CN103117856B - Method and apparatus for provisioning applications in mobile devices - Google Patents
Method and apparatus for provisioning applications in mobile devices Download PDFInfo
- Publication number
- CN103117856B CN103117856B CN201210583582.1A CN201210583582A CN103117856B CN 103117856 B CN103117856 B CN 103117856B CN 201210583582 A CN201210583582 A CN 201210583582A CN 103117856 B CN103117856 B CN 103117856B
- Authority
- CN
- China
- Prior art keywords
- safety element
- application
- server
- mobile device
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a method and an apparatus for provisioning applications in mobile devices. The method comprises sending device information of application identifier mounted on a mobile device and safety elements associated with the mobile device to a server; using derived security key set mounted on the safety elements to build a safety channel between the safety elements and the server, wherein the server is used to prepare necessary data for the application so that the application can be operated as designed; receiving the data from the server to enable the application, wherein the data comprises user interface of the application on user interface and generated application key set; and sending a confirmation information to the application provider so report state of the application operated together with the safety elements on the mobile device. Therefore, the application can provide safety service based on the safety elements.
Description
Related application cross-referenced
The application be on September 24th, 2006 application application number be 11/534, the partial continuous application of the CO-PENDING application of the U.S. Patent application of 653, existing U.S. Patent number is 8,118,218, also be in the application number of application on April 23rd, 2007 be the part continuation application of the U.S. Patent application of 11/739,044.
[technical field]
The present invention relates generally to the network business, especially, the present invention relates to a kind of individualized (personalizing or personalization) safety element and configure the technology of application of such as stored value card, this stored value card can be effectively applied to as ecommerce (Electronic Commerce, or claim E-Commerce) and Mobile business (Mobile Mommerce, or claim M-Commerce) and in the portable unit of formulation.
[background technology]
Single function card (single functional card) has been successfully applied in the such closed environment of such as transportation system.An example of this single function card is untouchable smart card (MIFARE), MIFARE is the untouchable smart card techniques that fitting limit is the widest in the world.The application that MIFARE is such as integration (loyalty) and Stored Value (vending) card, road toll, city card, access control and game etc. provides perfect solution.
But; the application of single function card is deployed in closed system; be difficult to be extended in the other field of such as ecommerce and Mobile business etc.; this is because the information of the amount of money (stored values) stored and transaction to be stored in the data space of each label (each tag) and by a group key protection, the attribute of label is that key must be sent to card and carries out verifying that rear data could be accessed in transaction.This restriction makes to use the system of this kind of technology to be difficult to expand to open environment, such as, for the Internet of ecommerce and/or the wireless communication network for Mobile business, because can cause the problem in fail safe at PD network transmission key.
Usually, smart card (Smart card), chip card or integrated circuit card (IC-card) are all the smart cards being embedded with integrated circuit.Smart card or microprocessor card comprise nonvolatile memory and microprocessor components.In large corporation, smart card can also provide effective safety certification for single-sign-on (Single sign on).The advantage of smart card and the capacity of information and to block the application of writing directly related.Single contact or untouchable smart card can be applied in the services such as bank certificate, medibank, driving license or public transport qualification, the service of credit project and clubber's qualification.Multifactor and close on certification can by and be embedded in smart card to increase the fail safe of all services of this smart card.
Do not require that untouchable (contactless) smart card of card and card reader physical contact becomes more and more welcome in the payment and ticketing service application of such as public transportation and expressway tol lcollection.When having near-field communication (Near Field Communication, be called for short NFC) function mobile phone be used for such as payment services, traffic ticketing service, credit services, physical access control and other infusive new services time, this NFC between untouchable smart card and card reader demonstrates great business opportunity.
In order to support the business environment of this rapid development, comprise financial institution, the manufacturer of mobile phone of the various NFC of having function, software developer and Mobile Network Operator multiple entities (entities) participate in moving the ecosystem into NFC.Due to the characteristic of they independent role, these participants need to exchange mutually and reliable with one, interoperable mode exchange message.
Moving one of problem paid close attention in the ecosystem at NFC is its fail safe in open network.Therefore be necessary to provide a kind of untouchable smart card or there is NFC function mobile device in the technology of individualized safety element, to make when such device is for financial application or Secure Transaction, this device is safety and individualized so.Along with the application of individualized safety element in the portable telephone device with NFC function, various application or the service of such as stored value card or payment all will realize.Correspondingly, there is a need to configuration or the administrative skill of application or the service providing a kind of and individualized safety element relevant.
[summary of the invention]
The object of this part is some aspects of general introduction embodiments of the invention and briefly introduces some preferred embodiments.May do in the specification digest and denomination of invention of this part and the application a little simplify or omit with avoid making this part, specification digest and denomination of invention object fuzzy, and this simplification or omit and can not be used for limiting the scope of the invention.
One of technical problem solved by the invention is the personalization method providing a kind of safety element associated with calculation element, to make the various transaction undertaken by network (such as wired or wireless network) safer.Based on personalized safety element, can configuration be provided, the technology of the various application of configuration or service can be provided.What manage not between Tongfang is mutual perfectly to perform individualized or layoutprocedure, and such user can use its NFC device to enjoy Mobile business easily by data network.
As an example of the application provided by safety element, provide a kind of mechanism to make device, especially mancarried device work is a stored value card, to manage the transaction undertaken by open network and paying server, and assures without the need to safety.In one embodiment, a device is provided with wallet administration device (such as, an application).Described wallet administration device is used for managing various transaction, and as a kind of mechanism to access the simulator in it.The blending transaction of safety can pass through the network execution of cable network, wireless network or wired with wireless combination.
According to another aspect of the present invention, safe key (symmetrical or asymmetric) can be individualized, with an individualized stored value card, and carry out safe transaction with paying server.In one embodiment, the significant data that individual dissolves a stored value card comprises one or more operation key (such as, load key and buy key), acquiescence PIN, managing keys (such as, unblocking PIN key, heavy cartridges PIN key) and password (such as from Mifare).When concluding the business, described safe key is used to go to set up an escape way at embedding stored value card and security authentication module SAM or back-end server.
The present invention may be embodied as various forms, comprises method, system, device, the part of system or computer readable medium.In one embodiment of the invention, the present invention is a kind of method of the individualized safety element relevant to calculation element.Described method comprises: start and server data communication; After described server determines the registration thereon of described safety element, the request responding described server sends the device information of described safety element, wherein said device information is the character string of safety element described in unique identification, and described request is the order making described calculation element extract described device information from described safety element; Receive at least one key set from described server, wherein said server produces described key set according to the device information of described safety element; With in described safety element, store described key set to facilitate the transaction carried out subsequently by described calculation element.
In another embodiment of the present invention, the present invention is a kind of method of the individualized safety element relevant to calculation element.Described method comprises: between a server and described calculation element, start data communication; After described server determines the registration thereon of described calculation element, server sends a request to described calculation element to ask the device information of described safety element, wherein said device information is unique character string identifying described safety element, and described request is the order making described calculation element extract described device information from described safety element; At least one key set is produced according to described device information; By data network, described key set is sent to described calculation element by escape way, wherein said key set is stored in described safety element by described calculation element; Now be personalized with in order to safety element described in credible Notice Of Transactions related side subsequently.
According to still a further embodiment, the present invention is the collocation method of the application be installed on a mobile device.Described method comprises: will identify that the identifier of described application is sent to server together with the device information of safety element, wherein said safety element associates with a mobile device, and described application has been installed on described mobile device; Use the derivation safe key collection be installed on described safety element to set up escape way between safety element and described server, wherein said server is used for running as designed on the mobile device to make described application for described application prepares necessary data; Receive described data with enable described application from described server, wherein said data comprise described application user interface on the mobile device and the application key set of generation; And send a confirmation to the supplier of described application, to report the state of the described application now run together with described safety element on described mobile device.
According to still a further embodiment, the present invention is the collocation method of the application be installed on a mobile device.Described method comprises: the identifier of the described application of identification from a mobile device is sent to server together with the device information of safety element, and wherein said safety element is relevant to described mobile device, and described application has been installed on described mobile device; The derivation safe key collection be installed on described safety element is used to set up escape way between described safety element and described server; Run as designed to be applied on described mobile device described in making for described application prepares necessary data; Described data are transmitted with enable described application from described server by described escape way; And notify the state of described application of the supplier of described application about now running together with described safety element on described mobile device.
According to still a further embodiment, the present invention is a kind of mobile device being carried out Secure Transaction by network.Described mobile device comprises: network interface; Safety element; Memory space, its application storing at least one module and downloaded by described network interface; Whether the processor be connected with described memory space, be used for running described module and comprise with the operation performed: examine described application and be configured.When examining described application and not being configured, described processor runs described module and also comprises with the operation performed: will identify that the identifier of described application is sent to server together with the device information of safety element by described network interface; Use the key set be installed on described safety element to set up escape way between described safety element and described server, wherein said server is used for run as designed on described mobile device to make described application for described application prepares necessary data; Described data are received to make described application and described safety element associated working from described server; Supplier to described application sends a confirmation, to circulate a notice of the state of the described application now run together with described safety element on described mobile device.Described processor is also used for before the layoutprocedure of described application, first determine whether described safety element is personalized.If described safety element is not also personalized, described mobile device is individualized described safety element together with given server.
Compared with prior art, in the present invention, advantage, benefit or a feature are to make calculation element can carry out Secure Transaction with a side (such as, in point of sale and commerce server) by a unsafe network (such as the Internet).
About other objects of the present invention, feature and advantage, describe in detail in a specific embodiment below in conjunction with accompanying drawing.
