Generally, in the various service providing systems, the ID and the biometric information of the user are associated with each other and registered in advance, and a predetermined service for the relevant user is started to be provided after performing authentication of the relevant user by the one-to-one verification method. At the time of user authentication, the user inputs his/her ID and biometric information (such as a fingerprint, a palm print, vein information, iris, and a vocal print). Then, on the service providing system side, registered biometric information associated with the ID input by the user is read out, the registered biometric information and the biometric information input by the user are compared and verified, and when they conform to each other, the user authentication is performed.
In an environment in which there are a plurality of service providing systems, there is a case in which the same user sets different passwords for each system. On the other hand, in the system adopting biometric authentication in place of password authentication, the user is authenticated as himself/herself not by verifying the password but by verifying the biometric information, so that the user is not required to remember the password.
The ID to be registered in the system, however, is determined on the first-come-first-served basis if not specified by a manager, so that when the ID that the user wants to set is already used in the system, the user should use another ID (ID not yet used in the system). As a result, there is a case in which the same user uses different IDs in a plurality of systems. Also, in the system in which the manager specifies the ID, if a naming method of ID varies from manager to manager of the systems, there is a case in which the same user uses different IDs in a plurality of systems.
The service providing system, which that is required to maintain high security often uses one-to-one authentication method so as to minimize a risk of false acceptance when adopting the biometric authentication. In this one-to-one authentication method, as described above, an individual is specified by the ID, and the reference biometric data of the user associated with the ID is read out from the data already registered in a database to verify the reference biometric data against the biometric data input by the user. Therefore, the user is required to input the ID for logging in to the service providing system. At that time, the user should correctly input the ID registered in advance in the service providing system to which the user wants to login. Therefore, when different IDs are registered for each service providing system, the user should correctly remember which ID is registered in which service providing system. As a result, there is a case of inputting the ID registered in a service providing system B by mistake while trying to log in to a service providing system A, for example, even though the biometric data, which may serve as the password, is correctly input, so that a case in which the user authentication cannot be performed often occurs.
Japanese Patent Application Laid-Open No. 2001-236324 discloses the technique to cope with such a situation. The technique disclosed in Japanese Patent Application Laid-Open No. 2001-236324 copes with the situation in which, when the user utilizing a plurality of applications or a plurality of bank accounts uses different passwords or personal identification numbers for each application ID or each bank account, respectively, the user cannot remember which password or personal identification number correspond to which application ID or bank accounts, respectively. Then, an object of the technique disclosed in Japanese Patent Application Laid-Open No. 2001-236324 is to provide a portable electronic device that ensures high security performance for secret information (password and personal identification number) by protecting and guarding the secret information by adopting personal authentication by the biometric information, which cannot be stolen or copied.
The above-described portable electronic device has a personal authentication function by the biometric information and is carried by an owner to perform processes on various pieces of electronic information. In the above-described electronic device, as a result of verification of verification biometric characteristic information of an authentication target against reference biometric characteristic information, when the verification biometric characteristic information is recognized to be that of the owner, personal identification code and account information corresponding to high-level information specified by a system name selecting unit are displayed on a display unit. Also, in the above-described portable electronic device, the personal identification code including the password, the personal identification number, a secret key or the like is stored while being associated with the account information including an account name, an ID, a computer name, an IP address, and the like, and the high-level information including a system name, a bank name, a computer name, an application name or the like. Thereby, when the user selects the target system by the system name selecting unit after the user authentication, the corresponding personal identification code and the account information are displayed on the display unit, so that the above-described personal electronic device may support not only forgetting of the password but also forgetting of the ID.
In the technique disclosed in Japanese Patent Application Laid-Open No. 2001-236324, for the forgetting of the ID of the user, when the user authentication is performed by the biometric authentication, the secret information including the ID for the system is read out and presented to the user in a view format. Then, when the display target system is selected by the system name selecting unit, the information of the selected system is displayed. To display pieces of registration information and notify the user of the same, however, is to show the user unnecessary secret information also, so that there is a problem in building the system requiring high security. Also, the user should consequently select from a plurality of IDs, so that there is a problem in convenience.
In addition, as a generally known method, there is the verification method referred to as a 1:N verification method. In this 1:N verification method, the user does not input the ID but inputs only the verification biometric data, and the verification biometric data is verified against a plurality of registered reference biometric data, thereby an individual is specified from a plurality of registered users. However, in the 1:N verification method, since the specification of the ID is not necessary, the convenience thereof is improved; on the other hand, since the verification biometric data is verified against the reference biometric data of a plurality of users, there is a possibility of accepting anyone else by mistake (false acceptance). A false acceptance rate increases in proportion to increase in the number N of the reference biometric, which is the verification target, so that the 1:N verification method is not preferably adopted in the system requiring high security. However, if the number N of the user capable of performing the 1:N verification is limited, it is not possible to help out all the users.
Further, as another generally known method, there is a method of unifying the IDs by using an IC card with unique information written therein. However, with this method, it is not possible to access the service providing system without the IC card and a card reader. When adopting the biometric authentication, the biometric data is the information included in a part of a living body, so that the user never forgets to carry the data. On the other hand, if the user is required to carry the IC card and the card reader only for unifying the ID, a cost will increase and the burden on the user increases.