Recently, in information systems, authentication using biometric information has started to be performed to improve the accuracy of user authentication. Various types of biometric information are available. For example, the use of biological features, such as fingerprint or a pattern of veins, or functional features, such as a signature or a voiceprint, has been proposed. Although it is hard to forge biometric information, the biometric information cannot be changed even when it is compromised; i.e. becomes known to unauthorized third parties. The amount of private information included in biometric information may be considerable as compared with conventional passwords. Thus, it is preferable that information, such as biometric information and features based on the biometric information, be managed by the owner. For example, hitherto, in many cases, biometric information has been recorded in a device such as an IC card carried by the user, and in few cases, biometric information has been recorded in a server managed by a third party.
In a technique disclosed in Japanese Published Patent Application No. 2002-351843, respective parts (called templates) of biometric information are stored separately in a server and a terminal. When authentication is performed, these templates are combined to be used for authentication. When biometric information is re-registered, usually, only the template on the terminal side needs to be updated. In this arrangement, operating costs related to storage and re-issue of templates can be reduced. Japanese Published Patent Application No. 2004-088373 discloses a technique for improving the accuracy of authentication by combining authentication based on biometric information with authentication in which an encryption key or the like is used.
IC cards are resistant to tampering and information loss. However, in a situation in which IC cards are managed by individuals, biometric information may be compromised; i.e., become known to unauthorized third parties. When biometric information is compromised, it is preferable that the compromised biometric information not be used in the subsequent authentication because the compromised biometric information may be used to set up an illegal activity such as spoofing. However, if the compromised biometric information is not available for use in authentication, it may be impossible to continue the subsequent authentication using the same biometric information. Thus, a technique is desired in which, even when biometric information is compromised, effective illegal use of the biometric information by third parties is made difficult, but valid authentication can be continued.