1. Field of the Invention
The present invention relates to an IC card, and an authentication method for an information processing apparatus; and in particular to an IC card that can be connected to an information processing apparatus, such as a computer or a terminal, and an authentication method for an information processing apparatus, by which the above IC card is employed to authenticate a mutual connection between the IC card and the information processing apparatus.
2. Related Art
A terminal device connected to a network, a stand-alone microcomputer that can independently execute applications, a portable microcomputer, etc. (hereinafter referred to as an information processing apparatus), together are known as an apparatus that processes data produced by users. Such an information processing apparatus is so designed that it can be employed by a plurality of users. Although a specific process can be performed by an information processing apparatus, information (hereinafter referred to as secret information), such as personal telephone numbers or identification numbers, that is highly confidential and should not be revealed to other persons may be stored in the information processing apparatus. Thus, security for such a system is required so that secret information can not be obtained by users other than those to whom it is registered.
With one conventional example, which is shown in FIG. 6A, security is maintained by permitting an information processing apparatus to perform a process only when a match is obtained between a password input and a password previously registered. For example, when network access is sought by a terminal device on a network, the network issues a request to the terminal device for the input of a password, and grants access permission only when the password input matches one that was previously registered. A cash dispenser (automatic teller machine) is another well known information processing example. To make a withdrawal from a cash dispenser, a cash card must be inserted into the cash dispenser, and an identification number, which corresponds to a password and which was previously registered, must then be input.
If third persons can obtain passwords, however, it is possible for anybody to execute a process on an information processing apparatus. To prevent that, passwords may be updated periodically. When, however, the concern for security results in the setting of a too short time period for the updating of passwords, the burden placed on users is large. But if the update period is extended in order to reduce the load on the users, the chance that security will be endangered is increased.
To resolve this problem, as is shown in FIG. 6B, a physical device (a hard wire key: H/W key) may be required to be added to the information processing apparatus before a process can be executed by the information processing apparatus. As a result, the execution of the process by the information processing apparatus is permitted only when the physical device is provided.
With a process that is well known as reverse engineering, however, it is relatively easy to produce an identical copy of such a physical device. For example, for a physical device that incorporates a ROM, and performs an authentication procedure in accordance with data entered in the ROM, a like device can be produced simply by copying the data from the ROM. For a physical device constituted by a logical circuit, etc., a comparable device can be produced by detecting an output signal. In this manner, if the same physical device can be produced, anyone can execute a process for an information processing apparatus.
As the latest development by the information industry, well known is an IC card, such as a memory card and an LSI card on which fixed data can be held, that has a miniaturized processor, which is an independent external device connected by a cable, that is connected to a terminal to function as an external connection device.
A terminal confirmation method is a method by which the IC card is employed to confirm hardware, or a component of a communication system, for the purpose of ensuring the security and the protection of communication (see Japanese Examined Patent Publication No. Hei 4-51864). With this method, a secret number, such as a password stored on a memory card, is employed as a key and is used for the encoding at a first terminal of random numbers that are output to a second terminal. The second terminal decodes the encoded numbers (random numbers) by using a key stored in advance. When the keys at the two terminals are identical, the random numbers are generated, and the inductive form of the random numbers is employed to encode the key. Thus, a response is generated and is output to the first terminal. Then, the first terminal employs the random numbers as a key to determine whether or not the response was produced by encoding the key. When the response yields the encoded key, the second terminal is confirmed. When the response does not yield the encoded key, the terminal is not confirmed and communication is halted.
However, for the conventional terminal confirmation method, the keys on a card and at a terminal are fixed, and if a key, which corresponds to a password, is known to third persons, everybody can execute a process performed by an information processing apparatus. As is described above, therefore, in the interests of security keys must be updated within short intervals, and the burden placed on users is increased.