There are known authentication protocols for authentication of IC cards, IC tags and the like, in which special processing is applied to the command or data used for the authentication in order to protect information necessary for the authentication from being intercepted or wiretapped.
One of such authentication protocols is known as a challenge-response protocol (for example, see PTL 1). According to this authentication protocol, an information processing device to be authenticated such as an IC card or an IC tag sends an authentication request to an authentication device such as an IC reader, and the authentication device replies by sending a challenge, which is a random value, to the information processing device. The information processing device generates a response on the basis of the received challenge and a specific value being processed under an authentication algorithm, and transmits the generated response to the authentication device.
The authentication device also generates a response on the basis of the challenge transmitted to the information processing device and a specific value pre-registered in the authentication device, and compares the generated response with the response received from the information processing device. When the two responses match each other, authentication is successful. On the other hand, when the two responses do not match each other, authentication is unsuccessful.
In the above authentication protocol, the response is generated by using a one-way function or the like. Accordingly, even if only the response is leaked, it is impossible to obtain the original challenge from the response. Therefore, the above authentication protocol can achieve high security.