As an example, if we let a device for proving personal authentication be a portable communication terminal provided with a communication function like that of a cellular phone, in order to provide people with peace of mind in the evolving society of ubiquitous mobile communications, each portable communication terminal with the personal authentication function will have to be unique.
It is assumed that an example of the use of such a portable communication terminal as a device for proving personal authentication is a keyless entry system for an automobile as shown in FIG. 1, where the door can be locked and unlocked wirelessly using radio waves instead of a key.
In FIG. 1, the user carries a portable device 2 which serves as a key for an automobile 1, and uses the portable device 2 from a distance to control an unlocking control device 10 for the doors of automobile 1 by means of a wireless signal and operate the locking and unlocking of the door lock.
More specifically, in portable device 2, a predetermined ID is stored in a memory 2a. When the portable device 2 is used by pressing a key switch, the wireless frequency is modulated according to the ID stored in memory 2a by means of a wireless modulator 2b which utilizes a predetermined modulation system, whereupon the signal is power-amplified and delivered using a transmitter 2c. 
The automobile 1, which is a controlled device, comprises an unlocking control device 10. The unlocking control device 10 has the same ID as the key 2 and this ID is contained in a memory 10a. The unlocking control device 10 receives the wireless signal from portable device 2 by means of a receiver 10b, converts the signal to abase band signal, and then demodulates the transmitted ID using a demodulator 10c by means of a demodulation system that corresponds to the modulation system of key 2.
A comparator 10d compares the demodulated ID from key 2 with the ID stored in memory 10a and judges whether or not they coincide. If the result of the comparison is coincidence with the ID stored in memory 10a in unlock control device 10, a door release directive signal is sent to a door unlock control device 10e, and it becomes possible to unlock the door.
Thus, a wireless authentication system, where an ID is transmitted wirelessly, its authenticity is checked by the controlled device, and, based on the result of that check, the door unlocking device 10e of an automobile which is the controlled device is operated remotely, is able to implement a security operation by recognizing the person that owns portable device 2 which serves as a key as the proper user.
Therefore, in a case where, due to loss or theft, portable device 2 is acquired by a malicious third party, that malicious third party becomes able to pose as the correct user, and operate the locking and unlocking of the door lock of automobile 1. Hence, there is a need to ensure security by preventing a third party from posing as the owner and performing an illegal operation.
Situations where a third party poses as the owner and performs an illegal operation is not limited to the door locks of automobiles. There is a similar need to prevent such an occurrence for portable devices that remotely monitor and operate a controlled device such as house door keys, cameras, PDAs (Personal Digital Assistants), computers, or a cellular phone. It follows that there is a similar need to ensure security in cases where these devices are being remotely monitored or operated by wireless means.
In a previous application (see Japanese Patent No. 2931276), the present inventors proposed an invention of a system where, if the primary user is a predetermined distance from the device to be operated, such as a computer or portable communication terminal, that device becomes unusable. Such inventions as the one described in Japanese Application Laid Open No. 2931276 have adopted wearable keys, which are carried by the user separately from the device which is to be operated by the user.
The device to be operated and the wearable key perform two-way communications in which they each have an intrinsic distinctive ID, and perform two-way communication at fixed intervals, thereby confirming each other. Both the device to be operated and the wearable key use an encryption technology to communicate their distinctive IDs, and the encryption is modified every time, which makes it extremely difficult to decrypt. Therefore, as long as the primary user holds the wearable key, it is possible to prevent other people from utilizing the device which should be operated by the primary user.
However, even with the system disclosed in Japanese Application Laid Open No. 2931276, even if the portable device is in the possession of the legitimate user and a third party has not illegally acquired the portable device through theft or the like, it is possible by some means to eavesdrop on the wirelessly communicated distinctive ID, and thus produce a portable device with the same distinctive ID (clone device) and use that device illegally.
A clone device is a separate device that possesses functions which are the same as the wireless authentication function (including an ID) of the portable device owned by the legitimate user. Through the use of a clone device, a malicious third party is able to pose as the legitimate user and use the device improperly. In this case, because the legitimate portable device is in the proper user's possession, the existence of a clone device is a concern until the clone device is used improperly and improper usage by the clone device cannot be prevented.
In view of this point, the present inventor disclosed, in yet another previous application, an invention relating to a wireless confirmation method and a wireless authentication system that are capable of preventing improper usage by a third party or improper usage by a clone device (PCT/JP2004/14747).
The invention of the previous application (known simply as ‘prior invention’ hereinbelow) is characterized by comprising the authentication station 5 as shown in FIG. 2. In other words, the wireless authentication system shown in FIG. 2 assumes, for the door unlocking control device 10 of the automobile 1 which is the controlled device, that a device that is capable of wirelessly imposing usage restrictions and canceling the usage restrictions is a portable communication terminal.
Therefore, the wireless authentication system is constituted comprising a portable communication terminal 3 that is capable of imposing usage restrictions for the door unlocking control device 10 and of canceling the usage restrictions, a wearable key unit 4 that is capable of imposing usage restrictions for the portable communication terminal 3 and of canceling the usage restrictions, and an authentication station 5.
The authentication station 5 is capable of optionally communicating by means of a communication systems CS1 and CS2 with the portable communication terminal 3 and door unlocking control device 10 respectively. In cases where the portable communication terminal 3 is a cellular phone terminal, the portable communication terminal 3 connects to the authentication station 5 by means of the cellular phone line CS1 and the door unlocking control device 10 also connects to the authentication station 5 by means of a PHS or other communication line CS2, for example. In cases where the door unlocking control device 10 is a device that does not move such as a door locking device of a house, a wired connection to the authentication station 5 is also possible.
The principal role of the authentication station 5 is that of associating the portable communication terminal 3 and wearable key unit 4 and associating the door unlocking control device 10 and portable communication terminal 3 to establish a usable state. The authentication station 5 also plays the role of providing authentication with respect to whether communication for the sake of confirmation may be performed by the portable communication terminal 3 and wearable key unit 4 with the authentication station 5 and whether the door unlocking control device 10 may be released when the door unlocking control device 10 is in a restricted usage release state as a result of the portable communication terminal 3.
In addition, if we now provide an overview of the authentication operation of the constitution of the embodiment of the invention shown in FIG. 2 for which an application was submitted previously, wireless authentication is performed between the wearable key unit 4 and portable communication terminal 3 and the usage restrictions of the portable communication terminal 3 are cancelled (step S1).
In a state where the usage restrictions of the portable communication terminal 3 have been cancelled, the portable communication terminal 3 and the door unlocking control device 10 which is the controlled device also perform wireless authentication (step S2). If the wireless authentication between the portable communication terminal 3 and door unlocking control device 10 operate normally, the authentication result is sent to the authentication station 5 from each of the portable communication terminal 3 and door unlocking control device 10 (steps S3, S4).
An authentication station D registers the IDs in association. Therefore, if the authentication result from the portable communication terminal 3 and door unlocking control device 10 is confirmed and the ID association is confirmed, it is judged that the authentication result is legitimate. Further, an unlocking permission signal is sent to the door unlocking control device 10 of the automobile 1 which is the controlled device and the door unlocking control device 10 releases the usage restrictions upon receipt of the unlocking permission signal and unlocks the door.
Here, in the ubiquitous society of mobile communications, it is natural that a need to perform personal authentication as a basic technology has arisen. However, the authentication systems of previous applications basically involve mutual authentication between devices that is carried out by the devices and do not include personal information for operating the devices.
Therefore, in the inventions disclosed in previous applications, the personal authentication systems are inadequate in a strict sense.