CN103117856A - Method and apparatus for provisioning applications in mobile devices - Google Patents
Method and apparatus for provisioning applications in mobile devices Download PDFInfo
- Publication number
- CN103117856A CN103117856A CN2012105835821A CN201210583582A CN103117856A CN 103117856 A CN103117856 A CN 103117856A CN 2012105835821 A CN2012105835821 A CN 2012105835821A CN 201210583582 A CN201210583582 A CN 201210583582A CN 103117856 A CN103117856 A CN 103117856A
- Authority
- CN
- China
- Prior art keywords
- safety element
- application
- server
- mobile device
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention provides a method and an apparatus for provisioning applications in mobile devices. The method comprises sending device information of application identifier mounted on a mobile device and safety elements associated with the mobile device to a server; using derived security key set mounted on the safety elements to build a safety channel between the safety elements and the server, wherein the server is used to prepare necessary data for the application so that the application can be operated as designed; receiving the data from the server to enable the application, wherein the data comprises user interface of the application on user interface and generated application key set; and sending a confirmation information to the application provider so report state of the application operated together with the safety elements on the mobile device. Therefore, the application can provide safety service based on the safety elements.
Description
The cross-reference of related application
The application is that the application number of applying on September 24th, 2006 is 11/534, the partial continuous application of the common pending application of 653 U.S. Patent application, existing U.S. Patent number is 8,118,218, also that application number on April 23rd, 2007 application is the part continuation application of 11/739,044 U.S. Patent application.
[technical field]
The present invention relates generally to the network business, especially, the present invention relates to the technology of the application of a kind of individualized (personalizing or personalization) safety element and configuration such as stored value card, this stored value card can be effectively applied to be ecommerce (Electronic Commerce, or claim E-Commerce) and the portable unit of Mobile business (Mobile Mommerce, or claim M-Commerce) and formulation in.
[background technology]
Single function card (single functional card) successfully has been applied to such as in the such closed environment of transportation system.An example of this single function card is untouchable smart card (MIFARE), and MIFARE is the widest untouchable smart card techniques of fitting limit in the world.MIFARE provides perfect solution for the application such as integration (loyalty) and Stored Value (vending) card, road toll, city card, access control and game etc.
Yet; the application of single function card is deployed in closed system; be difficult to be extended in the other field such as ecommerce and Mobile business etc.; this is because the information of the amount of money (stored values) that stores and transaction is stored in the data space of each label (each tag) and is protected by a group key, and the attribute of label is that key must be sent to card and verifies that rear data could be accessed in transaction.This restriction makes uses the system of this class technology to be difficult to expand to open environment, for example is used for the Internet of ecommerce and/or is used for the wireless communication network of Mobile business, can cause problem aspect fail safe because transmit key at the PD network.
Usually, smart card (Smart card), chip card or integrated circuit card (IC-card) are all the smart cards that is embedded with integrated circuit.Smart card or microprocessor card comprise nonvolatile memory and microprocessor assembly.In large corporation, smart card can also provide effective safety certification for single-sign-on (Single sign on).The application of writing on the advantage of smart card and the capacity of information and card is directly related.Single contact or untouchable smart card can be applied in the services such as bank certificate, medibank, driving license or public transport qualification, the service of credit project and clubber's qualification.Multifactor and close on authentication can by and be embedded in smart card fail safe with all services that increase this smart card.
Untouchable (contactless) smart card that does not require card and card reader physical contact becomes more and more welcome in using such as the payment of public transportation and expressway tol lcollection and ticketing service.When having near-field communication (Near Field Communication, being called for short NFC) mobile phone of function is used for controlling and during other infusive new services, this NFC between untouchable smart card and card reader demonstrates great business opportunity such as payment services, traffic ticketing service, credit services, physical access.
In order to support the business environment of this quick differentiation, a plurality of entities (entities) of manufacturer, software developer and Mobile Network Operator that comprise the mobile phone of financial institution, the various NFC of having functions participate in NFC and move the ecosystem.Due to they independent role's characteristic, these participants need to exchange mutually and with a kind of reliable, interoperable mode exchange message.
Move at NFC that in the ecosystem, one of institute's problems of concern is its fail safe in open network.Therefore be necessary to provide a kind of technology of individualized safety element at untouchable smart card or in having the mobile device of NFC function, so that when such device is used for financial application or Secure Transaction, this device is safety and individualized so.Along with the individualized application of safety element in the portable telephone device with NFC function, all will realize such as the various application of stored value card or payment or service.Correspondingly, also be necessary to provide configuration or the administrative skill of the relevant application of a kind of and individualized safety element or service.
[summary of the invention]
The purpose of this part is to summarize some aspects of embodiments of the invention and briefly introduces some preferred embodiments.May do a little simplification or omit to avoid making the purpose of this part, specification digest and denomination of invention fuzzy in this part and the application's specification digest and denomination of invention, and this simplification or omit and can not be used for limiting the scope of the invention.
One of technical problem solved by the invention is to provide a kind of personalization method of the safety element related with calculation element, so that the various transaction of being undertaken by network (such as wired or wireless network) are safer.Based on personalized safety element, configuration can be provided, the technology of the various application of configuration or service can be provided.Alternately with perfect the execution individualized or layoutprocedure of management between difference side, the user can use its NFC device to enjoy Mobile business easily by data network like this.
An example as the application that provides by safety element provides a kind of mechanism to make device, and especially mancarried device work is a stored value card, the transaction of being undertaken by open network and paying server with management, and need not safe guarantee.In one embodiment, device is equipped with wallet administration device (such as, application).Described wallet administration device is used for managing various transaction, and as a kind of mechanism to access the simulator in it.The blending transaction of safety can pass through the network execution of cable network, wireless network or wired and wireless combination.
According to another aspect of the present invention, the safe key that can individualize (symmetrical or asymmetric) with individualized stored value card, and carries out safe transaction with paying server.In one embodiment, the significant data that the individual dissolves a stored value card comprise one or more operation keys (such as, load key and buy key), acquiescence PIN, managing keys (such as, unblocking PIN key, heavy cartridges PIN key) and password (such as from Mifare).In when transaction, use described safe key to go to set up an escape way at embedding stored value card and security authentication module SAM or back-end server.
The present invention may be embodied as various forms, comprises a part or the computer readable medium of method, system, device, system.In one embodiment of the invention, the present invention is a kind of method of the safety element relevant to calculation element that individualize.Described method comprises: beginning is communicated by letter with server data; After described server is determined described safety element registration thereon, the request that responds described server sends the device information of described safety element, wherein said device information is the character string of the described safety element of unique identification, and described request is to make described calculation element extract the order of described device information from described safety element; Receive at least one key set from described server, wherein said server produces described key set according to the device information of described safety element; With the transaction of the described key set of storage conveniently to carry out subsequently by described calculation element in described safety element.
In another embodiment of the present invention, the present invention is a kind of method of the safety element relevant to calculation element that individualize.Described method comprises: begin data communication between a server and described calculation element; After described server is determined described calculation element registration thereon, server sends a request to described calculation element to ask the device information of described safety element, wherein said device information is the character string of the described safety element of unique identification, and described request is to make described calculation element extract the order of described device information from described safety element; Produce at least one key set according to described device information; By data network, described key set is sent to described calculation element by escape way, wherein said key set is stored in described safety element by described calculation element; With now individualized for subsequently the described safety element of credible Notice Of Transactions related side.
According to still a further embodiment, the present invention is the collocation method that is installed on an application on mobile device.Described method comprises: will identify the identifier of described application and the device information of safety element and be sent to together server, wherein said safety element is related with a mobile device, and described application has been installed on described mobile device; The derivation safe key collection that use is installed on described safety element is set up escape way between safety element and described server, wherein said server is used for preparing necessary data so that described being applied on mobile device moved for described application as design; Receive described data from described server so that can described application, wherein said data comprise described user interface on mobile device and the application key set of generation of being applied in; And send a confirmation to the supplier of described application, to report the state of the described application that move this moment together with described safety element on described mobile device.
According to still a further embodiment, the present invention is the collocation method that is installed on an application on mobile device.Described method comprises: will be sent to together server from the identifier of the described application of identification of a mobile device and the device information of safety element, wherein said safety element is relevant to described mobile device, and described application has been installed on described mobile device; The derivation safe key collection that use is installed on described safety element is set up escape way between described safety element and described server; For described application is prepared necessary data so that described being applied on described mobile device moved as design; Transmit described data so that the described application of energy by described escape way from described server; And the supplier who notifies described application is about the state of the described application that moves together with described safety element on described mobile device this moment.
According to still a further embodiment, the present invention is a kind of mobile device that carries out Secure Transaction by network.Described mobile device comprises: network interface; Safety element; Memory space, the application that it is stored at least one module and downloads by described network interface; With the processor that described memory space is connected, be used for moving described module and comprise with the operation of carrying out: examine described application and whether be configured.When examining described application and be not configured, the described module of described processor operation also comprises with the operation of carrying out: will identify the identifier of described application and the device information of safety element is sent to server together by described network interface; The key set that use is installed on described safety element is set up escape way between described safety element and described server, wherein said server is used for preparing necessary data so that described application can move for described application on described mobile device as design; Receive described data so that described application and described safety element associated working from described server; Supplier to described application sends a confirmation, with the state of the described application that moves together with described safety element on described mobile device circular at this moment.Described processor is used for also first determining whether described safety element is individualized before the layoutprocedure of described application.If described safety element is not also individualized, described mobile device is individualized described safety element together with given server.
Compared with prior art, in the present invention advantage, benefit or characteristics be to make calculation element can with a side (such as, in point of sale and commerce server) carry out Secure Transaction by a unsafe network (such as the Internet).
About other purposes of the present invention, feature and advantage are described in detail in embodiment below in conjunction with accompanying drawing.
