1. Field of the Invention
This invention relates to a renewal method and renewal apparatus for an IC card having biometrics authentication functions to perform individual authentication utilizing characteristics of a portion of the body of the individual, and in particular relates to a renewal method and renewal apparatus for an IC card having biometrics authentication functions appropriate for performing individual authentication and for preventing the release of biometrics information.
2. Description of the Related Art
There are numerous portions of the human body which can differentiate the individual, such as fingerprints and toe-prints, the retinas of the eyes, facial features, and blood vessels. With advances in biometrics technology in recent years, various apparatuses have been provided which identify biometrics features of a portion of the human body to authenticate individuals.
For example, because blood vessels and prints of the palms and fingers of the hands provide a comparatively large quantity of individual characteristic data, they are suitable with respect to reliability of individual authentication. Blood vessel (vein) patterns in particular remain unchanged throughout life from infancy, and are regarded as being completely unique, and so are well-suited to individual authentication. In palm authentication methods, when the user brings his palm into proximity with an image capture apparatus at the time of registration or authentication, the image capture apparatus emits near-infrared rays, which are incident on the palm of the hand. The image capture apparatus uses a sensor to capture near-infrared rays rebounding from the palm of the hand.
Hemoglobin in the red corpuscles flowing in the veins has lost oxygen. This hemoglobin (reduced hemoglobin) absorbs near-infrared rays at wavelengths near 760 nanometers. Consequently when near-infrared rays are made incident on the palm of a hand, reflection is reduced only in the areas in which there are veins, and the intensity of the reflected near-infrared rays can be used to identify the positions of veins.
The user first uses an image capture apparatus to register vein image data of the palm of own hand in a server or on a card. Then, in order to perform individual authentication, the user employs the image capture apparatus to read the vein image data of own hand. The registered vein image retrieved using the ID of the user is verified against the vein pattern of the vein image for verification thus read to perform individual authentication (see for example Japanese Patent Laid-open No. 2004-062826).
Such a biometrics authentication system must ensure that biometrics characteristic data is not divulged to third parties. Hence in the field of fingerprint authentication, a method has been proposed in which fingerprint characteristic data for an individual is registered in advance in an IC (Integrated Circuit) card having biometrics authentication functions, and fingerprint characteristic data read from a fingerprint sensor is verified against the data within the IC card to perform individual authentication (Japanese Patent Laid-open No. 2000-293643).
In this method, at the time of individual authentication an IC card is used, so that divulgence of biometrics characteristic data to third parties can be prevented, and the security of individual data can be maintained.
On the other hand, such IC cards also have an expiration date specified, and IC cards must be renewed. In the cases of magnetic stripe cards and IC cards not having authentication functions, a method is adopted in which the issuer sends a new card with data recorded to the user, and the user destroys the old card.
However, in the case of an IC card with biometrics authentication functions, as described above, biometrics characteristic data is stored only in the IC card, so that the issuer cannot issue a new card in which the biometrics characteristic data is recorded. Hence if the user does not re-register biometrics characteristic data in the new IC card, biometrics authentication functions cannot be used.
In re-registration of biometrics characteristic data in a new IC card, if a person who has brought a new IC card sent from the issuer is permitted to register biometrics characteristic data, and if the person is not the individual in question, then the biometrics characteristic data of another individual is registered, with the possibility of illicit use of the card. Conversely, if retrieval of biometrics characteristic data from an IC card is permitted, there is the problem that the biometrics characteristic data may be divulged to a third party.