There has so far been proposed a readily portable hardware token used for identifying a user based on PKI (Public Key Infrastructure), such as IC card or USB token. The PKI is a generic appellation of an infrastructure pertinent to the network security technique. Among the specified PKI techniques is a technique for carrying out data transmission/reception with an external apparatus as secrecy is accorded to data by a non-symmetrical encryption system employing a public key and a secret key.
It is assumed, for example, that data is transmitted/received in accordance with a non-symmetrical encryption system. The data transmitting side encrypts data with a public key to transmit data. The data receiving side, which has received the data, encrypted with the public key, is able to decrypt the encrypted data with a cipher key matched to the public key.
The public key is literally open at large such that anyone can acquire it. However, the secret key needs to be kept in safety so that it will not be stolen by a third party.
Hence, the aforementioned hardware token is usually formed by a mask ROM, so that the secret key cannot be read out on accessing from the personal computer PC.
Since the secret key needs to be kept in safety, an apparatus for data transmission/reception employing the PKI system is desirably provided with an authentication mechanism for verifying whether or not a user is an authorized user, based on a password or the information on the living body, as entered to the apparatus.
With the above-described hardware token, formed by a mask ROM, it is difficult to add an authentication mechanism because of many constraints imposed on the program structure.