[description of drawings]
Ensuing embodiment, following claim and accompanying drawing will help to understand specific features of the present invention, each embodiment and advantage, wherein:
Figure 1A shows the simple structure framework of the mobile device of the support NFC with safety element;
Figure 1B shows flow process or the process of individualized safety element according to an embodiment of the invention;
Fig. 1 C shows the relation between when off-line and line model safety element producer (SE manufacturer), TSM (Trusted Service Management, credible Service Management) manager and TSM system;
Fig. 1 D shows the data flowchart between the user, NFC device, TSM server of NFC device (such as the NFC mobile phone), corresponding safety element producer and safety element publisher;
Fig. 1 E shows SAM (security identity module) based on platform or network electronic wallet server, according to one embodiment of present invention as entrance guard's stored value card and single functional label, the personal data flow process between these three entities;
Fig. 2 A shows a mobile payment ecosystem, and wherein the related side (parties) in the mobile payment ecosystem is listed successively;
Fig. 2 B shows flow process or the process of the one or more application of configuration according to an embodiment of the invention;
Fig. 2 C shows when one of configuration is used mutual data flow between difference side;
Fig. 2 D shows the mutual data flow in difference side when preparing application data in application process of configuration;
Fig. 2 E shows locking or one of disable has been installed flow process or the process of application;
Fig. 2 F is according to a specific embodiment of the present invention, the configuration diagram when showing portable unit and carrying out ecommerce and Mobile business as stored value card;
Fig. 3 A shows relevant module and interacts, the structure chart that is individualized and processed by the donor to complete the aforementioned electronic wallet;
Fig. 3 B shows relevant module and interacts, the structure chart that is individualized and processed by its user to complete the aforementioned electronic wallet;
Fig. 3 C shows flow process or the procedure chart of individualized stored value card according to a specific embodiment of the present invention;
Fig. 4 A and Fig. 4 B together show flow process or process when raising funds, register capital to, be written into or supplement with money to stored value card according to a specific embodiment of the present invention;
Fig. 4 C shows relevant module and interacts, to complete the structural representation of process shown in Fig. 4 A and Fig. 4 B;
Fig. 5 A shows the configuration diagram of the first portable equipment according to a specific embodiment of the present invention, enable cellular communications networks (such as, 3G, LTE or GPRS network) the upper various functions of carrying out ecommerce and Mobile business;
Fig. 5 B shows the configuration diagram of the second portable equipment according to another specific embodiment of the present invention, enables in the upper various functions of carrying out ecommerce and Mobile business of wired and/or radio data network (for example Internet);
Fig. 5 C is a width flow chart, according to a specific embodiment of the present invention, has illustrated that the portable equipment that makes in Fig. 5 A can move the process schematic diagram that service that one or more service providers provide is used;
Fig. 6 A has showed a configuration diagram according to a specific embodiment of the present invention, and portable equipment wherein can be carried out ecommerce and Mobile business as mobile sale point;
Fig. 6 B has showed a configuration diagram according to a specific embodiment of the present invention, and portable equipment wherein can be carried out as mobile sale point the transaction upload operation on network;
Fig. 6 C is a width flow chart, according to a specific embodiment of the present invention, has illustrated and has used as the portable equipment of mobile sale point and single function card device of support electronic token, carries out the process schematic diagram of Mobile business;
Fig. 6 D is a width flow chart, has illustrated to use as the portable equipment of mobile sale point and the multifunctional card device of supporting electronic token, carries out the process schematic diagram of Mobile business; And
Fig. 7 has described the structural representation when portable equipment is used for the electronic bill application.
[embodiment]
Detailed description of the present invention is mainly come the running of direct or indirect simulation technical solution of the present invention by program, step, logical block, process or other symbolistic descriptions.Be the thorough the present invention that understands, stated a lot of specific detail in ensuing description.And when there is no these specific detail, the present invention may still can realize.Affiliated those of skill in the art use herein these descriptions and statement effectively to introduce their work essence to the others skilled in the art in affiliated field.In other words, be the purpose of the present invention of avoiding confusion, due to the method for knowing and easily understanding of program, so they are not described in detail.
Alleged " embodiment " or " embodiment " refer to be contained in special characteristic, structure or the characteristic at least one implementation of the present invention herein.Different local in this manual " in one embodiment " that occur not are all to refer to same embodiment, neither be independent or the embodiment mutually exclusive with other embodiment optionally.In addition, the sequence of modules in method, flow chart or the functional block diagram of the one or more embodiment of expression also revocablely refers to any particular order, also is not construed as limiting the invention.Key set herein refers to a group key.
Introduce each embodiment of the present invention below with reference to Figure 1A-7.Yet the those of ordinary skill in affiliated field is understood that easily it is only indicative that the details of listing according to these accompanying drawings is described here, and the present invention is not limited in these embodiment.
When having near-field communication (Near Field Communication, being called for short NFC) mobile phone of function is used for controlling and during other infusive new services, NFC demonstrates great business opportunity such as payment services, traffic ticketing service, credit services, physical access.In order to support the business environment of this quick differentiation, (the manufacturer of manufacturer that comprises the mobile phone of financial institution, the various NFC of having functions, or title producer), software developer (developer, or claim the developer) and a plurality of entities of Mobile Network Operator (Mobile Network Operators is called for short MNO) participate in moving the ecosystem into NFC.Due to they independent role's characteristic, these participants need to exchange mutually and with a kind of reliable, interoperable mode exchange message.
Being downloaded to and being stored in the data of the cell-phone with NFC function of carrying out contactless sexual transaction (contactless transactions) and the confidentiality of sensitive application and the continuation raising of fail safe is all of equal importance for above-mentioned each entity.Provide fail safe and confidentiality in mobile phone can be called as safety element (Secure Element is called for short SE) with the assembly of supporting various business prototype.
Figure 1A shows the simple architecture of calculation element 100.Unless stated otherwise, the use that " calculation element ", " mobile device ", cellular phone or " cell-phone " general can substitute mutually in this article, yet can understanding above-mentioned vocabulary, the those of ordinary skill in affiliated field also can refer to other devices, such as smart phone, notebook computer, contactless property smart card and other mancarried devices.
Described mobile device 100 comprises NFC controller 101, and this NFC controller 101 makes the described mobile device 100 can be with other device wireless communication with swap data.Such as, the user can buy payment as stored value card (e-purse) with described mobile device 100.When operation, described stored value card is controlled by safety element 102.Described safety element 102 can be so that such a mobile device 100 be carried out financial transaction, traffic ticketing service, credit services, physical access control and other infusive services in a kind of safe mode.For such service is provided, described safety element 102 can be supported various Java applet programs, application or module (only showing two examples 104 and 106 in Figure 1A).When realizing, these modules can be the hardware modules that embeds or insert in it, can be also the software modules of downloading from one or more servers by data network.
When buying the earliest mobile device or the earliest mobile device being consigned to the client, one group of default key (a set of default keys is installed on the safety element 102 of described mobile device, or be called the default key collection), such as the issuer security domain that is arranged by safety element producer (manufacter) (Issuer Security Domain is called for short ISD) key set.When realizing, described safety element 102 can be the form of smart card, integrated circuit (IC) or software module, by rewriteeing partly or entirely can it be upgraded in this software module.In one embodiment, described safety element 102 is tamper resistant smartcard chips, and level of security according to demand, this intelligent card chip can embed the card level and use (such as payment, transmission).As shown in Figure 1A, described safety element 102 embeds or coordinates the relevant application of contactless property NFC, and is connected with described NFC controller 101 with as contactless property front end.
Typically, standard compliant safety element and an issuer security domain (issuer security domain, be called for short ISD) and the selection of one or more additional security domain (supplemental security domains, abbreviation SSD) supply with together.Each territory comprises a group key (a set ofkey, or title key set).In one embodiment, described safety element 102 is the chips that embed in small card in described mobile device 100 or insert mobile device 100 by card interface 109.In another embodiment, described safety element 102 is or comprises software module in the secure memory space 107 that is loaded in described mobile device.Can be by the network interface 103 (such as 3G network or LTE (Long Term Evolution) network) in described mobile device 100 from given server down loading updating assembly to upgrade described software module.
Described safety element 102 needs before use through individualized (Personalization or Personalizing) process.In one embodiment, described personalization process is that the individualized key set (derived personalized key set) of derivation according to the card issuer who selects (such as so-called safety element publisher) loads for described safety element 102 or upgrades a key set.Such personalization process also can be called layoutprocedure.According to an embodiment, when being installed, application or enabled services (install and individualize such as using) carry out described layoutprocedure with the described safety element that individualizes with online mode (Over the air).When making described safety element relate to a safety element publisher, just carry out the individualized of described safety element.When the user orders or application is installed, need to use to carry out to use for each and install and configure.
In one embodiment, when upgrading or promoting described safety element 102, for avoiding the individualized described safety element 102 that starts anew, only with one or some assemblies in the new described safety element 102 of renewal replacement.When realizing, can be automatically or manually obtain these new renewals, and they are loaded into described mobile device 100.
In one embodiment, according to corresponding safety element publisher and TSM, the mobile device with NFC function can be from server or TSM entrance (TSM portal) down load application.TSM refers to credible Service Management (Trusted Service Management), is a kind of set of service.The dominant role of described TSM is that helping service supplier (service provider) is for the issue of client's safety of their use mobile network with manage contactless sex service.Described TSM or its server needn't need to participate in using the actual contactless sexual transaction (transaction) of NFC device.These transaction are processed by the system that ISP and their business partner provide usually.Another role of described TSM is successful deployment and the lifting of using by accelerate mobile NFC as the business go-between, and the other side that it is conducive to the commercial relations between contractual arrangement and different each side makes mobile network's commercial affairs become possibility like this.
Can arrive service centre and carry out described personalization process, also can be by the described personalization process of webpage entrance (web portal) long-range execution of TSM server.Under the first scene, the client can arrive service centre, allows service represent the interior safety element of individualized mobile device.At the computer that is connected with the NFC card reader that is arranged in given place (such as service centre), configuration manager (provisioning manager) can be the application of installing or the application based on webpage that is connected to rear end TSM.Described configuration manager is used for carrying out communication (such as passing through card reader) with the safety element of mobile device.The process that such personalization process also can be called as (Over the Internet) Network Based.
Under the second scene, the client registers his/her mobile phone by server (TSM webpage entrance).Described TSM server can be sent to registered mobile phone with the generic resource identification code (universal resource identifier is called for short URI) of configuration manager.Based on the type of described mobile device, send mode can be that short message service sends (Short Message Service Push) or Google's Android sends (Google Android Push).Described client can be downloaded to described configuration manager in described mobile device, and begins described personalization process.Such personalization process is called as based on wireless process.
Under any scene, described configuration manager is as the safety element of mobile device and the agency between the TSM server.Refer now to shown in Figure 1B, it shows flow process or the process 110 of individualized safety element according to an embodiment of the invention.When realizing, described process 110 can be realized by the combination of software or software and hardware.When the user receives a new NFC device (such as the part of mobile device), need individualized its interior described safety element.
In operation 112, determine whether described new NFC device is real NFC device.An example is to check the sequence number (serial number) relevant to described NFC device.Described sequence number can authenticate by the database relevant to the TSM server.In the example of NFC mobile device, the device sequence number of described mobile device can be used for authenticating.The described NFC device of hypothesis is a real NFC device now, can be identified by the move operation person.Described process 110 will enter operation 114, make described NFC device and private server carry out communication.In one embodiment, described private server is the part of TSM system, and can conduct interviews to it by wireless network, the Internet or wireless and wired combination (referred to herein as data network or referred to as network).
