A test program stored in an IC card itself is a program for performing substantially all tests on functions of the IC card, and, therefore, it can access any desired address in memories provided in the IC card. In order to prevent other programs stored in the IC card from being unlawfully read out through the test program and copied or destroyed, the test program must be executed with a high degree of security.
FIG. 1 is a general schematic block diagram of an IC card. In FIG. 1, an IC card 10 includes a central processor unit (CPU) 1 for executing and controlling various programs, and a system read-only-memory (ROM) 3 in which is stored a test program for various function tests of the product or IC card in the course of manufacturing it. The IC card further includes an application ROM 4 which stores an application program for executing various functions assigned to the IC card, a non-volatile electrically erasable and programmable read-only-memory (EEPROM) 5 in which a secret code assigned exclusively to that IC card indicating the type of that IC card, a write-verification code indicating that the secret code has been written, personal information of a user of that card, etc, are written and stored, and a random-access-memory (RAM) 6 for temporarily storing data. These components 1-6 are coupled to each other through a system bus 2. A terminal P1 is a positive power supply input terminal. A terminal P2 is a power supply ground terminal. A terminal P3 is a reset signal input terminal :o which a reset signal for initializing the CPU 1 is applied. A terminal P4 is a clock terminal to which a clock signal is applied. A terminal P5 is an I/O terminal to which an input/output circuit 7 is coupled. The input/output circuit 7 is coupled also to the system bus 2 for transferring via the I/O terminal P5 data between the IC card 10 and external apparatus (not shown).
Referring to FIG. 2 which illustrates a conventional IC card system, the IC card 10 shown in FIG. 1 is described in greater detail. As stated previously, the system ROM 3 stores a test program 31 with which an IC card manufacturer tests various functions and operations of the IC card during manufacturing, a branch routine 32 for making a decision as to which of the test program 31 and an application program 41 stored in the application ROM 4 should be executed, and making a branch to the program to be executed, a write-verification routine 34 for verifying that a secret code exclusively assigned to that IC card has been written in the EEPROM 5, and a secret-code verification routine 35 for verifying that a secret code externally entered via the I/O terminal P5 and the secret code already stored in the EEPROM 5 are coincident. The application ROM 4 stores the application program 41 which is used to execute various functions desired by a user of the card, as stated previously. After the completion of the manufacturing process of the IC card, a secret code 51 which is assigned exclusively to each IC card is written and stored in the EEPROM 5. In addition, a separate write-verification code 52 for verifying that the secret code assigned exclusively to that IC card has been written and stored is written and stored in the EEPROM 5. From this write-verification code 52, a decision is made whether an exclusively assigned secret code 51 has been written or not. The bit pattern of the write-verification code 52 is determined to be coincident neither with any bit patterns of initial values in the EEPROM 5 nor any bit patterns which may be subsequently set in the EEPROM 5.
In FIG. 2, when a reset signal is applied at the reset signal terminal P3, the CPU 1 reads out a starting address of the branch routine 32 stored at a predetermined address in the system ROM 3 and starts execution of the branch routine at the read out address. In the branch routine 32, when a command to execute the test program 31 is applied from external apparatus to the I/O terminal P5, the write-verification routine 34 is executed. In the write-verification routine 34, whether the secret code 51 has been written into the EEPROM 5 or not is determined on the basis of the write-verification code 52 stored in the EEPROM 5. If the secret code 51 has been already written, the secret-code verification routine 35 is executed. On the other hand, if no secret code has been written into the EEPROM 5 verification of the secret code is not Carried out, but the test program 31 is executed immediately. If the secret code 51 has been already written, it is collated with the secret code entered via the I/O terminal P5. Only when they are coincident with each other, is the test program 31 is executed. If they are not coincident, the operation is terminated. Thus the described prior art has an advantage that different secret codes can be used for respective cards since a secret code is stored in an EEPROM.
Personal information stored in IC cards of the above-stated type can be read or modified, using the test program. Specifically, the content of the EEPROM 5 can be illegally read out and copied or modified by a person who knows or comes to know by chance the secret code assigned to an IC card.
Japanese Published patent application 62-211756 discloses an IC card in which when a secret code, exclusively assigned to that card written and stored in it, and an externally entered secret code are coincident with each other, all data stored in a data memory are erased to thereby prevent data from leaking. This IC card however cannot be tested by a test program on various items prior to writing the secret code into the card.
The object of the present invention, therefore, is to provide an IC card so that even if some person intentionally or by chance comes to know the secret code which is exclusively assigned to that card, it is impossible to read out any data relating to the card owner from the EEPROM 5, while it is possible to freely test the IC card on various items, using a test program, before the exclusive secret code is written into the card.