JPH06103426A - IC prepaid card system - Google Patents

Abstract

(57) [Summary] (Correction) [Purpose] To prevent fraud caused by falsification of information even if communication encryption is broken. [Structure] When the IC card 6 is inserted into the IC card terminal 1, a card public key nU, a card identification number IDU, and a center digital signature SA (nU * IDU) are sent to the terminal 1. The terminal 1 verifies with the public key nA, and if correct, sends authentication OK to the IC card 6. The IC card 6 sends to the terminal 1 the amount V and the digital signature SU (V) created with the card keys pU and qU. When the terminal 1 confirms that the total amount V is equal to or higher than the service charge, it sends OK to the IC card 6 and permits the service to start. When the service ends, the terminal 1 subtracts the service charge from the amount of money V, the remaining amount of money V ', the digital signature ST (V' * IDU) terminal public key nT created by the terminal keys pT and qT, the terminal identification number IDT and the center. Digital signature of SA (nT * ID
T) is sent to the IC card 6. The IC card 6 verifies the received signature and, if both are correct, stores the remaining amount V '.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention comprises an IC card used as a prepaid card and an IC card terminal which provides a service by subtracting the prepaid charge amount in the inserted IC card. I
The present invention relates to an IC prepaid card system that is inserted into a C card terminal, and after the service is provided at the IC card terminal, the new remaining amount after reducing the service charge is transmitted from the IC card terminal to the IC card and written in the memory in the IC card. .

[0002]

2. Description of the Related Art Conventionally, in this type of system, an IC card and an IC card terminal have the same encryption method, have the same secret key, and the balance information is encrypted with this secret key to communicate with each other. Was unable to see or tamper with the private key even if the inside of the IC card or IC card terminal was opened. However, the secret key information in the IC card or the IC card terminal is not perfect, and it is possible that the secret key information is leaked over a long period of time. When the IC card terminal is widely used, it is difficult to completely replace the secret key at the same time, and there is a great social impact such that a well-meaning user cannot use it for a long time.

[0003]

In order to solve the above problems, the present invention allows an IC card and an IC card terminal to send and receive balance information with their own digital signatures, as well as a public key for signature verification of each other. And the mutual identification information is sent and received with the digital signature of the management center whose security is completely protected, and the issued amount when issuing the IC card is also digitally signed by the management center and sent to the IC card. I
After the signature is verified by the C card, the amount of money is written in the memory in the IC card.

[0004] Here, a digital signature technique which can prove that the person who has transmitted the digital information surely transmitted and acknowledged the digital information, like imprinting on a document, is described in, for example, NTT R & D Vol. 40, No. 5,199
1, PP687-686, "High-speed digital signature system E"
SIGN ”. According to the digital signature, the document M and the secret key K are used to create the digital signature S created by the signature generation function, and the signature S and the document M are transmitted to the other party. Using S and the public key U, the signature verification function can verify whether the document is indeed made by the person having the secret key K, and the person having the secret key K cannot deny the fact. Here, K and U are different numerical values (that is, K ≠ U), and even if the value of U is known, the characteristic of K is that the value of K cannot be calculated. Further, even if a part of the document is changed, the verification result is determined to be invalid. It has been shown in the above-mentioned document that, if an algorithm called ESIGN is used, these digital signature functions can be put into a practical processing time on a program scale that can be mounted on an IC card.

A digital signature for the document M using the secret key K will be referred to as S (M) below.

[0006]

According to the present invention, since the IC card and the IC card terminal send and receive the identification number and public key to each other with the digital signature of the management center, the contents of communication can be seen and the inside of the card or terminal can be opened to send and receive. Even if the contents are tampered with, if the signature verification is performed on the receiving side, fraud can be detected. Also, I stole
The contents of the IC card can be transferred to other ICs using a C card terminal.
Even if the data can be copied to the card, the digital signature of the management center for the card identification information is difficult to tamper with, and the only way to copy is, so if the data of the used IC card is collected, the copy can be checked.

