An entity which executes person authentication such as a service provider (SP) and a user device (UC) receives a request for person authentication from an entity which requests person authentication. The entity which requests person authentication can vary in form. The entity which executes person authentication decrypts the template by using a person identification certificate that can be owned by the entity which executes person authentication or provided from the outside, compares the template with sampling information input by a user and notifies the entity which requests person authentication of the result of comparison. The data for person identification is provided as encrypted information that can be decrypted only by the entity which executes person authentication, thereby performing safe authentication in various locations or devices, while preventing the template information from leaking out.