1. Field of the Invention
The present invention relates to an integrated-circuit (IC) card which has an electronic circuit including a microcomputer, memory, etc. within a card type or package type body.
2. Description of the Related Art
Magnetic recording mediums such as floppy disks and cassette tapes have been widely used as an external memory device for a computer or an electronic device using a computer. From a view point of easy handling and compactness, however, IC cards having a semiconductor memory, such as an E.sup.2 PROM, EPROM or battery-backup type RAM, within a card or package type body have recently become popular. In the field of credit cards, ID cards and bank cards, so-called IC cards with a microcomputer and a memory such as an E.sup.2 PROM or EPROM installed therein are now considered as replacements for magnetic cards, due to their larger memory capacity and higher security.
An IC card is designed such that it receives data from an external terminal device through its terminals provided on the surface, processes the data, stores it in a memory if needed, and returns the processing result to the terminal device. An example of data processing executed in the IC card is a personal identification number (PIN) verification, which is done prior to the actual use of an IC card in order to confirm whether or not the person who actually uses the card is the rightful owner of the card. Generally, a four-digit personal identification number is stored in advance for each IC card and a user enters the number to a terminal device. The PIN entered into the terminal device is transferred to the IC card for comparison with the correct card-owner's PIN stored in advance in the card, and the verification result is sent to the terminal device from the card. Here, the verification result only indicates that the entered PIN is either correct or not. In general, when an incorrect digit is found during a digit by digit verification, the verification is stopped and no further verification is executed, and a signal representing the negative result is returned to the terminal device. In other words, when such a signal is returned, it is understood that the previous digit or digits are correct. Even if the user does not known the correct PIN, therefore, he may find out the correct PIN through try and error, i.e., repeatedly entering different PINs. In other words, the processing time from the point at which an processing command is received by the IC card to the point at which its processing result is returned to the terminal device (i.e., processing time of the IC card) differs depending on the result of processing the command, i.e., on which digit of the PIN is detected as false. The processing time also naturally differs for different processing commands.
According to a conventional IC card, as shown in FIG. 1, the processing time takes different values t.sub.a and t.sub.b for different types of processing commands (CMD A and CMD B). Even if the same command (CMD B) i.e., the PIN verification command in the above example, is input to the IC card, the processing time may take different values, t.sub.b and t.sub.b ', depending on the processing result (RES b or RES b') i.e., the digit to be found false. This is because, immediately upon completion of data processing, the processing result is returned to the terminal device.
Accordingly, albeit in very limited cases, those who are involved in developing an IC card or a system utilizing an IC card, or who have use the card to input processing commands through a terminal device, can find out the processing result or the processing commands by measuring the processing time. As a result if communicated between the IC card and terminal device is encrypted, the encryption algorithm can be determined, thus enabling unauthorized use of the IC card.
Further, during the period from a time at which a processing command is sent to an IC card until a time at which a processing result from the card, the terminal device of the conventional IC card system must wait for the processing result from the card and cannot do other processing, thus significantly reducing the system's operational efficiency. This is because the terminal device must wait until the processing result is sent back from the card, and this may occur at any time.