In operation 116, make described NFC device to described server registration.In case described NFC device becomes the part of described TSM system, various services and data can be carried out communication by network and described NFC device.As the part of personalization process, in operation 118, the device information of the described safety element of described server request.In one embodiment, described server sends request of data (such as information on services, WAP PUSH) to described NFC device.Respond described request of data, described NFC device is beamed back card product life cycle (Card Product Life Cycle the is called for short CPLC) information of extracting from described safety element.Described CPLC information comprises safety element product information (such as smart card ID, producer's information and batch number etc.).Based on described CPLC information, described server can extract from its producer, warranty of attorney (authorized distributor) or ISP correspondence acquiescence issuer security domain (Issuer Security Domain the is called for short ISD) information of this safety element.When realizing, described server and safety element producer have two kinds of communication modes, specifically suitable part are hereinafter described in detail.
In operation 120, determine whether to upgrade described device information by described producer.Usually, when a safety element was sent by its producer, described safety element embeds some default apparatus information.If definite described default apparatus information (such as the CPLC data) need to be upgraded with described producer, described process 110 enters operation 122, and described producer is uploaded to described server with corresponding updating device information.In operation 124, described updating device communication to described NFC mobile device, and is stored in described safety element.If determine that the default apparatus information of described safety element does not need to upgrade with described producer, described process 110 enters operation 124, and the default apparatus information of extracting is stored in the database relevant to the TSM server.In one embodiment, described server comprises the interface that obtains derivative key collection (derived keyset).In one embodiment, according to the device information of described safety element (such as, ISD) produce described derivative key collection.When successfully installing derivation ISD key set in described safety element, notify corresponding safety element publisher described derivation ISD key set to use.
According to one embodiment of present invention, in operation 126, described device information (acquiescence or upgrade) is used for producing key set (or claiming a group key).In one embodiment, described server be used for using acquiescence ISD he hardware security module (HSM) and described safety element between set up escape way.Described server also is used for calculating the derivative key collection into described safety element.Service based agreement, the main ISD key of the publisher of safety element can be arranged in the local hardware security module of the hardware security module relevant to described server or described safety element publisher.Described hardware security module is a kind of safety encipher processor, and it is used for the administering digital key, accelerates ciphering process, and the authentication that the pass key-encrypting key that the access services device is used is provided effect.If be arranged in the hardware security module in described server, described server is used for the described hardware security module of instruction and removes to calculate described derivative key collection.Subsequently, described server provides a kind of mechanism (such as PUT KEY APDU) and uses default channel, substitutes default key collection in described safety element with described derivative key collection.If the main ISD key of described safety element publisher (SE issurer) is in the local hardware security module of described safety element publisher, described server also is used for hardware security module with far-end alternately to extract described main ISD key.
In operation 128, with the described safety element of being passed to of described key set safety.The key set individual is dissolved in described safety element, described key set is for the various safety operations that utilize the NFC device to carry out or service like this.In operation 130, described server be used for described safety element is synchronizeed with its publisher or provider (such as, the notice of relevant safety element state is sent to described publisher or provider).
After individualized, can use the individualized ISD key of described SE publisher to visit described safety element.Based on each service provider's demand for security, described TSM can provide extra SSD with individualized their respective application (such as, the module 104 or 106 in Figure 1A) for each provider.
As indicated above, have dual mode can be used for described producer's reciprocal process in extract corresponding acquiescence ISD information from described safety element.Based on architecture, the producer can choice for use real-time mode (real-time approach) or batch processing mode (batch approach).
In real-time mode, when the individualized described safety element of described TSM server, described server is provided for carrying out communication with producer's (such as its server).Like this, described default key collection is to extract from producer's server through requiring.In one embodiment, described TSM server comprises the plug-in unit module that carries out communication with each producer.
In batch processing mode, can carry out with line model, also can carry out with off-line mode.Under off-line mode, described safety element producer is all safety element transmission acquiescence ISD information of supporting by encrypted medium.The manager of described TSM or calculation element can be provided for calculation element of the input information in described physical media.Subsequently, decipher and extract described acquiescence ISD information, and be stored in a database.Under line model, described SE manufacturer uploads the acquiescence ISD information of the safety element of its support by network.Subsequently, decipher and extract described acquiescence ISD information, and be stored in a database.Then, described TSM only need to access in the safety element personalization process at its oneself hardware security module or database.Fig. 1 C has showed the relation between when off-line and line model SE producer, TSM manager, TSM system.
According to one embodiment of present invention, Fig. 1 D shows the data flowchart between the user, NFC device, TSM server of NFC device (such as the NFC mobile phone), corresponding SE producer and SE publisher.
On the one hand, can think that safety element 102 in Figure 1A is the preload operating system in smart card, it provides the PIN management and is used for the escape way of card individualized (card personalization) platform of (or claiming security domain).The interest of described safety element 102 combined with intelligent card issuers, seller, industry group, public entities and scientific ﹠ technical corporation is for running on a plurality of application definition demands and the technical standard on smart card.
As an example, as one group of agreement of a module 104 definition of stored value card safety, this group agreement makes the small amount payment transaction to carry out by wired or wireless environment.For the stored value card that is stored in smart card, after described stored value card is released, a group key (symmetry or asymmetrical) individual is dissolved described stored value card.In process of exchange, in order to make described stored value card and safety certification module (Security Authentication Module, SAM) or the information channel safety between back-end server, described stored value card uses one group of key separately to be encrypted with MAC to calculate.For single function card, described stored value card security module 104 is used as the door of protecting the practical operation of carrying out on single function card.During individualized, by the electronic-purse transaction key, described single function card access key (or his conversion) individual is dissolved described stored value card.
Fig. 1 E shows SAM or network electronic wallet server 152 based on platform according to one embodiment of present invention, as entrance guard's stored value card 154 and single functional label 156, and the personal data flow process 150 between these three entities.Described SAM or the communication between network electronic wallet server 152 and stored value card 154 based on platform will be according to the order of a type (such as APDU, application protocol is counted a tree name unit) carry out, and the communication between stored value card 154 and single functional label 156 will be carried out according to the order of another kind of type, wherein said stored value card plays entrance guard's effect, to guarantee only having safe and reliable and just can be allowed to carry out through the data interaction of authorizing.
In one embodiment, the physical security of stored value card realizes in a simulator.Simulator used herein refers to other a modules expectation hardware unit or one section program mutual with it, or to call oneself be that another installs or program especially.Described stored value card be safely be used for providing electronic purse function and and one or more java applet applet of paying server communication between realize.Support the safety element of stored value card to be responsible for upgrading safe key to set up mutual appropriate channel between paying server and java applet applet, wherein the stored value card program goes to regulate or control described exchanges data as the entrance guard.
Shown in Fig. 2 A, it shows a mobile ecosystem 200, and the related side who wherein participates in the described mobile ecosystem lists successively.In one embodiment, allow a NFC device to download or install one or more application from corresponding given server 202 (such as the application management supplier), wherein these application are to be developed at first by application developer 204, and by ISP 210, application management supplier 202 or other related sides issue.Suppose to have safety element 206 that safety element supplier 208 provides individualized via TSM or trusted third party (such as, financial institution 212).
In case install an application on described NFC device, next step will be by the described application of described safety element configuration.The layoutprocedure of using can begin in several ways.A kind of mode wherein is that a safety element owner selects an application on mobile device from the TSM entrance, and the beginning layoutprocedure.Another kind of mode is that described safety element owner receives the application configuration notification of using supplier's TSM from representative on mobile device.
Described TSM or application supplier can issue their application on the TSM entrance, have safety element and/or sign on the mobile device of user's request (such as SE owner) for downloading to.In one embodiment, described TSM provides cloud service for a plurality of SE publishers.Like this, can obtain from the TSM porch from many application of each ISP.Yet when logining described TSM entrance, the safety element owner is the application to see that those authenticate through his safety element supplier only.Based on the agreement between safety element and ISP, use the SSD key set of the ISD key set of safety element or ISP's appointment can realize the download of using/installations/individualize.If the SSD key set is not installed, can in one is used the process of installing, it be installed in described safety element.
Described TSM knows safety element for the store status of each SSD.Based on the storage allocation strategy of SSD and the store status of described safety element, can be labeled as different indications for the useful application for various SSD in using the shop, such as " can install " or " storage being installed not enough ".Can prevent the failure that the user is unnecessary like this.
In case an application is installed on a NFC device, and described application initiates self layoutprocedure, or the TSM server sends configuration notification for described NFC device by cellular network or radio data network.According to the type of described NFC device, the mode of a variety of transmission message (PUSH message, or be called promote message) is arranged so that described NFC device begins described layoutprocedure.An example of sending method comprises that note sends or Android Google sends.In case the user receives described notice, described layoutprocedure begins.When seeing fit, will describe layoutprocedure in detail.
As a part of described application configuration, the TSM server is carried out some protective mechanisms.One is to prevent the unexpected locking of safety element.Another is if stop the download of using when there is no enough memory spaces in safety element.
If during escape way is set up, too many mutual authentification failure is arranged, safety element may permanent locking oneself.In order to prevent the unexpected locking of described safety element, when setting up escape way between two sides (entities), described TSM continues to follow the tracks of the number of the authentification failure between safety element and TSM.In one embodiment, if reach preset limit, described TSM will refuse any further request.If service centre manual restart described safety element, described TSM can continue treatment S E request.
Described TSM also continues to follow the tracks of the storage use of each safety element.Described TSM determines based on the memory allocation of being distributed to each ISP by described SE publisher whether an application can be installed on a safety element.According to an embodiment, the strategy of three types is arranged:
Fixed storage space of preassignment, this is to guarantee the space;
Minimized storage space of preassignment, this is to guarantee minimum space;
Best endeavors.
The described TSM webpage entrance of described safety element publisher's use is completed this work.
1. for a collection of safety element, described safety element publisher can be for storage policy of ISP's preassignment to install its application by TSM webpage entrance;
2. when an application was installed in the mobile device request, whether the corresponding ISP's of TSM server authentication space met its storage policy; If do not meet, refuse this request;
Otherwise, described TSM server will be processed described configuring request;
4. if configuration successful, described TSM will accumulate the storage size of this application service.
Move application (if it is installed) when a mobile subscriber subscribes to one, this application need to configure via the safety element on mobile device before described application is used.In one embodiment, described layoutprocedure comprises four Main Stage;
If necessary, create additional security domain (SSD) on described safety element;
Download and install an application on described safety element;
In the individualized described application of described safety element;
Download UI (user interface) assembly to mobile device.
