1. Field of the Invention
The present invention generally relates to an IC card, and more particularly, to an IC card which is activated, as a function, by being provided predetermined information thereto.
The present invention further relates to an information security method for the IC card.
The present invention yet further relates to an IC card issuance device which issues the IC card to a user.
2. Description of the Related Art
In a mobile communication system proposed previously, a user is issued with an IC card having necessary information for communication, such as International Mobile Subscriber Identity, and is required to activate a mobile terminal by setting the IC card to the mobile terminal. The IC card used for such mobile communication system contains, as shown in FIG. 5, an operating system (OS) and file control information, which are used for realizing functions permitted to an administrative authority holder of the IC card and functions permitted to a user authority holder of the IC card.
The functions permitted to the user authority holder are functions generally having no effect on important information necessary for communication services, and include the readout of International Mobile Subscriber Identity, the change of Preferred Languages (Japanese and English, for example), and the readout and change of Abbreviated dialing numbers, for example. These functions permitted to the user authority holder can be activated by providing the IC card with a password (PIN) or a standard command defined by organizations, such as ISO, because the functions permitted to the user authority holder require security to a certain extent.
On the other hand, the functions permitted to the administrative authority holder generally affect the important information for the communication services, and include the change of International Mobile Subscriber Identity and the renewal of Emergency Call Codes information, such as 110 and 119 of Japan. The functions permitted to the administrative authority holder, which must maintain strict security level, are not activated unless the IC card is provided with original closed command defined by the administrator (a communication service provider) or information certifying, by an external entity, that the person accessing to the IC card has the authority to access the IC card.
By the way, IC cards described above are distributed through a distribution channel illustrated in FIG. 6, for example. The IC cards manufactured at a manufacturing plant 100 are distributed through a distribution center 110, subsidiaries 121, 122, 123, . . . business bases of the subsidiaries 131, 132, 133, . . . to the sales branches of the mobile communication provider 141, 143, 146, . . . and agents 142, 145, . . . The manufacturing plant 100 delivers the IC cards after storing, in the IC cards, an operating system (OS), a file system, and IC card issuance information such as a manufacturing number and initial value of the PIN (password), and further storing a part of information (Preferable Languages information, for example) which can be read and written by the functions permitted to the user authority holder.
The sales branches 141, 143, 146, . . . and the agents 142, 145, . . . are provided with IC card issuance devices. The sales branches and the agents store, by setting the IC cards in the IC card issuance devices, International Mobile Subscriber Identity (a telephone number, information for user identification, information for communication services subscribed by users, for example) and the password (PIN) designated by the users. The IC cards containing this information are issued to the users. The users set the IC cards in their mobile terminals, and enjoy communication services based on the subscriber information stored in the IC cards.
As described above, the IC card delivered from the manufacturing plant 100 already includes a manufacturing number, an initial value of a password (PIN), and a part of information which can be read and written by the functions permitted to the user authority holder as well as an operating system and a file system. Accordingly, the distribution of IC cards described above involves the risk of alteration since a part of information which can be read and written by the functions permitted to the user authority holder may be altered at any nodes (the distribution center 110, the subsidiaries 121, 122, 123, . . . , and business bases 131, 132, 133, . . . ) in the distribution channel.
Because the functions permitted to the user authority holder is activated by only providing a password (PIN) to the IC card, the security level of the information which can be changed by such functions is lower than that of the information which can be changed by functions permitted to the administrative authority holder. Furthermore, the manufacturing plant 100 may store the same initial value of the password (PIN) in all of IC cards for ease of issuance transaction. The alteration of information is relatively easy.
The alteration of the information which can be changed by the functions permitted to the user authority holder may not cause a serious damage in the operation of the mobile communication system. However, if information stored in an IC card is altered, a user may not be able to use a preferred function and has to delete unnecessary information stored for the alteration.
The alteration is possibly avoided if all information stored in the IC card is thoroughly checked when the IC card is issued. But the checking process takes time and lowers the efficiency of the IC card issuance service. It is of no sense that the initial information is stored at the manufacturing plant 100.