1. Field of the Invention
The present invention relates to an IC card with a built-in microcomputer and memory, and also to a method of checking a personal identification number of the IC card.
2. Description of the Related Art
Recently IC cards which include microcomputers and EEPROMs have been spreading rapidly. One of the reasons for this is that the IC is a single-chip with a single power-supply. Conventionally, one IC including a one-chip microcomputer having general-purpose ROM, RAM, and CPU, and another IC including an EEPROM or an EPROM have been packaged independently on a substrate as an IC module. However, according to improvements in semiconductor manufacturing technology, a single-chip configuration can be achieved by integrating the EEPROM into the IC which includes the one-chip microcomputer. In addition, although an independent power supply for writing was required in the past, an IC having a single power-supply can be successfully obtained by incorporating a boosting circuit in the IC circuit.
FIG. 3 is a block diagram showing the IC card according to the prior art, in which reference numeral 1 represents a CPU which comprises a clock generating circuit 2, a processor status register 3, program counters 4 and 5, a stack pointer 6, a prescaler 7, a timer 8, an instruction register 9, an instruction decoder 10, an 8-bit ALU 11, an accumulator 12, and index registers 13 and 14.
Reference numeral 15 represents an EEPROM which stores variable data such as a personal identification number. Numeral 16 represents a RAM which temporarily stores data. Numeral 17 represents a ROM which stores invariate data such as a program. Numeral 18 is an input/output part which inputs and outputs data to an external terminal unit. Numerals 19 and 20 represent a data bus and an address bus respectively. CLK denotes a terminal which provides an operating clock from an external part to the clock circuit 2. RST denotes a terminal which provides a reset signal to initialize the CPU 1. Vcc, GND, and I/O denote a terminal to which the power-supply voltage is applied, a grounding terminal, and an input/output terminal in the input/output part 18 respectively.
FIG. 4 is a block diagram showing a configuration of the EEPROM 15, in which: reference numeral 21 represents an EEPROM memory array comprising EEPROM memory cells each having an ELOTOX structure or a MNOS structure; numeral 22 represents an address latch which retains an address signal for reading/writing information in the EEPROM memory array 21; numeral 23 represents a data latch which temporarily retains written information; numeral 24 represents a sense amplifier which converts a signal, read out from the EEPROM memory array 21, into a 0/1 digital signal to output to the data bus 19; and numeral 25 represents a high-voltage generating circuit which generates a high voltage required for writing information on the EEPROM memory array 21 to which the generated high voltage is applied.
A description of the operation of the IC card will now be given.
In the ROM 17 of the IC card, an application program, programmed based upon the specification of each user (e.g.,the person to whom a card is issued), is stored. When the IC card is connected to the terminal unit, the objective application system can be operated by execution of the application program by the CPU 1 when the required power and signals are supplied.
Most of the various kinds of information used by an application system of the IC card is stored in the rewritable EEPROM 15. For instance, the following information can be stored in the EEPROM 15, e.g., a personal identification number, or a PIN number, to verify the personal identification, a mutual verification key and a secret-coding/decoding key of a terminal or the like, and transaction recording, all of which are usually rewritten or additionally written upon request.
In the EEPROM 15 as shown in FIG. 4, the high-voltage generating circuit 25 is designed to boost the power-supply voltage, which is supplied from the Vcc terminal, by a charge pump circuit or the like. An output voltage generated in the high-voltage generating circuit 25 greatly depends upon the voltage at the Vcc terminal. Accordingly, when the voltage at the Vcc terminal is decreased, the output voltage of the high-voltage generating circuit 25 drops so that sufficient voltage to write in the memory cell cannot be obtained. Generally, the IC card is designed to be operated at 5 V 0%. However, when the power-supply voltage is decreased, the characteristic property of the high-voltage generating circuit 25 is affected, and thus the writing-system circuit in the EEPROM 15 cannot perform its function properly.
As the conventional IC card is generally configured in the above mentioned manner, when the power-supply voltage is decreased, a power-supply voltage area can be formed where the CPU 1, the ROM 17, and the RAM 16 perform properly but the writing-system circuit in the EEPROM 15 cannot perform its function. In a generally employed method of verifying the personal identification by using the IC card in the application system, PIN numbers can be stored in a predetermined area in the EEPROM 15 of the IC card and the number can be verified.
A flag is provided in advance in the EEPROM 15 so as to automatically lock operation of the IC card when the number of identification errors exceeds a predetermined number. The verification is conducted by the CPU 1 in the IC card, and the CPU 1 can write the number of identification errors in a separate predetermined-area in the EEPROM 15. Accordingly, an illicit use of cards can be prevented by setting the flag so that it can execute writing in the EEPROM 15 when the number of identification errors exceeds the predetermined number. The above-mentioned checking method can be used as a method having a high security because: the original PIN number cannot be output to the outside of the IC card; the number of identification errors can be updated in the EEPROM 15 by the IC card itself; and means for automatically locking operation of using the IC card is provided.
However, the writing-system circuit in the EEPROM 15 cannot function when the power-supply voltage is decreased on purpose as described before. In this case, although the above-mentioned verification can be executed normally, updating the number of identification errors in the EEPROM 15 and automatic locking of the operation cannot be executed. Accordingly, there has been a problem in that only the results of the checking verification can be output to the outside of the IC card and, therefore, the original PIN number may be divulged by allowing repeated checking of the PIN number.