WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Composite IC card    
United States Patent4849614   
Link to this pagehttp://www.wikipatents.com/4849614.html
Inventor(s)Watanabe; Hiroshi (Kokubunji, JP); Okubo; Yoshihide (Chiba, JP)
AbstractA composite IC card for controlling information of a plurality of different enterprises using an IC card in which a memory is divided into a plurality of storage areas and which has a code store section for storing a plurality of codes necessary to access the storage areas, a first code specify section for specifying a first code corresponding to each enterprise, a second code specify section for specifying a second code set according to the security level of each storage area, a code read section responsive to an instruction to access a desired storage areas from an external device for reading the first and second codes from the code store means, a code collate section for collating the externally inputted code with the code read by the code read section, and a section for allowing the access to the desired storage area thus instructed when all collations in the collate section result in a match.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 4849614
Composite IC card - US Patent 4849614 Drawing
Composite IC card
Inventor     Watanabe; Hiroshi (Kokubunji, JP); Okubo; Yoshihide (Chiba, JP)
Owner/Assignee     Toppan Moore Company, Ltd. (Tokyo, JP)
Patent assignment
All assignments
Publication Date     July 18, 1989
Application Number     06/943,673
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     December 18, 1986
US Classification     235/379 235/380 235/382 340/5.6
Int'l Classification     G06F 015/30
Examiner     Pellinen; A. D.
Assistant Examiner     Williams; H. L.
Attorney/Law Firm     Kenyon & Kenyon
Address
Parent Case     RELATED APPLICATIONS Of interest to the present application are two other U.S patent applications, Ser. No. 879,287, filed on Sept. 5, 1986, and Ser. No. 891,876, filed July 30, 1986, now U.S. Pat. No. 4,734,568. Both applications are assigned to the assignee of the present application.
Priority Data     Dec 27, 1985[JP]60-295481 Dec 27, 1985[JP]60-295482 Mar 31, 1986[JP]61-73185 Mar 31, 1986[JP]61-73186
USPTO Field of Search     235/379 235/380 235/381 235/382 235/382.5 235/492 340/825.31 340/822.34
Patent Tags     composite ic card
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
4742215
Daughters
235/487
May,1988
[0 after 0 votes]		4734568
Watanabe
235/487
Mar,1988
[0 after 0 votes]
4709137
Yoshida
705/41
Nov,1987
[0 after 0 votes]		4683372
Matsumoto
235/492
Jul,1987
[0 after 0 votes]
4656342
Ugon
235/379
Apr,1987
[0 after 0 votes]		4578567
Granzow
235/380
Mar,1986
[0 after 0 votes]
4204113
Giraud
235/375
May,1980
[0 after 0 votes]		3985998
Crafton
235/380
Oct,1976
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. A composite IC card for a plurality of different kinds of information systems, including:

a control unit for receiving commands, designation codes from outside the IC card, said designation codes including first and second index codes, and for processing said commands and said designation codes from outside the IC card;

a user storage area having a plurality of storage areas for storing information, said storage areas being classifiable into groups corresponding to different information systems and each storage area within one of said groups having a security level;

means for storing enough of said designation codes to designate each of said storage areas as designated storage areas;

first means for accessing one of said groups of said storage areas based on said first index code;

second means for accessing at least one of said storage area within one of said groups of storage areas base on said second index code;

first means for internally verifying said first code for said first accessing means;

second means for internally verifying said second code for said second accessing means; and means for accessing said designated storage areas when said first accessing means verifies said first code and said second accessing means verifies said second code.

2. A composite IC card according to claim 1 further including:

means for counting errors when a verification of said first and second verifying means results in an error; and

means for inhibiting access to any given one of said designated storage areas when said error count means counts a predetermined number of errors and stores an error count value for said given designated storage area.

3. A composite IC card according to claim 2 wherein said error count means counts errors for each of said given designated storage areas so that when a plurality of said first and second codes are verified by said first and second verifying means and any one thereof results in error said error count means accumulates the count value of the error count means in each of said given designated storage area.

4. A composite IC card according to claim 2 wherein said first and second verifying means includes means for storing the error count from said designated storage areas and said accessing means reads the error count from said designated storage areas.

5. A composite IC card according to claim 2 further comprising reset means responsive to at least a particular input signal for resetting the count value of said error count means to zero.

