1. Field of Invention
The invention relates to a smart card data access protection method and system, and in particular to a data access protection method and system having Subscriber Identity Module (SIM) utilized for a mobile communication device.
2. Related Art
Nowadays, in a modern society of mass communications, mobile phone has become a portable and indispensable communication device for every person, and the personal telephone directory utilized in mobile phone communications is also essential. In the past, a telephone directory may be used to record only the telephone numbers of the receiving parties. However, in recent days, a personal telephone directory is usually used to record other related data of a receiving party, such as birthday, residence phone number, residence address, company address, facsimile number and/or e-mail address of a receiving party.
In general, a personal telephone directory of the user is stored in a Subscriber Identity Module (SIM), which is hereinafter referred to as an SIM card. An SIM card is composed of a central processing unit (CPU), read-only-memory (ROM), random-access-memory (RAM), programmable ROM, and input/output circuitry. Upon issuing an order to an SIM card through a mobile phone handset by a user, the SIM card may execute or refuse to execute the order given by a mobile phone handset in compliance with its Standard Specification. In Global System for Mobile Communications (GSM) 11.11, the various access operations of SIM card are specified, so that user may readily move the account numbers of telecommunication service providers, short messages, and personal phone directory stored in an SIM card among various different handsets.
FIG. 1 is a schematic diagram of a personal phone directory data storage frame of an SIM card. For each of the data item stored in a phone directory, it may be viewed as a separate and independent data frame. In each of the data frame, a plurality of data fields are provided, and that are utilized to record the name, telephone number, residence address, and e-mail address of the receiving party. FIG. 2 is a schematic diagram of the framework of an operation terminal and an SIM card. Herein, the operational terminal is not restricted to mobile phone handset, it could also be a card reader or other SIM card access device. In operation, a user may issue related orders to an access interface through an operation terminal, then accessing and obtaining various data in an SIM card through the access interface.
To a user of such an SIM card, all the data contained therein is very personal and confidential. Thus, in order to prevent the illegal usage of data contained in an SIM card by an ill-intentioned person, a Personal Identity Number (PIN) is particularly specified by Global System for Mobile Communications (GSM), hereby restricting the access authority of SIM card.
As such, a user may lock the data in SIM card by making use of a PIN code, and in case that data in an SIM card is desired to be accessed, then a PIN code must be input to remove this restriction. However, according to design, the access mechanism of Global System for Mobile Communications (GSM) is used to impose restrictions on all the data stored in an SIM card, thus, upon activating the SIM card access mechanism, each time the user is to access the respective data in a phone directory, the PIN code must be input once to remove the access restrictions. Since PIN code only allows three input errors, thus after the third input error, all the data in SIM card will be locked altogether until another PIN Unlock Code (PUK) is input by the user. Yet PUK has the input limitation of 10 times. In case that PUK input exceeds 10 times, then all the data in an SIM card can no longer be read out. As such, though the afore-mentioned design is able to prevent the illegal access of phone directory, yet the convenience of legal access of phone directory is also restricted accordingly.