In recent years, popularization of IC cards has been and is proceeding in various types of industry and business and various fields regardless of whether they are of the contact type and the contactless type such that, for example, a contact type IC card is used as a credit card or a contactless type IC card is used as a commutation ticket for an electric car. An IC card has an integrated circuit (IC: Integrated Circuit) built therein and is advantageous in that, when compared with a magnetic card of the type which stores information in a magnetic section thereof, the storable data capacity is great, that forgery thereof is difficult, and so forth. Further, a contactless type IC card has a characteristic that contactless communication is possible, and so forth. Thus, IC cards having various functions can be implemented by incorporating circuits for implementing various functions into the IC cards.
It is to be noted that the contactless type IC card is formed by embedding contactless interface antenna in the form of a coil therein, and induced electromotive force is generated by radio waves transmitted from a transmission antenna of an IC card reader to convert the received radio waves into electric energy to drive the IC.
In such a conventional IC card as described above, generally a password authentication method is used to authenticate that a user of the IC card is a legal user. In particular, secret information (for example, an ID (Identification) number, a password and so forth) of an owner stored in an IC memory of an IC card is normally protected against accessing thereto (protect setting). Then, when a user tries to use the IC card, a request to input a password is issued to the user, and, if an inputted password is coincides with the password set in advance, then it is authenticated that the user of the IC card is the owner of the IC card.
Then, only in the case wherein it is authenticated that the user of the IC card is the owner of the IC card in this manner, the IC card is set such that the secret information stored in the IC memory thereof can be read out from the IC card reader (protect cancellation), and the secret information is transmitted in accordance with a request from the IC card reader. It is to be noted that cancellation of protect of an IC card is sometimes called retention of a result of authentication in an IC card.
However, such a conventional password authentication method of an IC card as described above has essential vulnerability in security that a human being itself cannot be identified. In other words, the conventional password authentication method has a subject in that, where so-called “impersonation” is performed using a legal password acquired by means of an illegal procedure such as leakage of a password, analysis of a password or the like, prevention of illegal use of an IC card by an illegal user is difficult.
Therefore, also for an IC card, it is demanded to enhance the authentication strength in the personal identification by introducing biometrics authentication which is a collation technique for identifying a pattern of a fingerprint or the like which is part of the body.
However, since basically the size of a contact type IC card is prescribed by a standard or the like, for example, if a contact type IC card is not formed such that the thickness thereof remains within a predetermined thickness (for example, 0.78 mm), then it cannot be used with an existing IC card reader or IC card reader/writer cannot. The size of a circuit and a device which can be incorporated in such a contact type IC card is limited, and in the present situation, it is difficult to incorporate an intricate function such as a function for fingerprint authentication or the like in an IC card itself.
Further, also regarding an IC card of the contactless type (hereinafter referred to as contactless type IC card), there is the possibility that, if a circuit part for implementing an authentication function is disposed in the proximity of an antenna for a contactless interface, then noise may be generated and obstruct communication with the IC card reader. Also, there is the possibility that, if many chips and so forth are provided in a card, then generation of electromotive force may be obstructed by an influence of the chips and sufficient electromotive force may not be obtained. Therefore, it is impractical to incorporate a circuit for implementing biometrics authentication in such a contactless type IC card as described above.
Further, after authentication of an owner of an IC card is performed by an authentication function, it is necessary to retain a result of the authentication in the IC card at least until communication between the IC card and the IC card reader is started (in other words, it is necessary to keep the IC card in a state wherein secret information can be read out from the IC card using the IC card reader).
However, from the IC card which is in such a state wherein it retains a result of authentication as just described, secret information can be freely read out using the IC card reader. Consequently, for example, if the IC card is lost while it is in the state wherein a result of authentication is retained therein, then there is the possibility that the IC card may be used by a person by whom the IC card is acquired. Therefore, there is a subject that, if a result of authentication of an IC card is retained for a long period time in the IC card, then this increases the vulnerability in security of the IC card.
It is to be noted that, while it is a possible idea to provide an IC card with a timer function so that a result of authentication set in the IC card is deleted after a predetermined period of time elapses, there is a subject that it is difficult to set the preset value for the timer to an optimum value. In particular, if the preset value of the timer is excessively short, then a result of authentication is deleted before communication between the IC card and the IC card reader starts and the IC card cannot be used. On the other hand, if the set value of the timer is excessively long, then the security of the IC card degrades similarly as in the case wherein a timer is not set. In this manner, there is the possibility that it becomes very difficult for the user to use the IC card becomes.
The present invention has been made in view of such subjects as described above, and it is an object of the present invention to provide an electronic storage apparatus, an authentication apparatus and an authentication method which raise the security strength of a card type storage medium and can be used easily by a user.