In addition, modifying a stolen IC card terminal or issuing an equivalent IC card with a personal computer and an IC card reader requires the creation of a digital signature at a management center that is performing sufficient management. It is impossible unless you know the master key for

[0008]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT An embodiment of the present invention will be described with reference to the drawings. FIG. 1 shows a system configuration example of an embodiment of the present invention. The IC card terminals 1 and 2 perform charge processing by the IC card 6 and provide various services such as telephone calls. I
At the time of installation, the C card terminals 1 and 2 are connected to a management center 4 for setting and managing security information via a communication network. Further, the IC card 6 is written with initial data by the IC card issuing machine 5 at the time of issuing, but the security information necessary for the IC card 6 is delivered from the management center 4. If some of the functions of the management center 4 are carried on a portable terminal or the like and brought to the installation location of the IC card terminal 1, it is not always necessary to connect to the management center via the communication network 3 when the terminal is installed. Absent.

FIG. 2 shows an internal configuration example of the IC card terminal 1, and FIG. 3 shows an internal configuration example of the IC card 6. The IC card terminal has an IC card reader / writer unit 11 for reading and writing to the inserted IC card 6, an operation input unit 12 such as a keyboard, a display unit 13, a control unit 14 for controlling each unit, and a communication network. The communication processing unit 15 processes the communication via the communication unit 3.

In the IC card 6, programs such as IC card processing procedures and methods are stored in the ROM 61.
The CPU 63 uses the RAM 62 as a work area to perform all control, and the communication unit 65 communicates with the IC card reader / writer unit 11 of the IC card terminal 1 via the contact 66. FIG. 4A shows processing when the IC card terminal is installed. When installing the IC card terminal 1, the management center 4
Receive the following information from:

Master public key nA for verifying digital signature of management center 4 Terminal key pT, qT for IC card terminal 1 to make digital signature Terminal public key nT IC for verifying digital signature of IC card terminal Terminal identification number IDT for identifying the card terminal Terminal public key nT and digital signature SA (nT * IDT) of the management center for the terminal identification number IDT The IC card terminal 1 receives the information and then signs with the master public key nA. The validity of SA (nT * IDT) is verified, and if it is valid, these pieces of information are recorded in the memory in the control unit 14.

Note that the master keys pA and qA of the management center 4 are set in the management center 4 and each I to be managed.
Terminal identification number IDT and its ID that differ for each C card terminal
It has a function of generating a terminal public key nT and terminal keys pT and qT corresponding to T. The terminal keys pT and qT are I
It is desirable to record in a memory area in the C-card terminal 1 that cannot be easily accessed from the outside, for example, in the RAM of the 1-chip CPU or in a battery backup RAM configured so that power is supplied from the battery by an illegal operation.

FIG. 4B shows an IC by the IC card issuing machine 5.
The processing when issuing a card is shown below. The IC card 6 receives the following information from the IC card issuing machine 5. These pieces of information are delivered from the management center 4 to the IC card issuing machine 5 in advance. Master public key for verifying the digital signature of the management center 4 nA Card key p for the IC card 6 to make a digital signature
U, qU Card public key nU for verifying the digital signature of the IC card 6 Card identification number IDU for specifying the IC card 6 Digital signature SA (nU * IDU) of the management center for the card public key nU and the card identification number IDU After receiving these pieces of information, the IC card 6 verifies the validity of the signature SA (nU * IDU) with the public key nA, and if it is valid, records these pieces of information in the EEPROM 64. Normally, the EEPROM 64 in the IC card 6 cannot be directly accessed from the outside, so that the information cannot be read unless a predetermined procedure is taken. Especially card key p
Since U and qU do not need to be read out to the outside once they are recorded once, it is desirable to manage them so that they cannot be read out.

The management center 4 has a function of generating a different identification number IDU for each IC card to be issued and a card public key nU and card keys pU, qU corresponding to the IDU. FIG. 4C shows a process of writing the prepaid amount in the IC card 6. The initial issuance of the IC card 6 and the recharging of the IC card 6 when the remaining amount becomes zero are performed by this procedure.

The IC card 6 transmits the public key nU, the identification number IDU, and the signature SA (nU * IDU) to the IC card issuing machine 5. The IC card issuing machine 5 verifies the signature SA with the public key nA set inside beforehand, and if it is valid, recognizes that it is a correctly issued card, and pays the prepaid amount V and the prepaid amount V delivered from the management center 4. Digital signature SA of the management center for the card identification number IDU
(V * IDU), the amount V thereof, and the issuer identification number IDC preset in the IC card issuer 5 are transmitted to the IC card 6. The IC card 6 verifies the received digital signature SA and, when it recognizes it as valid, records the information in the EEPROM 64 in the card.