Fig. 2 B shows flow process or the process 220 of the one or more application of configuration according to an embodiment of the invention.Described process 220 can be implemented as the combination of software or software and hardware.In one embodiment, described application layoutprocedure 220 need to enter configuration manager on mobile device (such as the agency) with its in safety element mutual.
As shown in Fig. 2 B, at operation 222 places, described application layoutprocedure 220 can be that automatic or manual begins.Such as, supposing that it also is not configured, the user can install to spend and ordered related service starting described layoutprocedure by selecting one, or starts described layoutprocedure when using activating described the installation.In another embodiment, use the supplier send an information (such as note) to described mobile phone to begin described layoutprocedure.
Under any circumstance, described program 220 enters operation 224, extract from the safety element of mobile device described device information (such as, CPLC) after, set up and communicate by letter with private server (such as the TSM server or by the server of using publisher's operation).At operation 226 places, described device information is transferred into described server together with identifying the identifier of using.In operation 228, at first described server identifies the publisher of described safety element based on described device information, to determine whether described safety element is individualized in 230 operations.If described safety element is not also individualized, described process 220 enters operation 232, and with individualized described safety element, an embodiment of described operation 232 can realize according to the process 110 in Figure 1B.
Suppose that now the safety element in mobile device is individualized.Described process 220 enters operation 234, uses derivation ISD and described safety element to set up escape way here.Whom provides hardware security module HSM (such as TSM or SE publisher) for ISD according to, and it is that described safety element calculates and derives from ISD that described server will contact that described hardware security module goes, and uses this derivation ISD and described safety element to set up escape way.Subsequently, in operation 236, whether described server inspection has a SSD relevant to this application.If SSD corresponding to this application neither one, described server will check database and see whether it has been installed on described safety element.If need SSD to install, described flow process 220 enters 240 and removes to install described SSD.In one embodiment, remind the installation of the described SSD of described user (key).In operation 238, suppose that the user refuses to install described SSD, described process 220 stops and entering operation 222, restarts described layoutprocedure 220.
Now suppose to carry out the SSD process of installing in operation 240.Described SSD is installed similar with installation ISD.Described TSM server contact has the hardware security module HSM of main SSD key in it, is that described safety element calculates and derives from the SSD key set.Described main SSD key can be in TSM, ISP or safety element publisher, and this depends primarily on each side and how to reach an agreement on.
For download/installation in safety element is used, in operation 242, described server is used for using derivation SSD and described safety element to set up escape way.In one embodiment, this is similar to and how sets up escape way based on deriving from ISD.In operation 244, prepare the data of described application, its details will be described in more detail below.According to an embodiment, the described ISP of described server contact is to prepare storage market demand protocol Data Unit APDUs.According to being installed on application in mobile device, described server can repeat issue storage data with individualized described application.If successful execution described configurator, comprise that the excessive data of a suitable interface (such as, the user interface of the application of each mobile device) can be downloaded.In operation 246, described server uses to one the state that the supplier notifies the application that has been configured.
Fig. 2 C shows when one of configuration is used mutual data flow 250 between difference side.
As the operation 244 in Fig. 2 B, the important application that configuration is used is to prepare the customized application data into the targeted security element.Such as, for electronic wallet application, the personal data of this application comprises the various personalized transaction keys that the device information (such as CPLC information) based on safety element produces.In order to carry stored value card, the part of personal data comprises the Mifare access key of the identifier that is derived from the Mifare card, and the described server Java card sheet that both can individualize is used, and the Mifare4Mobile service goal also can individualize.Usually, has the mode of two kinds of different preparation data at least, with convenient transaction subsequently.
For data are prepared, the mutual two kinds of patterns of one embodiment of the present of invention support and described ISP are to calculate individualized application data.For the first pattern, described TSM server is not directly accessed the hardware security module related with the ISP.Described ISP can make with the mutual server of its hardware security module produce use key (such as, transmission, stored value card or Mifare key).Described TSM data prepare to realize to be that the agreement of using application programming interfaces (API) or server to provide goes for to ask to derive from and uses key (derived application key).The second pattern is that data are prepared to realize directly accessing the hardware security module relevant to the ISP to produce the application key.
According to an embodiment, Fig. 2 D shows the mutual data flow 255 in difference side when preparing application data in application process of configuration.Fig. 2 D is first mode, and wherein said TSM server is not directly accessed the hardware security module related with the ISP.Except described application data prepare to realize will be directly and ISP's hardware security module alternately, the second pattern has similar flow process.
Except supporting layoutprocedure, one embodiment of the present of invention are also supported the Life Cycle Management of safety element.Described Life Cycle Management includes but not limited to, safety element locking, safety element release and application deletion (disable).Can notify to begin these activities by TSM.In the actual use of mobile device, Fig. 2 E shows flow process or the process 260 that application has been installed in locking.NFC device may have been installed the application on safety element of running on of some.Because some reasons (such as, there is no for a long time activity or expire), an application need to be by its publisher or supplier's disable or locking.
The process 260 that one of disable has been installed application starts from operating 262.In one embodiment, described process 260 is manually booted by TSM webpage entrance by the operator.In another embodiment, described process 260 is started automatically by ISP's internal work flow process (such as using TSM web service API).In case described process 260 starts, and sends an information to one a NFC device (in mobile device), an application in it need to be by disable.When realizing, such message can have different-format.In one embodiment, described message is a PUSH order.In another embodiment, described message is a request of the TCP/IP to the described NFC device by network delivery.In operation 264, server (such as the TSM server) sends described message.When realizing, such a message comprises that sign is with the identifier of the application of locked or disable.When receiving such message, in operation 266, card manager on described NFC device agency (card manager proxy) is used for authenticating such information whether really from its original publisher or supplier by replying an information.In one embodiment, described message being sent to the TSM server authenticates.If authentification failure is not namely responded such inquiry, described process 260 will finish.
Suppose that described authentication passes through, namely received to reply from the inquiry for the supplier of described application of described device and confirmed, it is real that described raw requests is proved to be.Usually, in operation 268, such reply confirms to comprise the identifier of the application that will lock.Described TSM server is used for setting up an escape way with safety element.Subsequently, described TSM server is prepared suitable APDUs (such as SET STATUS (state is set), or/and DELETE (deletion)) by described card manager agency for described safety element.In operation 270, described device sends operation requests to described safety element, with the locking application-specific.
In any case, respond described order, in step 272, described safety element SE locking or the described application of disable.According to an embodiment, described SE is caused with application and separates, and makes like this this mounted application no longer can use described safety element.In operation 274, described safety element is used for sending confirms to notify the related side, and this application no longer runs on described device and suffered.In one embodiment, described confirmation is sent to the TMS server, has one to record which application and be installed in which device and the database of the corresponding state of each application in described TMS server.Described database root is according to upgrading from the confirmation (acknowledgement) of described safety element.
Fig. 2 E shows flow process or the process 260 that application has been installed in locking.For the one of ordinary skilled in the art, other operation such as release or enable one application has been installed, extends the time limit that application has been installed, is with the similar process shown in Fig. 2 E.
With reference to Fig. 2 F, Fig. 2 F root a tree name specific embodiment of the present invention has been showed the configuration diagram 280 when portable equipment is carried out ecommerce and Mobile business as stored value card.Described Figure 28 0 has comprised the portable phone 282 of smart card module embedded.An example of this type of portable phone is to support short-range communication (NFC, Near Field Communication), and comprises the portable phone of SmartMX (SMX) module.It can be integrated it should be noted that safety element and use.Unless stated otherwise, ensuing description will can not point out which partly carries out the function of safety element, and which partly is used as is used.The one of ordinary skilled in the art it should be understood that according to hereinafter given suitable part or the function of detailed description and will be performed.
Described SMX module is mounted with Mifare simulator 288 (being single function card) in advance, to be used for storing numerical value (values).Described portable phone is equipped with non-contact interface (for example ISO14443RFID), plays the effect of label to allow described portable phone.In addition, described SMX module is to move the Java card sheet (JavaCard) of Java applet program.Specific embodiment of root a tree name, stored value card is based upon on described global platform (GP), and is embodied as the applet program in described SMX module.Described stored value card is set to can be by the data structure of the described Mifare simulator of cryptographic acess, and described password is obtained through after suitable conversion by described access key.
Wallet administration device MIDlet program 284 is provided in described portable phone 282.In Mobile business, described MIDlet program 284 has been served as the communication agent between stored value card applet program 286 and one or more payment network and server 290, so that the transaction between each side is carried out smoothly.The MIDlet program of indication is the component software that is adapted at moving on portable equipment herein.Described wallet administration device MIDlet program 284 may be implemented as " the MIDlet program " on the Java portable phone, or " executable application programs " on PDA(Personal Digital Assistant) equipment.One of function of described wallet administration device MIDlet program 284 is access of radio network, and with operate in identical equipment or the stored value card applet program on outside intelligent card communicates.In addition, MIDlet program 284 also is set to provide management function, for example changes Personal Identification Number (PIN), checks electronic purse balance amount and transactions history daily record.The card issuing business provides the security identity module (SAM) 292 that is used for supporting and authenticating any transaction of carrying out between card and corresponding with service device (that is paying server) in an example is used.As shown in Fig. 2 F, application protocol is counted a tree name module (APDU) order and is created by server 290 that can access security identification module (SAM) 292, and wherein said APDU module is the communication module between reader and card.The structure of described APDU module is according to the ISO7816 standard formulation.Usually, the APDU order be embedded in internet message and be transferred into described server 290 or described stored value card applet program 286 to accept processing.
In ecommerce, the web agency 294 who moves on the computer (not shown) is responsible for a contactless reader (for example ISO14443RFID reader) and the described webserver 290 mutual.In practical operation, described agency 294 sends the APDU orders by described contactless reader 296 to the described stored value card applet program 286 of moving on portable phone 282, or receives corresponding reply by identical approach from described stored value card applet program 286.On the other hand, but described agency 294 generating network requests (for example HTTP) and receive corresponding reply from described paying server 290.
When individualized portable phone 282, the structure chart 300 in Fig. 3 A has been showed the correlation module interaction, carries out personalized process to complete stored value card by the donor.Structure chart 320 in Fig. 3 B has been showed the correlation module interaction, carries out personalized process with the stored value card of completing as shown in Figure 2 by its user.
Flow process in Fig. 3 C or procedure chart 350 have been showed according to a specific embodiment of the present invention, the process of individualized stored value card applet program.Fig. 3 C suggestion combines together with Fig. 3 A and Fig. 3 B to be understood.Procedure chart 350 can be realized by the mode of software, hardware or software and hardware combining.