[accompanying drawing explanation]
Ensuing embodiment, following claim and accompanying drawing will contribute to understanding specific features of the present invention, each embodiment and advantage, wherein:
Figure 1A shows the simple structure framework of the mobile device of the support NFC with safety element;
Figure 1B shows flow process or the process of individualized safety element according to an embodiment of the invention;
Fig. 1 C shows safety element producer (SE manufacturer), TSM (Trusted Service Management, the trusted service manages) relation between manager and TSM system when off-line and line model;
Fig. 1 D shows the user of NFC device (such as NFC mobile phone), NFC device, TSM server, corresponding data flowchart between safety element producer and safety element publisher;
Fig. 1 E according to one embodiment of present invention, shows based on the SAM (security identity module) of platform or network electronic wallet server, as the stored value card of entrance guard and single functional label, the personal data flow process between these three entities;
Fig. 2 A shows a mobile payment ecosystem, and the related side (parties) wherein in the mobile payment ecosystem is listed successively;
Fig. 2 B shows flow process or the process of the one or more application of configuration according to an embodiment of the invention;
Fig. 2 C shows the data flow not mutual between Tongfang when configuration one is applied;
Fig. 2 D shows the data flow that when preparing application data in configuration application process, Tongfang is not mutual;
Fig. 2 E shows locking or disable one has installed flow process or the process of application;
Fig. 2 F, according to a specific embodiment of the present invention, shows portable unit as configuration diagram when stored value card execution ecommerce and Mobile business;
Fig. 3 A shows pertinent modules and interacts, and carries out the individualized structure chart processed to complete aforementioned electronic wallet by donor;
Fig. 3 B shows pertinent modules and interacts, and carries out the individualized structure chart processed to complete aforementioned electronic wallet by its user;
Fig. 3 C, according to a specific embodiment of the present invention, shows flow process or the procedure chart of individualized stored value card;
Fig. 4 A and Fig. 4 B, according to a specific embodiment of the present invention, together shows flow process when raising funds to stored value card, register capital to, be loaded into or supplement with money or process;
Fig. 4 C shows pertinent modules and interacts, to complete the structural representation of process shown in Fig. 4 A and Fig. 4 B;
Fig. 5 A, according to a specific embodiment of the present invention, shows the configuration diagram of the first portable equipment, enables in the upper various functions performing ecommerce and Mobile business of cellular communications networks (such as, 3G, LTE or GPRS network);
Fig. 5 B, according to another specific embodiment of the present invention, shows the configuration diagram of the second portable equipment, enables in the upper various functions performing ecommerce and Mobile business of wired and/or radio data network (such as Internet);
Fig. 5 C is a width flow chart, according to a specific embodiment of the present invention, describes the process schematic enabling the portable equipment in Fig. 5 A run the service application that one or more service provider provides;
Fig. 6 A, according to a specific embodiment of the present invention, illustrates a configuration diagram, and portable equipment wherein can perform ecommerce and Mobile business as mobile sale point;
Fig. 6 B, according to a specific embodiment of the present invention, illustrates a configuration diagram, and portable equipment wherein can perform transaction upload operation as mobile sale point on network;
Fig. 6 C is a width flow chart, according to a specific embodiment of the present invention, describes the portable equipment using and be used as mobile sale point and the single function card device supporting electronic token, performs the process schematic of Mobile business;
Fig. 6 D is a width flow chart, describes the portable equipment using and be used as mobile sale point and the multifunctional card device supporting electronic token, performs the process schematic of Mobile business; And
Fig. 7 describes structural representation when portable equipment is applied for electronic bill.
[embodiment]
Detailed description of the present invention carrys out the running of direct or indirect simulation technical solution of the present invention mainly through program, step, logical block, process or other symbolistic descriptions.For thorough understanding the present invention, in ensuing description, set forth a lot of specific detail.And when not having these specific detail, the present invention then may still can realize.Affiliated those of skill in the art use the work that these describe and statement effectively introduces them to the others skilled in the art in affiliated field herein essential.In other words, be object of the present invention of avoiding confusion, due to the method known and program easy understand, therefore they are not described in detail.
Alleged herein " embodiment " or " embodiment " refers to special characteristic, structure or the characteristic that can be contained at least one implementation of the present invention.Different local in this manual " in one embodiment " occurred not all refers to same embodiment, neither be independent or optionally mutually exclusive with other embodiments embodiment.In addition, represent sequence of modules in the method for one or more embodiment, flow chart or functional block diagram and revocablely refer to any particular order, not also being construed as limiting the invention.Key set herein refers to a group key.
Each embodiment of the present invention is introduced below with reference to Figure 1A-7.But the those of ordinary skill in affiliated field is it is easily understood that the details description listed according to these accompanying drawings is here only indicative, and the present invention is not limited in these embodiments.
When having near-field communication (Near Field Communication, be called for short NFC) function mobile phone be used for such as payment services, traffic ticketing service, credit services, physical access control and other infusive new services time, NFC demonstrates great business opportunity.In order to support the business environment of this rapid development, comprise financial institution, the various manufacturer (manufacturer with the mobile phone of NFC function, or claim producer), software developer (developer, or claim developer) and multiple entities of Mobile Network Operator (Mobile Network Operators, be called for short MNO) participate in moving the ecosystem into NFC.Due to the characteristic of they independent role, these participants need to exchange mutually and reliable with one, interoperable mode exchange message.
Being downloaded to and being stored in the continuation raising with the data of the cell-phone of NFC function and the confidentiality of sensitive application and fail safe performing contactless sexual transaction (contactless transactions) is all of equal importance for each entity above-mentioned.There is provided fail safe and confidentiality to support that the assembly of various business prototype can be called as safety element (Secure Element is called for short SE) in mobile phone.
Figure 1A shows the simple architecture of calculation element 100.Unless stated otherwise, the use that " calculation element ", " mobile device ", cellular phone or " cell-phone " will can substitute mutually in this article, but the those of ordinary skill in affiliated field can be understood above-mentioned vocabulary and also can refer to other devices, such as smart phone, notebook computer, contactless property smart card and other mancarried devices.
Described mobile device 100 comprises NFC controller 101, and this NFC controller 101 makes described mobile device 100 can with other device wireless communication with swap data.Such as, described mobile device 100 can be carried out purchase payment as stored value card (e-purse) by user.When operating, described stored value card is controlled by safety element 102.Described safety element 102 can make such a mobile device 100 perform financial transaction, traffic ticketing service, credit services, physical access control and other infusive services in a secure manner.In order to provide such service, described safety element 102 can support various Java applet program, application or module (illustrate only two examples 104 and 106 in Figure 1A).When realizing, these modules can be the hardware modules embedding or be inserted therein, and also can be the software modules downloaded from one or more server by data network.
When buying mobile device the earliest or the earliest mobile device is consigned to client, the safety element 102 of described mobile device is installed one group of default key (a set of default keys, or be called default key collection), issuer security domain (Issuer Security Domain the is called for short ISD) key set such as arranged by safety element producer (manufacter).When realizing, described safety element 102 can be the form of smart card, integrated circuit (IC) or software module, by rewriteeing partly or entirely can upgrade it in this software module.In one embodiment, described safety element 102 is tamper resistant smartcard chips, level of security according to demand, and this intelligent card chip can embed card level application (such as pay, transmit).As shown in Figure 1A, the application that described safety element 102 embeds or coordinates contactless property NFC relevant, and be connected using as contactless property front end with described NFC controller 101.
Typically, standard compliant safety element and an issuer security domain (issuer security domain, be called for short ISD) and the selection of one or more supplementary security domain (supplemental security domains, abbreviation SSD) supply together.Each territory comprises a group key (a set ofkey, or title key set).In one embodiment, described safety element 102 embeds the chip in described mobile device 100 or inserted mobile device 100 by card interface 109 small card.In another embodiment, described safety element 102 is or comprises the software module in the secure memory space 107 that is loaded in described mobile device.Can by the network interface 103 (such as 3G network or LTE (Long Term Evolution) network) in described mobile device 100 from given server down loading updating assembly to upgrade described software module.
Described safety element 102 needs before use through individualized (Personalization or Personalizing) process.In one embodiment, described personalization process individualizes key set (derived personalized key set) according to the derivation of card issuer (such as so-called safety element publisher) selected to load for described safety element 102 or to upgrade a key set.Such personalization process also can be called layoutprocedure.According to an embodiment, perform described layoutprocedure with individualized described safety element when installing application or enabled services (such as application is installed and individualized) with online mode (Over the air).When making described safety element relate to a safety element publisher, just perform the individualized of described safety element.When user orders or install application, need to install and configuration for each application performs application.
In one embodiment, in renewal or when promoting described safety element 102, for avoiding the individualized described safety element 102 that starts anew, only replace or some assemblies in described safety element 102 with new renewal.When realizing, can automatically or manually obtain these new renewals, and they being loaded into described mobile device 100.
In one embodiment, according to corresponding safety element publisher and TSM, the mobile device with NFC function can from server or TSM entrance (TSM portal) down load application.TSM refers to trusted service management (Trusted Service Management), is a kind of set of service.A dominant role of described TSM is the issue of the client secure of the use mobile network that help ISP (service provider) is for they and manages contactless sex service.Described TSM or its server necessarily do not participate in the contactless sexual transaction of reality (transaction) using NFC device.The system process that these transaction are provided by ISP and their business partner usually.Another role of described TSM is that it is conducive to the other side of the commercial relations between contractual arrangement and different each side, makes mobile network's commercial affairs become possibility like this by accelerating successful deployment that mobile NFC applies and lifting as business go-between.
Service centre can be arrived and perform described personalization process, also can by personalization process described in webpage entrance (web portal) long-distance support of TSM server.Under the first scene, client can arrive service centre, allows service on behalf individualize safety element in mobile device.Be arranged in the computer being connected with NFC card reader of given place (such as service centre), configuration manager (provisioning manager) can be the application of installing or the application based on webpage being connected to rear end TSM.Described configuration manager is used for carrying out communication (as by card reader) with the safety element of mobile device.Such personalization process also can be called as the process of (Over the Internet) Network Based.
In a second possible scenario, client registers his/her mobile phone by server (TSM webpage entrance).The universal resource identifier of configuration manager (universal resource identifier is called for short URI) can be sent to registered mobile phone by described TSM server.Based on the type of described mobile device, send mode can be that short message service sends (Short Message Service Push) or Google's Android sends (Google Android Push).Described configuration manager can be downloaded in described mobile device by described client, and starts described personalization process.Such personalization process is called as based on wireless process.
