IC (Integrated Circuit) cards (smart cards), which are expected to be used, for example, in electronic money systems and security systems, are being developed.
An IC card includes a CPU for executing various processes and a memory for storing data, etc. required for the processes, and it exchanges data in electrical contact with a predetermined reader/writer (R/W) or in a non-contact manner using electromagnetic waves. In IC cards that exchange data with the R/W in a non-contact manner using electromagnetic waves, generally, required electric power is supplied by the electromagnetic waves.
When an IC card is used, for example, in an electronic money system or a security system, security issues such as secrecy of data and prevention of forging of the IC card are essential, so that, generally, access to the IC card is allowed using a key assigned by an administrator (operator) of the system. That is, access to the IC card by a person without the key is restricted.
Furthermore, security is dictated in, for example, ISO (International Organization for Standardizaion) 7816, which defines standards for contact-type IC cards. According thereto, by applying a key to a DF (Dedicated File) that corresponds to a directory or a folder, access to DFs and EFs (Elementary Files), which correspond to files, that belongs to the layer of the DF is restricted.
Generally, what is called ticketing, which is executed for newly adding to an IC card a file for storing data for providing a new service or for changing a key required for accessing data, is generally executed at a facility or the like with adequate security management after an administrator or a manufacturer of the IC card collects the IC card issued to a user and on the market.
That is, generally, for example, an issuing agent executes primary issuing of an IC card, issuing an IC card without functions (IC card that does not allow reading or writing) to a ticketing agent that executes ticketing, as shown in FIG. 1. The ticketing agent executes ticketing (secondary issuing) so that an administrator #1 that wishes to provide a service using the IC card is allowed to use the IC card.
That is, the ticketing agent allocates a storage region to be used by the administrator #1 (a region of the administrator #1) in the IC card, and writes a key and other information that is required for the administrator #1 to access the storage region. Ticketing is executed at a place with adequate security management (hereinafter referred to as a secure place when appropriate) such as a facility of the ticketing agent. Referring to FIG. 1, the ticketing agent and the administrator #1 are typically the same entity.
The IC card that has undergone ticketing is shipped to the market and distributed to a user. Then, it is used for the administrator #1 to provide a service. That is, this allows the user to use the IC card as, for example, an electronic commuter pass or wallet.
For example, if the IC card that is now on the market supports multiple functions and if an administrator #2 other than the administrator #1 wishes to provide a service using the multi-function IC card, the ticketing agent temporarily collects the IC card on the market, as shown in FIG. 2.
Then, the ticketing agent executes ticketing so that the administrator #2 is allowed to use the IC card. That is, the ticketing agent allocates a storage region to be used by the administrator #2 (a region of the administrator #2) in the IC card, and writes a key and other information required for the administrator #2 to access the storage region. Then, the IC card that has undergone ticketing is shipped to the market again.
The key, etc. that is written to the IC card by ticketing is essential information for security of the IC card. It is undesirable to distribute such information to a place without security management (hereinafter referred to as an insecure place when appropriate) such as the market, where probability of unjust acts such as eavesdropping and tampering is high. Thus, ticketing is executed at a secure place after collecting the IC card from the market, as described above.
Thus, the IC card must be collected each time ticketing is to be executed, which is laborious. In order to overcome the above, the applicant has proposed earlier, in Japanese Unexamined Patent Application Publication No. 10-201497, a method of ticketing in which administration information including a key required for accessing a storage region is encrypted so that leakage of content of the administration information to a third party will be prevented.
Now, storage regions will be described with reference to FIG. 3. Storage regions consist mainly of area regions and service regions. An area region is allocated to each administrator, and a service region is allocated to a service provided by an administrator that administers an area region.
According to the method disclosed in Japanese Unexamined Patent Application Publication No. 10-201497, allocation of storage regions is such that both area regions and service regions are assigned, so that an assignee administrator is allowed to provide a number of area regions and service regions. Thus, an administrator to which a predetermined storage region is assigned is allowed to let yet another administrator provide area regions and service regions in the storage region under its own administration.
This indicates that a problem has existed that it is impossible to separate rights for registering service regions and area regions, that is, it is impossible to separately assign right to register service regions and right to register area regions.