As previously mentioned, the wallet administration device builds on global platform, required security mechanism so that individualized stored value card applet program to be provided.In practical operation, security domain be used to the to connect escape way of personalization application server and described stored value card applet program.According to a specific embodiment, comprise one or more operation keys (for example being written into or supplementing with money key and purchase key) through the critical data that individualize and be stored into described stored value card applet program, default Personal Identification Number, managing keys (for example block to remove the PIN key and again be written into the PIN key), and password (for example from Mifare password).
Suppose that the user wants the individualized stored value card applet program that is embedded in portable equipment (for example portable phone).In the step 352 of Fig. 3 C, personalization process is activated.According to the difference of specific implementation, personalization process may realize in the module in portable equipment, and activated by mode manually or automatically, also may be embodied as a physical process that is started by donor (normally with the associated personnel of card issuing business).As shown in Figure 3A, the donor starts personalization process 304, stored value card applet program with personalized user, described personalization process 304 is undertaken by the contactless reader 310 as the interface on existing (existing) new stored value card security identity module 306 and existing security identity module 308.Card management device 311 is carried out at least two functions: (1) sets up escape way by security domain, with in the card personalization process, installs and individualized external application (for example stored value card applet program); And (2) establishment safety measure (for example Personal Identification Number), with the described application program of protection in follow-up operation.Use the result of personalization application server 304 as described personalization process, described stored value card applet program 312 and simulator 314 are individualized.
Similarly, as shown in Fig. 3 B, electronic purse customer wishes to start personalization process, so that stored value card applet program individualizes by wireless mode (for example by the Mobile business path in Fig. 2).Different from Fig. 3 A, Fig. 3 B allows described personalization process to be activated by mode manually or automatically.For example, a device is housed on portable phone, if this device is pressed, activates described personalization process.In another kind of scheme, the condition prompting of " not individualized " can be submitted to the user to start described personalization process.As previously mentioned, MIDlet program 322 in portable equipment (i.e. service managerZ-HU) is served as the agency to assist communicating by letter between paying server 324 and stored value card applet program 312 and simulator 314, and wherein paying server 324 has the authority of accessing existing new stored value card security identity module 306 and existing security identity module 308.Through described personalization process, stored value card applet program 312 and simulator 314 are individualized.
Go back to now the C referring to Fig. 3, after the personalization process shown in Fig. 3 A was activated, contactless reader 310 was activated and reading tag identifier (ID) (being RFID label ID) and critical data the smart card in equipment in step 354.By application safety territory (for example card issuing business's default security settings), stored value card applet program in the new stored value card security identity module that connects in step 356 (for example security identity module 306 in Fig. 3 A) and portable equipment (for example stored value card applet program 312 in Fig. 3 A〉escape way.
Each application safety territory of global platform comprises three DES keys.For example:
Key 1:255/1/DES-ECB/404142434445464748494a4b4c4d4e4f
Key 2:255/2/DES-ECB/404142434445464748494a4b4c4d4e4f
Key 3:255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
Security domain is utilized for two secured session session key generations between entity, described two entities can be card management device applet program and primary application program (host application), wherein said primary application program may be the individualized application program in tabletop machine, may be also the personalized service of the networking that provided by back-end server.
The application domain of acquiescence can be installed by the card issuing business, and distributes to different application/service providers.Each application program owner can be before personalization process the initial period of described process (or) changes the numerical value of set of cipher key separately.Application program can create for the escape way of carrying out personalization process with described new key group afterwards.
By the described escape way of being set up by the application safety territory of application provider, first group of data can be individualized and be deposited in stored value card applet program.Second group of number a tree name can individualize by the same passage equally.But if described data are kept in different security identity module, one is used the new escape way of same key group (or different set of cipher key) can be used to individualized described second group of data.
In step 358, generate one group of e-wallet implementation key and Personal Identification Number by new stored value card security identity module 306, being used for the exchanges data between new stored value card security identity module and stored value card applet program, and the described stored value card applet program that substantially individualizes.
Be established between the stored value card applet program (for example stored value card applet program 312 in Fig. 3 A) of second escape way in existing security identity module (for example security identity module 308 in Fig. 3 A) and portable equipment in step 360.Use described existing security identity module and label ID to generate one group of key after conversion in step 362.Key after described conversion is kept in described simulator with the data access authentication after being used for.Use described existing security identity module and label ID to generate one group of MF password in step 358, and deposit described password in stored value card applet program with the data access authentication after being used for.After aforesaid operations was all completed, described stored value card comprised described stored value card applet program and corresponding simulator, will be set to " individualized " state.
Based on a specific embodiment of the present invention, Fig. 4 A and Fig. 4 B have showed flow process or the procedure chart 400 of raising funds or registering capital to for stored value card together.Process 400 is by the Mobile business path enforcement in Fig. 2.For understanding process 400 better, Fig. 4 C has showed a representative calcspar 450, and in figure, relevant square interacts to complete described process 400.The different situations of practical application according to the present invention, described process 400 may realize by the mode of software, hardware or software and hardware combining.
Suppose that the user has obtained a portable equipment that stored value card is installed (for example portable phone).Described user wishes to inject fund to described stored value card from the account of bank.In step 402, described user inputs one group of Personal Identification Number (PIN).Suppose that described Personal Identification Number is effective, the wallet administration device in portable equipment is activated, and initiates request (being also referred to as aerial (OTA, Over-the-Air) charging request) in step 404.MIDlet program in step 406 in portable equipment sends request to stored value card applet program, has described the process of communicating by letter between wallet administration device MIDlet program 434 and stored value card applet program 436 in described step 406 in Fig. 4 C.
In step 408, stored value card applet program generates the reply that is used for responding described MIDlet PROGRAMMED REQUESTS.After receiving described reply, described MIDlet program is sent to payment network and server with described reply by cellular communications networks.As shown in Fig. 4 C, wallet administration device MIDlet program 434 communicates by letter to obtain reply with stored value card applet program 436, and described reply is sent to payment network and server 440 immediately.In step 410, process 400 need to be examined the validity of described reply.If described reply can't be verified, process 400 will stop.If described reply is verified as effectively, process 400 enters step 412 and checks account corresponding in bank.If described account exists really, the value transfer request will be activated.In step 414, described bank can return to reply to respond described request after receiving described request.Usually, the information exchange between described payment network and server and described bank need be observed procotol (for example http protocol of Internet use).
In step 416, the reply that described bank returns is transferred into payment network and server.In step 418, the MIDlet program is extracted source APDU order and described order is transmitted to stored value card applet program from described reply.Examine described order in the applet of stored value card described in step 420 program, if described order is verified as being authorized to, this order is sent to the simulator in step 420, upgrade simultaneously transaction log.Generating labels in step 422 (ticket) is to be used for formulating the reply (for example reply of APDU form) that sends to described paying server.In step 424, upgrade and send success status information to described MIDlet program after described paying server is received and replied, preserve simultaneously described APDU and reply in order to check later on.
As shown in Fig. 4 C, payment network and server 440 are received the reply that wallet administration device MIDlet program 434 is sent, and examine described reply with security identity module 444 and sent by the stored value card applet program 436 that process is authorized.After described reply was verified, payment network and server 440 sent request to financing bank 442, supposed that user 432 has the account in described bank.Described bank can examine and authorize described request, then according to predetermined message format return authorization number.After bank 442 received described reply, paying server 440 can send a network to MIDlet program 434 and reply to refuse or ratify described request.
Although process 400 is described to injection fund in the stored value card, others skilled in the art in this area can easily draw and use process that stored value card buys by network and process 400 is the same conclusion in essence, so the described process of buying is no longer in this independent discussion.
According to a specific embodiment of the present invention, showed first exemplary architecture 500 that makes portable equipment 530 carry out ecommerce and Mobile business on cellular communications networks 520 (for example GPRS network) in Fig. 5 A.Described portable equipment 530 is by base band 524 and safety element 529(smart card for example) form.An example of described portable equipment is the portable equipment (for example portable phone or PDA(Personal Digital Assistant)) of supporting short-range communication or near-field communication (NFC, Near Field Communication).Described base band 524 provides an e-platform or environment (miniature edition Java(JME for example, Java Micro Edition), or mobile information apparatus framework (MIDP, Mobile Information Device Profile)), can carry out or move application MIDlet program 523 and server manager 522 thereon.Described safety element 529 includes global platform (GP) card management device 526, and simulator 528 and other assemblies are such as Personal Identification Number manager (not shown).
For supporting described portable equipment 530 to carry out ecommerce and Mobile business, need to install in advance and arrange one or more service/application thereon.An example of service managerZ-HU 522 (for example MIDlet program that graphic user interface is arranged) need to be activated.In a specific embodiment, service managerZ-HU 522 can be downloaded and install.In another specific embodiment, service managerZ-HU 522 can be pre-loaded.No matter adopt which kind of mode, in case service managerZ-HU 522 is activated, the directory listing that comprises various services will be shown.Described directory listing may comprise the service item relevant with user's CAMEL-Subscription-Information, also may comprise the recommended project that is independent of user signing contract information.Obtain the catalogue storehouse 502 that described directory listing can be from LIST SERVER 512.LIST SERVER 512 may provide ISP's (for example build-in services device, personalized service device) of product and/or service to play the effect (as the Yellow Page function) of exchange centre (central hub) to the registrant for various.The Yellow Page function of described LIST SERVER 512 can comprise service planning information (for example service charge, Start Date, Close Date etc.), installations, individualized and/or MIDlet program download place (as the Internet address).Described installation and personalization process are provided by two different commercial entities, such as described installation process may be provided by the publisher of safety element 529, and described personalization process may be provided by the service provider of the application process key of holding application-specific.
According to a specific embodiment, service managerZ-HU 522 is configured to the one or more servers 514 by cellular communications networks 520 Connection Service providers.Suppose that the user has selected an application from the service catalogue of presenting to him.To set up an escape way 518 between described one or more server 514 and global platform manager 526, the application applet program 527 of selecting to install/to download described user, and then individualized this application applet program 527 and optional simulator 528, and final down load application MIDlet program 523.Applet program library 504 and MIDlet program library 506 provide respectively general application applet program and use the MIDlet program.Global platform security identity module 516 and application security identification module 517 are used to set up escape way 518 to carry out the individualized operation.
