With the current dramatic improvements in the processing capability of information processors such as personal computers, and moreover, the accompanying expansion of the communication infrastructure, opportunities are increasing for using a network such as the Internet to transmit and receive personal information or company information. As a result, security technology has become increasingly important for concealing such information to prevent disclosure to a third party.
Common-key cryptography is known as one typical method for concealing data that are transmitted and received. In this type of cryptography, terminal devices that transmit and receive data with each other use a common key to encrypt and decode the data. With the expansion of electronic commerce such as BtoB (Business to Business) and BtoC (Business to Consumer) transactions in recent years, PKI (Public Key Infrastructure) is also receiving attention (for example, see Japanese Patent Laid-Open No. 2001-216270).
In public-key cryptography that is known as the basic PKI technology, a public key is used to encrypt transmission data, and a secret key that is a pair with the public key but that is not published is used to decode the received data. This public key cryptography uses different keys on the transmission side and reception side and therefore increases the level of security over that of the above-described common-key cryptography. However, the public-key cryptography requires a relatively long time for the processes of encrypting and decoding data, and common-key cryptography is therefore generally more appropriate for data communication with a specific partner.
A technique for increasing the level of concealment achieved by the above-described public key and secret key (PKI key) is disclosed in, for example, Japanese Patent Laid-Open No. 2001-357371. In this technique, the user's fingerprint is read and a random number that is obtained from the fingerprint is used to encrypt the PKI key itself.
In the above-described common-key cryptography, both the transmission-side terminal device that encrypts data and the reception-side terminal device that decodes the data must have a common key, and a user that transmits data by way of a network must deliver the common key to the communication partner by some method. In data communication systems in recent years, the above-described public-key cryptography is used as a means for more safely delivering a common key.
However, in a method for transmitting a common key by public-key cryptography, the common key itself, although encrypted, is released onto the network, and the danger therefore exists that a third party with malicious intent may appropriate the common key.
Alternatively, when data are transmitted and received using only public-key cryptography, the secret key must similarly be delivered to the communication partner, and as a result, there is a danger that the secret key may be stolen by a third party having malicious intent when the network is used to deliver the secret key.
In other words, data communication systems of the prior art suffered from the problem that the risk of interception of a common key or secret key must always be kept in mind.