(1) Field of the Invention
The present invention relates to a card type storage medium such as an IC card used as a cashless card, an identification (I.D.) card, a health management card, a municipal corporation card, etc. and an issuing apparatus issuing such card type storage medium.
(2) Description of the Related Art
A card type storage medium, for example, an IC card having an integrated circuit therein has been widely spread in recent years.
A file controlling program is set into the IC card to retain data therein so that the data to be processed by an external application program that is incorporated within a terminal apparatus, a host computer or the like can be managed in each file as as a unit.
Referring to FIG. 17, a typical IC card 100 comprises a terminal (a contact or a data communication mechanism) 110, a storage 120 and a control unit 130.
When the IC card 100 is inserted into an IC card reader/writer (not shown) of a terminal apparatus, a host computer or the like, the terminal 110 is brought into contact with a terminal of the IC card reader/writer to send and receive a signal.
The storage 120 has a file area in which data to be processed by each various application program is retained in each file, and a directory area 123 which retains control information about each data file 122 held in the file area 121.
The control unit (MPU: micro processor unit) 130 is to manage the data retained in the file area 121 in the storage unit 120 on the basis of the control information stored in the directory area 123 in the storage unit 120.
Some IC card has an electric source therein, and some IC card needs to be supplied an electric energy from a terminal apparatus or a host computer by being inserted into the terminal apparatus or the host computer. In the latter case, a nonvolatile storage such as an EEPROM is used as the storage unit 120.
Such IC card 100 is used as a cashless card, an ID card, a health management card, a municipal corporation card, etc.
In department stores, super markets, etc., a POS system has been accomplished with employment of a cashless card such as a prepaid card or a credit card for sales promotion. If the IC card is used as such cashless card, it is essential to provide a function for advance payment or future payment to the cashless card, for example, the prepaid card or the credit card.
If the IC card 100 is used as an ID card to improve convenience in, for example, an intelligent building, the IC card needs to have a function to hold data about entrance and retrieval to and from the room, attendance of employees, etc. in the data files 122.
If the IC card 100 is used as a health management card in a hospital, a fitness facility or the like to improve convenience, the IC card 100 has to hold various data such as appointment, carte, results of examination and measurement for the management.
Likewise, if the IC card 100 is used as a municipal corporation card to improve use of public facilities or administrative service, the IC card holds data about appointment of the facilities, automatic issue of various applications as data files 122 therein.
The IC card 100 shown in FIG. 17 has predetermined personal identification,number (hereinafter, referred as PIN) for every data file 122 retained in the storage unit 120 in order to reinforce the security of the data retained in the IC card 100. Each of the PIN is held as control information in the directory area 123 in the storage unit 120.
In order to gain an access from an external application or the like, only when a PIN sent with the access is in coincidence with the PIN retained in the directory area 123 in the storage unit 120, the control unit 130 allows reading or updating of the data retained in the data file 122.
The PIN for each data file 122 is set when the IC card 100 is issued by a card issuing apparatus (not shown). Management of the PIN set by the card issuing apparatus, which varies from each other depending on a card owner, is carried out by another host computer (not shown) different from the card issuing apparatus.
If a person owing the IC card accidentally forgets a PIN of his or her own IC card 100, the PIN is read out from the host computer managing the PIN through a terminal apparatus which can gain an access to the host computer to verify the PIN.
The host computer manages the PINS of the owners of all issued IC cards (card type storage media) 100. In addition, it is sometimes necessary to set plural different PINs to every data files in each IC card. The host computer therefore requires a large area in the storage to manage the PINs. The management of the PINs is, therefore, quite complex and troublesome to the entire IC card system. Moreover, in the event of an accident, use of a terminal apparatus accessible to the host computer is indispensable to verify the IC card. Such verification of the IC card causes inconvenience to users of the IC card.
Meanwhile, a card type storage medium, which is used ahead of an IC card, for example, a magnetic card, is operated in a mode where the stored data is unchangeable as personal identification information (ID). An IC card 100 as above is used in a mode where stored data (for example, information about an amount of money) is variable, as represented by a cashless card.
In such mode of use, the IC card is used as a cashless card. In the event of an accident such as system down, power-source break-down, pull-out of the IC card 100 in the course of an updating process to receive money or for account settlement, a failure may develop in data in the data file 122 in the IC card 100. At present, it is impossible to repair or restore (data recovery) such failure in data within the IC card 100.
To cope with such event, a presently conducted technique is to set an area of 1 byte referred as BCC (block check character) in each record of data held in the data file 122 of the IC card 100, adjust the BCC such that a bit number in each records becomes an even number or an odd number and write the BCC in each record to make a check on the bit number in each record as to whether the bit number is an even number or an odd number upon reading out the data. For instance, in the case where the BCC is so adjusted that the bit number in each record is an even number, if the bit number in the record is an odd number upon checking, some action is taken upon check-out such as to prohibit the IC card 100 from being used.
It is, however, impossible to detect a system failure as conflicting data developed between the records by such BCC check, as shown in FIG. 18.
Namely, in the case where data writing and updating are executed a plurality of times (three times in FIG. 18) as one unit of process in the course from an open to close of the IC card 100 by the application program 200 of an external terminal apparatus or the like, if a system failure occurred before the second updating after the first record was updated, it is impossible to detect the system failure by the BCC since no conflict occurred in data as a record unit held in the IC card 100.
Since the BCC checks a number of bits by a record unit, if 2 bits (an even bit) are left out, or the number of bits are the same but their represented value are different (for example, "0111" and "1011", if three bits), it is impossible to detect such failure as conflicting data.
In consequence, for example, as shown in FIG. 19, if a system failure occurred while one record is being written into the IC card 100, causing a situation that there exist an updated part and an unupdated part within the same record, there is possibility that such failure cannot be detected.
To solve the above problem, it is necessary to provide a BCC in each record in the file area 121 of the storage unit 120. This results in that a large area is required for the BCCs, if a large volume of data need to be stored in the card.
As stated above, there has been developed no technique to repair and restore data failure (data recovery) within the IC card 100. If such repair and restore are handled on the side of the apparatus, the host computer needs to manage recovery information (restoration data and the like) of all IC cards every time the IC card is used. As a result, it is necessary to execute the recovery on data conflict by (1) communicating with the host computer in real time to restore the data, or (2) prohibiting the IC card from being used, and issuing a new card.
To cope with the above problem, the conventional IC card has disadvantages such that a configuration of the IC card system become difficult, a large area is required to store recovery information in the storage of the host computer, and management of the entire IC card system becomes quite complex, as same as the PIN management. Further, to repair and restore the data in the IC card 100 in the event of a system failure, it is necessary to use a terminal apparatus accessible to the host computer, or to reissue the IC card. Such data recovery work is quite troublesome to the card user.