According to another specific embodiment of the present invention, Fig. 5 B has showed makes portable equipment 530 can carry out second exemplary architecture 540 of ecommerce and Mobile business on public network 521.Most of assemblies in described second framework 540 in essence with first framework 500 of Fig. 5 A in assembly similar.Difference is that first framework 500 is based on the operation on cellular communications networks 520, and second framework 540 used public network 521 (for example Internet).Described public network 521 may comprise local area network (LAN) (LAN, Local Area Network), a wide area network (WAN, Wide Area Network), WiFi(IEEE802.11) wireless connections, a Wi-Max(IEEE802.16) wireless connections etc.In order to carry out service operations on described public network 521, an example of service managerZ-HU 532 (namely with the service managerZ-HU MIDlet program 522 same or analogous examples of function) will be installed on the computer 538 of access public network 521.Described computer 538 can be the described example of desktop personal computer (PC), notebook computer or other energy operation service managers 532, and the computing equipment of access public network 521.Connection between described computer 538 and portable equipment 530 is undertaken by a contactless reader 534.Service managerZ-HU 532 has served as agency's role, between one or more servers 514 and global platform card management device 526 with assistance services provider, and installation and the personalization process of being undertaken by escape way 519.
Fig. 5 C is a flow chart, according to a specific embodiment of the present invention, has described to make portable equipment can carry out the process 550 of ecommerce and Mobile business function.Described process 550 can realize by the mode of software, hardware or software and hardware combining according to the difference of specific implementation.In order to understand better described process 550, will quote some diagram, especially Fig. 5 A and Fig. 5 B early in following description.
Before process 550 beginning, service managerZ-HU 522 or an example of 532 have been downloaded or have been contained in advance on portable equipment 530 or computer 538.In step 552, service managerZ-HU is activated and sends service requests to the server 514 that the service provider locates.Be identified and portable equipment is verified as after effectively the user, in step 554, described process 550 provides the directory listing of service/application according to signing (subscription) information of the user of portable equipment 530.For example, described list may comprise mobile sale point application program, electronic wallet application, electronic bill application program and other business-like services.Then a service/application is chosen from described directory listing.For example, stored value card or mobile sale point can selectedly be used for configuring portable equipment 530.As the response that the user is selected, described selected service/application is downloaded and installed to process 550 in step 556.For example, stored value card applet application program (namely using applet program 527) is downloaded and is arranged in safety element 529 from applet program library 504.The path of described download or installation can be escape way 518 or 519.In step 558, if necessary, process 550 will the individualize described application applet program that has been downloaded and described simulator 528.The application applet program that some are downloaded does not need to be individualized, and other needs to individualize.In a specific embodiment, mobile sale point is used applet program (" point of sale security identity module (POS SAM) ") and need to be individualized, and following information or data group must provide:
(a) unique security identity module ID based on bottom safety element unique identifiers;
(b) one group of debit master key (debit master key);
(c) the message encryption key after conversion;
(d) identification of the message after conversion key;
(e) remarks section of every off-line transaction maximum length that can be allowed to;
(f) the batch transaction key after conversion; And
(g) a global platform Personal Identification Number (GP PIN).
In another specific embodiment, during for single function card personalization stored value card applet program, not only need particular data (be Personal Identification Number, conversion after key, Start Date, Close Date etc.) is configured in stored value card, but also will be set to and to work in open system by simulator.At last, in step 560, process 550 is downloaded and is started according to selection the MIDlet program 523 of using.Some personal data in described application applet program can be accessed and be shown, or is provided by the user.Described process 550 finishes after all service/application assemblies all are downloaded, install and individualize.
According to a specific embodiment, make the portable equipment 530 can be as follows as the exemplary process that a mobile sale point uses:
(a) access build-in services devices (being service provider's a station server 514), and ask described server to set up article one escape way (for example escape way 518), to connect a distribution quotient field (being applet program library 504) and the global platform card management device 526 that runs on safety element 529;
(b) receive one or more internet message, comprise some APDU requests of an encapsulation point of sale security identity module applet program Java Cap file of applet program library 504 (for example from) in described message;
(c) extract described APDU request from the described internet message that receives;
(d) send the APDU request that extracts according to correct order to global platform card management device 526, so that point of sale security identity module (namely using applet program 527) to be installed on safety element 529;
(e) access personal server (i.e. a service provider's server 514), connect escape way between personalized service device and newly downloaded applet program (being the point of sale security identity module) (according to server and/or path different, described escape way may be may not be also escape way 518) to open second.
(f) receive one or more internet message to obtain one or more independent " data storage APDU (STORE DATAAPTU) ";
(g) extract and send described " data storage APDU (STORE DATAAPTU) ", with individualized point of sale security identity module; And
(h) download and start point of sale manager (namely use MIDlet and cross program 523).
Fig. 6 A has showed a representational framework 600, a root a tree name specific embodiment of the present invention, and wherein portable equipment 630 is as mobile sale point, to carry out ecommerce and Mobile business.Described portable equipment 630 is comprised of base band 624 and safety element 629.Point of sale manager 623 is downloaded and is arranged in described base band 624, and security identity module 628 quilts in point of sale individualize and are arranged in safety element 629, so that portable equipment 630 can serve as the role of mobile sale point.Real-time like this transaction 639 can be at the portable equipment 630 of supporting mobile sale point and the device 636(that the supports electronic token mobile device of single function card or support stored value card for example) between carry out.Described electronic token may represent the payment token of electronic money (e-money), electronic business transaction certificate (e-coupon), electronic ticket (e-ticket), electronic vouchers (e-voucher) or any other form in equipment.
Real-time deal 639 carries out (namely portable equipment not being accessed rear end point of sale (pos) transactions processing server 613) under can be online.But, in specific actual conditions, when for example trading volume has surpassed predetermined thresholding, or the equipment 636 of supporting electronic token need to be supplemented with money or during virtual supplementing with money, or (single or in batches) transaction is when uploading, and described portable equipment 630 can be by cellular network 520 access described rear end point of sale (pos) transactions processing servers 613.
The off-line transaction record of accumulation need to be uploaded to rear end point of sale (pos) transactions processing server 613 and process.Described upload operation is by carrying out by the portable equipment 630 of escape way 618 access point of sale (pos) transactions processing servers 613.Similar with personalization process to described installation, upload operation can be carried out via two different routes: cellular communications networks 520; Or public network 521.Fig. 6 A has described described article one route.
Described second route as shown in Fig. 6 B, a root a tree name specific embodiment of the present invention, Fig. 6 B has showed a representational framework 640, wherein portable equipment 630 is carried out the operation that transaction is uploaded in batches as mobile sale point and on public network 521.Off-line transaction in described mobile sale point record generally is kept in transaction log in point of sale security identity module 628 by accumulation.Described transaction log is read and is deposited in the point of sale agency 633 who is arranged in computer 638 by contactless reader 634.Described point of sale agency 633 accesses point of sale (pos) transactions processing servers 613 by escape way 619 again on public network 521.Each upload operation that comprises one or more transaction record is labeled as an independent batch upload operation.Data communication Bian between point of sale security identity module 628, contactless reader 634 and point of sale agency 632 threes is with form and comprise described transaction record.The internet message of encapsulation APDU (for example HTTP) is used to the communication between point of sale agency 632 and point of sale (pos) transactions processing server 613.
In a specific embodiment, the representative batch upload procedure from point of sale manager 623 or point of sale agency 633 comprises:
(a) send request to initiate upload operation in batches to point of sale security identity module 628;
(b) after described point of sale security identity module 628 is agreed described batch upload request, fetch the transaction record of accumulation with the form of APDU order in " a collection of " that is labeled or " one group " from described point of sale security identity module 628;
(c) establishment one or more comprises the internet message of described APDU order of fetching;
(d) by escape way 619, described one or more internet message is sent to point of sale (pos) transactions processing server 613;
(e) confirmation of receipt signature information from described point of sale (pos) transactions processing server 613;
(f) described confirmation signature information is transferred to described point of sale security identity module 628 to examine with the form of APDU, then delete the transaction record of having been uploaded through confirming; And
(g) if other transaction records of not uploaded are still arranged in described same " criticizing " or " group ", repeating step (b) is to step (f).
Fig. 6 C has showed a width flow chart, according to a specific embodiment of the present invention, has described use the portable equipment 630 that serves as mobile sale point and use and support the device 636 of electronic token to carry out the process 650 of Mobile business as single function card.To understand in order being more convenient for, preferably process 650 to be associated together with before diagram, especially Fig. 6 A and Fig. 6 B and investigate.Described process 650 can realize with the mode of software, hardware or soft or hard combination.
As the holder who supports electronic token device (for example Mifare card or support stored value card and simulate the portable phone of single function card), when wishing to buy article or subscribed services by mobile sale point (being portable equipment 630), and process 650 (for example performed process of point of sale manager 623 in Fig. 6 A〉just can be activated.In step 652, portable equipment 630 reads the device of described support electronic token and fetches electronic token (for example label ID of Mifare card).Whether then, process 650 is examined the described electronic token of fetching in step 654 effective.If support in Fig. 6 A that the device 636 of electronic token is single function card (for example Mifare), the described verification process of being carried out by point of sale manager 623 comprises: (i) read the card sign (ID) of described card, described card sign is kept at not protected or only is subjected on the zone of known cryptographic key protection; (ii) send to point of sale security identity module 628 request that comprises described card sign; (iii) reception is one or more by key after the conversion of point of sale security identity module 628 generations (such as the key that is used for transaction count, publisher's data etc.).If after the described one or more conversions that receive, key is invalid, namely the described electronic token of fetching is invalid, and terminal procedure 650.Else process 650 will be advanced into step 656 along "Yes" branch, will judge the expense that whether has enough remaining sums to need to pay current exchange in the described electronic token of fetching in step 656.If the result that step 656 is judged is "No", process 650 can select to propose that described holder supplements (namely be written into, inject or raise funds) with money for its electronic token in step 657.If described holder selects " negating " described proposal, process 650 finishes.Described holder carries out charging in real time with the device that means described support electronic token else if, and process 650 is carried out in step 658 and supplemented with money or the Virtual plan is supplemented operation with money.Process 650 is returned to step 656 afterwards.If enough coin remaining sums are arranged in electronic token, process 650 deducts from the electronic token of supporting electronic token device 636 in step 660 or debit is completed the number that described purchase need to be paid.In the situation of described single function card, after described one or more conversions, key is used to authorize described deduction operation.In step 662, the one or more off-line transactions records that accumulate in point of sale security identity module 628 are uploaded to point of sale (pos) transactions processing server 613 and process at last.Described upload operation can or be concluded the business in batches and carry out by cellular communications networks 520 or 521 pairs of single transaction of PD network.
