The present invention relates to a method and system for transmitting electronic value information, in which value information called an electronic value is transmitted and received using a noncontact (or contact) IC card having a memory function for holding data and capable of reading data from and writing data into the memory in a noncontact manner or using an electronic system provided with the IC card.
It is commonly practiced to conduct identification of a user, authentication processing, etc., at the time of using a specific service using a personal identification number or a password. For example, when a user uses a cash card or a credit card at a financial institution, such as a bank, the user is prompted to enter a personal identification number or a password at a banking terminal such as a cash dispenser, etc. If confirmation is made that the user has entered a correct personal identification number or a correct password, the user is allowed to perform a financial transaction such as money transfer, payment, money receipt, at the like.
A storage medium, such as a magnetic stripe, etc., disposed on a cash card, etc., has a small storage capacity, and is provided with only a storage area for an exclusive use for that bank. Also, the above-described personal information such as a personal identification number, a password, etc., can be accessed if the storage medium, such as a magnetic stripe, etc., can be read out. It is therefore hard to say that the protection against forgery and unauthorized use has been sufficiently provided.
Accordingly, in recent years, cards (in the following, called IC cards), in which an IC chip accommodating a larger amount of information than a magnetic stripe disposed on a cash card or a credit card is embedded, have appeared in order to protect forgery, etc. IC cards include contact IC cards having an electrical contact and noncontact IC cards capable of reading and writing data through radio transmission.
In the case of a noncontact IC card, an IC card reader/writer, which reads and writes information from and to the IC card, can access the IC card held above by a user without contacting by electromagnetic inductive coupling. Such an IC card reader/writer is installed, for example, at a shop, on a cash dispenser, at a gateway of a concert hall, at a ticket gate of a station, etc.
With such an IC card, personal identification or authentication processing is performed between the IC card and the IC card reader/writer by user's input of a personal identification number into the IC card reader and matching the input personal identification number and the personal identification number stored in the IC card. If the personal identification or authentication processing has been successful, for example, it becomes possible to use an application stored in the IC card. Applications held in an IC card include value information, which is so-called an electronic value, for example, electronic money, an electronic ticket, a prepaid voucher, etc.
In recent years, an IC card reader/writer capable of being connected to an information processing terminal such as a personal computer, a PDA (Personal Digital Assistant), a mobile phone, etc., or an electronic system having a main unit to which an IC chip is embedded are being provided. In this manner, an information processing terminal to which an IC card reader/writer can be connected, or an information processing terminal containing an IC chip capable of contact or noncontact communication can perform various application services using an IC card (IC chip). For example, it is possible to perform user interaction on an IC card by an information processing terminal using an input part such as a keyboard on the information processing terminal and a user interface such as a display unit, etc. Also, if an IC card is connected to a mobile phone, it is possible to exchange information stored in the IC card through a telephone communication network.
For example, it is possible to perform electronic settlement for electronic money stored in an IC card, an electronic ticket, a prepaid voucher, etc., electronic value processing such as settlement by a prepaid-card type, and the other various services from an information processing terminal possessed by a user.
However, an electronic system such as an information processing terminal containing an IC chip capable of storing an electronic value is sometimes subjected to a model change by a machine failure, replacement for a high-performance model, etc. In this case, it is necessary to transfer the contents stored in the IC chip directly to an IC chip of a new device after the replacement so that the content (an electronic value) is transferred exactly. Thus, the electronic value and the personal information should not be exposed and should not be left in another terminal.
Also, when value information in an IC chip is transferred, there is a risk of losing an electronic value, and a risk of an electronic value being replicated illegally and altered by a communication trouble or a machine failure.
For example, when an information processing terminal containing an IC chip is a mobile phone, if an electronic value can be transmitted and received between terminals, a communication company is often different from a service provider which provides an electronic value such as electronic money, an electronic ticket, etc. Accordingly, a communication company does not have key information and a logic which are necessary for accessing an electronic value, and thus there are a lot of inconveniences for processing the electronic value. Also, if a communication company undertakes to transfer an electronic value between the terminals, the communication company providing electronic value services assumes the responsibility for electronic values and key information. Also, for service providers providing electronic values, it is not preferable to disclose key information and a logic, which become the basis of the services, to a communication company.
A technique for securely transferring an electronic value such as electronic money, an electronic ticket, etc. held in an IC card or an IC chip is disclosed (for example, refer to Japanese Unexamined Patent Application Publication No. 2003-141429). In this technique, there are provided a value-information service apparatus for securely maintaining value information itself to be transferred, a key for accessing this value information, and the logic thereof; and a value-information transfer service apparatus for relaying the upload of value information stored in the information recording medium of the transfer source to the value-information service apparatus and the download of value information from the value-information service apparatus to a information recording medium of a transfer destination.
Incidentally, when an IC chip storing value information is contained in a electronic system such as a mobile phone, etc., if a model of the system is changed for some reason, it is necessary to transfer the value information, the personal information, etc., stored in the IC chip between electronic systems, that is to say, between the IC chips. User's personal information and an electronic value such as electronic money and an electronic ticket, etc., are necessary to be transferred exactly in the same manner between the systems or between a host providing an electronic value service and a terminal connected to the host while keeping secret.
In a card or an electronic system which contains an IC chip, when an electronic value such as electronic money, etc., is transferred from a sender to a recipient, if an electronic value of the sender is simply replicated to the recipient, there is a risk of allowing to make copies to a plurality of recipients, to make alterations, etc. Also, if a problem occurs at communication time, there is a possibility of losing the electronic value itself.
In the technique disclosed in the above-described patent document, a terminal receiving electronic value service is enabled to securely hold value information itself to be transferred, a key for accessing the value information, and the logic thereof. Moreover, the data transfer system is provided with an apparatus which relays value information stored in the information recording medium of the transmission source terminal when uploading the value information to the value-information service apparatus and value information from the value-information service apparatus to the information recording medium of the transmission destination terminal when downloading the value information to the value-information service apparatus. However, the above-described problem remains, because value information passes through a third apparatus.