Under any one scene, described configuration manager is as the agency between the safety element of mobile device and TSM server.Refer now to shown in Figure 1B, it illustrates flow process or the process 110 of individualized safety element according to an embodiment of the invention.When realizing, described process 110 can be realized by the combination of software or software and hardware.When user receives a new NFC device (part for such as mobile device), need individualized described safety element in it.
In operation 112, determine whether described new NFC device is real NFC device.An example checks the sequence number (serial number) relevant to described NFC device.Described sequence number can carry out certification by the database relevant to TSM server.In the example of NFC mobile device, the device sequence number of described mobile device can be used for carrying out certification.The described NFC device of present hypothesis is a real NFC device, can be identified by mobile operator.Described process 110 will enter operation 114, make described NFC device and private server carry out communication.In one embodiment, described private server is a part for TSM system, and conducts interviews to it by wireless network, the Internet or wireless and wired combination (referred to herein as data network or referred to as network).
In operation 116, make described NFC device to described server registration.Once described NFC device becomes a part for described TSM system, various service and data can carry out communication by network and described NFC device.As a part for personalization process, in operation 118, the device information of safety element described in described server request.In one embodiment, described server sends request of data (such as information on services, WAP PUSH) in described NFC device.Respond described request of data, described NFC device beams back card product life cycle (Card Product Life Cycle the is called for short CPLC) information extracted from described safety element.Described CPLC information comprises safety element product information (such as smart card ID, producer's information and batch number etc.).Based on described CPLC information, described server can extract correspondence acquiescence issuer security domain (Issuer Security Domain the is called for short ISD) information of this safety element from its producer, warranty of attorney (authorized distributor) or ISP.When realizing, described server and safety element producer have two kinds of communication modes, specifically give a detailed description at desired part hereafter.
In operation 120, determined whether to upgrade described device information by described producer.Usually, when a safety element is sent by its producer, described safety element is embedded with some default apparatus information.If determine that described default apparatus information (such as CPLC data) needs to upgrade with described producer, described process 110 enters operation 122, and corresponding updating device information is uploaded to described server by described producer.In operation 124, by described updating device information transmission to described NFC mobile device, and be stored in described safety element.If determine that the default apparatus information of described safety element does not need to upgrade with described producer, described process 110 enters operation 124, the default apparatus information of extraction is stored in the database relevant to TSM server.In one embodiment, described server comprises the interface obtaining derivative key collection (derived keyset).In one embodiment, described derivative key collection is produced according to the device information (such as, ISD) of described safety element.When successfully installing derivation ISD key set in described safety element, notify that deriving from ISD key set described in corresponding safety element publisher uses.
According to one embodiment of present invention, in operation 126, described device information (acquiescence or upgrade) is used for producing key set (or claiming a group key).In one embodiment, described server is used for using acquiescence ISD to set up escape way between his hardware security module (HSM) and described safety element.Described server is also used for as described safety element calculates derivative key collection.Based on business agreement, the main ISD key of the publisher of safety element can be arranged in the local hardware security module of the hardware security module relevant to described server or described safety element publisher.Described hardware security module is a kind of secure crypto processor, and it is for administering digital key, accelerates ciphering process, and provides the certification of effect to the pass key-encrypting key of access services device application.If be arranged in the hardware security module in described server, described server is used for hardware security module described in instruction and goes to calculate described derivative key collection.Subsequently, described server provides a kind of mechanism (such as PUT KEY APDU) and uses default channel, the default key collection substituted in described safety element with described derivative key collection.If the main ISD key of described safety element publisher (SE issurer) is in the local hardware security module of described safety element publisher, described server is also used for the hardware security module of far-end alternately to extract described main ISD key.
In operation 128, described key set safety is passed to described safety element.Dissolve in described safety element by key set individual, described key set is in the various safety operation that utilizes NFC device to carry out or service like this.In operation 130, described server is used for described safety element to carry out synchronous (such as, the notice of regarding safety element state being sent to described publisher or provider) with its publisher or provider.
After individualized, the individualized ISD key of described SE publisher can be used to visit described safety element.Based on the demand for security of each service provider, described TSM can provide extra SSD with their respective application (module 104 or 106 such as, in Figure 1A) individualized for each provider.
As described above, two kinds of modes are had can be used for from described safety element, extracting corresponding acquiescence ISD information to the reciprocal process of described producer.Based on architecture, producer can choice for use real-time mode (real-time approach) or batch processing mode (batch approach).
In real-time mode, when described TSM server individualizes described safety element, described server is provided for carrying out communication with producer's (such as its server).Like this, described default key collection is through requiring to extract from the server of producer.In one embodiment, described TSM server comprises the plug-in unit module carrying out communication with each producer.
In batch processing mode, can perform with line model, also can perform with off-line mode.In disconnection mode, described safety element producer is all safety element transmission acquiescence ISD information supported by encrypted medium.The manager of described TSM or calculation element can be provided for the information in described physical media to input a calculation element.Subsequently, decipher and extract described acquiescence ISD information, and being stored in a database.Under line model, described SE manufacturer uploads the acquiescence ISD information of the safety element that it is supported by network.Subsequently, decipher and extract described acquiescence ISD information, and being stored in a database.Then, described TSM only needs to access in safety element personalization process at its oneself hardware security module or database.Fig. 1 C illustrates the relation when off-line and line model between SE producer, TSM manager, TSM system.
According to one embodiment of present invention, Fig. 1 D shows the user of NFC device (such as NFC mobile phone), NFC device, TSM server, corresponding data flowchart between SE producer and SE publisher.
On the one hand, the safety element 102 can thinking in Figure 1A is the preloading operation systems in smart card, and it provides PIN to manage and the platform of escape way (or claiming security domain) for card individualized (card personalization).The interest of described safety element 102 combined with intelligent card issuer, seller, industry group, public entities and scientific & technical corporation, for running on multiple application definition demand on smart card and technical standard.
As an example, a module 104 as stored value card safety defines one group of agreement, and this group agreement makes small amount payment transaction can be performed by wired or wireless environment.For the stored value card being stored in smart card, after described stored value card is released, a group key (symmetry or asymmetrical) individual is dissolved described stored value card.In process of exchange, in order to make described stored value card and safety certification module (Security Authentication Module, SAM) the information channel safety or between back-end server, described stored value card uses one group of respective key to be encrypted and calculates with MAC.For single function card, described stored value card security module 104 is used as the door protecting the practical operation performed on single function card.In individualized period, by electronic-purse transaction key, described single function card access key (or his conversion) individual is dissolved described stored value card.
Fig. 1 E according to one embodiment of present invention, shows the SAM based on platform or network electronic wallet server 152, as stored value card 154 and single functional label 156 of entrance guard, and the personal data flow process 150 between these three entities.The described SAM based on platform or the communication between network electronic wallet server 152 and stored value card 154 are by order (the such as APDU according to a type, application protocol number Ju unit) carry out, and the order of alternatively type is carried out by communication between stored value card 154 and single functional label 156, wherein said stored value card plays the effect of entrance guard, to ensure only having safe and reliable and through authorizing data interaction just can be allowed to carry out.
In one embodiment, the physical security of stored value card realizes in a simulator.Simulator used herein refers to that other modules expect a hardware unit mutual with it or one section of program, or to call oneself be another special device or program.Described stored value card be safely for provide electronic purse function and and one or more java applet applet of paying server communication between realize.Support that the safety element of stored value card is responsible for upgrading safe key to set up mutual appropriate channel between paying server and java applet applet, wherein stored value card program goes regulate or control described exchanges data as entrance guard.
Shown in Fig. 2 A, it illustrates a mobile ecosystem 200, the related side wherein participated in the described mobile ecosystem lists successively.In one embodiment, a NFC device is allowed to download from corresponding given server 202 (such as application management supplier) or one or more application is installed, wherein these application are developed at first by application developer 204, and issued by ISP 210, application management supplier 202 or other related sides.Suppose that the safety element 206 having safety element supplier 208 to provide individualizes via TSM or trusted third party (such as, financial institution 212).
Once install an application in described NFC device, next step will be configure described application by described safety element.The layoutprocedure of application can start in several ways.A kind of mode is wherein that a safety element owner selects an application on the mobile device from TSM entrance, and starts layoutprocedure.Another kind of mode is the application configuration notification that described safety element owner receives the TSM from representative application supplier on the mobile device.
Described TSM or application supplier can issue their application on TSM entrance, have safety element for downloading to and/or sign on the mobile device of user's request (such as SE owner).In one embodiment, described TSM provides cloud service for multiple SE publisher.Like this, the many application from each ISP can obtain from TSM porch.But when logining described TSM entrance, safety element owner is only to see that those pass through the application of his safety element supplier certification.Based on the agreement between safety element and ISP, the ISD key set of use safety element or the SSD key set of specifying of ISP can realize apply download/installations/individualize.If be not provided with SSD key set in described safety element, then in the process can installed an application, it is installed.
Described TSM knows the store status of safety element for each SSD.Based on the storage allocation strategy of SSD and the store status of described safety element, can different instructions be labeled as the useful application for various SSD in application shop, such as " can install " or " install and store deficiency ".The failure that user is unnecessary can be prevented like this.
Once install an application in a NFC device, described application initiates self layoutprocedure, or TSM server sends configuration notification to described NFC device by cellular network or radio data network.According to the type of described NFC device, have a variety of transmission message (PUSH message, or be called promote message) mode start described layoutprocedure to make described NFC device.An example of sending method comprises short message sending or Android Google sends.Once user receives described notice, described layoutprocedure starts.When considering appropriate in detail, layoutprocedure will be described.
As the part that described application configures, TSM server performs some protective mechanisms.One is prevent safety element from surprisingly locking.Another is if stop the download of application when not having enough memory spaces in safety element.
If have too many mutual authentification failure during escape way is set up, then safety element may permanent locking oneself.In order to prevent described safety element from surprisingly locking, when setting up escape way between two sides (entities), described TSM continues the number of the authentification failure followed the tracks of between safety element and TSM.In one embodiment, if reach preset limit, described TSM will refuse any further request.If service centre manual restart described safety element, described TSM can continue treatment S E request.
