1. Field of the Invention
The present invention relates to an identification system for IC (integrated circuit) cards.
2. Description of the Prior Art
A conventional magnetic card is well known as such an article identification system. The magnetic card has a magnetic coating stripe on which a key code, a confidential number, an account number, etc. are magnetically recorded. These magnetically recorded contents, e.g., the key code, are known to at least bank personnel because a cardholder must disclose his key code to the bank. What is more, the magnetically recorded information may be relatively easily accessed by anyone. In view of such easy accessibility, the private confidential information of the conventional magnetic card may not be securely kept secret.
Instead of a conventional magnetic card, an IC card incorporating an IC (integrated circuit) module has recently been proposed. Accordingly, no one can easily gain access to the confidential information stored in the IC module.
Although it is very hard to read out the confidential information from the IC card, there is no way to identify the authorized cardholder if the IC card per se is forged.
In such an IC card, since the security in use is extremely important, hitherto, the validity of the IC card has been identified in the following manner in order to prevent the illegal use of the IC card. That is, when the IC card is actually used to buy an article or the like, the IC card is set into a card terminal and the private identification number "PIN" (personal identification number) is entered under this state to compare with the registered PIN "R-PIN" which has already been stored in the IC card. When the input "PIN" is coincident with the registered "R-PIN", the use of the IC card by the cardholder is permitted. To the contrary, when no coincidence is made, the reentering operation of the "PIN" is allowed for a predetermined number of times, e.g., 5 times. If the "PIN" is not coincident with "R-PIN" even after the "PIN" has been reentered a predetermined number of times, the use of this IC card is invalidated, or rejected.
According to the above-described conventional card identifying method, when the "PIN" coincides with the "R-PIN", the processing routine in the IC card can soon advance to the next processing step. However, when they do not coincide, a retry number "RTN" is counted up by only +1, and at the same time, it is necessary to provide means for determining whether the "RTN" has reached a predetermined number or not and the like, so that it takes some time to shift to the next processing step. As will be explained hereinafter, a difference is inherently made between the numbers of processing steps in both the cases where the entered "PIN" is coincident with the registered "R-PIN", and when the former is not coincident with the latter. As a result, the time periods required for those processing steps are different from each other. This implies that if the data transfer timing to the next processing step is somehow observed by a person who is illegally and experimentally attempting to determine the PIN by paying attention to such a time difference, it is possible to readily recognize whether the result of the comparison between the input "PIN" and the registered "PIN" is correct or not. Therefore, the "PIN" can be known by performing an illegal investigation, so that the security of the IC card is remarkably impaired and there is the risk that the illegal use of the IC card is eventually accomplished.
The present invention is made in consideration of the foregoing problems and it is an object of the invention to provide an IC card identification system in which the decryption of the personal identification number by an illegal approach can be completely blocked, the illegal use of the IC card is prevented, and the security in card use can be improved.