which arbitrary authentication data (using random numbers) is provided from the reader/writer device to the IC card together with an authentication command, and it is verified whether or not the IC card makes a correct response. Concretely, a public key cryptosystem is used, and a secret key α is stored inside an authentic IC card in advance, authentication data (arbitrary random numbers) provided in the reader/writer device is encoded by using this secret key α, and encoded data thus obtained is fed-back as a response. Then, the reader/writer device decodes this encoded data that has been fed-back as a response, and authenticates the IC card based on a judgment whether or not data obtained through this decoding process agrees with the original authentication data.
The secret key α stored in the IC card is normally structured so as not to be externally read out by any method, so that it is very difficult to imitate an IC card having a correct secret key α. Therefore, according to the above-mentioned method, if data that is obtained by decoding the encoded data fed-back as a response agrees with the original authentication data, it is authenticated that an IC card is not fake.
As mentioned above, logically, a secret key a stored in an IC card is prevented from being externally read out by any method. However, in reality, there is a method for externally detecting a secret key α stored in an IC card in a nondestructive manner by analyzing physical phenomena (for example, electric power consumption) in operation of the IC card. For example, a method called DPA (Differential Power Analysis) is based on a principle in which, by statistically analyzing a waveform of electric power consumption of an IC card, the contents of a secret key α are estimated. Concretely, in a condition where a measuring system for measuring electric current consumption inside an IC card is connected to a power supply terminal, etc., of the IC card, predetermined authentication data is repeatedly sent from a reader/writer device, an encoding operation using a secret key α is executed inside the IC card, and a power consumption waveform at this point is analyzed, whereby the contents of the secret key α are statistically detected.
An object of the present invention is, therefore, to provide an authentication method for a portable information recording medium, by which reliable security against illegal analyzing methods as mentioned above can be secured.