The conventional issuance of services to IC cards has been performed, for example, in a case where an IC chip built in an IC card is FeliCa (trademark) and an installed OS (Operating System) is a general-purpose-type OS for applications such as a Felica OS, by a plurality of issuing commands being transmitted from an issuing-side terminal to the IC card (IC chip) and the plurality of issuing commands being executed in the IC card.
Here, a service represents a range, in which the entity of data, such as electronic money data itself, is managed in a file system of an IC card. For example, a file used in Windows (registered trademark) corresponds to a service. In order to access data managed in a certain service, it is necessary for a terminal side that intends to access the data to have the same key as an authorization key assigned for the certain service according to need.
The issuance of a service represents processing for, by ensuring an area of a memory in which information defining the service and user data such as electronic money data itself are to be stored and storing such information in the memory, creating a new service in a file system of an IC card.
When a service-issuing command is issued in an IC card, one data structure is expressed in accordance with a combination of units of user data for which the type of specific data structure, a method for accessing user data, and an authorization key to be used for authentication in the case of making access, which are defined for each OS, can be set. Accordingly, realization of a corresponding application can be achieved.
An application represents a service provided by a server (application server). Applications include a prepaid electronic money application, a credit application, a ticket application, and the like. A user of an IC card receives the issuance of a service corresponding to an application, the provision of which the user wishes to receive, by performing processing, such as holding his or her IC card over a reader/writer provided at a predetermined position of a service-issuing terminal. After that, the user is able to receive the provision of the application by utilizing the IC card that has received the issuance of the service.
In addition, conventionally, a command to be used in the operation of an application after the issuance of a service is received (a command transmitted from a reader/writer to an IC card) has been arranged to be defined for each processing operation (each function) that is performed by the IC card, such as a command for authentication, a command for reading, or a command for writing.
Thus, in a case where a certain application is realized by individual processing operations such as authentication of an IC card, reading of data from the IC card, and writing of data to the IC card, an application server needs to perform design processing and make preparations such that commands can be transmitted, in units of functions, to the IC card from a terminal used by a user in a case where the provision of the application is received. An OS of the IC card needs to interpret individual commands transmitted in units of functions from the reader/writer and to perform processing operations corresponding to the individual commands.
Meanwhile, in a case where an OS installed in an IC chip is a platform-type OS, such as a MULTOS (trademark) or Java (registered trademark) Card, the issuance of a service is performed when a service-issuing program prepared by an application server is downloaded into an IC card and the downloaded program is executed. In the service-issuing program, a data structure of the service that is necessary for realization of an application, a method for managing a key, and the like are defined by the application server.
In addition, after the issuance of the service is performed as described above, the application is realized when a program for operating the application is downloaded into the IC card and the downloaded program is executed.
FIG. 1 is an illustration for explaining a conventional service-issuing method for an IC card in which a general-purpose-type OS for applications is installed.
As shown in FIG. 1, the issuance of a service is performed by a service-issuing system 1. The service-issuing system 1 is, for example, a system that is provided by an application server and is constituted by a service-issuing terminal 11 and a service definition database 12. A reader/writer 11A is provided at a predetermined position of the housing of the service-issuing terminal 11. The service-issuing system 1 may be constituted by a single apparatus or may be constituted by a plurality of apparatuses.
An IC card 2 is a contactless IC card owned by a user who wishes to receive the provision of a specific application. A service-issuing function 21 and a file system 22 are implemented in the IC card 2. The service-issuing function 21 is a function implemented when a specific program is executed by an IC chip. The service-issuing function 21 interprets a service-issuing command transmitted from the service-issuing terminal 11 and performs the issuance of a service. The file system 22 is a file system for managing data stored in a memory of the IC chip. In order to receive the issuance of the service, the IC card 2 is placed over the reader/writer 11A of the service-issuing terminal 11.