The prepaid amount V and the card identification number I
The digital signature SA of the management center for the DU connects the IC card issuing machine 5 and the management center 4 online each time, sends IDU and V to the management center 4, and SA (V
* IDU) may be delivered, and such information may be stored in the IC card issuing machine 5 in advance. FIG. 5 shows a process when the user uses the IC card 6 to receive a service from the IC card terminal 1. The user inserts the IC card 6 into the IC card reader / writer unit 11 of the IC card terminal 1.
The IC card 6 to the IC card terminal 1
U, IDU, SA (nU * IDU) are transmitted.

The IC card terminal 1 verifies the digital signature SA using the public key nA, and if it is correct, returns the authentication OK to the IC card 6. Subsequently, the IC card 6 transmits V and the digital signature SU (V) of the IC card, and the digital signature SU is verified using the public key nU. If it is correct, the remaining amount V of the IC card 6 is displayed on the display unit 13
To display. The user refers to the guidance displayed on the display unit 13 and pays the charge for the service specified by the dial number or the like by the operation input unit 12 to the IC card terminal 1.
Read from the list stored in the memory of the control unit 14 or access the communication network 3 to obtain necessary service charge information from the communication network 3 or a service center (not shown). To receive via. Compare the required service charge with the remaining amount V, and
If the value is large, the service will be provided.

For example, in the case of telephone service, the remaining amount V
If is 10 yen or more, an instruction to dial the other party is displayed on the display unit 13, and the user dials the other party as the user dials. If the verification result of the digital signature is abnormal in the above process, stop the process at that point,
Return the IC card 6. After the service ends, that is, after the call with the other party ends, the service charge result stored in the memory in the control unit 14 of the IC card terminal 1 or the service charge result transmitted from the communication network 3 or the service center is left as the above-mentioned. The control unit 14 subtracts the amount V from the amount V to obtain a new remaining amount V ', and the amount V'and the card identification number I
A digital signature ST (V '* IDU) of the IC card terminal is created using the terminal keys pT and qT for the DU. Furthermore, the IC card terminal 1 uses these nT, IDT, SA (nT *
IDT), V ', ST (V' * IDU) IC card 6
Send to.

The IC card 6 verifies the signature SA received with the public key nA, verifies the signature ST with the public key nT, and if both are valid, the information received from the IC card terminal 1 together with the remaining amount V'is stored in the EEPROM 64. To record. In the verification of the digital signatures SA and ST, if either one is abnormal, the remaining amount of money is not updated,
Record the details of the abnormality in the IC card using a code.

Also, when the remaining amount V'is larger than the original amount V in the IC card, it is judged as an abnormality and the content of the abnormality is recorded by a code. In FIG. 6, when the IC card 6 is used to receive a service at the IC card terminal 1,
In the procedure of transmitting the remaining amount of money to the C-card terminal 1, a random number is used so that the communication content is different every time, and the procedure when the security is further enhanced against the wiretapping of the communication will be described.

The user inserts the IC card 6 into the IC card terminal 1
When the IC card terminal 1 authenticates that the IC card terminal 1 is a valid IC card, the IC card terminal 1 generates a random number R and sends it to the IC card 6. The IC card 6 internally generates a random number X, creates a digital signature SU (R * X * V) of the IC card for the random number R, the random number X, and the remaining amount V, and together with the random number X and the remaining amount V, the IC card terminal 1 Send to. The IC card terminal 1 verifies the digital signature SU with the public key nU and authenticates that it is the legal balance V. We will forgive the start of the service.

After the service is completed, the IC card terminal 1 displays the new balance V ', the card identification number IDU,
Digital signature ST (R * X
* V '* IDU) is created and transmitted to the IC card 6.
The IC card 6 verifies the digital signature ST with the public key nT transmitted at the same time, and recognizes that it is the legal balance V ′.

With this configuration, the random numbers R and X have different values each time the IC card is used.
Digital signatures will also be different. Therefore, even if the signals of the IC card and the IC card terminal are intercepted and the same signal is sent to the IC card terminal without using the IC card, the signals do not match because the random numbers are different, and an illegal operation is performed. Can be prevented.

