In general, ATMs (Automated Teller Machines) of financial institutions may be used by means of a card, such as a magnetic card or an IC (Integrated Circuit) card, and a personal identification number. It is possible to use the ATMs to make cash deposits, cash withdrawals, balance inquiries, direct deposits, account transfers, etc.
Recently, it has become possible to perform transactions, such as balance inquiries, direct deposits, and account transfers, not only at an ATM that is located at a financial institution, but also at a remote terminal device or a portable terminal connected to a network to perform a process related to an account that is opened at a financial institution. When performing such a transaction via a network, it is usually necessary to have a user ID or a password for exclusive use in any transaction via a network. Further, in some cases, a financial institution provides a user with a second personal identification number or a third personal identification number, which are different from a personal identification number used with a card at an ATM, for personal identification.
A user ID or a password and the second personal identification number and/or the third personal identification number may be stored and managed individually in the system of each financial institution. This authentication information may be issued separately from a card number and a personal identification number of a card that are used in an ATM. A user can conduct a transaction via a network by logging-in using the authentication information that is necessary for each financial institution.
The data format of a card to be used for a transaction at an ATM is standardized so that data can be read or written commonly in ATMs of different financial institutions. However, using a user ID and any other authentication information for a transaction via a network terminal, as described above, has not been standardized among different financial institutions.
Therefore, it is necessary to develop different authentication systems for a transaction using an ATM and a transaction via a network even for the same account. Furthermore, a user who has accounts at a plurality of financial institutions needs to memorize a personal identification number corresponding to each card for each of the accounts. In addition, the user also needs to memorize additional authentication information, such as a user ID and/or a password, for each of the plurality financial institution to perform via a network terminal a transaction related to each of the same accounts.
Recently, a technique has been implemented for storing/writing a card number or the like in a contactless IC chip that is incorporated into a cellular phone and reading the card number by using a reading terminal device such as an ATM. A plurality of pieces of financial card information may be stored into a contactless IC chip (cf. e.g. Japanese Unexamined Patent Application Publication No. 7-334590). For example, cash card information, loan card information, and credit card information of each financial institution may be recorded as financial card information. It is possible to store and manage a plurality of pieces of financial card information in a single contactless IC chip. It is also necessary to ensure safe management of each of the plurality of pieces of financial card information by setting an individual encryption key for each of the plurality of pieces of financial card information.
If a contactless IC chip is incorporated into a cellular phone that functions as a network terminal, it is possible to store card information in the contactless IC chip and conduct a transaction via a network based on the written card information. If the card information that is stored in the contactless IC chip is encrypted by an individual encryption key for each piece of card information and a transaction can be conducted on a network using the encrypted card information, an inconvenience that a user needs to memorize a user ID and/or a password that is different for each financial institution can be eliminated.
However, encrypting the card information for storage in the contactless IC chip using an individual encryption key, requires the building of an authentication system that issues an encryption key for encrypting card information and authenticates a card by decrypting the encrypted card information in each financial institution that issues a card. Furthermore, a long processing time for authentication since authentication of a pieces of financial card information that is written to the contactless IC chip is performed in each financial institution.
In light of the foregoing, there is a need for an improved communication device, a remote server, a terminal device, a financial card issue system, a financial card authentication system and a program that allow the authentication of card information via a network terminal without using a user ID and/or a password required for exclusive use in a transaction via a network terminal and without building a separate authentication system at each financial institution.