6. A composite IC card according to claim 5 wherein said particular input signal is a predetermined code selected from said first and second index codes.

7. A composite IC card according to claim 5 wherein said particular input signal is a predetermined third signal.

8. A composite IC card according to claim 5 wherein said reset means further includes means for effecting a judgment, when the particular input signal is inputted thereto, to determine whether the input signal is said first or second index code or a third predetermined code and means for resetting the count value of said error count means to zero only when said input signal is said first or second index code or the third code.

9. A composite IC card according to claim 5, wherein said IC card further includes means for counting a number of resetting operations and means for inhibiting said reset means when said number reaches a predetermined value.

10. A composite IC card according to claim 9, wherein said permanent lock means independently counts the number of resetting operations in each attempted access for each of said designated storage areas.

11. A composite IC card according to claim 2 further including means for granting access to each of said storage areas in response to a particular input signal from an external device by resetting said inhibiting means.

12. A composite IC card according to claim 11 wherein said particular input signal is a predetermined third code.

13. A composite IC card according to claim 1 wherein said second accessing means comprises means for arbitrarily setting a specific second code necessary to access each of said designated storage areas according to said security level of each of said storage areas.

14. A composite IC card according to claim 1 wherein said first and second accessing means are separately provided to be used in a case where information is read from said designated storage area and in a case where information is written in said designated storage area.

15. A composite IC card according to claim 1 wherein said first accessing means comprises means for accessing a plurality of said groups based on a plurality of said first index codes.
 Description Submit all comments and votes
 


BACKGROUND OF THE INVENTION

The present invention relates to an integrated circuit (IC) card including IC's such as a microcomputer and a memory device, and in particular, to a composite IC card sharable among a plurality of enterprises which has an enhanced security of information for each enterprise by preventing illegal and erroneous usages and which comprises a memory area to be commonly used by the enterprises for an effective utilization of the memory.

In the following description, the term of enterprise is used to indicate an individual enterprise such as a bank, a department store, a clinic, a financial company; furthermore, each department or division in such an enterprise or a juridical person. For example, a deposit division, a loan division, an exchange division of bank A and a surgery department and a psychiatrist department of clinic B are each indicated as enterprises. Moreover, if the general affairs department, the sales department, and the research & development department of a company each take part in a service of utilization of the card, these departments each can be denoted as enterprises. In addition, the present invention is also applicable to a composite card for other than such enterprises. For example, when a card is used for a family, namely, when a card is shared among a husband, a wife, and a child; these members are treated like enterprises if the information thereof is to be separately controlled respectively in the card. In the following paragraphs, a description will be given of an example of a composite IC card for which a plurality of companies participate in the service thereof.

Since an IC card includes a microcomputer and a memory, the IC card constitutes by itself a small-sized information processor having the functions for judgment and storage. Consequently, the data security and safety can be further increased as compared with the conventional magnetic card such as a bank card. Furthermore, since the storage capacity has been greatly increased due to the advance of the IC technology, the IC card is highly expected as a data storage card.

Recently, there is proposed an IC card (to be referred to as a composite IC card herebelow) to be commonly used among many enterprises for conveniences of the card owners. In the past, for example, the cards to be used between a card owner and a plurality of enterprises such as a bank, a department store, a clinic, a financial company has been individually issued by the respective enterprises, and hence the card owner has been required to inconveniently carry a plurality of cards for the bank, the department store, and so on.

Consequently, there has been proposed an improvement which enables the processing between the card owner and these enterprises to be executed with a card. For example, the deposit record of a bank, the transaction record and the settlement of accounts of a department, the examination records of a clinic, and the records of credit transactions are to be entirely processed by use of a card. The composite IC card system is therefore implemented by composing a plurality of different service functions or by integrating several functions of a company into an IC card.

This is enabled by the increase of the storage capacity of the memory device included in the IC card.

The contents of information stored in the composite IC card include those commonly required for each enterprise such as the name, address, birthday, and occupation of the card owner and those individually required for each enterprise. The system must therefore allows the common information to be accessed from any enterprise and the individual information to be accessed only from the pertinent enterprise. That is, the deposit information of a bank cannot be accessed from a clinic, and contrarily, the information of clinical history cannot be accessed by a bank or a department store. For example, even in the same clinic, the recorded information of the psychiatist department must be prevented from being easily accessed from the surgent department; on the other hand, the information of the internal division is to be commonly used in the maternity division in some cases.

