1. Field of the Invention
The present invention relates to a portable electronic device such as an IC card and a method for processing data therefor.
2. Description of the Related Art
Recently, IC cards have been developed as new portable data memory media. A card normally contains IC chips having, for example control elements such as, non-volatile data memories and CPUs. This type of IC card selectively executes the input and output of required data by the control element accessing the data memory in response to instruction data inputted from outside. In the current invention, the data memory is divided into a plurality of data areas, and is designed to selectively access the subject area.
In a prior art IC card, whether or not verification of an ID (identification) number is required for each of the plurality of data areas is set for the data memory data area within the data area. Thus, a key is applied for setting the ID number verification state for the card-manufacturer, the card-issuer and the card-holder. For example, in the case of a relevant data area being only available for the card-issuer, if the card-issuer's ID number is verified and instruction data is inputted, processing of that instruction data is executed. However, when instruction data is inputted by anyone other than the card-issuer, response data to the effect that execution conditions are not in order is outputted externally, and processing of the instruction data is not executed. That is, if instruction data is inputted by the card holder, for instance, response data to the effect that execution conditions are not in order is outputted externally. Under these conditions, it is possible for a card-holder to guess the instruction data which would be executed if inputted by the card-manufacturer or card-issuer. Thus, if the card-holder is aware of the card-issure's or card-manufacturer's ID number, there is a danger that the execution of the instruction data will be performed. This can occur if the card-holder inputs instruction data based on the card-issuer's or card-manufacturer's ID number.
When instruction data which is undefined or not available is inputted by, for instance, the card-holder, response data signifying `undefined instruction data` is outputted externally. It is possible for the card-holder to guess that only instruction data excepting the ID number is undefined. Thus, there is danger of that defined or available instruction data can be guessed by the card-holder based on any instruction data which is inputted by the card-holder.
Thus, there is the possibility that the available instruction data will become identified, and therefore, there is a problem of poor security.