When the IC card 2 is placed over the reader/writer 11A, in process P1, the service-issuing terminal 11 queries the service definition database 12 as to a command parameter to be added to a service-issuing command that is to be issued to the IC card 2, as shown in FIG. 1.
When receiving the query from the service-issuing terminal 11, in process P2, the service definition database 12 sends, as a response, a command parameter for designating a data structure corresponding to the type of service to be issued, a method for accessing user data, and the like.
When receiving the response from the service definition database 12, in process P3, the service-issuing terminal 11 transmits, to the IC card 2, a service-issuing command including information, added thereto as a command parameter, obtained by the query to the service definition database 12. The transmission of the service-issuing command and the command parameter is performed through the reader/writer 11A.
When receiving the service-issuing command and the command parameter transmitted from the service-issuing terminal 11, the service-issuing function 21 of the IC card 2 interprets the service-issuing command and, in process P4, performs IC-card internal processing. By the IC-card internal processing performed here, service definition information 22A is generated on the basis of the command parameter transmitted, together with the service-issuing command, from the service-issuing terminal 11. The service-issuing function 21 performs mapping of the service data structure in the file system 22 in accordance with the service definition information 22A. Accordingly, the service-issuing function 21 performs the issuance of the service.
When the issuance of the service has been completed, in process P5, the service-issuing function 21 transmits, to the service-issuing terminal 11, information indicating that the issuance of the service has been completed.
The conventional issuance of a service has been performed as described above. In the generation of service definition information for defining a desired service data structure, in some cases, the generation of such service definition information cannot be achieved by only a single exchange operation in processes P3 and P5. In these cases, the exchange operation in processes P3 and P5 is repeated a plurality of times.
FIG. 2 is a flowchart for explaining a conventional process performed between the reader/writer and the IC card 2 at the time of the operation of an application in accordance with a payment sequence. As processing sequences that define a process performed between the reader/writer and the IC card 2 at the time of the operation of an application, a charge sequence for increasing the balance of electronic money, a PIN sequence for performing authentication by using a PIN (Personal Identification Number), and the like, as well as the payment sequence, are available.
The process of FIG. 2 is performed when the IC card 2 that has received the issuance of a service as shown in FIG. 1 is placed over the reader/writer of a terminal that is provided so as to be used by a user when the user receives the provision of an application.
In step S1, the reader/writer performs, by transmitting a Polling command, search for and acquisition of the IC card 2 with which the reader/writer is to communicate.
In step S21, the IC card 2 receives the Polling command transmitted from the reader/writer. The IC card 2 proceeds to step S22 to respond to the Polling command.
When the response from the IC card 2 is transmitted, the reader/writer receives the response in step S2. The reader/writer proceeds to step S3 to perform, by transmitting a mutual authentication command, mutual authentication between the reader/writer and the IC card 2.
In step S23, the IC card 2 receives the mutual authentication command transmitted from the reader/writer. The IC card 2 proceeds to step S24 to read specific information to be used for mutual authentication from a memory and transmit the read information to the reader/writer.
When the information to be used for mutual authentication is transmitted from the IC card 2, the reader/writer receives the information in step S4.
In step S5, the reader/writer checks whether or not the amount of money to be paid meets a payment execution condition. In a case where the reader/writer confirms that the amount of money to be paid meets the payment execution condition, the reader/writer proceeds to step S6. For example, the upper limit of the amount of payment may be set as a payment execution condition. In this case, only the amount of money not exceeding the upper limit amount of money can be paid.
In step S6, in order to check whether or not the current time falls within the period of validity of the service, the reader/writer transmits, to the IC card 2, a Read command (a command for reading) including an identifier, added thereto as a command parameter, representing the position in which information indicating the period of validity of the service is stored.
The period of validity can be set for a service issued to the IC card 2. The period of validity of a service is represented using information on part of a service data structure defined by service definition information. At the time of the issuance of a service, the position in a memory where each piece of information constituting a service data structure is stored is defined by service definition information. A storage position of each piece of information to be read is identified by an identifier transmitted as a command parameter of a Read command from the reader/writer.