As described above, for the composite IC card to be shared among a plurality of enterprises, the card access is required to be selectable such that a storage area for writing therein information of an enterprise is strictly prevented from being accessed from other enterprises depending on the content of the information or that an access to the storage area is allowed only for particular enterprises.

Generally, in an IC card system, when the card is used, a code number is entered to confirm that the card is being used by the proper owner, and only if the entered number is correct, the access to the information is allowed. In this case, from a point of view of prevention of an illegal card usage by a third person, it has been proposed to limit the number of error inputs of the code number; and if the predetermined limit number is exceeded, the processing by use of the card is prevented, so that the storage area of the card is not accessed.

For a composite IC card for which a plurality of enterprises take part in the service thereof, a recorded information to be exclusively used by an enterprise must not be manipulated by other enterprises, that is, the read and write operations of the data unique to each enterprise must be strictly controlled for the security of the information. Moreover, in a system in which the access to the entire card is locked when the limit of the invalid inputs of the code number reaches the predetermined limit, the card becomes to be unavailable for all enterprises at once, which leads to a loss of the convenience of the composite IC card. For the composite IC card as described above, there arises the problem different from those associated with the conventional, unifunctional IC card.

Against an illegal input of a code number by a malicious third party, the security of information can be enhanced by the means to lock the access to the storage area. For an erroneous input of a code number by mistake of a correct user, it is desirable to adopt a proper measure of the relief.

Particularly, for a multipurpose, composite IC card including a plurality of information systems therein so as to be used for various purposes, there may exist many enterprises simultaneously controlling such information systems contained in the IC card, which increases the possibility of the wrong input as compared with a single-purpose, IC card. In this case, moreover, the relief measure for the access lock is required to be taken for each enterprise.

There has been proposed a security system of an IC card in which the number of wrong inputs of a code is limited to prevent an illegal usage of the IC card by a third person other than the correct card owner and when the limit is exceeded, the processing by use of the IC card is inhibited. Since a plurality of code numbers of various kinds are assigned to a composite IC card, even if the access lock is set to a certain code when this security system is applied to the composite IC card, the processing is required to be enabled with the other codes.

To satisfy these requirements, even if a code is erroneously inputted exceeding the predetermined limit, the overall IC card should not be locked by means of, for example, a data access inhibit bit, an inhibit gate, or a memory destruction but it is desirable to make the code itself or the storage area assigned to the code to be unusable.

For a composite IC card as described above, there exists a sophisticated requirement with respect to the security of information to be satisfied as compared with the unifunctional IC card.

The co-pending U.S. patent application Ser. No. 891,876, now U.S. Pat. No. 4,734,568 filed on July 30, 1986 by the applicant of present application describes that a security level is set to each storage area of an IC card having a plurality of storage areas and that an access condition to a storage area is established according to the security level.

In the JPA No. 61-18794 filed on Sept. 16, 1978 in Japan with the priority of the France Patent Application No. 7728049 filed on Sept. 16, 1977 (Applicant: Honeywell Bull), there has been disclosed an IC card system having a plurality of storage zones and a plurality of keys.

Furthermore, the JPA No. 61-134872 filed on Dec. 5, 1984 in Japan by the Omron Tateishi Electronics Co. describes an IC card system capable of supporting a plurality of services.

In addition, the JPA No. 61-139876 filed on Dec. 13, 1984 in Japan by the Casio Computer Co., Ltd. has disclosed a personal identification IC card which can be used among a plurality of service organizations.

These cards each are composite IC cards for which a plurality of enterprises take part in the services thereof; however, the countermeasure to retain the security of information between the enterprises has not been described.

SUMMARY OF THE INVENTION

It is therefore an object of the present invention to provide a composite IC card in which a plurality of service functions and a plurality of control functions are included, the conditions required for the composite IC card are satisfied, the data security is provided for each enterprise, and the data storage areas can be effectively utilized.