Even when updating to a new balance, even if the intercepted signal is sent to the IC card by some means, the random numbers are different and the signals do not match, so that it is possible to prevent an illegal operation. Fig. 7 shows I at initial issue or recharge
A procedure for increasing security by using a random number when writing the prepaid amount to the C card is shown. Here, it is assumed that the IC card issuing machine 5 and the management center 4 are connected online.

When the IC card 6 is inserted into the IC card issuing machine 5, the IC card 6 is nU, IDU, SA (nU * I).
DU) to the IC card issuing machine 5, and the IC card issuing machine 5 verifies the validity of the digital signature SA with the public key nA, and authenticates that the IC card is a valid IC card. The IC card issuing machine 5 generates a random number R, and the random number R, the amount information V,
The issuer identification number IDC is transmitted to the IC card.

The IC card 6 generates a random number X, generates a random number R,
An IC card digital signature SU (R * X * V) is created for the random number X and the amount information V, and the IC card issuing machine 5
Send to. The IC card issuing machine 5 verifies the digital signature SU, and if valid, transmits the random number R, the random number X, the amount information V, and the card identification number IDU to the management center 4.

The management center 4 creates a digital signature SA (R * X * V * IDU) for these pieces of information and sends it to the IC card 6 via the IC card issuing machine 5. IC
By verifying the digital signature SA, the card 6 authenticates that it is a valid issuer, and records this information in the memory. The IC card issuing machine 5 may be configured to read and write data in the IC card 6 without performing verification processing. In this case, the IC card issuing machine 5 acts as a relay device in each case. The management center 4 performs the verification of the digital signature and the generation of the random number only by fulfilling them.

FIG. 8 shows a case in which the management center 4, the IC card terminal 1, the IC card 6, and the IC card issuing machine 5 are in remote places to perform information transmission according to the communication procedure, and the information on the communication path. In order to prevent eavesdropping and tampering, the procedure of the secret key setting method when the transmission side encrypts the communication contents with the secret key and the reception side decrypts it with the same secret key as the transmission side is shown.

The management center 4 has a function E for encryption communication, a temporary common key Ktemp for encryption, a common key KO, and a key generation master key KA for generating a key for encryption communication from specific information. Here, as the cryptographic function, for example, FEAL
Are well known. The encryption of the document M by the key K is represented as EK {M}. The encryption key is generated by the key generation master key KA from the identification number of the terminal or the card.

When the IC card terminal 1 is manufactured, the temporary common key Kt
The emp is recorded in the memory, and this K
The cryptographic terminal key KT and the common key KO are delivered by cryptographic communication using the temp as a key, and these KO and KT are recorded in the memory. Here, the terminal key KT is generated by the master key KA from the above-mentioned terminal identification number IDT. After that, the signal exchange with the management center described with reference to FIG. 4A is performed by an encrypted signal using the KT unique to the terminal as a key.

The IC card 6 is manufactured by manufacturing the temporary common key Kte.
mp is recorded in the memory, and when the IC card 6 is issued, the encryption card key KU and the common key KO are delivered via the IC card issuing machine 5 by the encrypted communication using the Ktemp as a key, and these KU and Record KO in memory. Here, the encryption card key KU is generated by the master key KA from the identification number IDU of the card described above.

This key KU is n as described in the explanation of FIG. 4B.
At the time of delivery of A, IDU, etc., it may be delivered in a batch from the management center 4 to the IC card issuing machine 5. After that, the exchange of signals between the IC card and the IC card issuer described in FIGS. 4B and 4C is performed by encrypted communication using the KU unique to the card as a key. On the other hand, the exchange of signals between the IC card terminal 1 and the IC card 6 shown in FIGS. 5 and 6 is performed by encrypted communication using the common key KO as a key.

When the IC card issuing machine and the management center are connected online as described with reference to FIG.
By transmitting the card identification number IDU from the IC card to the management center, the management center can generate KU by KA from the IDU. Therefore, the common key KO is not used for writing or recharging the prepaid amount,
Security can be further enhanced by using the card key KU for encryption unique to the card.

In the above description, the IC card issuing machine 5 is explained as being located in a place different from the management center 4, but
The both may be integrated, or the IC card issuing machine 5 and the IC card terminal 1 may be realized in the same housing. Furthermore, when transmitting the terminal keys pT and qT from the management center to the IC card terminal, and I
When the card keys pU and qU are transmitted from the C card issuing machine to the IC card, the digital signature of the management center is added to the keys and the signatures are verified on the receiving side to further enhance security. it can.

