The invention relates to a monolithically integrable circuit arrangement consisting of a memory with non-volatile electrically writable and erasable memory cells, an addressing circuit for reading, writing and erasing the memory, and of a control unit which makes access to the memory dependent on a release operation with data comparison between stored reference data and code data entered from the outside.
For cashless payment for merchandise or settlement for services rendered and the like, data-controlled payment systems are known, which are described, for instance, in the journal "Betriebspraxis", B.BL.2/1982, page 48, by Dr. R. Nowak and W. Roeder under the title "Die Chip-Karte--naechste Generation der Automatenkarte" (The chip card, the next generation of the card for automated equipment). The cards used there carry as an essential element a non-volatile electric data memory which can be accessed via electric contacts on the card surface. A computing unit accesses for each use, via a card reader, the memory content, which may be changed in the process.
Such cards are used in security and access systems, in accounting or recording systems and in debit or credit systems. In order to assure wide distribution and frequent use of the cards, there are operators of such systems who issue a large number of cards and offer a wide-spread network of readers and computing equipments. In order to make misuse of the data impossible, the card systems must meet stringent security requirements. Especially the bearer cards, the distribution of which cannot always be controlled, must be protected against use by unauthorized persons.
This can be achieved by a validation operation ("release operation"), in which a data comparison between a code word entered by an operator or encoded by a computer with a stored reference word, is carried out and access is validated ("released") or blocked, depending on the result of the comparison. By lengthening the code word, it can practically be precluded that a cheater guesses the code used accidentally or by systematic trial. Also a personal identification code, which may include only a few characters, can be extended via a computer to a size which no longer can be decoded.
It is known from French Pat. No. 24 01 459 to equip a microprocessor system with a data memory which is divided into three memory regions with different access conditions. A first, secret region is not accessible externally in any case. Two further regions can be written-on or read-out only from the outside.
In French Pat. No. 24 71 000 an integrated circuit protected against unauthorized access for use on a credit card is described. The operation of the associated control unit is based on the fact that of a predetermined number of attempts to enter a code word, all valid and all invalid entries are counted in the order of their occurrence. If a predetermined number of unsuccessful attempts follow each other immediately, the circuit is made inoperative.
There is further known from French Pat. No. 24 60 506 a control unit of this type, in which the results of the comparison (valid or invalid) of the stored code word and the entered code words are stored symmetrically to each other in two separate memories.