To achieve this object, according to the present invention, there is provided a composite IC card including control systems for a plurality of different kinds of information systems comprising a plurality of writable storage areas for storing information, code store means for storing a plurality of codes necessary to access each said storage area, first code specify means for specifying a code necessary to access said each storage area, said code being selected from first codes set for said each storage area and corresponded to the different kinds of information systems, second code specify means for specifying at least a second code necessary to access said each storage area, said second code being set for said each storage area, code read means responsive to an instruction to access a desired storage area from an external device for reading said first code specify means set in the desired storage area; said code read means reading, when a first code necessary for the access is specified by said first code specify means, the specified first code from said code desired store area; and said code read means reading, when a second code is specified by said second code specify means, the specified second code from said code store means, collate means for collating a code inputted from an external device with a code read by said code read means, and means for allowing an access to the desired storage area when all collations of the codes in said collate means result in matching.

Another object of the present invention is to provide a composite IC card in which when the erroneous code inputs to the IC card exceeds the predetermined count, the access to the specified area is inhibited to further enhance the information security in the composite IC card.

Still another object of the present invention is to provide a composite IC card capable of releasing the access inhibit condition on the storage area, thereby effectively utilizing the multifunctionality of the composite IC card.

Further another object of the present invention is to provide a composite IC card in which when the erroneous inputs of the same kind of code reaches the predetermined count, the access to the storage area with the code is inhibited.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be apparent from the following detailed description taken in conjunction with the accompanying drawings in which:

FIG. 1 is a configuration diagram of a writable memory in an embodiment of the composite IC card according to the present invention;

FIG. 2 is a configuration diagram of a key control information area;

FIG. 3 is a schematic diagram illustrating the configuration of an index area in a user area of the memory;

FIG. 4 is a schematic diagram showing the configuration of the storage area status byte among the storage area control information in the index area;

FIG. 5 is a flowchart showing the basic procedures of the operation between the IC card reader-writer and the IC card;

FIG. 6 is a flowchart illustrating an embodiment of the read and write operations on a composite IC card including the key lock operation according to the present invention;

FIG. 7 is a flowchart depicting an embodiment of the storage area unlock operation according to the present invention;

FIG. 8 is a detailed flowchart of the key check step in the flowchart of FIG. 6;

FIG. 9 is a flowchart showing the key lock release operation according to the present invention; and

FIG. 10(A) to FIG. 10(E) are schematic diagrams illustrating examples of the grouping of storage areas in the composite IC card according to the present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The codes defined in the present invention include the numeric characters, the alphabetic characters, and the like and the number of digits and the number of characters are arbitrarily set, namely, the present invention is not limited only to the numeric or alphabetic characters. Since the code in an IC card generally indicates a code number, the term of code number or key is used for the code.

According to an embodiment of the present invention, a code number is inputted to an IC card through an IC card reader-writer from an external device and a read instruction and a storage area from which data is to be read are further entered for an information read operation or a write instruction and a storage area in which data is to be written are further entered for an information write operation. The kind of the code number inputted to the IC card is primarily classified into two numbers, namely, a first code number (enterprise key) set according to each enterprise and a second code number (a personal key, a control key, or an issuer key) selected according to the security level of each storage area. If a storage area specified for an information read or write is an area for recording information associated with a particular enterprise, the first code number necessary to access the storage area is to be specified. Furthermore, a second code number is selected and is specified to access the storage area. Consequently, if the specified first and second code numbers are not correctly inputted to the IC card, the specified storage area cannot be accessed.

With the provision described above, the security of the information for each storage area can be ensured in the duplicated fashion; moreover, since the storage areas can be divided into an area to be used by a single enterprise, an area to be shared among a plurality of enterprises, and an area to be commonly used by all enterprises, the convenience of the composite IC card such that the communications with many enterprises can be achieved with a card is effectively utilized, thereby leading to an effect that the security of the information recorded therein can be improved.

Referring now to the accompanying drawings, a description will be given of embodiments of the present invention.

FIG. 1 shows a configuration of a memory of a composite IC card in an embodiment according to the present invention. The memory includes a system area for storing information used to control the overall IC card and a user area for actually storing information to be recorded and for defining the information. In the embodiment of the present invention, the system area contains a code number area for storing correct code numbers used for this IC card and a key lock area for storing information about the key lock.

In the upper-right corner of FIG. 1, there is shown a detailed configuration of the code number area and the key lock area. The code number area is used to record at the predetermined addresses code numbers (keys), S (an integer) in number to be used with the IC card. At the predetermined addresses of the key lock area, there are provided key control information areas, S in number to store information about the respective code numbers (keys), namely, the key error count and key lock presence or absence. For example, if the code number is constituted from nine characters including letters or numeric characters, each area for storing a key comprises nine bytes. Each key control information area need only include one byte, which further divided into bits for counting the key error count and a bit for indicating the key lock absence or presence.

