1. Field of the Invention
The present invention relates to an information processing apparatus, an information processing method, and a program. More particularly, the present invention relates to an information processing apparatus for facilitating the use of IC chips, to an information processing method for use with the information processing apparatus, and to a program for use with the information processing method.
2. Description of the Related Art
In recent years, mobile phones, IC cards, and the like, in which a non-contact IC chip such as FeliCa™ is incorporated, have become popular. For example, a user can easily make a payment using electronic money by simply holding a cellular phone or the like up to a terminal (reader/writer) disposed in a shop.
Such processing (for example, a payment process using electronic money) in an IC chip is realized as a result of the following: a predetermined memory area of a memory in an IC chip is accessed and reading of data stored therein or writing of data thereinto is appropriately performed. The storage of the predetermined data and the formation of the memory area (hereinafter referred to as a “general system”) where the data is stored are performed, for example, by an IC-chip-incorporated IC card issuer (operator providing services to be settled using electronic money).
Processing for configuring a general system will now be described with reference to a flowchart in FIG. 1 (refer to the ISO7816 standard). The configuration of the general system is realized, for example, by an IC-chip-incorporated IC card issuer by controlling an IC chip 11 via a control apparatus 12, as shown in FIG. 2.
A memory 21 in the IC chip 11 before the general system is configured, as shown in FIG. 3, is formed of one large memory area (hereinafter referred to as a “system 0”), and a memory area (hereinafter referred to as an “area 0”) that is logically subordinate to the system 0.
In the system 0, a system 0 key assigned to the system 0, and definition information including the version information of the system 0 key are stored. In the area 0, an area 0 key assigned to the area 0, and definition information including the version information of the area 0 key are stored. The general system is configured in such a way that a portion of the area 0 of the system 0 is divided.
Referring back to FIG. 1, in step S1, the control apparatus 12 issues a command for specifying the IC chip 11. The specified IC chip 11 accesses the system 0 in the memory 21, and when the access is successful, the IC chip 11 notifies the control apparatus 12 of the successful access.
In step S2, the control apparatus 12 issues a command for obtaining the key version of each of the system 0 key of the system 0 of the memory 21 and the area 0 key of the area 0 provided directly below the system 0 in the IC chip 11. The IC chip 11 reads the key version of the system 0 key from the definition information of the system 0, also reads the key version of the area 0 key from the definition information of the area 0 provided directly below the system 0, and returns them to the control apparatus 12.
In step S3, the control apparatus 12 performs mutual authentication for configuring a general system with the IC chip 11 by using the system 0 key and the area 0 key. The control apparatus 12 holds the system 0 key and the area 0 key of predetermined versions. When the key version of the held key corresponds to the key version obtained in step S2, the control apparatus 12 can perform mutual authentication with the IC chip 11 by using the system 0 key and the area 0 key.
When the mutual authentication in step S3 is successful, in step S4, the control apparatus 12 issues, to the IC chip 11, a command for configuring a general system starting from the area 0 of the system 0. This command contains data indicating the size of the general system to be divided, which is encrypted using predetermined encryption keys generated on the basis of the system 0 key and the area 0 key, the general system key assigned to the general system, and the area 0 key assigned to the area 0 formed directly below the general system.
When the IC chip 11 receives the command for configuring the general system from the control apparatus 12, the IC chip 11 decodes the data contained in the command by using the predetermined encryption keys generated on the basis of the system 0 key and the area key 0. Also, the IC chip 11, as shown in FIG. 4, logically divides the general system starting from the portion of the area 0 of the system 0, and stores, in the general system (memory area), the general system key obtained as a result of the decoding, definition information containing the version information of the general system key, the area 0 key of the area 0 of the general system, and definition information containing the version information of the area 0 key.
Access to the configured general system (and the area 0) is authenticated by the general system key of the general system and the area 0 key thereof. Transmission or reception of data with respect to the area 0 of the general system is performed in such a way that the data is encrypted using the encryption keys generated on the basis of the general system key and the area 0 key of the general system.