The present invention relates to a portable card containing an integrated device such as an IC card that performs a radio communication with a terminal apparatus, a communication system, a communication method, a terminal apparatus, and a computer-readable record medium recording a program.
Local governments, transport facilities, financial institutions, medical institutions or the like are interested in management of personal information using IC cards. IC cards are the cards that contain an integrated device (also referred to as a one-chip IC) that includes a nonvolatile memory, a processor, an authentication circuit or the like. An IC card containing a one-chip IC that records personal information can always be carried by the owner. The personal information recorded in an IC card is referred to as occasion demands. Also, the authentication circuit contained in the IC card prevents the personal information from being read improperly. Compared with magnetic cards, IC cards protect the personal information well from improper accesses. Such IC cards conform to ISO standards which have already been provided or will be provided. Remote-type IC cards are defined in ISO14443. Close-type IC cards are defined in ISO10536.
Remote-type IC cards receive electric power from terminal apparatuses through radio waves, then integrated devices inside the IC cards are activated. The remote-type IC cards are said to be suitable for the checking of commuter passes or management of people entering and exiting a facility. For example, when an owner of an IC card holds the IC card over a terminal apparatus formed in a railroad ticket gate to enter the gate to ride on a train, the integrated device contained in the IC card is activated receiving power through radio waves from the terminal apparatus. When the IC card contains an authentication circuit and a memory circuit that stores information indicating that the IC card is used as a commuter pass, information of a railway line section traveled by the card owner, and information of a valid period of the commuter pass, the terminal apparatus in the ticket gate coordinates with the authentication circuit and the memory circuit to check the validity of the IC card. When there is no problem in the travel section and commuter pass period, the terminal apparatus permits the card owner to enter the platform; and when there is a problem, the terminal apparatus prohibits the card owner from entering the platform.
In the case of magnetic cards used as commuter passes, card owners are required to take out a card and let the card pass through a ticket gate. If the above commuter pass checking system becomes prevalent, IC card owners will not be required to do the above operations. This will facilitate commuters who pass through ticket gates using commuter passes, and relieve the congestion at tickets gates such often seen at rush hour in terminal stations in large cities.
A remote-type IC card coordinates with a terminal apparatus to transfer personal information at a ticket gate even though there is some distance between them. Remote-type IC cards are very useful as described above and give us an impression that all the specifications for IC cards for managing personal information may well be unified to a remote-type. However, conventional remote-type IC cards are not suitable for coordination with terminal apparatuses to deal with personal information which should be kept secret. A some different type of IC card would be suitable for dealing with secret, personal information.
The reason for thinking that remote-type IC cards are not suitable for dealing with personal information is as follows. When an improperly intentioned third party holds an IC card over a terminal apparatus while the terminal apparatus is transmitting or receiving personal information to/from another IC card, the third party can store the personal information into the IC card.
Also, it is possible for a communication apparatus located near a terminal apparatus to receive personal information transferred between the terminal apparatus and an IC card. The communication apparatus may be operated by an improperly intentioned third party. That is to say, it is possible for the third party to intercept personal information, or alter the intercepted information and transmit the altered information to the terminal apparatus. In this case, every time a remote-type IC card coordinates with a terminal apparatus, there is a danger that personal information leaks.
Considering the above, storing important personal information into a remote-type IC card for use is not desirable.
There is a method of storing important personal information into IC cards while maintaining the usefulness of the remote type IC cards. It is a combination-type IC card which is made by combining specifications of remote-type IC cards with those of contact-type IC cards. Each contact-type IC card has a contact-type connector. The integrated device in a contact-type IC card is activated when the IC card is connected to a terminal apparatus via the connector. After the IC card is connected to a terminal apparatus, it is impossible for a communication apparatus disposed near the terminal apparatus by an improperly intentioned third party to intercept personal information. In this case, also, the terminal apparatus can check the credibility of the card owner by checking in input code number or the like. As apparent from this, contact-type IC cards are far more excellent than remote-type IC cards in security, and suitable for payment or the like.
