As individual authentication methods, password authentication and biometrics authentication are known.
The password authentication is a simple authentication method as a system and widely used these days. From a viewpoint of the cognitive psychology, this method is categorized as a method of “retrieving” and “reproducing” a meaningless symbol memory or a “semantic memory”, a memory that is not accompanied by experience, from memory storage information in the human brain.
However, as already known as a problem of passwords, reproduction of meaningless symbols or a memory without experience is difficult for a person with a weak memory, especially for an elderly person, and easily leads to an errornous reproduction.
Converting simple numbers or symbols into a semantic memory and memorizing as the semantic memory, typically using the birth date as a password, is a common practice employed in order to avoid such a drawback. However, examples of the conversion of numbers into a semantic memory are extremely limited for most people, to the birth dates or the like, and damages from spoofing by a third person could be easily caused.
In order to minimize the damage occurring when a password is stolen, it is desirable to use a different password for a different authentication medium. However, because it is difficult to memorize, recall, and reproduce the passwords corresponding to the respective authentication media, it is often the case that these passwords are written down in a notebook and such. As a result, when the notebook and such is stolen, all of the passwords are stolen.
The latter, i.e., the biometrics authentication, uses physiological information inherent in a user, so that the biometrics authentication can advantageously prevent the information from being forgotten or lost. However, since the information is unique to the user, it is not possible to use different user authentication information for each recording medium. Thus, it is not possible to use different user authentication information for each recording medium. Thus, there are problems that, when the user authentication information is stolen, all the authentication media are damaged, and alternative person authentication information can be disadvantageously very difficult to be obtained.
In addition, an input device is newly required to read physiological information. Furthermore, because inputted information changes depending on input/read conditions, there is a problem that a so-called user rejection ratio, which indicates rejection of an authenticated user, occurs at a predetermined probability. In addition, when the barrier for checking is lowered to reduce the rejection probability, the probability of spoofing of the user by a third person increases. A trade-off relationship between the user rejection ratio and the spoofing probability by a third person is an inevitable problem.
The inventor of the present invention filed an application for an invention as Japanese Patent Application No. 2002-25110 (Japanese Patent Application Laid-Open No. 2003-228553). This invention was contrived with an object of facilitating the memory of the personal information and of hindering the spoofing probability by a third person in an attempt to solve the above noted problems of the password authentication, and with a further object, in an attempt to solve the above noted problem of the biometrics authentication, of allowing to change person authentication information for each recording medium, and of simplifying the input and reading mechanism, as well as of reducing the user rejection ratio and improving the protection against the spoofing probability by a third person.
This invention of the prior application relates to a technology of an image using type person authentication system and in place of the password authentication and the biometrics authentication, the image information is defined as authentication means.
The person authentication system only covers the user side and the server side only authenticates a normal user and accepts it excluding “a pretending user”.
However, with the increasing number of Net crimes, growing is the recognition that the user authentication on the system side is not sufficient and the system on the user side is also necessary. Authentication of the system by a terminal owned or controlled by the user has already been put into practice. However, an effective technology of “system authentication by the user” for directly authenticating the system without relying on the terminal under the condition that the user himself or herself cannot rely on the terminal is yet to be developed.