FIG. 2 shows a key control information byte in which the four low order bits are key error bits used to count the key error count (the number of erroneous inputs of the code number). For example, these bits are set to 0000 when the card is issued; and a binary value of one is added thereto each time a key error occurs. When 1 is added to 1111 and a result of 0000 occurs, the key lock is assumed. In this case, the key lock is set when 16 key errors take place. The key lock is established by use of a bit in this byte. In the example of FIG. 2, when the sixth bit is 0, the key lock is established; whereas, when this bit is 1, the key is indicated to be available. That is, when the key error count changes from 1111 to 0000 in the counting operation, the sixth bit (key lock bit) is changed from 1 to 0, thereby setting the key lock. This commonly applied to the other key control information byte. The limit of the key error count can be arbitrarily specified. If a value exceeding 16 is desired, the number of bits need only be increased. The code number may be a personal key which is a code number for specifying the card user, an enterprise key for specifying the relationship between data (or a storage area) and an enterprise, a control key used by an enterprise to control a particular data item, or an issuer key for specifying an issuer of a composite IC card. More precisely, a control key is a code number (key) necessary for the manager of an enterprise to use the card and is known only by the manager. An enterprise key specifies an enterprise allowed to use information recorded in a storage area and is known only by the enterprise set for each storage area. Consequently, the same number of enterprise keys and enterprises participating in the composite IC card service are prepared. The user area comprises a group of storage areas, X in number and a group of index areas, X in number corresponding to the storage areas. As instantiated with an index area No. n on the right-hand side of FIG. 1, each index area is divided into a storage area definition information corresponding storage area (the index area No. n corresponds to the storage area No. n) and a storage area control information, which will be later described in detail. As shown in an example of a storage area No. n in FIG. 1, each storage area includes the 1st record to m-th record (m is arbitrarily set). Consequently, the information is stored for each record, and the record length (in bytes) is beforehand set so as to be written as the storage area definition information of each index area.

FIG. 3 is a schematic diagram showing in detail the configuration of the index area No. n corresponding to the storage area No. n in the user area of FIG. 1. The 1st and 2nd bytes of the storage area definition information of FIG. 3 contain the definition of the storage area start address, which indicates the first address of the storage area No. n. The following 3rd byte is used to define the write security level (WSL) for a write operation and the read security level (RSL) for a read operation. The definition of the security level is established when the different security level is required depending on the content of information and is set by selecting the kind of the code number necessary for the access according to the security level, That is, the security level definition defines the code numbers by which are allowed to access the information of the pertinent storage area. In this embodiment, the security level is defined by use of four bits in which the most significant bit indicates the necessity or unnecessity of an enterprise key and the three low order bits denote the necessity or unnecessity of a personal key, a control key, or an issuer key. For example, these bits may be defined as follows.

______________________________________ 0: Enterprise key is required. Most significant bit 1: Enterprise key is not required. 001: Only the personal key is required. 010: Only the control key is required. 011: The personal or control key 3 low-order bits is required. 100: The personal and control keys are required. 101: Only the issuer key is required. 111: Code number is not required. ______________________________________

In this case, the security levels are defined independently for the write and read operations. If many kinds of code numbers are used in the card system, the number of bits allocated for the security level definition need only be increased to cope therewith.

Next, the 4th and 5th bytes are used to define the kinds of the enterprise keys necessary for the write and read operations. Since the definition is made with eight bits, eight kinds of enterprises can be defined. Namely, up to eight enterprises can take part in the service of this composite IC card. If the greater number of enterprises are desired to participate in the card service, it is only necessary to increase the number of bits or to define each enterprise with a combination of the bits. The enterprise key level can be differently defined for the read and write operations according to the content of information. In this definition, each bit of the eight bits is corresponded to each enterprise. For example, bits 0-4 are assigned to bank A, department store B, hospital C, a financial company D, and bank E, respectively. If 0 is written in a bit, the enterprise key is indicated to be necessary; and if 1 is written therein, the enterprise key is assumed to be unnecessary. In the following definition, for example;

______________________________________ 7 6 5 4 3 2 1 0 ______________________________________ 1 1 1 0 1 1 0 0 ______________________________________

to access the area, the enterprise key of the bank E, the department store B, or the bank A is required to be inputted.

