Hitherto, in commercial contracts and transactions by means of information communication technology, whether the service receiver is the authorized subscriber or not has been authenticated by means of the identification number, password or the like.
For example, in the case of network communications, a user sends application information including personal information by using the computer and telephone line when filing for a contract. It is received at a server installed at the network provider, and the contract between the two parties is established.
At this time, to reject access by an illegal user pretending to be an official member of network communication, the following authentication procedure is known.
First, a service contract is agreed between a network communication user and the network communication provider. The network communication provider informs the official member user of the member ID number and password. When the access is requested from the user through network communication, the user requesting the access is told to send the registered member ID and password, and when the user enters them, they are collated with the official member information recorded at the network communication provider side. If matched as a result of collation, the network communication provider authorizes the access-requesting user to be the official member user.
The order information or the like sent from the user through the communication route established by this authentication is accepted as the transmission from the official member user.
Such prior art, however, had the following defects.
If a hacker invades into the transmission gate or modem of the computer of the official member user and acquires the member ID number and password of the official member user, it is difficult to reject the access by pretending action of the illegal user.
At the present, in order to prevent illegal acquisition of member ID number and password by hackers, it is attempted to assure the communication security by encrypting transmission of information between the official member user and the service provider.
However, if the means of preventing illegal acquisition of password is sophisticated and complicated, the conventional individual authentication technique is not sufficiently perfect for hackers attempting to develop more advanced illegal acquisition means.