Recently, the use of credit card instead of cash money to complete commercial transactions over a computer network employing Electronic Commerce (EC) is remarkably increased, and mobile EC that uses mobile terminals such as portable phone also starts spreading.
In a commercial transaction, it becomes necessary to perform {circle around (1)} personal authentication, {circle around (2)} approval of personal authentication, and {circle around (3)} transmission of transaction data.
The steps of acquiring inputs of Personal Identifier Number (PIN) such as secret number, password, collating input PIN with data that is registered previously, carrying out personal authentication ({circle around (1)}) and approval of personal authentication ({circle around (2)}), and transmitting transaction data such as credit card number, expiration date ({circle around (3)}), are performed in present transaction system. However, {circle around (1)} and {circle around (2)} are performed simultaneously when a user inputs the PIN information.
Moreover, recently, the technology of biometric authentication that utilizes the user's biological features such as fingerprint, iris and voice is gaining great attention as means for personal authentication, and computers that have user authentication functions by means of fingerprint and enter/leave access control systems that perform personal authentication by fingerprint are in practical use.
Transaction system using PIN for authentication cannot identify a particular person as such PIN can be input by another person, it is difficult to avoid the possibility of performing “counter feinting”. Thus, user has to care about others' eyes when inputting PIN information.
Fingerprint authentication avoids “counter feinting”, and increase possibility of safe transaction. However, when fingerprint authentication technology is applied in a mobile EC terminal, for instant, the operations of turning on the power to initiate fingerprint authentication application, extracting fingerprint for personal authentication, pressing a button for authentication approval, and transmission transaction data are complicated compared with PIN input operations.
To simplify these operations, fingerprint authentication application is initiated in advance, but the problem of increasing power consumption may be raised. Decreasing power consumption becomes an indispensable matter, specially, in portable tools such as portable phones/PDA, etc. To decrease power consumption, it is important to delay the processing of initiating fingerprint authentication application until such processing becomes necessary.
Although the fingerprint is read out through a sensor and fingerprint collation data is subjected to collation in fingerprint authentication processing, there is a risk that this fingerprint collation data might be revealed by hacking.
Even if transaction data and personal authentication processing are succeeded, similar risk still might occur during transmission.