The storage that described TSM also continues to follow the tracks of each safety element uses.Based on the memory allocation distributing to each ISP by described SE publisher, described TSM determines whether an application can be installed on a safety element.According to an embodiment, there is the strategy of three types:
Preassignment fixed storage space, this ensures space;
Preassignment minimized storage space, this ensures minimum space;
Best endeavors.
Described safety element publisher uses described TSM webpage entrance to complete this work.
1., for a collection of safety element, described safety element publisher can be that ISP's preassignment storage policy is to install its application by TSM webpage entrance;
2., when an application is installed in mobile device request, whether the space of the corresponding ISP of TSM server authentication meets its storage policy; If do not met, then refuse this request;
3. otherwise, described TSM server will process described configuring request;
4. if, configuration successful, described TSM is by the storage size of this application service of accumulation.
When a mobile subscriber subscribes to a Mobile solution (if it is installed), before described application uses, this application needs via the safety element configuration on mobile device.In one embodiment, described layoutprocedure comprises four Main Stage;
If needed, described safety element creates and supplements security domain (SSD);
Described safety element is downloaded and an application is installed;
Described application is individualized at described safety element;
Download UI (user interface) assembly on mobile device.
Fig. 2 B shows flow process or the process 220 of the one or more application of configuration according to an embodiment of the invention.Described process 220 can be implemented as the combination of software or software and hardware.In one embodiment, described application layoutprocedure 220 needs to enter configuration manager (such as acting on behalf of) on the mobile device with mutual with the safety element in it.
As shown in Figure 2 B, at operation 222 place, described application layoutprocedure 220 can be that automatic or manual starts.Such as, suppose that it is not also configured, user can install to spend by selection one and order related service to start described layoutprocedure, or starts described layoutprocedure when having installed application described in activating.In another embodiment, apply supplier and send an information (such as note) to described mobile phone to start described layoutprocedure.
Under any circumstance, described program 220 enters operation 224, extract described device information (such as, CPLC) from the safety element of mobile device after, set up with private server (such as TSM server or by the server applied publisher and run) and communicate.At operation 226 place, together with the identifier that described device information and identification are applied, be transferred into described server.In operation 228, described server, first based on the publisher of safety element described in described device information identification, determines whether described safety element is personalized in operating 230.If described safety element is not also personalized, described process 220 enters operation 232, and with individualized described safety element, an embodiment of described operation 232 can realize according to the process 110 in Figure 1B.
Now suppose that the safety element in mobile device is personalized.Described process 220 enters operation 234, uses derivation ISD and described safety element to set up escape way here.According to whom for ISD provides hardware security module HSM (such as TSM or SE publisher), described for contact hardware security module goes to derive from ISD into described safety element calculates by described server, and uses this derivation ISD and described safety element to set up escape way.Subsequently, in operation 236, described server checks whether a SSD relevant to this application.If the SSD that this application neither one is corresponding, inspection database is seen whether it has been installed on described safety element by described server.If need SSD to install, described flow process 220 enters 240 and goes to install described SSD.In one embodiment, the installation of SSD (key) described in described user is reminded.In operation 238, suppose that user refuses to install described SSD, described process 220 stops and entering operation 222, restarts described layoutprocedure 220.
Now suppose to perform in operation 240 SSD process is installed.Described SSD is installed similar with installation ISD.Described TSM server contact has the hardware security module HSM of main SSD key in it, is that described safety element calculates and derives from SSD key set.Described main SSD key can in TSM, ISP or safety element publisher, and this depends primarily on each side and how to reach an agreement on.
In order to download/installing application in safety element, in operation 242, described server is used for using derivation SSD and described safety element to set up escape way.In one embodiment, this is similar to and how sets up escape way based on derivation ISD.In operation 244, prepare the data of described application, its details will be described in more detail below.According to an embodiment, ISP described in described server contact, to prepare to store market demand protocol Data Unit APDUs.According to being installed on an application in mobile device, described server can repeat to issue and store data with individualized described application.If the described configurator of successful execution, the excessive data comprising a suitable interface (such as, the user interface of the application of each mobile device) can be downloaded.In operation 246, described server notifies the state of the application be configured to an application supplier.
Fig. 2 C shows the data flow 250 not mutual between Tongfang when configuration one is applied.
As the operation 244 in Fig. 2 B, an important application of configuration application is as targeted security element prepares customized application data.Such as, for electronic wallet application, the personal data of this application comprises the various personalized transaction keys that the device information (such as CPLC information) based on safety element produces.In order to carry stored value card, the part of personal data comprises the Mifare access key of the identifier being derived from Mifare card, and described server both can individualize the application of Java card sheet, also can individualize Mifare4Mobile service goal.Usually, the mode of two kinds of different preparation data is had at least, to facilitate transaction subsequently.
In order to data encasement, one embodiment of the present of invention support and the mutual two kinds of patterns of described ISP are to calculate individualized application data.For the first pattern, described TSM server does not directly access the hardware security module associated with ISP.Described ISP can make the server mutual with its hardware security module produce to apply key (such as, transmit, stored value card or Mifare key).Described TSM data encasement realizes being that the agreement using application programming interfaces (API) or server to provide goes for ask and derives from application key (derived application key).The second pattern is that data encasement realizes directly to access the hardware security module relevant to ISP to produce application key.
According to an embodiment, Fig. 2 D shows the data flow 255 that when to prepare application data in configuration application process, Tongfang is not mutual.Fig. 2 D is first mode, and wherein said TSM server does not directly access the hardware security module associated with ISP.Except described application data prepare to realize by directly and the hardware security module of ISP alternately except, the second pattern has similar flow process.
Except supporting layoutprocedure, one embodiment of the present of invention also support the Life Cycle Management of safety element.Described Life Cycle Management includes but not limited to, safety element locking, safety element unlock and (disable) is deleted in application.Can notify to start these by TSM movable.In the actual use of mobile device, Fig. 2 E shows flow process or the process 260 that application has been installed in locking.A NFC device may install the application run on safety element of some.(such as, do not have activity for a long time or expire) because some reasons, application needs by its publisher or supplier's disable or locking.
The process 260 that disable one has installed application starts from operation 262.In one embodiment, described process 260 is manually booted by TSM webpage entrance by operator.In another embodiment, described process 260 is started automatically by ISP's internal work flow process (such as using TSM web service API).Once described process 260 starts, send information to one NFC device (such as in mobile device), an application in it needs by disable.When realizing, such message can have different-format.In one embodiment, described message is a PUSH order.In another embodiment, described message be one by network delivery to the TCP/IP request in described NFC device.In operation 264, server (such as TSM server) sends described message.When realizing, such a message comprises mark by the identifier of the application of locked or disable.When receiving such message, in operation 266, card manager agency (card manager proxy) in described NFC device is used for coming the whether certain original publisher from it of the such information of certification or supplier by replying an information.In one embodiment, described message is sent to TSM server and carries out certification.If authentification failure, namely do not respond such inquiry, described process 260 will terminate.
Suppose that described certification is passed through, the inquiry namely from the supplier for described application of described device have received reply confirmation, and described raw requests is proved to be real.Usually, in operation 268, such reply confirms the identifier comprising the application that will lock.Described TSM server be used for setting up one with the escape way of safety element.Subsequently, described TSM server prepares suitable APDUs (such as SET STATUS (arranging state), or/and DELETE (deletion)) by described card manager agency for described safety element.In operation 270, described device sends operation requests to described safety element, to lock application-specific.
In any case, respond described order, in step 272, described safety element SE locks or applies described in disable.According to an embodiment, described SE is caused and is separated with application, makes this mounted application no longer can use described safety element like this.In operation 274, described safety element is used for sending and confirms to notify related side, and this application no longer runs on described device and suffered.In one embodiment, described confirmation is sent to TMS server, has one to record which application and be installed in which device and the database of the corresponding state of each application in described TMS server.Described database root upgrades according to the confirmation (acknowledgement) from described safety element.
Fig. 2 E shows flow process or the process 260 that application has been installed in locking.For one of ordinary skilled in the art, other operation, such as unlock or enable one application is installed, extending the time limit that one has been installed application, is with the similar process shown in Fig. 2 E.
With reference to Fig. 2 F, Fig. 2 F root Ju specific embodiment of the present invention, illustrates portable equipment as the configuration diagram 280 when stored value card execution ecommerce and Mobile business.The portable phone 282 that described Figure 28 0 has comprised smart card module embedded.An example of this type of portable phone supports short-range communication (NFC, Near Field Communication), and comprise the portable phone of SmartMX (SMX) module.It should be noted that safety element and application can be integrated.Unless stated otherwise, ensuing description can not point out which part performs the function of safety element, and which part is used as application.One of ordinary skilled in the art it should be understood that and will to be performed according to the suitable part of hereafter given detailed description or function.
Described SMX module is mounted with Mifare simulator 288 (i.e. single function card) in advance, to be used for storing numerical value (values).Described portable phone is equipped with non-contact interface (such as ISO14443RFID), with the effect allowing described portable phone to play label.In addition, described SMX module to run the Java card sheet (JavaCard) of Java applet program.Root Ju specific embodiment, stored value card is based upon in described global platform (GP), and is embodied as the applet program in described SMX module.Described stored value card is set to can by the data structure of Mifare simulator described in cryptographic acess, and described password is obtained after suitable conversion by described access key.
Wallet administration device MIDlet program 284 is provided in described portable phone 282.In Mobile business, described MIDlet program 284 act as stored value card applet program 286 and the communication agent between one or more payment network and server 290, carries out smoothly to make the transaction between each side.The MIDlet program of indication is the component software being adapted at portable equipment runs herein.Described wallet administration device MIDlet program 284 may be implemented as " MIDlet program " on Java portable phone, or " executable application programs " on PDA(Personal Digital Assistant) equipment.One of function of described wallet administration device MIDlet program 284 is access of radio network, and communicates with the stored value card applet program operated in identical equipment or outside intelligent card.In addition, MIDlet program 284 is also set to provide management function, such as, change Personal Identification Number (PIN), check electronic purse balance amount and transactions history daily record.In an example application, card issuing business provides the security identity module (SAM) 292 of any transaction carried out between card and corresponding server (that is paying server) for support and certification.As shown in Figure 2 F, application protocol number Ju module (APDU) order is by can the server 290 of access security identification module (SAM) 292 create, and wherein said APDU module is the communication module between reader and card.The structure of described APDU module is according to ISO7816 standard formulation.Usually, APDU order to be embedded in internet message and to be transferred into described server 290 or described stored value card applet program 286 to accept process.
