Proposal of an authentication Method “SPAIC” using a non-contact type IC card

When important information is exchanged in a client-server system, it is quite essential to perform reliable authentication and encryption. In such a situation, a method using an IC card that stores unique user information has been widely used. Until recently, the security of communication between an IC card and a client has not been a critical concern because contact type IC cards have been used in most cases. However, now that non-contact type IC cards are expected to be spreading in the near future, secure communication between an IC card and a client is considered to become a serious concern. Although there exists a method whereby all IC cards and clients use a common key to realize secure communication, there is a concern that secret information is easily leaked from the client terminal. To solve this problem, we propose in this study a protocol called "SPAIC". Presuming that a non-contact type IC card is used, SPAIC can deliver the important information from a server to a client that has no initial information so that there exists no risk of information leakage.