Conventionally, various devices employing personal identification numbers and passwords in order to perform processing to verify and authenticate a person have been proposed and put into practical use. For example, with a bank or other financial institution, a user is prompted to input a personal identification number and password as means of personal authentication when using a cash dispenser or other financial terminal when using a cash card or credit card. An operation of depositing or withdrawing money is then carried out after verifying that a user has inputted a correct personal identification number and password.
Only a storage region that is only capable of being used by this bank is provided in a recording medium such as a magnetic stripe provided on a single cash card. The aforementioned inputting of personal identification numbers or passwords can therefore not exceed accessing of this single storage region, and it is difficult to say that protection with respect to falsification and misappropriation is sufficient.
As a result, IC cards equipped with memory functions such as contact-type IC cards having electrical contacts provided at cash cards and credit cards etc. and non-contact IC cards for reading and writing data via wireless data without making contact have also come to be used from the viewpoint of prevention of falsification, etc. For example, an IC card reader/writer installed at a cash dispenser, concert hall entrance or ticket gate of a station etc. can access an IC card held up by a user in a non-contact manner.
The user inputs a personal identification number into the IC card reader, and personal verification or authentication processing is carried out between the IC card and the IC card reader/writer by collating the inputted personal identification number and a personal identification number stored in the IC card. (The personal identification number used during IC card access is particularly referred to as a PIN (Personal Identification Number).) Utilization of, for example, an application stored in the IC card is then possible when the personal verification or authentication processing is successful.
Here, it can be cited that the value information such as for electronic money or electronic tickets is possible as the application held on the IC card. Electronic money and electronic tickets are indicated as a system of settlements (electronic settlements) via electronic data issued in accordance with funds provided by a user or as an electronic data itself.
Recently, IC cards having comparatively large capacity storage space have appeared and are becoming widespread as the micro fabrication technology improves. Conventional cash cards etc. only have a single storage region, i.e. a single application. It is therefore necessary to carry around a plurality of cards corresponding to each application or purpose. On the contrary, according to an IC card with this kind of large memory capacity, it is possible to store a plurality of applications at the same time so that a single card can be utilized in a plurality of applications. It is therefore possible to utilize a single IC card for various applications by, for example, storing two or more applications such as for electronic money for carrying out electronic settlements or electronic tickets for entering a specific concert hall on a single IC card.
Further, by providing a wired interface for connecting with other equipment in addition to a wireless non-contact interface for connecting an IC card with a card reader/writer (card read/write device), it is possible to use the IC card built-into information processing terminals such as mobile telephones, PDAs (Personal Digital Assistants), or personal computers etc., or use the IC card through connection via an external interface. For example, an IC card of a user can be connected by increasing the number of card read/write devices of a personal computer, etc.
In this case, various application services utilizing the IC card can be executed using an information processing terminal. For example, interaction of a user with an IC card by employing a user interface such as a keyboard or display etc. of an information processing terminal can be carried out on the information processing terminal.
In the case where an IC card is connected to an information processing terminal connected to an information search space such as, for example, the Internet, a user can search WWW information space via a Web browser activated using an information processing terminal and download (i.e. write to the IC card) content discovered at that time to the IC card, or conversely, a user can upload (i.e. read from the IC card) content held in an IC card to a location found in the WWW information space.
Further, fees for fee-based services (viewing of fee-based content or on-line shopping for merchandise) enjoyed in the WWW information space can be settled using electronic money held in the IC card. Electronic money referred to in this case is indicated as a system of settlements (electronic settlements) via electronic data issued in accordance with funds provided by a user or as an electronic data itself. Alternatively, a point service corresponding to purchased merchandise can be written to the IC card.
However, in order to carry out secure communication via a computer network such as the Internet etc. and exchange data with IC cards, it is necessary to incur substantial costs. The reason for this is that in addition to a dedicated device for issuing commands that an IC card can interpret being necessary, it is necessary to manage passwords and encryption keys for users of each IC card for cryptocommunication, and it is necessary to introduce strong, tamper resistance equipment to physically protect secret information.
This substantial cost load provides a large barrier with respect to the propagation of convenient services utilizing IC cards and the expansion of related businesses.