The present invention relates to an integrated circuit (IC) card including IC's such as a microcomputer and a memory device, and in particular, to a composite IC card sharable among a plurality of enterprises which has an enhanced security of information for each enterprise by preventing illegal and erroneous usages and which comprises a memory area to be commonly used by the enterprises for an effective utilization of the memory.
In the following description, the term of enterprise is used to indicate an individual enterprise such as a bank, a department store, a clinic, a financial company; furthermore, each department or division in such an enterprise or a juridical person. For example, a deposit division, a loan division, an exchange division of bank A and a surgery department and a psychiatrist department of clinic B are each indicated as enterprises. Moreover, if the general affairs department, the sales department, and the research & development department of a company each take part in a service of utilization of the card, these departments each can be denoted as enterprises. In addition, the present invention is also applicable to a composite card for other than such enterprises. For example, when a card is used for a family, namely, when a card is shared among a husband, a wife, and a child; these members are treated like enterprises if the information thereof is to be separately controlled respectively in the card. In the following paragraphs, a description will be given of an example of a composite IC card for which a plurality of companies participate in the service thereof.
Since an IC card includes a microcomputer and a memory, the IC card constitutes by itself a small-sized information processor having the functions for judgment and storage. Consequently, the data security and safety can be further increased as compared with the conventional magnetic card such as a bank card. Furthermore, since the storage capacity has been greatly increased due to the advance of the IC technology, the IC card is highly expected as a data storage card.
Recently, there is proposed an IC card (to be referred to as a composite IC card herebelow) to be commonly used among many enterprises for conveniences of the card owners. In the past, for example, the cards to be used between a card owner and a plurality of enterprises such as a bank, a department store, a clinic, a financial company has been individually issued by the respective enterprises, and hence the card owner has been required to inconveniently carry a plurality of cards for the bank, the department store, and so on.
Consequently, there has been proposed an improvement which enables the processing between the card owner and these enterprises to be executed with a card. For example, the deposit record of a bank, the transaction record and the settlement of accounts of a department, the examination records of a clinic, and the records of credit transactions are to be entirely processed by use of a card. The composite IC card system is therefore implemented by composing a plurality of different service functions or by integrating several functions of a company into an IC card.
This is enabled by the increase of the storage capacity of the memory device included in the IC card.
The contents of information stored in the composite IC card include those commonly required for each enterprise such as the name, address, birthday, and occupation of the card owner and those individually required for each enterprise. The system must therefore allows the common information to be accessed from any enterprise and the individual information to be accessed only from the pertinent enterprise. That is, the deposit information of a bank cannot be accessed from a clinic, and contrarily, the information of clinical history cannot be accessed by a bank or a department store. For example, even in the same clinic, the recorded information of the psychiatist department must be prevented from being easily accessed from the surgent department; on the other hand, the information of the internal division is to be commonly used in the maternity division in some cases.
As described above, for the composite IC card to be shared among a plurality of enterprises, the card access is required to be selectable such that a storage area for writing therein information of an enterprise is strictly prevented from being accessed from other enterprises depending on the content of the information or that an access to the storage area is allowed only for particular enterprises.
Generally, in an IC card system, when the card is used, a code number is entered to confirm that the card is being used by the proper owner, and only if the entered number is correct, the access to the information is allowed. In this case, from a point of view of prevention of an illegal card usage by a third person, it has been proposed to limit the number of error inputs of the code number; and if the predetermined limit number is exceeded, the processing by use of the card is prevented, so that the storage area of the card is not accessed.
For a composite IC card for which a plurality of enterprises take part in the service thereof, a recorded information to be exclusively used by an enterprise must not be manipulated by other enterprises, that is, the read and write operations of the data unique to each enterprise must be strictly controlled for the security of the information. Moreover, in a system in which the access to the entire card is locked when the limit of the invalid inputs of the code number reaches the predetermined limit, the card becomes to be unavailable for all enterprises at once, which leads to a loss of the convenience of the composite IC card. For the composite IC card as described above, there arises the problem different from those associated with the conventional, unifunctional IC card.
Against an illegal input of a code number by a malicious third party, the security of information can be enhanced by the means to lock the access to the storage area. For an erroneous input of a code number by mistake of a correct user, it is desirable to adopt a proper measure of the relief.
Particularly, for a multipurpose, composite IC card including a plurality of information systems therein so as to be used for various purposes, there may exist many enterprises simultaneously controlling such information systems contained in the IC card, which increases the possibility of the wrong input as compared with a single-purpose, IC card. In this case, moreover, the relief measure for the access lock is required to be taken for each enterprise.
There has been proposed a security system of an IC card in which the number of wrong inputs of a code is limited to prevent an illegal usage of the IC card by a third person other than the correct card owner and when the limit is exceeded, the processing by use of the IC card is inhibited. Since a plurality of code numbers of various kinds are assigned to a composite IC card, even if the access lock is set to a certain code when this security system is applied to the composite IC card, the processing is required to be enabled with the other codes.
To satisfy these requirements, even if a code is erroneously inputted exceeding the predetermined limit, the overall IC card should not be locked by means of, for example, a data access inhibit bit, an inhibit gate, or a memory destruction but it is desirable to make the code itself or the storage area assigned to the code to be unusable.
For a composite IC card as described above, there exists a sophisticated requirement with respect to the security of information to be satisfied as compared with the unifunctional IC card.
The co-pending U.S. patent application Ser. No. 891,876, now U.S. Pat. No. 4,734,568 filed on July 30, 1986 by the applicant of present application describes that a security level is set to each storage area of an IC card having a plurality of storage areas and that an access condition to a storage area is established according to the security level.
In the JPA No. 61-18794 filed on Sept. 16, 1978 in Japan with the priority of the France Patent Application No. 7728049 filed on Sept. 16, 1977 (Applicant: Honeywell Bull), there has been disclosed an IC card system having a plurality of storage zones and a plurality of keys.
Furthermore, the JPA No. 61-134872 filed on Dec. 5, 1984 in Japan by the Omron Tateishi Electronics Co. describes an IC card system capable of supporting a plurality of services.
In addition, the JPA No. 61-139876 filed on Dec. 13, 1984 in Japan by the Casio Computer Co., Ltd. has disclosed a personal identification IC card which can be used among a plurality of service organizations.
These cards each are composite IC cards for which a plurality of enterprises take part in the services thereof; however, the countermeasure to retain the security of information between the enterprises has not been described.