In ecommerce, web that computer (not shown) runs agency 294 be responsible for a contactless reader (such as an ISO14443RFID reader) and the described webserver 290 mutual.In practical operation, described agency 294 sends APDU order by described contactless reader 296 to the described stored value card applet program 286 run on portable phone 282, or receives corresponding reply by identical approach from described stored value card applet program 286.On the other hand, described agency 294 can generating network request (such as HTTP) receive corresponding reply from described paying server 290.
When individualized portable phone 282, the structure chart 300 in Fig. 3 A illustrates correlation module and interacts, and carries out personalized process to complete stored value card by donor.Structure chart 320 in Fig. 3 B illustrates correlation module and interacts, and carries out personalized process with the stored value card completed as shown in Figure 2 by its user.
Flow process in Fig. 3 C or procedure chart 350 illustrate according to a specific embodiment of the present invention, the process of individualized stored value card applet program.Fig. 3 C advises combining with Fig. 3 A and Fig. 3 B together understanding.Procedure chart 350 can be realized by the mode of software, hardware or software and hardware combining.
As previously mentioned, wallet administration device builds on global platform, security mechanism required during to provide individualized stored value card applet program.In practical operation, security domain is used to connect the escape way of personalization application server and described stored value card applet program.According to a specific embodiment, through individualize and the critical data being stored into described stored value card applet program comprises one or more operation key (being such as loaded into or supplementing with money key and purchase key), the Personal Identification Number preset, managing keys (such as block and remove PIN key and be again loaded into PIN key), and password (such as from the password of Mifare).
Assuming that user wants the individualized stored value card applet program be embedded in portable equipment (such as a portable phone).In the step 352 of Fig. 3 C, personalization process is activated.According to the difference of specific implementation, personalization process may realize in the module in portable equipment, and activated by mode manually or automatically, also may be embodied as the physical process started by donor (normally associated with card issuing business personnel).As shown in Figure 3A, donor starts personalization process 304, with the stored value card applet program of personalized user, described personalization process 304, in existing (existing) new stored value card security identity module 306 and existing security identity module 308, is undertaken by the contactless reader 310 as interface.Card management device 311 performs at least two functions: (1) sets up escape way by security domain, with in card personalization process, installs and individualized external application (such as stored value card applet program); And (2) create safety measure (such as Personal Identification Number), to protect described application program in follow-up operation.Use the result of personalization application server 304 as described personalization process, described stored value card applet program 312 and simulator 314 are personalized.
Similarly, as shown in Figure 3 B, electronic purse customer wishes to start personalization process, to wirelessly (such as by the Mobile business path in Fig. 2) individualized stored value card applet program.Different from Fig. 3 A, Fig. 3 B allows described personalization process to be activated by mode manually or automatically.Such as, portable phone is equipped with a device, if this device is pressed, then activates described personalization process.In another kind of scheme, the condition prompting of " not individualizing " can be submitted to user to start described personalization process.As previously mentioned, MIDlet program 322 (i.e. a service managerZ-HU) in portable equipment serves as agency to assist the communication between paying server 324 and stored value card applet program 312 and simulator 314, and wherein paying server 324 has the authority of accessing existing new stored value card security identity module 306 and existing security identity module 308.Through described personalization process, stored value card applet program 312 and simulator 314 are personalized.
Go back to now see Fig. 3 C, in figure 3 a shown in personalization process be activated after, contactless reader 310 be activated and in step 354 from the smart card in equipment reading tag identifier (ID) (i.e. RFID label tag ID) and critical data.By application safety territory (such as the default security settings of card issuing business), the new stored value card security identity module that connects in step 356 (security identity module 306 in such as Fig. 3 A) and the stored value card applet program (escape way of stored value card applet program 312 > in such as Fig. 3 A in portable equipment.
Each application safety territory of global platform comprises three DES keys.Such as:
Key 1:255/1/DES-ECB/404142434445464748494a4b4c4d4e4f
Key 2:255/2/DES-ECB/404142434445464748494a4b4c4d4e4f
Key 3:255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
Security domain is utilized for the secured session session key generation between two entities, described two entities can be card management device applet program and primary application program (host application), wherein said primary application program may be the individualized application program in tabletop machine, also may be the personalized service of the networking provided by back-end server.
The application domain of acquiescence can be installed by card issuing business, and distributes to different application/service providers.Each application program owner the initial period of described process (or) can change the numerical value of respective key group before personalization process.Application program can use described new key group to create escape way for performing personalization process afterwards.
By the described escape way set up by the application safety territory of application provider, first group of data can be personalized and stored in stored value card applet program.Second group of number Ju can be individualized by same passage equally.But if described data are kept in different security identity module, then one uses the new escape way of same key group (or different key group) can be used to individualized described second group of data.
In step 358, one group of e-wallet implementation key and Personal Identification Number is generated by new stored value card security identity module 306, for the exchanges data between new stored value card security identity module and stored value card applet program, and substantially individualized described stored value card applet program.
Be established between the stored value card applet program of Article 2 escape way in existing security identity module (security identity module 308 in such as Fig. 3 A) and portable equipment (the stored value card applet program 312 in such as Fig. 3 A) in step 360.Key after using described existing security identity module and label ID to generate one group of conversion in step 362.Key after described conversion is kept in described simulator for data access certification afterwards.Use described existing security identity module and label ID to generate one group of MF password in step 358, and by described password stored in stored value card applet program for data access certification afterwards.After aforesaid operations all completes, described stored value card, comprises described stored value card applet program and corresponding simulator, will be set to " individualized " state.
Based on a specific embodiment of the present invention, Fig. 4 A illustrates as stored value card is raised funds or the flow process of registering capital to or procedure chart 400 together with Fig. 4 B.Process 400 is implemented by the Mobile business path in Fig. 2.Interact in order to understanding process 400, Fig. 4 C better illustrates relevant square in a representative calcspar 450, figure to complete described process 400.According to the different situations of practical application of the present invention, described process 400 can realize by the mode of software, hardware or software and hardware combining.
Suppose that user obtains one and installed the portable equipment of stored value card (such as a portable phone).Described user wishes to inject fund to described stored value card from the account of bank.In step 402, described user inputs one group of Personal Identification Number (PIN).Assuming that described Personal Identification Number is effective, the wallet administration device in portable equipment is activated, and initiates request (being also referred to as aerial (OTA, Over-the-Air) charging request) in step 404.MIDlet program in a step 406 in portable equipment sends request to stored value card applet program, depicts wallet administration device MIDlet program 434 and the process communicated between stored value card applet program 436 in described step 406 in Fig. 4 C.
In a step 408, stored value card applet Program Generating is for responding the reply of described MIDlet PROGRAMMED REQUESTS.After receiving described reply, described reply is sent to payment network and server by cellular communications networks by described MIDlet program.As shown in Figure 4 C, wallet administration device MIDlet program 434 communicates to obtain reply with stored value card applet program 436, and described reply is sent to payment network and server 440 immediately.In step 410, process 400 needs the validity examining described reply.If described reply cannot be verified, process 400 will stop.If described reply is verified as effectively, then process 400 enters step 412 and checks account corresponding in bank.If described account exists really, value transfer request will be activated.In step 414, can return after described bank receives described request and reply to respond described request.Usually, described payment network and the information exchange between server and described bank need observe procotol (http protocol that such as Internet uses).
In step 416, the reply that described bank returns is transferred into payment network and server.In step 418, MIDlet program extracts source APDU order and by described transferring order to stored value card applet program from described reply.Described stored value card applet program examines described order at step 420 which, if described order is verified as authorized, then this order is sent to the simulator in step 420, upgrades transaction log simultaneously.In step 422, generating labels (ticket) is to be used for formulating the reply (such as the reply of APDU form) sent to described paying server.In step 424, described paying server upgrades after receiving and replying and sends success status information to described MIDlet program, preserves described APDU simultaneously and replys to check later.
As shown in Figure 4 C, payment network and server 440 receive the reply that wallet administration device MIDlet program 434 sends, and to examine described reply with security identity module 444 be sent by through the stored value card applet program 436 of authorizing at first.After described reply is verified, payment network and server 440 send request to financing bank 442, assuming that user 432 has account in described bank.Described bank can examine and authorize described request, then according to predetermined message format return authorization number.After bank 442 receives described reply, paying server 440 can send a network replies with refusal or approval described request to MIDlet program 434.
The validity (whether being such as APDU form) of described network replies examined by wallet administration device 434, then sends to simulator 438 and order and upgrade transaction log.So far, stored value card applet program 436 complete required step and to and MIDlet program 434 returns a reply, described MIDlet program 434 forwards to paying server 440 network request that embedded (APDU) reply again.
Although process 400 is described to injection fund in stored value card, others skilled in the art in this area easily can show that the process using stored value card to be undertaken by network buying is the same conclusion with process 400 in essence, and the process carrying out therefore buying no longer is discussed separately at this.
According to a specific embodiment of the present invention, in Fig. 5 A, illustrate first exemplary architecture 500 making portable equipment 530 can carry out ecommerce and Mobile business on cellular communications networks 520 (such as a GPRS network).Described portable equipment 530 is by base band 524 and safety element 529(such as smart card) form.An example of described portable equipment is the portable equipment (such as portable phone or PDA(Personal Digital Assistant)) supporting short-range communication or near-field communication (NFC, Near Field Communication).Described base band 524 provides an e-platform or environment (such as miniature edition Java(JME, Java Micro Edition), or mobile information apparatus framework (MIDP, Mobile Information Device Profile)), can perform or run application MIDlet program 523 and server manager 522 thereon.Described safety element 529 includes global platform (GP) card management device 526, and simulator 528 and other assemblies be Personal Identification Number manager (not shown) such as.
