1. Field of the Invention
The present invention relates to technologies of dynamic authentication by a third party other than a party issuing an IC card(that is, smart card), a method to load an application onto an IC card as well as utilization of the dynamic authentication and the method.
2. Related Arts
Since an IC card can be used for recording a large amount of information and offers a high degree of security, the IC card is becoming popular in recent years as an information-recording medium serving as a substitute for a magnetic card. Also becoming the main topic of IC cards in recent years are an IC card provided with a multi-application function capable of loading a plurality of applications on the IC card, an IC card having a dynamic loading function capable of loading an application after the issuing of the IC card and a card OS.
Traditionally, a system for loading an application onto any of these IC cards limits applications to be loaded only to applications that have a signature of an institution issuing the cards. This is because a system allowing anybody to load an application raises a security problem and, in addition, the so-called dynamic loading function for loading an application into an IC card after the issuing of the card is a premise.
FIG. 1 is a diagram showing the logical configuration of basic areas inside an IC mounted on an IC card 11. As shown in the figure, the IC comprises a hardware layer 101, an area for loading an OS and an area for loading applications. To be more specific, the area for loading an OS is an OS layer 102 and the area for loading applications is an application layer 107. The multi-application function is a capability of loading a plurality of applications 106 into the application layer 107. The dynamic loading function is a capability of loading or deleting an application 106 after the issuing of the IC card 11. The OS layer 102 includes a communication processing module 103, an interpreter 104 and a security function 105. The OS layer 102 receives a command from an external terminal and transmits a command issued by an application. Of course, an application interface is provided between the application layer 107 and the OS layer 102 whereas a hardware interface is provided between the OS layer 102 and the hardware layer 101.
FIG. 2 is a diagram showing the conventional system configuration for issuing IC cards and rendering services. A card issuer 302 is a business institution mainly doing businesses of issuing IC cards and management of the IC cards. The card issuer 302 is thus responsible for the issuing and management of IC cards. A service provider 303 is a business institution mainly producing applications to be loaded on IC cards and management of the IC cards. In many cases, an application is dynamically loaded onto an IC card from a terminal of the service provider 302 after the issuing of the IC card. A client 301 has an external terminal 304 for exchanging commands between an IC card and the external terminal 304. The card issuer 302 has a card-issuer data base 305 for storing issuing management data. IC-cards are issued and distributed to users in accordance with the issuing management data. The issuing management data includes applications made by users and basic information required for issuance of IC cards. An IC-card loading application created or acquired by the service provider 303 is used for loading an application into an IC card. A service-provider data base 306 is used for storing data related to applications. Such data is referred to hereafter as application relevant data. As described above, the card issuer 302 is responsible for all matters of an IC card. For this reason, there is required a procedure to be followed by the card issuer 302 for recognizing validity of an application. The service provider 303 requests an application load processing unit 310 employed in the card issuer 302 to permit an operation to load an application. In the card-issuer data base 305, application data has been stored in advance. The application load processing unit 310 checks the requested application to form a judgment as to whether or not the application is invalid. The application load processing unit 310 also checks the service provider 303 making the request to from a judgment as to whether or not the service provider 303 is illegal. If the application is valid and the service provider 303 is legal, the application load processing unit 310 issues permission for loading the application. The service provider 303 then transmits the application and the permission for loading the application to the IC card. For this reason, the service provider 303 makes a contract with the card issuer 302 in advance to assure that the service provider 303 is a legal business enterprise and applications to be loaded are not invalid.
It is assumed that the server of the card issuer 302 and the server employed in the service provider 303 are connected to each other by a network in many cases and the severs are capable of exchanging documents with each other.
In addition, in an operation to load an application into an IC card, the card may use an application and data dedicated to application loading. In such a system, each service provider 303 is provided with an application known as a security domain for executing functions of application loading, deletion and management.
FIG. 3 is a diagram showing the logical configuration of basic areas inside an IC loaded into an IC card 11 having a security domain unit. A security domain 108 existing at an application layer is used for managing applications 106 for which the IC card 11 is responsible. An application 106 is loaded or deleted in a process through the security domain 108. In addition, the security domain 108 is entrusted with management of security information such as key data and management of data such as ID numbers in some cases.
The conventional system for loading an application onto an IC card described above is capable of dynamically loading and deleting an application while maintaining a high degree, of security. In an operation among a plurality of card issuers and their service providers, however, there are raised some problems.
As described above, a service provider needs to make a contract in advance with a card issuer issuing an IC card, on which the service provider desires to load an application. That is to say, the card issuer is in relationships based on contracts with all service providers, which each desire to load an application onto an IC card issued by the card issuer. When the card issuer loads or deletes an application onto or from an IC card at a request made by a service provider, the application loading technique described above can be adopted. To be more specific, a service provider 803 in a relationship based on a contract with a card issuer 302 is capable of loading an application onto an IC card 11 by adopting the conventional method as shown in FIG. 5. However, a request to load an application may be made by a service provider 803, which did not make a complicated contract in advance with the card issuer 302 or does not request the card issuer 302 to catalog the application severally. In the first place, the fact that a plurality of applications can be loaded into an IC card is a great advantage and the fact that a plurality of services can be rendered is a big merit to the card issuer 302, which manages the IC cards, and the user using the cards. Thus, a demand for the capability of handling such a request made by the service provider 803 and the capability of storing a plurality of applications as well as the capability of rendering a plurality of service is expected to rise year after year. With the contemporary application loading technique, it is impossible to render a service without making a contract in advance. As shown in FIG. 5, some information needs to be exchanged between the service provider 803 and the card issuer 302. That is to say, in accordance with the conventional application loading system, a service provider needs to make a contract in advance with each card issuer issuing an IC card, on which the service provider desires to load an application thereof. In addition, the service provider must obtain permission for loading an application from a card issuer when the application is loaded onto an IC card issued by the card issuer. The following problems rise in the implementation of the conventional application loading system.
(1) Relations based on contracts and communication traffics during operations between card issuers and service providers increase in number and become complicated.
In operations to mutually render services between N card issuers and M service providers, N*M relationships based on contracts are established, resulting in a large number of contracts and a lot of communication traffic during operations. Thus, the cost and the processing time increase and, as a result, the price of the IC card eventually rises.
(2) In actuality, enterprises are not capable of establishing relationships based on contracts.
Assume a case, in which an application produced by a domestic enterprise is loaded onto an international IC card. In this case, making a direct contract between the domestic enterprise and the international card issuer is not so practical. The international card issuer may conceivably establish a representative for handling businesses with domestic enterprises. However, it is difficult for the international card issuer to make a direct contract and establish a communication with a business institution, to which the service provider pertains.