Abstract: To provide a personal authentication system that enables a client to receive services even if he fails to carry his card or the like with him or loses it, thus preventing the abuse of the card or the like by a third person and the leakage of the personal information. When data identifying a client are transferred to an authentication server using an authentication terminal, the authentication server collates the sent data against personal authentication data registered previously in a database to identify the client and sends the results of the identification to the authentication terminal. After the authentication, when the authentication terminal requests the payment of charges from a settling account registered previously in the database, the read and modification of personal data, or the like, the authentication server executes a process based on the sent request.

Abstract: A secure method of conducting an electronic transaction over a public communications network is provided which utilizes a pseudo-expiration date in the expiration date field of an authorization request. One of the preferred methods comprises: generating a per-card key associated with an account number; generating a message authentication code using the per-card key; converting the message authentication code into a pseudo expiration date; generating an authorization request for the transaction, the request having an expiration date field containing the pseudo expiration date; and verifying the message authentication code based on the pseudo expiration date.