For supporting that described portable equipment 530 performs ecommerce and Mobile business, need install in advance thereon and arrange one or more service/application.An example (such as one has the MIDlet program of graphic user interface) of service managerZ-HU 522 needs to be activated.In a specific embodiment, service managerZ-HU 522 can be downloaded and install.In another specific embodiment, service managerZ-HU 522 can be pre-loaded.No matter adopt which kind of mode, once service managerZ-HU 522 is activated, the directory listing comprising various service will be shown.Described directory listing may comprise the service item relevant with the CAMEL-Subscription-Information of user, also may comprise the recommended project independent of user signing contract information.Described directory listing can obtain from the catalogue storehouse 502 LIST SERVER 512.LIST SERVER 512 may provide the ISP of product and/or service (such as build-in services device, personalized service device) to serve the effect (as Yellow Page function) of exchange centre (central hub) to registrant for various.The Yellow Page function of described LIST SERVER 512 can comprise service planning information (such as service charge, Start Date, Close Date etc.), installs, individualize and/or MIDlet download program place (as the Internet address).Described installation and personalization process may be provided by two different commercial entities, such as described installation process may be provided by the publisher of safety element 529, and described personalization process may be provided by the service provider of the application process key holding application-specific.
According to a specific embodiment, service managerZ-HU 522 is configured to the one or more servers 514 by cellular communications networks 520 Connection Service provider.Assuming that user have selected an application from presenting to his service catalogue.An escape way 518 will be set up between one or more server 514 and global platform manager 526 described, to install/to download the application applet program 527 that described user selects, and then individualized this applies applet program 527 and optional simulator 528, and final down load application MIDlet program 523.Applet program library 504 and MIDlet program library 506 provide general application applet program and application MIDlet program respectively.Global platform security identity module 516 and application security identification module 517 are used to set up escape way 518 to carry out individualized operation.
According to another specific embodiment of the present invention, Fig. 5 B illustrates second exemplary architecture 540 making portable equipment 530 can perform ecommerce and Mobile business on public network 521.Most of assemblies in described second framework 540 are similar with the assembly in Fig. 5 A first framework 500 in essence.Difference is that first framework 500 is based on the operation on cellular communications networks 520, and second framework 540 then employs public network 521 (such as Internet).Described public network 521 may comprise local area network (LAN) (LAN, Local Area Network), wide area network (WAN, Wide Area Network), WiFi(IEEE802.11) wireless connections, a Wi-Max(IEEE802.16) wireless connections etc.In order to carry out service operations on described public network 521, the example (namely with the same or analogous example of service managerZ-HU MIDlet program 522 function) of service managerZ-HU 532 by be installed in access public network 521 computer 538 on.Described computer 538 can be the described example of desktop personal computer (PC), notebook computer or other energy operation service managers 532, and accesses the computing equipment of public network 521.Connection between described computer 538 and portable equipment 530 is undertaken by a contactless reader 534.Service managerZ-HU 532 act as the role of agency, with between one or more servers 514 of assistance services provider and global platform card management device 526, and the installation undertaken by escape way 519 and personalization process.
Fig. 5 C is a flow chart, according to a specific embodiment of the present invention, depicts the process 550 enabling portable equipment carry out ecommerce and Mobile business function.Described process 550, according to the difference of specific implementation, can be realized by the mode of software, hardware or software and hardware combining.In order to understand described process 550 better, in following description, will some diagrams comparatively early be quoted, especially Fig. 5 A and Fig. 5 B.
Before process 550 starts, an example of service managerZ-HU 522 or 532 has been downloaded or preloaded on portable equipment 530 or computer 538.In step 552, service managerZ-HU is activated and sends service request to the server 514 that service provider locates.To be identified and portable equipment is verified as after effectively user, in step 554, described process 550 is according to the directory listing of signing (subscription) information providing services/application program of the user of portable equipment 530.Such as, described list may comprise mobile sale point application program, electronic wallet application, electronic bill application program and other business-like services.Then a service/application is chosen by from described directory listing.Such as, stored value card or mobile sale point can selectedly be used for configuring portable equipment 530.As the response selected user, process 550 is downloaded in step 556 and is installed described selected service/application.Such as, stored value card applet application program (namely applying applet program 527) is downloaded and is arranged in safety element 529 from applet program library 504.The path of described download or installation can be escape way 518 or 519.In step 558, if needed, process 550 is by the application applet program that has been downloaded described in individualized and described simulator 528.The application applet program that some are downloaded does not need to be personalized, and other then needs to individualize.In a specific embodiment, mobile sale point application applet program (" point of sale security identity module (POS SAM) ") needs to be personalized, then following information or data group must provide:
A () is uniquely based on the security identity module ID of underlying security element unique identifiers;
(b) one group of debit master key (debit master key);
Message Encryption key after (c) conversion;
Message identification key after (d) conversion;
E maximum length that the remarks section of () every off-line transaction can be allowed to;
Batch transaction key after (f) conversion; And
(g) global platform Personal Identification Number (GP PIN).
In another specific embodiment, during for single function card personalization stored value card applet program, not only need particular data (key, Start Date, Close Date etc. namely after Personal Identification Number, conversion) to be configured in stored value card, but also simulator will be set to can work in open system.Finally, in step 560, process 550 is downloaded and is started application MIDlet program 523 according to selection.Some personal data in described application applet program can accessed and display, or is provided by user.Described process 550 terminates after all service/application assemblies are all downloaded, install and individualize.
According to a specific embodiment, the exemplary process that portable equipment 530 can be used as a mobile sale point is as follows:
(a) access build-in services device (i.e. a station server 514 of service provider), and ask described server to set up Article 1 escape way (such as escape way 518), to connect the distribution quotient field (i.e. applet program library 504) and the global platform card management device 526 run on safety element 529;
B () receives one or more internet message, comprise some APDU requests of encapsulation point of sale security identity module applet program (such as from a Java Cap file of applet program library 504) in described message;
C () is extracted described APDU and is asked from the described internet message received;
D () sends the APDU request extracted according to correct order to global platform card management device 526, to install point of sale security identity module (namely applying applet program 527) on safety element 529;
(e) access personal server (i.e. the server 514 of a service provider), personalized service device and the escape way (according to server and/or path different, described escape way may be also may not be escape way 518) between newly downloaded applet program (i.e. point of sale security identity module) is connected to open Article 2.
F () receives one or more internet message to obtain one or more " data store APDU (STORE DATAAPTU) " separately;
G () is extracted and is sent described " data store APDU (STORE DATAAPTU) ", with individualized point of sale security identity module; And
H () is downloaded and is started point of sale manager (namely apply MIDlet and cross program 523).
Fig. 6 A illustrates a representational framework 600, and a root Ju specific embodiment of the present invention, wherein portable equipment 630 is as mobile sale point, to perform ecommerce and Mobile business.Described portable equipment 630 is made up of base band 624 and safety element 629.Point of sale manager 623 is downloaded and is arranged in described base band 624, and point of sale security identity module 628 is personalized and is arranged in safety element 629, with the role making portable equipment 630 can serve as mobile sale point.Transaction 639 real-time like this can support mobile sale point portable equipment 630 with support electronic token device 636(such as single function card or support the mobile device of stored value card) between carry out.Described electronic token may represent the payment token of electronic money (e-money), electronic business transaction certificate (e-coupon), electronic ticket (e-ticket), electronic vouchers (e-voucher) or any other form in equipment.
Real-time deal 639 can online under carry out (namely portable equipment not being accessed backend sales point transaction processing server 613).But, in specific actual conditions, such as, when trading volume has exceeded predetermined thresholding, or support the equipment 636 of electronic token to need to supplement with money or virtual when supplementing with money, or (single or batch) transaction is when uploading, described portable equipment 630 can access described backend sales point transaction processing server 613 by cellular network 520.
The off-line transaction record of accumulation needs to be uploaded to backend sales point transaction processing server 613 and processes.Described upload operation is performed by the portable equipment 630 being accessed point of sale (pos) transactions processing server 613 by escape way 618.Similar with personalization process to described installation, upload operation can perform via two different routes: cellular communications networks 520; Or public network 521.Fig. 6 A depicts described Article 1 route.
As shown in Figure 6B, a root Ju specific embodiment of the present invention, Fig. 6 B illustrates a representational framework 640 to described Article 2 route, and wherein portable equipment 630 performs the operation that transaction batch is uploaded as mobile sale point and on public network 521.Off-line transaction record in described mobile sale point is generally in the stacked transaction log be kept in point of sale security identity module 628.Described transaction log by contactless reader 634 read and act on behalf of 633 stored in the point of sale that is arranged in computer 638.Described point of sale agency 633 accesses point of sale (pos) transactions processing server 613 by escape way 619 again on public network 521.Each upload operation comprising one or more transaction record is labeled as an independent batch upload operation.Point of sale security identity module 628, contactless reader 634 and point of sale are acted on behalf of the data communication Bian form between 632 threes and are comprised described transaction record.The internet message of encapsulation APDU (such as HTTP) is then used to the communication between point of sale agency 632 and point of sale (pos) transactions processing server 613.
In a specific embodiment, one comprises from the representative batch upload procedure of point of sale manager 623 or point of sale agency 633:
A () sends request to initiate batch upload operation to point of sale security identity module 628;
B (), after described point of sale security identity module 628 agrees to described batch upload request, fetches the transaction record of accumulation from described point of sale security identity module 628 with the form of APDU order in " a collection of " that be labeled or " one group ";
The internet message of the APDU order of fetching c () establishment one or more comprises described in;
D described one or more internet message is sent to point of sale (pos) transactions processing server 613 by escape way 619 by ();
E () be confirmation of receipt signature information from described point of sale (pos) transactions processing server 613;
F described confirmation signature information is transferred to described point of sale security identity module 628 to examine with the form of APDU by (), then delete through confirming by the transaction record uploaded; And
If still have other not by the transaction record uploaded in (g) described same " batch " or " group ", then repeat step (b) to step (f).
