1. Field of the Invention
The present invention relates to user authentication using an IC (Integrated Circuit) card having user authentication information stored therein, in an IC card authentication apparatus.
2. Description of the Related Art
Conventionally, user authentication using IC cards is performed, for example, in information processing apparatuses such as printers or MFP (Multi Function Peripheral).
For example, in order to improve operability, assuming that a user carrying an IC card is the owner of the IC card, user authentication may be completed as long as user authentication information such as card identification information stored in the IC card is matched.
On the other hand, in order to increase the security level, a user is prompted to input a PIN (Personal Identification Number) code (including a password) that is a personal identification number to identify whether or not the user carrying an IC card is the owner of the IC card, and user authentication may be completed when the PIN code is matched.
In general, users take charge of IC cards and are often authenticated only by matching user authentication information such as card identification information without inputting PIN codes, in favor of operability and convenience.
However, in the case where IC cards are lost by users and reissued, if the reissued IC cards are used with evil intent before coming into the possession of the users, user authentication is completed without PIN codes entry. This may lead to leakage of confidential information from information processing apparatuses.
According to the technique disclosed in Japanese Laid-Open Patent Publication No. 2004-178331, in the case where a user has lost his IC card and wishes reissue, when a reissue request for an IC card is received from the user, user authentication is performed. If the user is identified as the owner of the IC card, information of providing services to the user is recorded in the IC card.
However, the aforementioned patent document discloses an authentication process for IC cards issued by financial institutions giving top priority to security. When IC cards are reissued, the user authentication process is performed using a server in order to ensure security, thereby complicating the system.