1. Field of the Invention
The present invention relates to a financial card system, a communications device, a authentication terminal, an authentication method, and a program.
2. Description of the Related Art
Recently, the use of portable terminals and so on incorporating a non-contact IC (Integrated Circuit) chip has been proposed also in the ATM (Automatic Teller Machine) services provided by financial organizations. In this proposal, the non-contact IC chip comes to hold individual items of information (hereafter referred to as financial card information) that have been recorded to financial cards issued by financial organizations. In the case of cash cards, the personal information includes financial organization number, branch number, account number, account type, card owner name, balance in account, and so on, for example. In addition to cash cards, the financial cards include loan cards and credit cards, for example. The security of these items of financial card information must be strictly protected in the nature of things. Therefore, financial transactions based on the non-contact IC chip require technologies for securely managing the financial card information by use of encryption keys. So far, information security technologies have been made public (as disclosed in Japanese Patent Laid-open No. 2004-234633, for example), including one in which tallies (equivalent to encryption keys) that are divided between the non-contact IC chip and a server are matched for authentication.
In general, methods of managing financial card information based on encryption keys require to hold an encryption key for reading financial card information in each reader/writer for non-contact IC chips. Also, the encryption keys stored in the reader/writer are distributed to each reader/writer or each ATM terminal connected thereto, via a network from a host computer managed by a financial organization for example. This network may be either a communication path based on a leased line or a communication path based on a general line. Obviously, the distribution of encryption keys through a network involves a risk of wiretapping and falsification.
It should be noted that each non-contact IC chip can store two or more items of financial card information (refer to Japanese Patent Laid-open No. Hei 7-334590, for example). For example, the financial card information may include the cash card information, loan card information, and credit card information of each financial organization. While each non-contact IC chip can collectively store and manage a plurality of items of financial card information, it is required for each non-contact IC chip to set an individual encryption key to each item of financial card information for secure management. Therefore, the reader/writer must hold an individual encryption key corresponding to each item of financial card information that can be handled and, at the same time, when accessing predetermined financial card information recorded to each non-contact IC chip, read that financial card information by use of the corresponding encryption key.