The present invention relates to a pass-code identification device and a pass-code identification method, which are used for controlling accesses to predetermined information by collation of pass-codes. More particularly, the present invention relates to a pass-code identification device and a pass-code identification method, which are used for controlling accesses made by an external apparatus by collation of pass-codes.
To put it in detail, the present invention relates to a pass-code identification device and a pass-code identification method, which are used for controlling accesses made by an external apparatus such as a reader/writer to an internal memory of the pass-code identification device such as an IC card by collation of pass-codes. More particularly, the present invention relates to a pass-code identification device and a pass-code identification method, which are used for determining whether or not access-right control based on a pass-code is required.
There has been conceived and put to practical use a variety of apparatus using a pass-number and/or a password for verifying a user and for authenticating process. (In general, “a pass-number” is defined as a string or a combination of numbers each having a value in the range 0 to 9 whereas a password is defined as a string or a combination of alphabetical characters. In this specification, “a pass-code” is a generic technical term for the pass-number and the password.)
When the user of a cash card uses the cash card at a bank or an other financial institution, a cash dispenser typically urges the user to enter a pass-number or a password as a means for authenticating the user. The cash dispenser then carries out a withdrawal operation after verifying that the user has entered a correct pass-number or a correct password.
There are other applications of a pass-code. Examples of the other applications are an operation to enter a pass-code to a safety box, which is installed in a hotel or an other lodging facility, in order to open the safety box, an operation to enter a password to a computer at a log-in, and an operation to enter a pass-code to an information terminal in order to request the terminal to conceal information.
Traditionally, in a storage medium such as magnetic stripes on a cash card for a bank, only a storage area that is usable for the particular bank is provided. Thus, inputting a pass-number or a password is no more than accessing to this storage area. That is to say, the user needs to selectively use a plurality of cash cards for different purposes and/or different applications.
By the way, in recent years, non-contact IC cards have been becoming popular. For example, a cash dispenser or an IC-card reader/writer installed at the entrance of a concert hall, a station, or the like, is capable of making an access to the IC card without contact. At the same time, the user enters a pass-number or a password to the IC-card reader side, and the IC card and the IC-card reader/writer collate the entered pass-number or the entered password with the fetched pass-number or the fetched password for verifying the user and for authenticating process. Then, if the verifying the user and authenticating process success, typically, an application stored in the IC card can be used. Examples of the application stored in the IC card include electronic money and an electronic ticket.
In addition, in recent years, by virtue of improvements of miniaturization technologies, an IC card having a storage space with a relatively large size is introduced and has been becoming popular. In the conventional cash card or the like, only one storage area for one application can be provided. It is thus necessary for the user to carry a plurality of IC cards for different purposes and/or different applications. With an IC card having a storage space with a large size, however, a plurality of applications can be stored in such an IC card. For example, one IC card can be used for storing two or more applications such as electronic money for electronic financial settlements and electronic tickets each used for entering a specific concert hall. In this way, an IC card can be used for a variety of purposes and/or applications.
Furthermore, it is possible to mount an IC card having a memory function with a large storage capacity (or an IC chip implementing a semiconductor IC card) on a portable telephone or a portable terminal. By carrying about such a portable terminal, the user is capable of exchanging electronic value information with an external apparatus such as mainly an apparatus used for electronic financial settlements.
The conventional cash card is used for storing only one application (described above). Thus, by holding one pass-number or one password in magnetic stripes on a cash card, securities of all cards can be controlled.
In the case of an IC card having a memory function capable of storing a plurality of applications or a portable terminal including such an IC card (or an IC chip) mounted thereon, on the other hand, it is necessary to control an access right for each application. This is because, if accesses can be made to all applications on an IC card by using only one pass-code, the security of the applications will deteriorate significantly in case of loss or theft of the IC card.
In addition, after an IC card's memory area permitting accesses by inputting a pass-code has once be invalidated, the user must reenter the pass-code once more in order to restore the IC card to the validated state again. Thus, the IC card is bad usability.
Furthermore, basically, only the owner of an IC card determines whether or not it is necessary to carry out an authentication process based on a pass-code before an access to information stored in the IC card can be made. Thus, there is no room for a person in charge of the system administration to intervene in the control of the security of the IC card.