Process 400 in Fig. 4 A has been described the aforesaid operation of supplementing with money.Virtual supplement with money the operation be described specific type of supplementing operation with money, common sponsored people or donor are used for improving the credit line of electronic token.In order to use the virtual operation of supplementing with money, described sponsor need to set up an account, and with described account and device (for example portable phone of single function card, Multifunction card, support electronic token the etc.) binding of supporting electronic token.For example, account on the line that is provided by commercial entity (for example enterprise, bank etc.).In case described sponsor has been filled with electronic token in account on the described line, support the holder of electronic token device just can receive electronic token account from described line when the access mobile sale point.Multiple different safety measure will be carried out to guarantee that described virtual to supplement operation with money be safety and reliably.A described virtual representative application scenario of supplementing with money is that father (mother) parent (being the sponsor) can be filled with electronic token in account on a line, on described line, account is connected with a children's (being the equipment holder) portable phone (namely supporting the device of electronic token), therefore as described children during at mobile sale point purchase article, described children just can receive the described electronic token that is charged.except various ecommerce described herein and Mobile business function, point of sale manager 623 also is set to provide multiple query manipulation, for example, (a) check the revenue and expenditure record of the not formation batch (namely not uploaded) of accumulating in the security identity module of point of sale, (b) list the transaction log of the not formation batch in the security identity module of point of sale, (c) show the details that is kept at the particular transaction in the security identity module of point of sale, (d) check the current remaining sum of the device of supporting electronic token, (e) list the transaction log of the device of supporting electronic token, and the details that (f) shows the particular transaction of the device of supporting electronic token.
Flow chart in Fig. 6 D, according to a specific embodiment of the present invention, the portable equipment 630 that can serve as mobile sale point and the device 636 that uses and support electronic token as Multifunction card have been described to use, the representative process 670 of carrying out Mobile business.To understand in order being more convenient for, preferably process 670 to be connected together with before diagram, especially Fig. 6 A and Fig. 6 B and investigate.Described process 670 can realize with the mode of software, hardware or soft or hard combination.
When the holder who supports electronic token device 636 (for example portable phone of Multifunction card or support stored value card and simulation multifunctional card) wished to buy article or subscribed services by mobile sale point (being portable equipment 630), process 670 (for example performed process of point of sale manager 623 in Fig. 6 A) just can be activated.In step 672, process 670 sends the initial request of buying to the device 636 of supporting electronic token.Buying expenses and described initial purchase request (for example order) together send.Then process 670 proceeds to determination step 674.When there is no enough remaining sums in the device 636 of supporting electronic token, point of sale manager 623 will be received receiveing the response of the described initial purchase request of refusal.Result is that process 670 finishes because described purchase request is rejected.If supporting has enough remaining sums in the device 636 of electronics for joint, the result of determination step 674 is "Yes", and process 670 will proceed to step 676 along "Yes" branch.The reply (for example APDU order) of there receiving from the device 636 of supporting electronic token will be forwarded to point of sale security identity module 628.Information in described reply comprises the version of electronic token key, and the random number that will be used to set up escape way, described escape way will connect the point of sale security identity module 628 of installing on applet program (for example stored value card applet) and portable equipment 630 on the device 636 of supporting electronic token.Then, in step 678, process 670 is received the debit request (for example APDU order) that is generated in order to respond described forwarding reply (being the reply in step 676) by point of sale security identity module 628.Described debit request contains message cognizance code (MAC, Message Authentication Code) so that applet program (being stored value card applet program) is examined the debit that is about to carry out to be operated, the wherein said debit operation that is about to carry out is carried out in order to respond the debit request that sends in step 680.Process 670 is advanced to step 682, receives the confirmation message of described debit operation.Comprise in described acknowledge message by point of sale security identity module 628 and point of sale (pos) transactions processing server 613 and be used for respectively the additional message cognizance code examining and process.Next in step 684, described debit acknowledge message is forwarded to point of sale security identity module 628 to examine.In case described message cognizance code is verified as effectively, and purchase-transaction is recorded in point of sale security identity module 628, and the described transaction that is recorded is shown in step 686, and then process 670 finishes.It should be noted that the aforementioned electronic business transaction can be undertaken by point of sale (pos) transactions processing server 613 down or on line online.And when in the device of supporting electronic token, Sorry, your ticket has not enough value, can carry out according to the process 400 of describing in Fig. 4 A and Fig. 4 B and supplement or register capital to operation with money.
Fig. 7 has showed the representative setting when portable equipment is used to the electronic bill application.Portable equipment 730 is configured to comprise stored value card 724.When the owner of described portable equipment 730 or holder wished to buy the bill (such as concert tickets, ball match admission ticket etc.) of participating in a specific activities, described owner can use stored value card 724 by electronic ticket service provider 720 bookings.It is predetermined and buy described bill that described electronic ticket service provider 720 can contact on traditional box office reservation system 716 or line ticketing service application program 710.Electronic token (for example electronic money) is by deduction from the stored value card 724 of portable equipment 730 afterwards, with to the credit/debit 714(of system financial institution for example, bank) the pay bills buying expenses.Security identity module 718 is access in described electronic bill service provider 720, is correctly validated to guarantee the stored value card 724 in portable equipment 730.After receiving that payment is confirmed, electronic ticket is transferred into portable equipment 730 by aerial connection (for example cellular communications networks), and is stored on safety element 726 in the mode of electronization, for example in the mode of electronic ticket code, key or password.Afterwards, as the owner of described portable equipment 730, when namely the holder of described electronic ticket attended described specific activities, described electronic ticket holder only need to allow entrance registration reader 734 read electronic ticket code or the key of preserving in portable equipment 730.In a specific embodiment, described entrance registration reader 734 is a contactless reader (for example observing the very-short-reach coupling device of ISO14443).Described portable equipment 730 is mobile phones of supporting short-range communication (NFC).
The present invention is more suitable for adopting software form to realize, but also the form of available hardware or software and hardware combining realizes.The present invention also can be implemented as the code that can be read by computer on computer-readable media.Described computer-readable media is that any can preservation can be by several a tree name storage devices of the data of computer system reads.The example of computer-readable media comprises read-only memory, random access memory, CD CD (CD-ROM), Digital video disc (DVD), tape, optical data storage device, and carrier wave.Described computer-readable media also can be distributed in many computer systems that are connected by network, describedly like this can will be stored and move in distributed mode by the code that computer reads.
Above-mentioned explanation has fully disclosed the specific embodiment of the present invention.It is pointed out that being familiar with any change that the person skilled in art does the specific embodiment of the present invention does not all break away from the scope of claims of the present invention.Correspondingly, the scope of claim of the present invention also is not limited only to previous embodiment.
Claims (16)
1. the method for an application of a configuration, is characterized in that, it comprises:
The identifier of the described application of identification and the device information of safety element are sent to server together, and wherein said safety element is related with a mobile device, and described application has been installed on described mobile device;
The derivation safe key collection that use is installed on described safety element is set up escape way between safety element and described server, wherein said server is used for preparing necessary data so that described being applied on mobile device moved for described application as design;
Receive described data from described server so that can described application, wherein said data comprise described user interface on mobile device and the application key set of generation of being applied in; And
Supplier to described application sends a confirmation, to report the state of the described application that move this moment together with described safety element on described mobile device.
2. method according to claim 1 is characterized in that: the device information of the described identifier that will identify described application and safety element is sent to together server and comprises:
Determine whether described safety element is individualized via credible service management system, wherein said credible service management system is the set of service, described service is used for issuing and management and the signing client's of described credible service management system contactless sex service, and providing exchanges data so that carry out electronic transaction by wireless network between a plurality of difference sides becomes possibility;
When confirming that described safety element is not individualized via credible service management system, carry out individuation process for described safety element, wherein the safety element after personalization is that a security platform is set up in the described application that runs on described mobile device.
3. method according to claim 2, it is characterized in that: described personalization process comprises:
A server in beginning and described credible service management system carries out data communication;
After described server is determined described safety element registration thereon, the request that responds described server sends the device information of described safety element, wherein said device information is the character string of the described safety element of unique identification, and described request is to make described calculation element extract the order of described device information from described safety element;
Receive at least one key set from described server, wherein said server produces described key set according to the device information of described safety element; With
The described key set of storage is with the convenient transaction of carrying out subsequently by described mobile device in described safety element.
4. method according to claim 3, it is characterized in that: described mobile device is the device with near field communication (NFC) function, this has in the device of near field communication (NFC) function and includes described safety element, needs individualized described safety element before described device with near field communication (NFC) function is used for carrying out various transaction by data network and a side.
5. method according to claim 4, it is characterized in that: described device information comprises identifier, producer's information and the batch number of safety element.
6. method according to claim 2, it is characterized in that: described application is the software module of downloading from given server, and this application can be upgraded along with the time.
7. method according to claim 2, it is characterized in that: described application is the part of described safety element, and as the user's of described mobile device stored value card.
8. method according to claim 1, it is characterized in that: the part in the described data that described server is prepared is used for facilitating described server to go the described application of telemanagement, and the part in the described data that described server is prepared meets the predetermined standard time disable or enables described application.
9. method according to claim 1, it is characterized in that: it also comprises:
From the server receipt message, described message can identify described application; With
Examine described message authentic and valid after, make described safety element and described application break away from.
10. method according to claim 1, it is characterized in that: it also comprises:
Notify the update mode of the relevant described application of supplier of described application.
11. the method for an application of a configuration is characterized in that, it comprises:
To be sent to together server from the identifier of the described application of identification of a mobile device and the device information of safety element, wherein said safety element is relevant to described mobile device, and described application has been installed on described mobile device;
The derivation safe key collection that use is installed on described safety element is set up escape way between described safety element and described server;
For described application is prepared necessary data so that described being applied on described mobile device moved as design;
Transmit described data so that the described application of energy by described escape way from described server; And
The supplier who notifies described application is about the state of the described application that moves together with described safety element on described mobile device this moment.
12. method according to claim 11 is characterized in that: it also comprises:
Determine whether described safety element is individualized;
At definite described safety element also not when individualized, make described mobile device begin the personalization process via credible service management system of described safety element, wherein said credible service management system is the set of service, described service is used for issuing and management and the signing client's of described credible service management system contactless sex service, and providing exchanges data so that carry out electronic transaction by wireless network and described mobile device between a plurality of difference sides becomes possibility.
13. method according to claim 12 is characterized in that: it also comprises: described personalization process comprises:
Beginning is communicated by letter with a server data in described credible service management system;
After described server is determined described safety element registration thereon, the request that responds described server sends the device information of described safety element, wherein said device information is the character string of the described safety element of unique identification, and described request is to make described calculation element extract the order of described device information from described safety element;
Receive at least one key set from described server, wherein
Described server produces at least one key set according to the device information of described safety element; With
Described key set is transferred to described safety element with the convenient transaction of carrying out subsequently by described mobile device.