Fig. 6 C illustrates a width flow chart, according to a specific embodiment of the present invention, depicts use and serves as the portable equipment 630 of mobile sale point and use as single function card and support that the device 636 of electronic token carries out the process 650 of Mobile business.In order to be more convenient for understanding, preferably by process 650 and diagram before, especially Fig. 6 A and Fig. 6 B associates and together investigates.Described process 650 can realize by the mode that software, hardware or soft or hard combine.
When supporting the holder of electronic token device (such as Mifare card or support stored value card and simulate the portable phone of single function card), when wishing to buy article or subscribed services by mobile sale point (i.e. portable equipment 630), (the process > performed by point of sale manager 623 in such as Fig. 6 A just can be activated process 650.In step 652, portable equipment 630 reads the device of described support electronic token and fetches electronic token (the label ID of such as Mifare card).Then, process 650 examine in step 654 described in the electronic token fetched whether effective.If support in Fig. 6 A that the device 636 of electronic token is single function card (such as Mifare), the described verification process then performed by point of sale manager 623 comprises: (i) reads card mark (ID) of described card, and described card mark is kept at not protected or is only subject on the region of known cryptographic key protection; (ii) request comprising described card mark is sent to point of sale security identity module 628; (iii) key (such as the key of transaction count, publisher's data etc.) after one or more conversion generated by point of sale security identity module 628 is received.If described in receive one or more change after key into invalid, the electronic token fetched is namely invalid, then terminal procedure 650.Else process 650 will be advanced into step 656 along "Yes" branch, will judge the expense whether having enough remaining sums to need to pay current exchange in the described electronic token fetched in step 656.If the result that step 656 judges can be selected to propose described holder in step 657 for its electronic token is supplemented with money (be namely loaded into, inject or raise funds) as "No", process 650.If described holder selects " negative " described proposal, then process 650 terminates.Described holder carries out charging in real time with the device meaning described support electronic token else if, then process 650 performs and to supplement with money or Virtual plan supplements operation with money in step 658.Process 650 returns step 656 afterwards.If there are enough coin remaining sums in electronic token, process 650 is in step 660 from supporting that the electronic token of electronic token device 636, deduction or debit complete the described number bought needs and pay.When described single function card, after described one or more conversion, key is used to authorize described deduction to operate.Last in step 662, the one or more off-line transaction records accumulated in point of sale security identity module 628 are uploaded to point of sale (pos) transactions processing server 613 and process.Described upload operation is carried out single transaction or batch transaction by cellular communications networks 520 or PD network 521.
Process 400 in Fig. 4 A describes aforesaidly supplements operation with money.Virtual supplement with money operation be described in supplement the specific type of operation with money, usual sponsored people or donor are used for improving the credit line of electronic token.Virtually supplement operation with money to use, described sponsor needs to set up an account, and by described account with support that the device (portable phone of such as single function card, Multifunction card, support electronic token etc.) of electronic token is bound.Such as, account on the line provided by commercial entity (such as enterprise, bank etc.).Once described sponsor has been filled with electronic token in account on described line, support that the holder of electronic token device just can receive electronic token when accessing mobile sale point from account described line.Multiple different safety measure will be carried out to guarantee that described virtual to supplement operation with money be safety and reliably.The representative application scenario of described virtual of supplementing with money is that father (mother) parent (i.e. sponsor) can be filled with electronic token in account on a line, on described line, account is connected with the portable phone (namely supporting the device of electronic token) of children (i.e. equipment holder), therefore when described children buy article at mobile sale point, the electronic token be charged described in described children just can receive.Except various ecommerce described herein and Mobile business function, point of sale manager 623 is also set to provide multiple query manipulation, such as, a () checks the revenue and expenditure record not forming batch (namely not uploaded) accumulated in the security identity module of point of sale, b () lists the transaction log not forming batch in the security identity module of point of sale, c () display is kept at the details of the particular transaction in the security identity module of point of sale, d () checks the current balance of the device supporting electronic token, e () lists the transaction log of the device supporting electronic token, and the details of the particular transaction of the device of electronic token is supported in (f) display.
Flow chart in Fig. 6 D, according to a specific embodiment of the present invention, depict and use the portable equipment 630 that can serve as mobile sale point and use as Multifunction card and support the device 636 of electronic token, carry out the representative process 670 of Mobile business.In order to be more convenient for understanding, preferably by process 670 and diagram before, especially Fig. 6 A and Fig. 6 B connects and together investigates.Described process 670 can realize by the mode that software, hardware or soft or hard combine.
When supporting the holder of electronic token device 636 (such as Multifunction card or support stored value card and the portable phone of simulation multifunctional card) to wish by mobile sale point (i.e. portable equipment 630) purchase article or subscribed services, process 670 (process in such as Fig. 6 A performed by point of sale manager 623) just can be activated.In step 672, process 670 initially buys request to supporting the device 636 of electronic token to send.Buying expenses and described initial purchase ask (such as ordering) together to send.Then process 670 proceeds to determination step 674.When not having enough remaining sums in the device 636 supporting electronic token, point of sale manager 623 will receive receiveing the response of the described initial purchase request of refusal.Result is that process 670 terminates because described purchase request is rejected.If support there are enough remaining sums in the device 636 of electronics generation joint, the result of determination step 674 is "Yes", and process 670 will proceed to step 676 along "Yes" branch.From supporting that the reply (such as APDU order) that the device 636 of electronic token there receives will be forwarded to point of sale security identity module 628.Information in described reply comprises the version of electronic token key, and will the random number setting up escape way be used to, the point of sale security identity module 628 that described escape way will the applet program (such as stored value card applet) connected on the device 636 supporting electronic token and portable equipment 630 be installed.Then, in step 678, process 670 receives by point of sale security identity module 628 to respond the described debit request (such as APDU order) forwarding reply (reply namely in step 676) and generation.Described debit request comprises message cognizance code (MAC, Message Authentication Code) so that applet program (i.e. stored value card applet program) examines the debit operation being about to carry out, the wherein said debit operation being about to carry out carries out to respond the debit request sent in step 680.Process 670 is advanced to step 682, receives the acknowledge message of described debit operation.Comprise in described acknowledge message and be used for by point of sale security identity module 628 and point of sale (pos) transactions processing server 613 the additional message cognizance code examining and process respectively.Next in step 684, described debit acknowledge message is forwarded to point of sale security identity module 628 to examine.Once described message cognizance code is verified as effectively, and purchase-transaction is recorded in point of sale security identity module 628, described in the transaction that is recorded be shown in step 686, then process 670 terminates.It should be noted that aforementioned electronic business transaction can be undertaken by point of sale (pos) transactions processing server 613 down or on line online.And when Sorry, your ticket has not enough value in the device supporting electronic token, can perform according to the process 400 described in Fig. 4 A and Fig. 4 B and supplement with money or register capital to operation.
Fig. 7 illustrate portable equipment be used to electronic bill application time representative setting.Portable equipment 730 is configured to comprise stored value card 724.When the owner of described portable equipment 730 or holder wish bill (such as concert tickets, the ball match admission ticket etc.) buying a participation specific activities, described owner can use stored value card 724 by an electronic ticket service provider 720 booking.Described electronic ticket service provider 720 can contact ticketing service application program 710 on traditional box office reservation system 716 or line and makes a reservation for and buy described bill.Electronic token (such as electronic money) is deducted by from the stored value card 724 of portable equipment 730 afterwards, with to credit/debit system 714(such as financial institution, and bank) pay bills buying expenses.Security identity module 718 is access in described electronic bill service provider 720, to guarantee that the stored value card 724 in portable equipment 730 is correctly validated.After receiving payment confirmation, electronic ticket is transferred into portable equipment 730 by aerial connect (such as cellular communications networks), and is stored on safety element 726, such as, in the mode of electronic ticket code, key or password in the mode of electronization.Afterwards, as the owner of described portable equipment 730, when namely the holder of described electronic ticket attends described specific activities, described electronic ticket holder only needs to allow entrance register reader 734 and reads the electronic ticket code or key preserved in portable equipment 730.In a specific embodiment, described entrance registration reader 734 is a contactless reader (such as observing the very-short-reach coupling device of ISO14443).Described portable equipment 730 is the mobile phones supporting short-range communication (NFC).
The present invention is more suitable for adopting software form to realize, but also can realize by the form of hardware or software and hardware combining.The present invention also can be implemented as the code that can be read by computer on computer-readable media.Described computer-readable media is that any can preservation can by several Ju storage devices of the data of computer system reads.The example of computer-readable media comprises read-only memory, random access memory, CD CD (CD-ROM), Digital video disc (DVD), tape, optical data storage device, and carrier wave.Described computer-readable media also can be distributed in the connected multiple stage computer system of network, and the described like this code that can be read by computer will store in a distributed fashion and run.
Above-mentioned explanation fully discloses the specific embodiment of the present invention.It is pointed out that the scope be familiar with person skilled in art and any change that the specific embodiment of the present invention is done all do not departed to claims of the present invention.Correspondingly, the scope of claim of the present invention is also not limited only to previous embodiment.
Claims (16)
1. configure a method for an application, it is characterized in that, it comprises:
To identify that the identifier of described application is sent to server together with the device information of safety element, wherein said safety element associates with a mobile device, and described application has been installed on described mobile device;
Use the derivation safe key collection be installed on described safety element to set up escape way between safety element and described server, wherein said server is used for running as designed on the mobile device to make described application for described application prepares necessary data;
Receive described data with enable described application from described server, wherein said data comprise described application user interface on the mobile device and the application key set of generation; And
Supplier to described application sends a confirmation, to report the state of the described application now run together with described safety element on described mobile device.
2. method according to claim 1, is characterized in that: describedly will identify that the identifier of described application is sent to server and comprises together with the device information of safety element:
Determine whether described safety element is personalized via trusted service management system, wherein said trusted service management system is the set of service, the contactless sex service of client that described service is used for issuing and management and described trusted service management system are contracted, becomes possibility in multiple exchanges data that do not provide between Tongfang to make carrying out electronic transaction by wireless network;
When confirming that described safety element is not personalized via trusted service management system, for described safety element performs personalization process, the safety element after wherein individualizing is that a security platform is set up in the described application run on described mobile device.