Connectors in contact-type IC cards may, however, be smeared or wet. This would reduce the conductivity of the connectors. Therefore, owners of combination-type IC cards are required to treat, keep, or carry the cards carefully to protect connectors from such problems. This puts a constant burden upon the card owners. Also the card owners should carefully insert or remove IC cards so that the cards are not damaged. This makes the card owners nervous whenever they use the IC cards. Suppose each card owner feels nervous when he/she inserts or remove a combination-type IC card into/from a cash dispenser in a financial institution, it takes a lot of time for each one to perform payment. When this happens, a long line of cash dispenser users may be made before each cash dispenser on days when banks have a lot of cash dispenser users for payment.
In addition to the above, when a combination-type IC card is repeatedly made contact with terminal apparatuses, both ends of a connector are worn out, resulting in a faulty connection. If maintenance is frequently required for both the cards and terminal apparatuses due to such faulty connections, financial institutions having cash dispensers may not introduce the combination-type IC card.
It is therefore the first object of the present invention to provide a dual-purpose portable card used for, for example, payment or passing through a ticket gate, without being electrically connected using a connector.
It is the second object of the present invention to provide a portable card that allows the owner of the card to switch between two purposes of the card, such as payment and passing through a ticket gate.
It is the third object of the present invention to provide a portable card that can be switched between a purpose requiring a heavy-load process and a purpose requiring a light-load process.
The first object is fulfilled by a dual-purpose portable card, the portable card comprising an integrated device which includes: an identifying unit operable to, when the portable card approaches a terminal apparatus, identify either a first purpose or a second purpose for which the portable card is used, based on a radio wave transmitted from the terminal apparatus; a processing unit operable to perform a first process when the portable card is used for the first purpose and perform a second process when the portable card is used for the second purpose; and a communicating unit operable to perform a non-contact-type data input/output between the terminal apparatus and the processing unit by performing radio communication with the terminal apparatus when the portable card is used for either of the first purpose and the second purpose.
With the above construction, when the dual-purpose portable card is a combination-type IC card used for, for example, payment and passing through a ticket gate, a switching between the two purposes and recognition by the terminal apparatus are done in accordance with the radio wave transmitted from the terminal apparatus. In doing so, the card owner is not required to insert or remove a connector, for example. As a result, the portable card of the present invention is highly useful.
Also, when the first purpose and the second purpose require different processes to be done, data input/output between the portable card of the present invention and the terminal apparatus for either purpose is performed through a radio communication. There is no need of connecting a connector to the card. As understood from this, there is no need of worrying about abrasion of a connector or faulty connection in terms of the portable card of the present invention since connection using a connector is not required in switching between the two purposes or in inputting or outputting data. No maintenance is required for the portable card and the terminal apparatus. This makes the payment work or checking at the ticket gate economical.
Furthermore, the portable card of the present invention can communicate with the terminal apparatus even if it is smeared or wet. As apparent from this, the portable card operates normally even if it is treated somewhat roughly, and the owner of the card need not worry about how to carry or store the portable card.
The second object of the present invention is fulfilled by the above portable card, wherein the identifying unit includes: a judging unit operable to judge that the portable card is used for the second purpose when the portable card is a first distance or shorter away from the terminal apparatus, and judge that the portable card is used for the first purpose when a distance between the portable card and the terminal apparatus is in a range of a second distance to a third distance.
With the above construction, the owner of the portable card can use the portable card for the second purpose by bringing it close to the terminal apparatus, and can use it for the first purpose by keeping it at a distance from the terminal apparatus. This facilitates the card owner since the card owner can switch between the two purposes by changing the distance between the portable card and the terminal apparatus.