The 6th byte defines the record length, whereas the 7th byte defines the number (m in FIG. 1) of records available in the storage area. Among these data, those defining the storage area start address, the record length, and the number of record are used as parameters to calculate an address for accessing the storage area. The 8th byte to tenth byte constitute a definition area used to add other processing function to the card system.

Two low-order bits of the 11th byte of the storage area control information are used to write therein the erroneous input count of the code number for a write operation. Similarly, two low-order bits of the 12th byte are used to store the erroneous input count of the code number for a read operation. The operation for writing the erroneous input count is accomplished differently from the operation to write the key error count of the key control information of FIG. 2. The details thereabout will be described later. The 13th byte is a kind of an address pointer for specifying a number (an address) of the next record to be written in the write processing procedure. The 14th byte is used as a storage area status byte in which when the error count of the 11th and 12th bytes reaches 3, a storage lock bit for inhibiting an access to the storage area and a permanent lock bit for permanently locking an access thereto are defined. Either bits are defined for the accesses of the read and write cases. Five high-order bits of the 11th and 12th bytes are used to write the unlock counts of the storage area lock bits in the 14th byte. These values can be written separately for the write lock and read lock. The storage area lock cannot be unlocked by an unauthorized person, namely, the predetermined code number and command must be inputted for this purpose. This unlock is provided for the relief means for a lock due to an erroneous input of a code number by mistake made on the side of the correct card user or enterprise. However, if the number of unlock operations reaches the predetermined count, for example, 31 in this embodiment, and thereafter if the storage area is set to the locked state, the lock for the storage area cannot be unlocked permanently. In this case, the permanent lock bit is written in the storage area status of the 14th byte. FIG. 4 shows an example of the storage area status byte. Incidentally, the 15th and 16th bytes of the storage area control information are reserved for the future use.

Referring now to FIGS. 5, 6, and 8, the read and write operations will be described in conjunction with an embodiment of the composite IC card according to the present invention.

FIG. 5 is a flowchart of the fundamental operation of an IC card (not shown) and a reader-writer (not shown) each connected to a host computer (not shown). The IC card reader has a card insert section (not shown) and when a card is inserted into the insert section, an electric connector of the card and a contact point of the reader-writer are brought into contact with each other. The connection between the card and the card reader-writer is not limited to a metal contact such as a metal conductor, namely, signal transmit means capable of transmitting a signal between the card and the card reader-writer such as optical connect means and acoustic connect means of the noncontact type can also be used. When the IC card is installed in the IC card reader-writer and the connection therebetween is established, the IC card is powered in step 00 and the signals such as a clock pulse are started to be supplied to the card. On receiving the power and the clock pulse, the card is set to an operable state, which is then notified to the reader-writer in step 06. In step 02, the reader-writer transfers a command from the host computer to the card. The commands include those for transferring a code number, for reading data, and for writing data. The steps 00-09 of FIG. 5 are executed for each command. On receiving a command in step 07, the card executes step 08 and transfers a result of an execution of the command to the reader-writer in step 09. When receiving the result of the command execution in step 03, the reader-writer performs a check to determine whether or not the next command has been received from the host computer. If the command has been received, control returns to the step 02 to repeat the procedures described above. When all processing for the command is finished, the reader-writer ends the operations such as the power supply to the card to finish the operation of the IC card and then performs the necessary operations, for example, to notify the completion of the processing.

FIG. 6 is a flowchart showing the procedures of the read and write operations of the composite IC card in which the key lock can be effected according to the present invention and the steps 07, 08, and 09 are illustrated in detail.

In the present embodiment of this invention, a total of 11 kinds of keys (code numbers) are set, and consequently, the code number area of the system area comprises 11 code number storage areas for key No. 1 to key No. 11. In addition, the key lock area also includes 11 key control information areas. When the key error count reaches 16, the key lock is established.