[0035]

As described above, according to the present invention, since the charge amount is transmitted and received between the IC card and the IC card terminal using the digital signature, even if the encryption in communication is broken,
It is possible to prevent fraud caused by falsification of information. Also, I stole
Even if the C card terminal is modified to create a modified IC card, the IC card has a history of the identification number of the written IC card terminal. You can specify the route.

Furthermore, producing a correct IC card or a correct IC card terminal can be difficult because there is no secret key for creating the signature of the management center.

[Brief description of drawings]

FIG. 1 is a block diagram showing a system configuration example of an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration example of an IC card terminal.

FIG. 3 is a block diagram showing a configuration example of an IC card.

FIG. 4A is a diagram showing a process of a management center for IC card terminal setting, B is a diagram showing a process of an IC card issuing machine at the time of issuing an IC card, and C is an IC card issuing machine at the time of issuing an IC card and recharging. It is a figure which shows a processing procedure.

FIG. 5 is a diagram showing an example of a processing procedure between an IC card and an IC card terminal.

FIG. 6 is a diagram showing another example of processing means between an IC card and an IC card terminal.

FIG. 7 is a diagram showing an example of a processing procedure among an IC card, an IC card issuing machine, and a management center when writing money amount information.

FIG. 8 is a block diagram showing delivery of an encryption key for performing encrypted communication between an IC card, an IC card terminal, an IC card issuing machine, and a management center.

─────────────────────────────────────────────────── ───

[Procedure amendment]

[Submission date] October 28, 1992

[Procedure Amendment 1]

[Document name to be corrected] Drawing

[Name of item to be corrected] Figure 1

[Correction method] Change

[Correction content]

[Figure 1]

[Procedure Amendment 2]

[Document name to be corrected] Drawing

[Name of item to be corrected] Figure 2

[Correction method] Change

[Correction content]

[Fig. 2]

[Procedure 3]

[Document name to be corrected] Drawing

[Name of item to be corrected] Figure 3

[Correction method] Change

[Correction content]

[Figure 3]

[Procedure amendment 4]

[Document name to be corrected] Drawing

[Name of item to be corrected] Fig. 4

[Correction method] Change

[Correction content]

[Figure 4]

 ─────────────────────────────────────────────────── ─── Continuation of front page (72) Inventor Shoji Miyaguchi 1-1-6 Uchisaiwaicho, Chiyoda-ku, Tokyo Nihon Telegraph and Telephone Corporation (72) Inventor Tatsuaki Okamoto 1-1-6 Uchisaiwaicho, Chiyoda-ku, Tokyo No. Japan Telegraph and Telephone Corp. (72) Inventor Jun Fujioka 1-1-6 Uchisaiwaicho, Chiyoda-ku, Tokyo Nihon Telegraph and Telephone Corp.

Claims (8)

