1. Field of the Invention
The present invention provides an authentication process for electronic values wherein credit cards, debit cards, member cards, ID cards, tickets etc. are converted into digitized information and stored in user's mobile terminal and the user is authenticated as the rightful owner of them, so that, even if the mobile terminal does not have a tamper-resistant function, an authentication process is implemented.
2. Description of the Related Art
In the prior art, a method of public key encryption based on a digital signature and a method of authentication of owner by verifying ID and password registered in advance as an authentication process is known. For example, in cases where the method of using a digital signature is adopted to a mobile phone, an IC card module having a tamper-resistant function is equipped with the mobile phone, and the IC card module stores a pair of public keys and private keys of the public key encryption system in advance. In the case of a credit card, the account number of the credit card using the public key is stored in a mobile phone, the IC card module performs the digital signature process by using the private key at the point at which the credit card is used, the authentication side verifies the digital signature using the certificate of the credit card and authenticates the user. Moreover, in cases of the method using an ID and password, although it is not necessary to be equipped with an IC card module having a tamper-resistant function with a mobile phone, it is necessary for verifying the ID and password registered in advance to comprise a database of ID and password on the authentication side. (For example, Japan Patent Laid Open No. 2001-265735)
However, in the case of the method using digital signature, it is necessary to equip an IC card module having a tamper-resistant function with the mobile phone or mobile terminal, thereby increasing production costs of the terminal. Additionally, in the case of the method using ID and password, it is necessary to equip a database for ID and password on the authentication side. For example, in order to apply the method to authentication such as a credit card transaction, it is necessary to use the method wherein the database of the ID and password of credit card holders is set in the credit card transaction terminal placed in each affiliated store, or a method wherein the center having a database of ID and password is located on the network and accessed with respect to each authentication. In the case of the former, it is unrealistic for security and physical reasons to place a database of ID and password for credit card transaction terminals placed in each affiliated store. Besides, in the case of the latter, it is necessary to establish a new network for the authentication of cardholders between center and each credit card transaction terminal and to access the center for every authentication, thereby making it difficult to process promptly.