The third object of the present invention is fulfilled by the above portable card, wherein the integrated device receives a power supply from the terminal apparatus, the power the terminal apparatus supplies to the integrated device changes according to the distance between the portable card and the terminal apparatus, the identifying unit includes a comparing unit operable to compare a received voltage of a radio wave received by an antenna with a predetermined threshold value, and the judging unit judges that the portable card is the first distance or shorter away from the terminal apparatus when the received voltage is higher than the predetermined threshold value, and judges that the distance between the portable card and the terminal apparatus is in the range of the second distance to the third distance when the received voltage is lower than the predetermined threshold value.
With the above construction, the purpose of the portable card can be switched in accordance with the power received by the integrated device. That is to say, either the first process or the second process is selected according to the load and the power consumption required for the process. More particularly, payment, which requires higher confidentialness than checking at a ticket gate, has a larger load due to mutual authentication or data encryption to provide higher security, can be performed when the portable card is the first distance or shorter away from the terminal apparatus when the portable card receives higher power from the terminal apparatus.
Also, the portable card need not have a battery since the integrated device receives a power supply from the terminal apparatus. As a result, the portable card is lighter and simpler than conventional ones.
In the above portable card, the terminal apparatus may be either a first terminal apparatus that outputs a radio wave having power lower than a first power level to the portable card, or a second terminal apparatus that has an antenna in an electromagnetically shielded box and outputs a radio wave having power of a second power level that is twice the first power level or higher, to the portable card in the box, and the predetermined threshold value is determined based on (1) received power of a radio wave that has power of the first power level and is received when the distance between the portable card and the terminal apparatus is in the range of the second distance to the third distance and (2) received power of a radio wave that has power of the second power level and is received when the distance between the portable card and the terminal apparatus is the first distance or shorter.
With the above construction, since the second terminal apparatus has a device that is arranged (e.g., electromagnetically shielded) to prevent leakage of a radio wave, and the portable card is inserted into the electromagnetically shielded device, personal information transferred between the terminal apparatus and the integrated device is prevented from being intercepted by an improperly intentioned third party. Since the second process performed in the close mode can handle personal information that requires high security. Accordingly, the integrated device can coordinate with the terminal apparatus to process the personal information without contacting the internal circuit of the terminal apparatus. Accordingly, the portable card of the present invention not only coordinates with the terminal apparatus through a communication in the remote mode as conventional portable cards do, but performs a process for payment which has been thought unsuitable for such a card from the viewpoint of security. That is to say, one portable card of the present invention includes all personal information required for the two purposes.
Also, the power supplied from the first terminal apparatus can be as low as conforms to the domestic law such as the Radio Law. Accordingly, the portable card can coordinate with the terminal apparatus without violating laws, keeping a necessary distance between them.
In the above portable card, the second purpose may deal with more confidential data than the first purpose, the first process includes at least one of an encryption process for encrypting data using a first encryption key, a decryption process for decrypting data using the first encryption key, a certification process for certifying, in response to an authentication process performed by the terminal apparatus, authenticity of the portable card using the first encryption key, and an authentication process for authenticating the terminal apparatus using the first encryption key, the second process includes at least one of an encryption process for encrypting data using a second encryption key which provides higher security than the first encryption key, a decryption process for decrypting data using the second encryption key, a certification process for certifying, in response to an authentication process performed by the terminal apparatus, authenticity of the portable card using the second encryption key, and an authentication process for authenticating the terminal apparatus using the second encryption key, the second process has a heavier processing load than the first process, and the second power level is determined based on an amount of power consumed when the processing unit performs the second process.
With the above construction, an encryption key providing higher security is used for the second purpose for which higher security is required. As a result, the portable card of the present invention not only coordinates with the terminal apparatus through a communication in the remote mode as conventional portable cards do, but performs a process for payment which has been thought unsuitable for such a card from the viewpoint of security. That is to say, one portable card of the present invention includes all personal information required for the two purposes.
