1. Field of the Invention
The present invention relates to a portable electronic device such as an IC card (electronic smart card) for use as a credit card or cash card.
2. Description of the Related Art
So-called magnetic cards, i.e. cards with a magnetic stripe, such as credit cards or cash cards, are now in widespread use. In recent years, however, IC cards have become the subject of considerable attention as a replacement for magnetic cards. An IC card, or electronic smart card, incorporates a microchip having an erasable nonvolatile memory and a control device, such as a central processor unit (CPU), which controls the memory. Because of the provision of a memory an IC card has an increased storage capacity, compared to a magnetic card, enabling the card user to perform various transactions on the basis of account information stored therein. In processing a transaction data, an input personal identification number (PIN) is collated with a stored PIN to ascertain that the user is the owner of the card.
One or a plurality of identification numbers are stored in a memory of the card. A PIN externally entered by the user is collated with a specified registered PIN within the card. A plurality of PINs will be needed from a view point of multipurpose and security of the IC card.
A conventional IC card stores information as to the affirmative result of collation of an identification number in a memory, such as a random access memory (RAM), provided in a microprocessor. When the collation of the identification number is correctly performed, the information as to the affirmative result of the collation is used as identification information for the card to confirm that which of identification numbers in the memory has been collated during subsequent operations. The information about the collation affirmative result is inherently set for each of the identification numbers.
Furthermore, another type of IC card is being developed in which a plurality of PINs of a card owner are recorded. In this IC card, a different PIN can be used depending on applications. In this type of IC card, the user can register additional applications, the number of PINs increase accordingly. The collation affirmative results are provided corresponding to the respective PINs and stored in a predetermined area of a memory.
In the conventional IC card, however, the size of an area to store the collation affirmative results is predetermined. Hence, if the additional applications are registered, the area size might be expanded in order to store the additional collation affirmative resulsts. The expansion of the area size will destroy a data area in which other data are stored. Even if the collation affirmative results can be stored in a predetermined areas, an increase of the results would complicates to access a desired collation affirmative result.
Moreover, if the noncoincidence of the PINs occurs, the number of noncoincidences is counted. The number of noncoincidences is accumulated in the card for comparison with a predetermined upper limit value previously registered in the memory. When the number of noncoincidences exceeds the upper limit value, the corresponding PIN cannot be used any more.
Assume that only one kind of response data is issued from the card to external equipment when the collation results in noncoincidence the external equipment cannot recognize that the issued response data indicates the noncoincidence of PIN or the number of noncoincidences excessing the upper limit value. If the external equipment could read the upper limit value for the identification number which is under collation, the equipment could determine the reason for impossibility of the use of the identification number.
Accordingly, a method might be devised by which the external equipment reads the upper limit value for the identification number for collation out of the IC card. However, this would considerably endanger the security for the IC card.
A second method might be devised by which the upper limit value is previously registered in the external equipment. In such an IC card system that a plurality of identification numbers are recorded in each IC card and the upper limit values therefor differ, however, the load of the external equipment would be remarkably large.
In a conventional magnetic card system, when the noncoincidence of identification number occurs, equipment, such as an automatic teller machine (ATM), temporarily counts the number of noncoincidences and marks a predetermined location in the magnetic strip of a magnetic card when the count value reaches a predetermined number of noncoincidences. As a result, the number of repetitions of the predetermined number of noncoincidences (for example, a marking is made every three times of noncoincidence and up to three markings are made) can be recognized to determine the usability or unusability of the magnetic card.
Even in the case where IC cards are used with the magnetic card system, the above process of noncoincidence of identification numbers for the magnetic card system must be implemented. A counter for counting the number of noncoincidences (referred to as the noncoincidence counter) must be provided in a nonvolatile memory in an IC card in order to retain the noncoincidence data. Where the noncoincidence counter is provided for each of identification numbers, complicated control would be needed for the application of the magnetic card system.
For this reason, two noncoincidence counters might be provided, one in a volatile memory (RAM) and the other in a nonvolatile memory. In this case, the noncoincidence counter in the volatile memory is counted up each time an noncoincidence occurs between an entered identification number and the registered identification number and, when counted up to a predetermined number, the noncoincidence counter in the nonvolatile memory is incremented by one. This method can present a pseudo noncoincidence processing as that of the magnetic card system.
According to that method, however, since the first noncoincidence is counted by the noncoincidence counter in the volatile memory, the correct identification number might be detected by repeating an operation of stopping the supply of electric power to the IC card in order to erase the contents of the volatile memory deliberately each time an noncoincidence occurs, and entering a different identification number for collation after the resupply of the electric power. During the operation the noncoincidence counter in the nonvolatile memory is never counted up.