The flowchart of FIG. 6 will be next described. First, the card user installs an IC card in the reader-writer and indicates a desired operation together with a code number and data. When the car is inserted, the initial setup is accomplished in step 1. In the subsequent step 2, the first command or data is inputted, for example, a transfer command to transfer a code number from the reader-writer to the IC card, a read command with a storage area from which data is to be read, or a write command with a storage area for writing data therein is inputted. In step 3, the code number (key) is check to determine whether or not the key has been inputted (transferred). The transferred code number is temporarily kept in an RAM (not shown) of the microcomputer. In step 4, the key control information is read from a key lock area associated with the transferred code number. In step 5, the key lock bit of the key control information thus read is checked to determine whether "1" has been written in the key lock bit. If "0" is found, the key (code number) is already in the locked state (usage is inhibited), step 6 notifies the reader-writer that the key has been locked. If the key lock bit is "1" in the step 5, the key has not been locked and a key having the corresponding number is read from the code number area. Next, in step 8, the transferred key is collated with the key read from the code number area to verify the correctness of the transferred key. If they coincide with each other, the transferred key is a correct key and hence the next step 9 stores an indication that the key is correct. In step 95, the key error count (the erroneous input count of the key) is cleared to 0000. In step 10, the completion of the processing for the key transfer command is notified to the reader-writer and then the program enters the state for receiving the next command or data. If the key collation in the step 8 results in the unmatching, the condition is stored in the RAM in step 11. The key error count (the erroneous input count of key in FIG. 2) of the key control information is incremented by one. In step 13, the incremented key error bits are checked to determine whether or not the key error count is 16. If the key error bits are 0000, this condition indicates that 0000 results by adding one to 1111, which means that the key error count has reached 16. In this case, the key lock bit is changed from "1" to "0" in step 14. In step 15, the condition that the key lock state has been set is notified to the reader-writer and the program enters the state to wait for the next command. If the key error bits are other than 0000, the completion of the processing for the key transfer command is notified to the reader-writer in step 16 and the program enters the state to wait for the next command. When a plurality of keys are entered, the key transfer command is executed for each key; consequently, in the processing of an IC card using key No. 1 and key No. 2, when these keys are inputted to the reader-writer, the key transfer command for the key No. 1 if first executed. When the program proceeds to step 16, control returns to the step 2 because the transfer command is required to be executed for the subsequent key No. 2. That is, the steps from the step 2 to the step 16 are repeated for the transfer command of each key necessary for the processing. When the transfer command processing is completed for all keys, for example, a read or write command is executed, and hence control returns from the step 16 to the step 2 also in this case. When a read or write command with the storage area number to read or write is inputted in the step 2, the key transfer is not required in the step 3 and hence control proceeds to step 18. In the step 18, the inputted command is checked to determine whether the command is a read command or a write command. If a read command is detected, control is passed to step 19, where the storage area control information (FIG. 3) of the index area is read from the storage area specified by the command. The storage area status byte (FIG. 4) is then extracted from the storage area control information, and then step 20 checks to determine whether the read lock or the permanent read lock has been set. If the read lock state is assumed, an error is notified in step 21 and the program enters the state to wait for other command. In other than the read lock state, the key check is performed in step 22. This includes a check at the security level, a check for the unmatching of the code number, and a lock check of a storage area. The detailed description will be described later with reference to FIG. 8. If the key check results in OK, the read operation is executed on the specified storage area in step 23. If the command inputted in the step 2 is a write command containing a specification of a write storage area and a write data, control is passed from step 24 to step 26. If the command is neither a read command nor a write command, the pertinent other processing is accomplished in step 25 and then control returns to the step 2. In step 26, a storage area control information of the index area is read from the storage area specified by the command. From the storage area control information, the storage area status byte is extracted and is checked to determine whether the write lock for the permanent write lock has been set in step 27. If the write lock state is found, the error is notified in step 28 and the program enters the state to wait for other command. In other than the write lock state, a key check is achieved in step 29. If the key check results in the matching, the data is written in the specified storage area.

Referring now to FIG. 7, the unlock operation of a storage area will be described. First, an IC card is installed in the reader-writer or a device dedicated to the unlock operation. The unlock operation is executed when an unlock command is inputted. In a usual case, prior to the execution the unlock command, an input of a master code or a code number necessary for the unlock operation is received as a key input command, which corresponds to the steps 1-16 of FIG. 6. The unlock command for a storage area is inputted when control returns to the step 2 after the key input command is finished in the step 16 of FIG. 6. The processing of the step 3 results in "no" and furthermore the results of the steps 18 and 24 are "no"; consequently, control is passed to the step 25. Step 101 in the flow of the unlock command for a storage area shown in FIG. 7 corresponds to the step 2 of FIG. 6; whe