14. method according to claim 11, it is characterized in that: described application is the software module of downloading from given server, described application can be upgraded along with the time, and described application is the part of described safety element, and was used as the user's of described mobile device stored value card.
15. method according to claim 11, it is characterized in that: the part in the described data that described server is prepared is used for facilitating described server to go the described application of telemanagement, and the part in the described data that described server is prepared meets the predetermined standard time disable or enables described application.
16. method according to claim 15 is characterized in that: it also comprises:
From the server receipt message, described message can identify described application; With
Examine described message authentic and valid after, make described safety element and described application break away from.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US13/350,834 | 2012-01-16 | ||
| US13/350,834 US20120129452A1 (en) | 2006-09-24 | 2012-01-16 | Method and apparatus for provisioning applications in mobile devices |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103117856A true CN103117856A (en) | 2013-05-22 |
| CN103117856B CN103117856B (en) | 2015-07-01 |
Family
ID=48416137
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210583582.1A Active CN103117856B (en) | 2012-01-16 | 2012-12-28 | Method and apparatus for provisioning applications in mobile devices |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103117856B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103929722A (en) * | 2014-04-25 | 2014-07-16 | 长沙市梦马软件有限公司 | Short message encryption method and system |
| CN103945348A (en) * | 2014-04-25 | 2014-07-23 | 长沙市梦马软件有限公司 | Asymmetrical secret key short message encryption method and system |
| CN104125226A (en) * | 2014-07-28 | 2014-10-29 | 北京握奇智能科技有限公司 | Locking and unlocking application method, device and system |
| CN104348616A (en) * | 2013-07-26 | 2015-02-11 | 中国移动通信集团公司 | Method for visiting terminal security component, device thereof and system thereof |
| CN105096115A (en) * | 2015-06-29 | 2015-11-25 | 深圳市可秉资产管理合伙企业(有限合伙) | Method for electronic payment transaction of non-POS terminal and mobile device |
| CN105185002A (en) * | 2015-09-09 | 2015-12-23 | 建亿通(北京)数据处理信息有限公司 | Mobile terminal, service platform and card service system |
| CN106251138A (en) * | 2016-07-25 | 2016-12-21 | 恒宝股份有限公司 | The payment system of bracelet and method for parameter configuration, bracelet and method of payment |
| WO2017045155A1 (en) * | 2015-09-16 | 2017-03-23 | 深圳市银信网银科技有限公司 | Processing method for obtaining target data, server, and online financing method |
| WO2017045154A1 (en) * | 2015-09-16 | 2017-03-23 | 深圳市银信网银科技有限公司 | Processing method for acquiring target data, server, and online funding method |
| CN107430532A (en) * | 2015-06-29 | 2017-12-01 | 谷歌公司 | Transmit the application data demonstrated in equipment |
| CN107750470A (en) * | 2015-06-25 | 2018-03-02 | 格马尔托股份有限公司 | Replace the method for at least one parameters for authentication for certification safety element and corresponding safety element |
| CN108319857A (en) * | 2017-12-29 | 2018-07-24 | 北京握奇智能科技有限公司 | Trusted application adds unlocking method and system |
| CN109658239A (en) * | 2018-11-09 | 2019-04-19 | 阿里巴巴集团控股有限公司 | Application function extended method and device, request processing method and device |
| CN111104696A (en) * | 2019-12-17 | 2020-05-05 | 北京力天世技系统集成有限公司 | Multi-path safety element cluster board card |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101059853A (en) * | 2006-04-21 | 2007-10-24 | 赵壮 | Safe mobile macro-payment data processing system |
| CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
| CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
| CN102025710A (en) * | 2009-09-11 | 2011-04-20 | 中国银联股份有限公司 | Multi-application intelligent card and intelligent card multi-application management system and method |
-
2012
- 2012-12-28 CN CN201210583582.1A patent/CN103117856B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101059853A (en) * | 2006-04-21 | 2007-10-24 | 赵壮 | Safe mobile macro-payment data processing system |
| CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
| CN102025710A (en) * | 2009-09-11 | 2011-04-20 | 中国银联股份有限公司 | Multi-application intelligent card and intelligent card multi-application management system and method |
| CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104348616A (en) * | 2013-07-26 | 2015-02-11 | 中国移动通信集团公司 | Method for visiting terminal security component, device thereof and system thereof |
| CN104348616B (en) * | 2013-07-26 | 2018-02-23 | 中国移动通信集团公司 | A kind of method, apparatus and system for accessing terminal security component |
| CN103945348A (en) * | 2014-04-25 | 2014-07-23 | 长沙市梦马软件有限公司 | Asymmetrical secret key short message encryption method and system |
| CN103929722A (en) * | 2014-04-25 | 2014-07-16 | 长沙市梦马软件有限公司 | Short message encryption method and system |
| CN104125226B (en) * | 2014-07-28 | 2018-01-26 | 北京握奇智能科技有限公司 | A kind of method, apparatus and system for locking and unlocking application |
| CN104125226A (en) * | 2014-07-28 | 2014-10-29 | 北京握奇智能科技有限公司 | Locking and unlocking application method, device and system |
| WO2016015589A1 (en) * | 2014-07-28 | 2016-02-04 | 北京握奇智能科技有限公司 | Method, device, and system for locking and unlocking application |
| CN107750470A (en) * | 2015-06-25 | 2018-03-02 | 格马尔托股份有限公司 | Replace the method for at least one parameters for authentication for certification safety element and corresponding safety element |
| CN105096115A (en) * | 2015-06-29 | 2015-11-25 | 深圳市可秉资产管理合伙企业(有限合伙) | Method for electronic payment transaction of non-POS terminal and mobile device |
| CN105096115B (en) * | 2015-06-29 | 2020-04-03 | 深圳市可秉资产管理合伙企业(有限合伙) | Electronic payment transaction method without point-of-sale terminal and mobile device |
| CN107430532A (en) * | 2015-06-29 | 2017-12-01 | 谷歌公司 | Transmit the application data demonstrated in equipment |
| CN105185002A (en) * | 2015-09-09 | 2015-12-23 | 建亿通(北京)数据处理信息有限公司 | Mobile terminal, service platform and card service system |
| CN105185002B (en) * | 2015-09-09 | 2018-06-12 | 建亿通(北京)数据处理信息有限公司 | Mobile terminal, business platform and card operation system |
| WO2017045154A1 (en) * | 2015-09-16 | 2017-03-23 | 深圳市银信网银科技有限公司 | Processing method for acquiring target data, server, and online funding method |
| WO2017045155A1 (en) * | 2015-09-16 | 2017-03-23 | 深圳市银信网银科技有限公司 | Processing method for obtaining target data, server, and online financing method |
| CN106251138A (en) * | 2016-07-25 | 2016-12-21 | 恒宝股份有限公司 | The payment system of bracelet and method for parameter configuration, bracelet and method of payment |
| CN106251138B (en) * | 2016-07-25 | 2020-05-12 | 恒宝股份有限公司 | Payment system and parameter configuration method of bracelet, bracelet and payment method |
| CN108319857A (en) * | 2017-12-29 | 2018-07-24 | 北京握奇智能科技有限公司 | Trusted application adds unlocking method and system |
| CN108319857B (en) * | 2017-12-29 | 2020-12-18 | 北京握奇智能科技有限公司 | Trusted application locking and unlocking method and system |
| CN109658239A (en) * | 2018-11-09 | 2019-04-19 | 阿里巴巴集团控股有限公司 | Application function extended method and device, request processing method and device |
| CN109658239B (en) * | 2018-11-09 | 2024-02-20 | 创新先进技术有限公司 | Application function expansion method and device, request processing method and device |
| CN111104696A (en) * | 2019-12-17 | 2020-05-05 | 北京力天世技系统集成有限公司 | Multi-path safety element cluster board card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103117856B (en) | 2015-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103117856B (en) | Method and apparatus for provisioning applications in mobile devices | |
| US11004061B2 (en) | Method and apparatus for payments between two mobile devices | |
| CN103208065A (en) | Method and apparatus for personalizing secure elements in mobile devices | |
| CN103186858B (en) | Credible service management | |
| FI125071B (en) | Payment system | |
| US7865431B2 (en) | Private electronic value bank system | |
| US9240009B2 (en) | Mobile devices for commerce over unsecured networks | |
| US11018724B2 (en) | Method and apparatus for emulating multiple cards in mobile devices | |
| US20120130838A1 (en) | Method and apparatus for personalizing secure elements in mobile devices | |
| US20120129452A1 (en) | Method and apparatus for provisioning applications in mobile devices | |
| US20130139230A1 (en) | Trusted Service Management Process | |
| CN103258266A (en) | Device and method for settlement payment with mobile devices | |
| US20120253974A1 (en) | Method and apparatus for providing memory tag-based payment methods | |
| CN103268249B (en) | The method and apparatus simulating multiple cards in the mobile device | |
| US10210516B2 (en) | Mobile devices for commerce over unsecured networks | |
| CN104272332A (en) | System and method for dynamic temporary payment authorization in a portable communication device | |
| KR101092657B1 (en) | Mobile card payment system and method thereof | |
| CN105719391B (en) | Support the mobile device and method of multiple Payment Cards | |
| KR102574524B1 (en) | Remote transaction system, method and point of sale terminal | |
| CN103325036B (en) | The mobile device of Secure Transaction is carried out by insecure network | |
| CN104966196B (en) | The method and device thereof of e-commerce and Mobile business are provided | |
| KR20120076654A (en) | Card payment relay system using mobile phone number and method thereof | |
| Pourghomi et al. | Ecosystem scenarios for cloud-based NFC payments | |
| KR100901297B1 (en) | System for Virtual Mechant Network Application | |
| CN101295394B (en) | Ecommerce and the method for Mobile business and device thereof are provided |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN KEBING ASSET MANAGEMENT PARTNERSHIP (LIMI Free format text: FORMER OWNER: SHENZHEN RICH HOUSE GLOBAL TECHNOLOGY CO., LTD. Effective date: 20150116 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518100 SHENZHEN, GUANGDONG PROVINCE TO: 518049 SHENZHEN, GUANGDONG PROVINCE |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20150116 Address after: 518049 Guangdong Province, Shenzhen city Futian District Mei Hua Lu Shenhua science and Technology Industrial Park 1 Building 5 West 5C2 Applicant after: SHENZHEN KEBING ASSET MANAGEMENT PARTNERSHIP (LIMITED PARTNERSHIP) Address before: 518100 Guangdong city of Shenzhen province Baoan District streets Minzhi Road on the eastern side of Xinyuan two phase 27 B01 Applicant before: Rich House Global Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |