The present invention relates to an integrated circuit (IC) information card system using a card having an integrated circuit chip or chips including a programmable processor and a nonvolatile read/write memory for storing data and access codes needed to access the data.
Various types of information cards have been developed which include storage media for storing information identifying the user of the card and other information. One such card is the ordinary plastic credit card or identification card which has embossed lettering on the card to indicate the identity of the holder, an identification or account number and possibly other information. In addition, the ordinary plastic credit or identification card has on its backside a magnetic stripe for magnetically storing data. The data stored on the magnetic strip typically verifies the embossed information on the front of the card and includes additional information. Such magnetic stripe plastic cards, while inexpensive to manufacture and issue, provide relatively little security against unauthorized or fraudulent access to the information stored on the exposed magnetic stripe, since such information can be easily read or altered using commonly available equipment. Furthermore, the recorded data on the magnetic stripe may be distorted or destroyed by dirt, scratches or contact of the magnetic stripe with magnetic materials . Moreover, the capacity of such a magnetic stripe plastic card is limited to about 0.5K bits to 1.7K bits, or about 70 to 200 alphanumeric characters.
Another type of card, known as the laser card, is similar to the magnetic-stripe plastic card but replaces the magnetic stripe with a stripe of reflective material. Information is stored in the laser card by burning microscopic holes in the surface of the reflective stripe with a focused, low-power laser. Although the laser card is capable of very high data storage capacities of up to 1 million bits, it also does not provide adequate protection against unauthorized access to the data stored in the exposed reflective stripe, which can be easily read or written using the proper equipment.
Yet another type of information card incorporates integrated circuit memory of either the read only and the write/read variety. Such a memory card typically has multiple electrical contacts located at one or more edges of the card or on a face of the card to permit electrical access to the address, data and any control terminals of the memory in the card. However, such memory cards generally provide relatively little or no protection against unauthorized access to the data stored in the card, since the contents of the card memory can, in most cases, be easily read out or added to with the proper equipment. Further, some memory cards use volatile memory requiring a costly, built-in, power source in the card to prevent loss of the data stored in the card memory. The foregoing deficiencies of memory cards have essentially limited their use.
Still another type of information card, known as the wired-logic card, incorporates an integrated hard-wired logic circuit together with nonvolatile integrated circuit memory to provide improved security for the data stored in the memory. In such a card, access to the memory may be entirely under the control of the hard-wired logic circuit, which may require the entry of a secret code or key before access to the memory is permitted. Owing to the limited processing capability of the hard-wired logic circuit, the wired-logic cards have been limited to relatively simple applications, such as for telephone payments and records.
The latest generation of information cards, which are commonly referred to as "intelligent" or "smart" cards, includes a programmable integrated circuit processor together with nonvolatile integrated circuit memory within the card. Since the programmable processor provides greatly expanded processing capabilities, the card may incorporate a sophisticated security system to prevent unauthorized or fraudulent access to some or all of the data stored in the card memory.
One such security system is disclosed and claimed in U.S. Pat. No. 4,211,919 to Michael Ugon, which issued on July 8, 1980. In that security system, the card memory is segmented into three particular zones, namely: a secret zone in which reading and writing operations are permitted only by the internal processor of the card; a working zone in which reading and writing operations are permitted directly by an external card reader/writer device; and a read zone in which only reading operations are permitted directly by the card reader/writer device. The secret zone of the card memory includes at least one key or code which is compared to a key received from a card reader/writer device to determine whether a particular access operation to the working zone is authorized.
The above-described card security system has the problem in that data segments of the working zone may be defined only in the application program of the host computer of the card system, therefore adding to the complexity of such an application program. Furthermore, all data in the working zone have only a single security level for reading and writing operations, respectively, i.e., with the entry of the proper key or combination of keys the entire working zone may be read or written.
In many applications for information cards, it is desirable to have the flexibility of being able to define the data zones of the card memory within the card itself and of being able to assign different security levels for reading or writing operations in the various data zones to suit the particular application. For example, in a health care application where the card is used to store data concerning a health care recipient, it would be appropriate to restrict access to certain categories of data only to particular classifications of health care personnel (e.g., doctors, pharmacists, etc.) and to similarly restrict the authority to add or alter the data in the card memory. Therefore, it is desirable to store the various categories of data concerning the health care recipient in different zones of the card memory as defined within the card and to assign an appropriate access security level, based on one or more access keys, for reading and writing operations to each data zone.
Accordingly, a need clearly exists for an IC card structure and method in which the card memory may be segmented into a desired number of data zones after this card is manufactured and in which each data zone of the card memory may be assigned a respective security level, based on one or more access keys, for reading or writing operations in that zone. A system using an IC card and method may advantageously include provisions for preventing the dissemination of knowledge of the access keys or combinations of such keys which define the security levels for the data zones of the card memory and for initializing the cards (i.e., defining the data zones of the card memory, assigning respective security levels to each data zone and loading the proper data into the various data zones card of the care memory) for each application on a mass production basis.