In step S25, the IC card 2 receives the Read command transmitted from the reader/writer, and reads the information indicating the period of validity of the service from its storage position identified by the identifier transmitted as a command parameter of the Read command. The IC card 2 proceeds to step S26 to transmit, to the reader/writer, the read information indicating the period of validity of the service.
When the information indicating the period of validity is transmitted from the IC card 2, the reader/writer receives the information in step S7.
In step S8, the reader/writer checks, on the basis of the information transmitted from the IC card 2, whether or not the current time falls within the time period of validity of the service. In a case where the reader/writer confirms that the current time falls within the period of validity, the reader/writer proceeds to step S9.
In step S9, in order to check the balance of electronic money stored in the IC card 2, the reader/writer transmits, to the IC card 2, the Read command including an identifier, added thereto as a command parameter, representing the position in which information indicating the balance is stored.
In step S27, the IC card 2 receives the Read command transmitted from the reader/writer, and reads the information indicating the balance of electronic money from its storage position identified by the identifier transmitted as a command parameter of the Read command. The IC card 2 proceeds to step S28 to transmit the read information indicating the balance to the reader/writer.
When the information indicating the balance of electronic money is transmitted from the IC card 2, the reader/writer receives the information in step S10.
In step S11, the reader/writer checks whether or not the balance of electronic money stored in the IC card 2 exceeds the amount of payment. In a case where the reader/writer confirms that the balance exceeds the amount of payment, the reader/writer proceeds to step S12.
In step S12, the reader/writer transmits, to the IC card 2, a Write command (a command for writing) including identifiers, added thereto as command parameters, representing the amount of payment and the position in which the balance is stored.
In step S29, the IC card 2 receives the Write command transmitted from the reader/writer. The IC card 2 proceeds to step S30 to perform a payment transaction. In the payment transaction, the current balance of electronic money, the storage position of which is identified by the identifier transmitted as a command parameter of the Write command, is overwritten with the amount of money that is obtained by subtracting the amount of payment from the previous balance.
When the overwriting of the balance has been successfully performed, in step S31, the IC card 2 transmits, to the reader/writer, a success response, which is information indicating that the payment transaction has been successfully performed.
When the success response is transmitted from the IC card 2, the reader/writer receives the success response in step S13.
In step S14, the reader/writer transmits, to the IC card 2, the Write command including identifiers, added thereto as command parameters, representing the value of an access log and the position in which the access log is stored.
In step S32, the IC card 2 receives the Write command transmitted from the reader/writer. The IC card 2 proceeds to step S33 to perform access-log writing processing. In the access-log writing processing, the value of the access log is written at the storage position identified by the identifier transmitted as a command parameter of the Write command.
When the writing of the value of the access log has been successfully performed, in step S34, the IC card 2 transmits, to the reader/writer, a success response, which is information indicating that access-log writing processing has been successfully performed.
When the success response is transmitted from the IC card 2, the reader/writer receives the success response in step S15. Accordingly, a series of processing operations based on the payment sequence is completed.
As described above with reference to FIG. 1, the issuance of a service may be performed by using a plurality of commands. In addition, as described above with reference to FIG. 2, the process based on one processing sequence for realizing an application is performed by using a plurality of commands that are defined in units of functions of an IC card.
In Patent Document 1, a technology for performing cooperative processing between card applications on the basis of a cooperative coupon in which the processing details of cooperative processing between a plurality of card applications and conditions under which the cooperative processing should be performed are described is disclosed. In Patent Document 2, an electronic key system in which a mobile terminal and a contactless IC card are combined is disclosed.    Patent Document 1: Japanese Unexamined Patent Application Publication No. 2005-316992    Patent Document 2: Japanese Unexamined Patent Application Publication No. 2005-285056