In the above portable card, the integrated device may include a storage unit which includes (1) a first area for storing data that is used only for the first purpose and (2) a second area for storing data that is used only for the second purpose, the communicating unit includes a transmission/reception unit operable to receive a command issued by the terminal apparatus and transmit data to the terminal apparatus using wireless communication, the processing unit includes an access managing unit operable to, when the identifying unit has identified either the first or second purpose, permit either the first or second area corresponding to the identified purpose to be accessed and prohibit the other areas from being accessed, a decoding unit operable to decode the command received by the transmission/reception unit, and a memory access unit operable to, when the decoding unit detects that the command is a read command as a result of the decoding, read a piece of data specified by the read command from either the first or second area and instruct the transmission/reception unit to transmit the piece of data, and operable to, when the decoding unit detects that the command is a write command as a result of the decoding, write a piece of data specified in the write command to the first or second area.
With the above construction, the portable card permits accesses to only a specific area for a predetermined purpose and prevents accesses to the other areas. Accordingly, even if personal information that requires high security is stored in the second area, it is impossible for an improperly intentioned third party to intercept radio communication with the portable card while the portable card is normally carried by the owner.
In the above portable card, the integrated device may include a synchronization clock signal generation unit operable to, when the first terminal apparatus supplies power of the first power level to the portable card, send to the processing unit a synchronization clock signal having a first frequency that is generated in accordance with a frequency of a carrier of a received signal, and operable to, when the second terminal apparatus supplies power of the second power level to the portable card, send to the processing unit a synchronization clock signal having a second frequency that is higher than the first frequency.
With the above construction, as the power supply increases, the frequency of the synchronization clock signal increases. This enables the integrated device to operate at high speed. Also, since the second circuit is activated by the synchronization clock signal having high frequency, a multi-OS software program such as the Java card is applicable.
The above objects are also fulfiled by a terminal apparatus which communicates with a portable card that contains an integrated device set to either a first mode or a second mode, wherein in the first mode, a predetermined process is performed and in the second mode, a process that requires higher security than the first mode is performed, the terminal apparatus comprising: a box which contains an antenna and is electromagnetically shielded so that a radio wave having over a predetermined level of power does not leak from the terminal apparatus; and a communicating unit operable to, after the portable card is inserted into the box, set the integrated device to the second mode and then communicate with the integrated device by allowing the antenna to emit a radio wave.
With the above construction, since the terminal apparatus has a device that is arranged (e.g., electromagnetically shielded) to prevent leakage of a radio wave, an d the portable card is inserted into the electromagnetically shielded device, personal information transferred between the terminal apparatus and the integrated device is prevented from being intercepted by an improperly intentioned third party. Since the second mode performed in the close mode can handle personal information that requires high security. Accordingly, the integrated device can coordinate with the terminal apparatus to process the personal information without contacting the internal circuit of the terminal apparatus. Accordingly, the portable card of the present invention not only coordinates with the terminal apparatus through a communication in the remote mode as conventional portable cards do, but performs a process for payment which has been thought unsuitable for such a card from the viewpoint of security. That is to say, one portable card of the present invention includes all personal information required for the two purposes.
The above terminal apparatus may further comprise one of: a first reading unit operable to read, after the portable card is inserted into the box, physically recorded information indicating authenticity of the portable card, from the portable card; a receiving unit operable to, after the portable card is inserted into the box, receive owner information that is input from an owner of the portable card and indicates authenticity of the owner; and a second reading unit operable to read, after the portable card is inserted into the box, bio-information indicating physical characteristics of the owner, from the owner, and the communicating unit sets the integrated device to the second mode after confirming authenticity of the owner or the portable card using one of the physically recorded information, the owner information, and the bio-information.
With the above construction, it is possible for the terminal apparatus to check the authenticity of the portable card and the card owner using any combination of (a) information physically recorded in the portable card, (b) owner information, and (c) bio-information of the portable card owner. This provides high-level authentication and prevents counterfeit of the portable card.