[Claims] 1. A master public key nA for verifying a digital signature, a terminal key pT for a terminal to digitally sign a signature,
qT, terminal identification information IDT, terminal public key nT for verifying the digital signature of the terminal, a memory storing a digital signature first SA by a master key for information including the identification information IDT and the terminal public key nT, and received A means for verifying the digital signature second SA with the public key nA, and if correct, a means for transmitting an authentication notification to the IC card, and a received digital signature SU for verification with the card public key nU, which is the valid amount information V, and If the amount of money is sufficient, means for starting the service, and when the service ends, the terminal key for the information including the amount information V ′ obtained by subtracting the fee required for the service from the amount information V and the card identification information IDU Means for creating a digital signature ST, said ST, said V ', said first SA, said nT, said I
A means for transmitting DT to an IC card; an IC card terminal comprising: a master public key nA; a card key pU, qU for the IC card to make a digital signature; and a card identification information ID
The card public key nU, the identification information IDU, and the card public key n for verifying the digital signature of the U card
A memory storing a digital signature second SA by the master key for information including U, the amount information V, the amount information V, and a digital signature third SA by the master key for information including the card identification information IDU, and an IC card. When inserted into an IC card terminal, means for transmitting the public key nU, the identification information IDU, and the digital signature second SA to the IC card terminal, and the card key for the information including the amount information V Means for creating the digital signature SU, means for transmitting the amount information V and the digital signature SU to the IC card terminal when the authentication notification is received from the IC card terminal, and the received digital signature first SA and ST Are verified by the public keys nA and nT, respectively, and if valid,
An IC prepaid card system comprising: an IC card having means for storing the amount information V'in the memory. 2. The IC card terminal includes means for generating a random number R, means for including the random number R in the transmission of the authentication notification, and means for including the random number X and the random number R when the digital signature ST is created. The IC card is included in the means for generating the random number X, and the means for including the received random number R and the random number X when the digital signature SU is created. IC prepaid card system. 3. A memory for storing master keys pA, qA and said master public key nA, said terminal identification information IDT different for each IC card terminal, and said terminal public key nT and said terminal key pT corresponding to the IDT. , QT, a means for generating the digital signature first SA using the master key for information including the public key nT and the terminal identification information, and an IC card for setting the IC card terminal. The terminal includes a management center having the public keys nA, nT, the terminal keys pT, qT, the terminal identification information IDT, and means for transmitting the digital signature first SA. A means for verifying the received digital signature first SA with the public key nA and, if valid, storing the received various information in the memory. I according to claim 1 or 2, characterized in that
C prepaid card system. 4. The master public key nA, a memory storing the issuer identification information IDC, and the digital signature second SA received from the inserted IC card are stored in the public key n.
To the IC card issuing machine, including an IC card issuing machine having means for verifying using A and means for transmitting the amount information V and the digital signature third SA to the IC card if the verification is correct. When inserted, a means for transmitting the public key nU, the card identification information IDU and the digital signature second SA to the card issuing machine, and the digital signature third SA received from the IC card issuing machine to the public key nA. If it is correct, the amount information V and the digital signature
3. The IC according to claim 1, wherein the IC card includes means for storing SA in the memory.
Prepaid card system. 5. A means for transmitting the public keys nA, nU, the card keys pU, qU, the card identification information, and the digital signature second SA to the IC card when the IC card is inserted into the IC card. The digital signature second SA received by the issuing machine is verified with the public key nA, and if correct, the received nA, pU, qU, IDU, n
5. The IC prepaid card system according to claim 4, wherein the IC card includes means for storing U and second SA in the memory. 6. A memory for storing the master keys pA, qA and the master public key nA, the card identification information IDU different for each IC card, the card public key nU corresponding to the IDU, and the card key pU. , QU, and the digital signature second using the master key for the information including the public key nU and the card identification information.
A management center having means for generating an SA, and means for transmitting the public keys nA, nU, the card keys pU, qU, the card identification information IDU, and the digital signature second SA to the IC card issuing machine. The IC prepaid card system according to claim 4 or 5, wherein 7. A means for generating a random number R provided in the IC card issuing machine or the management center, information V provided in the IC card issuing machine, and the digital signature third
Means for including the random number R in the transmission of SA to the IC card and the random number X, the amount information V, the card identification information I
A means for transmitting the DU to the management center, a means for generating the random number X provided in the IC card, a random number X included in the digital signature SU, and the random number X for transmission information to the IC card issuing machine. Means for including, means for creating the digital signature third SA using the master key for information including the amount information V, the card identification information IDU, and the random numbers R and X provided in the management center, and its digital The IC prepaid card system according to claim 6, further comprising means for transmitting the signature third SA to the IC card issuing machine. 8. A memory for storing a key generation master key, a temporary common key and a common key, a means for generating an encryption terminal key and an encryption card key by the key generation master key, and a setting time of the IC card terminal. Means for transmitting the encryption terminal key and the common key to the IC card terminal by the cryptographic communication using the temporary common key, and the cryptographic card key and the cryptographic card key and the information used when the IC card is issued by the cryptographic communication using the temporary common key. And a means for transmitting a common key to the IC card, wherein the IC card terminal performs encryption communication using the provisional common key prepared in advance from the management center to the encryption terminal key and the common key. And a means for performing encrypted communication using the encryption terminal key with the management center, and the IC card uses encrypted temporary common key prepared in advance. Means for receiving delivery of the encryption card key and the common key from the management center, means for performing encrypted communication with the encryption card key with the management center, and encryption communication with the common key for the IC card terminal And a means for performing the operation.
IC prepaid card system described.