The present application relates to an authentication system, authentication apparatus, authentication method and authentication program, and particularly relates to a technique for improving security when authenticating a user who uses an Automatic Teller Machine (ATM) in a bank and the like, for example.
When a user operates an ATM, a financial institution such as a bank performs various operations associated with his/her saving account, such as withdrawal of money and transfer of money from his/her saving account to other accounts.
A saving account management system, which manages users' saving accounts in financial institutions, utilizes a host computer to manage information about users' saving accounts. In addition, a four-digit Personal Identification Number (PIN) for a saving account, which is previously set by a user, has been registered in the saving account management system as template data which is utilized for collation when the saving account management system authenticates users.
When a user operates the ATM, the saving account management system recognizes his/her account number based on his/her cash card previously issued to him/her. The saving account management system then asks him/her to enter his/her PIN to be used as challenge data for his/her authentication, and then checks the PIN of the challenge data against the PIN of the template data to authenticate him/her.
On the other hand, there is a saving account management system to which a user can set usage availability conditions. For example, the usage availability conditions limit the time you can withdraw your money. This reduces the risk that others could withdraw your money without you knowing (see Jpn. Pat. Laid-open Publication No. 2004-326509 [Page 9 and FIG. 1], for example).
However, when a user sets or changes the usage availability conditions, the saving account management system with the above configuration authenticates him/her using the same authentication method as it uses when users withdraw their money. That is to say, the saving account management system uses a combination of an account number recorded on a cash card and a PIN to authenticate a user.
In this case, others could set and change user's usage availability conditions as well as withdrawing his/her money, if they get his/her cash card and PIN. That is to say, in the saving account management system, others could change user's usage availability conditions to withdraw his/her money illegally, if his/her card is stolen or forged by them and his/her PIN becomes known to them. That is to say, in the saving account management system, there is a possibility that the usage availability conditions may not work well, and security may not be enough.
The present is in view of the above points and is intended to provide an authentication system, authentication apparatus, authentication method and authentication program capable of reducing the risk of unfair use by a third party.