3. method according to claim 2, is characterized in that: described personalization process comprises:
Start to carry out data communication with a server in described trusted service management system;
After described server determines the registration thereon of described safety element, the request responding described server sends the device information of described safety element, wherein said device information is the character string of safety element described in unique identification, and described request is the order making described calculation element extract described device information from described safety element;
Receive at least one key set from described server, wherein said server produces described key set according to the device information of described safety element; With
Described key set is stored to facilitate the transaction carried out subsequently by described mobile device in described safety element.
4. method according to claim 3, it is characterized in that: described mobile device is the device with near field communication (NFC) function, include described safety element in this device with near field communication (NFC) function, before the described device with near field communication (NFC) function is used for carrying out various transaction by data network and a side, needs individualized described safety element.
5. method according to claim 4, is characterized in that: described device information comprises the identifier of safety element, producer's information and batch number.
6. method according to claim 2, is characterized in that: described application is the software module downloaded from given server, and this application can upgrade along with the time.
7. method according to claim 2, is characterized in that: described application is a part for described safety element, and is used as the stored value card of the user of described mobile device.
8. method according to claim 1, it is characterized in that: the part in the described data that described server prepares is used for facilitating described server to go to apply described in telemanagement, when the part in the described data that described server prepares meets predetermined standard time disable or enable described application.
9. method according to claim 1, is characterized in that: it also comprises:
From server receipt message, described message can identify described application; With
Examine described message authentic and valid after, described safety element and described application are departed from.
10. method according to claim 1, is characterized in that: it also comprises:
Notify the more new state of the supplier of described application about described application.
The method of 11. 1 kinds of configurations application, it is characterized in that, it comprises:
The identifier of the described application of identification from a mobile device is sent to server together with the device information of safety element, and wherein said safety element is relevant to described mobile device, and described application has been installed on described mobile device;
The derivation safe key collection be installed on described safety element is used to set up escape way between described safety element and described server;
Run as designed to be applied on described mobile device described in making for described application prepares necessary data;
Described data are transmitted with enable described application from described server by described escape way; And
Notify the state of described application of the supplier of described application about now running together with described safety element on described mobile device.
12. methods according to claim 11, is characterized in that: it also comprises:
Determine whether described safety element is personalized;
When determining that described safety element is not also personalized, described mobile device is made to start the personalization process via trusted service management system of described safety element, wherein said trusted service management system is the set of service, the contactless sex service of client that described service is used for issuing and management and described trusted service management system are contracted, becomes possibility in multiple exchanges data that do not provide between Tongfang to make carrying out electronic transaction by wireless network and described mobile device.
13. methods according to claim 12, is characterized in that: it also comprises: described personalization process comprises:
Start and a server data communication in described trusted service management system;
After described server determines the registration thereon of described safety element, the request responding described server sends the device information of described safety element, wherein said device information is the character string of safety element described in unique identification, and described request is the order making described calculation element extract described device information from described safety element;
At least one key set is received, wherein from described server
Described server produces at least one key set according to the device information of described safety element; With
Described key set is transferred to described safety element to facilitate the transaction carried out subsequently by described mobile device.
14. methods according to claim 11, it is characterized in that: described application is the software module downloaded from given server, described application can upgrade along with the time, and described application is a part for described safety element, and is used as the stored value card of the user of described mobile device.
15. methods according to claim 11, it is characterized in that: the part in the described data that described server prepares is used for facilitating described server to go to apply described in telemanagement, when the part in the described data that described server prepares meets predetermined standard time disable or enable described application.
16. methods according to claim 15, is characterized in that: it also comprises:
From server receipt message, described message can identify described application; With
Examine described message authentic and valid after, described safety element and described application are departed from.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US13/350,834 US20120129452A1 (en) | 2006-09-24 | 2012-01-16 | Method and apparatus for provisioning applications in mobile devices |
| US13/350,834 | 2012-01-16 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103117856A CN103117856A (en) | 2013-05-22 |
| CN103117856B true CN103117856B (en) | 2015-07-01 |
Family
ID=48416137
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210583582.1A Active CN103117856B (en) | 2012-01-16 | 2012-12-28 | Method and apparatus for provisioning applications in mobile devices |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103117856B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104348616B (en) * | 2013-07-26 | 2018-02-23 | 中国移动通信集团公司 | A kind of method, apparatus and system for accessing terminal security component |
| CN103929722A (en) * | 2014-04-25 | 2014-07-16 | 长沙市梦马软件有限公司 | Short message encryption method and system |
| CN103945348A (en) * | 2014-04-25 | 2014-07-23 | 长沙市梦马软件有限公司 | Asymmetrical secret key short message encryption method and system |
| CN104125226B (en) * | 2014-07-28 | 2018-01-26 | 北京握奇智能科技有限公司 | A kind of method, apparatus and system for locking and unlocking application |
| EP3110189A1 (en) * | 2015-06-25 | 2016-12-28 | Gemalto Sa | A method of replacing at least one authentication parameter for authenticating a security element and corresponding security element |
| US10872347B2 (en) * | 2015-06-29 | 2020-12-22 | Google Llc | Transmitting application data for on-device demos |
| CN105096115B (en) * | 2015-06-29 | 2020-04-03 | 深圳市可秉资产管理合伙企业(有限合伙) | Electronic payment transaction method without point-of-sale terminal and mobile device |
| CN105185002B (en) * | 2015-09-09 | 2018-06-12 | 建亿通(北京)数据处理信息有限公司 | Mobile terminal, business platform and card operation system |
| CN106464661A (en) * | 2015-09-16 | 2017-02-22 | 深圳市银信网银科技有限公司 | Processing method for obtaining target data, server, and online fund-raising method |
| CN106133775A (en) * | 2015-09-16 | 2016-11-16 | 深圳市银信网银科技有限公司 | Obtain financing method on the processing method of target data, server and line |
| CN106251138B (en) * | 2016-07-25 | 2020-05-12 | 恒宝股份有限公司 | Payment system and parameter configuration method of bracelet, bracelet and payment method |
| CN108319857B (en) * | 2017-12-29 | 2020-12-18 | 北京握奇智能科技有限公司 | Trusted application locking and unlocking method and system |
| CN109658239B (en) * | 2018-11-09 | 2024-02-20 | 创新先进技术有限公司 | Application function expansion method and device, request processing method and device |
| CN111104696B (en) * | 2019-12-17 | 2020-09-22 | 北京力天世技系统集成有限公司 | Multi-path safety element cluster board card |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101059853A (en) * | 2006-04-21 | 2007-10-24 | 赵壮 | Safe mobile macro-payment data processing system |
| CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
| CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
| CN102025710A (en) * | 2009-09-11 | 2011-04-20 | 中国银联股份有限公司 | Multi-application intelligent card and intelligent card multi-application management system and method |
-
2012
- 2012-12-28 CN CN201210583582.1A patent/CN103117856B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101059853A (en) * | 2006-04-21 | 2007-10-24 | 赵壮 | Safe mobile macro-payment data processing system |
| CN101686225A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Methods of data encryption and key generation for on-line payment |
| CN102025710A (en) * | 2009-09-11 | 2011-04-20 | 中国银联股份有限公司 | Multi-application intelligent card and intelligent card multi-application management system and method |
| CN101916388A (en) * | 2010-07-27 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Smart SD card and method for using same for mobile payment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103117856A (en) | 2013-05-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103117856B (en) | Method and apparatus for provisioning applications in mobile devices | |
| US11004061B2 (en) | Method and apparatus for payments between two mobile devices | |
| CN103186858B (en) | Credible service management | |
| CN103208065A (en) | Method and apparatus for personalizing secure elements in mobile devices | |
| US7865431B2 (en) | Private electronic value bank system | |
| US9240009B2 (en) | Mobile devices for commerce over unsecured networks | |
| FI125071B (en) | Payment system | |
| GB2605892A (en) | A payment method, device and mobile terminal based on storage | |
| US20120129452A1 (en) | Method and apparatus for provisioning applications in mobile devices | |
| CN103258266A (en) | Device and method for settlement payment with mobile devices | |
| US20130139230A1 (en) | Trusted Service Management Process | |
| CN103268249B (en) | The method and apparatus simulating multiple cards in the mobile device | |
| US20130178159A1 (en) | Method and apparatus for emulating multiple cards in mobile devices | |
| CN105027153A (en) | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data | |
| US10210516B2 (en) | Mobile devices for commerce over unsecured networks | |
| CN104272332A (en) | System and method for dynamic temporary payment authorization in a portable communication device | |
| CN105719391B (en) | Support the mobile device and method of multiple Payment Cards | |
| KR101092657B1 (en) | Mobile card payment system and method thereof | |
| KR102574524B1 (en) | Remote transaction system, method and point of sale terminal | |
| CN103325036B (en) | The mobile device of Secure Transaction is carried out by insecure network | |
| CN104966196B (en) | The method and device thereof of e-commerce and Mobile business are provided | |
| Pourghomi et al. | Ecosystem scenarios for cloud-based NFC payments | |
| KR100901297B1 (en) | System for Virtual Mechant Network Application | |
| CN101295394B (en) | Ecommerce and the method for Mobile business and device thereof are provided | |
| KR20070056029A (en) | Wireless communication device for producing electronic authentication image |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN KEBING ASSET MANAGEMENT PARTNERSHIP (LIMI Free format text: FORMER OWNER: SHENZHEN RICH HOUSE GLOBAL TECHNOLOGY CO., LTD. Effective date: 20150116 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518100 SHENZHEN, GUANGDONG PROVINCE TO: 518049 SHENZHEN, GUANGDONG PROVINCE |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20150116 Address after: 518049 Guangdong Province, Shenzhen city Futian District Mei Hua Lu Shenhua science and Technology Industrial Park 1 Building 5 West 5C2 Applicant after: SHENZHEN KEBING ASSET MANAGEMENT PARTNERSHIP (LIMITED PARTNERSHIP) Address before: 518100 Guangdong city of Shenzhen province Baoan District streets Minzhi Road on the eastern side of Xinyuan two phase 27 B01 Applicant before: Rich House Global Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |