1. Field of the Invention
The present invention relates to an IC card used as an electronic purse or an ID card, and a data processing method therefor, and relates in particular to a technique for processing data stored in a nonvolatile memory mounted in an IC card.
2. Description of the Related Art
A currently available IC card system, wherein a reader/writer reads and writes data in association with memories contained in IC cards, can be employed as tickets for using leisure facilities and as electronic purses used for financial institutions. The IC cards used with this system are contact IC cards, which exchange signals with a reader/writer while inserted therein, and non-contact IC cards, which communicate with a reader/writer by radio.
Incorporated in a contact IC card is an interface contact point whereby signals, including power signals, ground signals, clock signals, data signals and reset signals, and a stable power supply are received from a reader/writer. And incorporated in a non-contact IC card are an antenna coil and a capacitor whereby signals and a carrier wave, which is rectified in the IC card to supply power thereto, are received from a reader/writer.
If during the writing of data a contact IC card inserted into a reader/writer is removed or a non-contact IC card receives insufficient power because it is moved away from a communication area, data already stored in the memory in the IC card will be destroyed. The data stored in the memory are formed into blocks having a predetermined length, such as 16 bytes, and the reading and writing of a plurality of data blocks are performed by one command process. In any case, protection for the data must be ensured.
As a first solution for this problem, there is an old data backup, data protection method whereby when designated block data are to be written, old block data that were effective before the writing process was begun are temporarily stored in another nonvolatile memory area, and the designated block data are written thereafter. When multiple block data sets are to be written at the same time to a data block area consisting of multiple data blocks, first, block data having designated block numbers are stored in reserve data blocks in the reserve block area and are written to the data block area. Thus, even if the power is cut off while data are being written, since block data obtained before the writing process was begun are maintained in the reserve block area, the data can be returned to the original state and data protection is ensured.
As a second solution, there is a data protection method, involving the holding of validity data, whereby at least two memory areas are obtained and validity data indicating which memory area is effective is stored. Specifically, two memories, a data block area A and a data block area B, are obtained, and data validity determination data are stored to indicate which block data, identified by block numbers, are effective. Then, to write the block data, the data validity determination data are examined, new block data are written to a data block in an invalid memory area, and valid/invalid data are rewritten. As a result, the data writing process can be performed. And if, in this case, the power is cut off, since the block data are maintained that were effective before the writing process was performed, and since the validity determination data can be used to return to the state existing before the writing was performed, the original data can be restored.
By holding old data and performing a writing process as in the block data management system, protection of data is ensured when power is cut off.
However, according to the data protection method whereby old data is backed up and held, which is the first solution, extra time is required to perform the processing for holding the old data in another nonvolatile memory area. Especially during the process for writing multiple data blocks at the same time, the processing time is enormously increased, and when this method is employed for checking a transportation pass, the processing can not be completed until a commuter passes through a ticket gate and a failure occurs. Furthermore, for the data protection method according to which validity data is held, which is the second solution, two or more memory areas must be obtained, and this method is not efficient because the chip size is increased.