It is common in use of credit cards or identification cards that a secret identification number is supplied to confirm the identity of the card holder and the access to the information is allowed only when the proper number is supplied.
When an IC card proposed to maintain secrecy of the secret identification number is used, the allowed number of times of improper number input attempts is limited, and the card is so locked as not to be used when improper numbers are supplied predetermined times.
However, it is not desirable to disable the use of the IC card (i.e., to destroy its memory) when the secret identification number has been improperly supplied predetermined times, because it may have been caused by a mistake of the card holder, for example.
Alternatively, a scheme is conceivable, in which the number of times of improper secret identification number input attempts made with the IC card put into the input device is temporarily stored in the volatile memory contained in the IC card, and is volatilized and reset when the card is pulled out of the input device. In this case, the number of access times becomes substantially limitless by slipping the IC card into the input device repetitively. This makes ineffective the security of the IC card which is an object of limiting the improper input of the secret identification number.
If a nonvolatile memory such as a ROM is contained in the card instead of the volatile memory and the number of times of improper input attempts is stored into the nonvolatile memory permanently and cumulatively, the history of improper secret identification number input is completely stored. Since the previous number of improper input attempts is recorded, however, the restricted number is quickly reached by the number of newly counted improper input attempts, resulting in an impractical use.