CN108846661A - Mobile device and the method that realization is used for mobile payment between two mobile devices - Google Patents

Abstract

Realize the invention discloses a kind of mobile device and between two mobile devices the method for being used for mobile payment.The method includes：Software module executes in first movement device to generate the data comprising e bill；Wirelessly the second mobile device is sent from the first movement device by the e bill, second mobile device is by user's operation, and it is caught to execute software module in response to the e bill to show the e bill in second mobile device, wherein second mobile device generates payment request, and sends the payment request to as third-party payment gateway；The first movement device receives the notice executed for the payment of the account information from the payment gateway.Consumer can use its mobile device and read the data about e bill to settle accounts the expense of the e bill in the present invention, fast, easily pay to realize.

Description

Mobile device and the method that realization is used for mobile payment between two mobile devices

Present patent application is that number of patent application is：201310109741.9 entitled：It is settled accounts and is paid using mobile device Device and method, the applying date is：On 03 31st, 2013, Chinese invention patent application divisional application.

【Technical field】

The present invention relates generally to e-commerce fields, particularly, it is logical near field to the present invention relates to the use of a mobile device Believe range in (near field communication range) from another mobile device read e bill (bill) or Device and method of the invoice (invoice) to settle accounts payment (payment) on the mobile device.

【Background technique】

It trades for many credit or debit cards, consumer (customer) can request one when settling accounts because of purchase A bill, has started payment process in this way.Cashier (cashier) or service worker bring a bill to the visitor It verifies at family.Then, the consumer can take out credit or debit card to the service worker.The services people Member brings the credit or debit card to point of sale (Point of Sales) sales counter to start transaction payment.Then, described Service worker can bring back a receipt and sign to the consumer to ratify the transaction.This is a very long process, It usually requires that a few minutes even longer time, the service worker is spent to have to look after multiple payment transactions simultaneously.This Outside, described when the transaction carried out on the point of sale is needed using ID card No. in the case where debit card transactions Process may be bothered more.

Therefore it is necessary to the simplification payment flows really.With the development of mobile device, though it is foreseeable that Hen Duoke Family can all carry a mobile device.In this way, just having an opportunity quickly to tie on point of sale (POS) using mobile device Calculate payment.

【Summary of the invention】

The purpose of this section is to summarize some aspects of the embodiment of the present invention and briefly introduce some preferable implementations Example.It may do a little simplified or be omitted to avoid this is made in this section and the description of the application and the title of the invention Partially, the purpose of abstract of description and denomination of invention is fuzzy, and this simplification or omission cannot be used for limiting model of the invention It encloses.

The present invention provides a kind of method realized between two mobile devices and be used for mobile payment, the method includes：It mentions For software module, the software module is executed in first movement device to generate the data comprising e bill；With wireless parties Formula sends the second mobile device from the first movement device for the e bill, wherein the e bill include with Receive the related data of account information of the amount of money of e bill statement, second mobile device by user's operation, And it is caught to execute software module in response to the e bill to show the electronics account in second mobile device It is single, wherein second mobile device generates payment request, and the payment request is sent to as third-party payment net It closes, which is responsible for after the amount of money that the user confirms in the e bill being the user maintenance account；Described One mobile device receives the notice that has executed of payment for the account information from the payment gateway, wherein described the Whether the account that tripartite is responsible for verifying the user maintenance has the enough amount of money to go to pay the amount of money of the e bill, from The account of the user deducts the amount of money of the e bill and sends the account information for the amount of money deducted and corresponds to Destiny account.

According to another aspect of the present invention, the present invention, which provides, a kind of realizes mobile payment between two mobile devices Method, the method includes：First movement device receives the e bill from the second mobile device, wherein described first moves Dynamic device executes e bill of the software module therein with wireless receiving from second mobile device, and described second moves It is dynamic to execute software module therein to generate the data comprising the e bill；In the display of the first movement device The upper display amount of money, wherein the amount of money is extracted from the e bill by first movement device；Described in use When the user of first movement device checks and approves the amount of money, payment request is generated in the first movement device；To as third The payment gateway of side transmits the payment request, wherein the payment gateway is responsible for deducting the gold from the account of the user Volume simultaneously sends the amount of money deducted to the destiny account for belonging to second mobile device；And second mobile device The notice executed for the payment of the account information is received from the payment gateway.

According to another aspect of the present invention, a kind of mobile device for mobile payment of the present invention, the mobile device Including：Wireless communication module, the mobile device that relieves oneself being configured received with a POS device wireless telecommunications including The data of the mark of the e bill and businessman that generate in the POS device, the mobile device and user-association, should User is interacted with the businessman by the POS device；Interface, the user is by the interface manually in the mobile device The upper input amount of money to be paid to the businessman；The module that payment request is generated in the mobile device, wherein the payment Request includes the mark and the amount of money；Wherein the wireless communication module transmits institute to as third-party payment gateway Payment request is stated, wherein the payment gateway is responsible for the amount of money that deducts the amount of money from the account of the user and will be deducted It is sent to the destiny account for belonging to the businessman, the businessman receives the branch for being directed to the destiny account from the payment gateway Pay the notice executed.

According to another aspect of the present invention, the NFC mobile device that consumer uses is the stored value card of himself.This Sample, after the NFC mobile device receives and shows the e bill, the NFC that the consumer can operate himself is moved Dynamic device settles accounts the expense in the e bill.

According to another aspect of the present invention, the mobile device that the consumer uses is NFC device, belongs to movement A part in the ecosystem is paid, each side in the mobile payment ecosystem, which works in coordination, operates such that mobile payment Ecosystem trouble-free operation.By providing the clothes of trusted service management (Trusted Service Management, abbreviation TSM) It is engaged in device, the safety element for individualizing the mobile device that can be long-range is various to apply via trusted service manager (ratio Such as TSM server) it can be downloaded, update, manage or replace with postponing.The mould of one of those entitled intelligent bill management Block is downloaded and installed on the point of sale device or NFC device that businessman uses.The module is used to help businessman's (his dress Set) and consumer's (his mobile device) between communication and data exchange, the mobile device that wherein consumer uses also installs There is application relevant to intelligent bill payment.

Compared with prior art, an important feature, advantage and benefit of the invention are read using NFC mobile device The expense of the e bill is settled accounts about the data of e bill.The present invention can be implemented as an individual device, clothes The a part for device, system or the system of being engaged in.

In a preferred embodiment, the present invention is a kind of method of clearing payment, the method includes：It provides It is embedded with the software module executed on the first movement device of safety element, wherein the safety element has been personalized, warp The software module is configured by the safety element, the first movement device includes the data about an e bill； The user of the second mobile device have approved for from the wireless transmission of the first movement device come e bill payment Afterwards, the payment request from second mobile device is received, wherein second mobile device is near field communication means, For executing one communicated with the software module in first movement device application with from the first movement device Read the data；The real payment request；With, after the payment request is processed, send payment response to described first The user of mobile device.

As a preferred embodiment of the invention, the verification payment request includes：When second movement When the settlement amounts that the user of device provides are less than amount payable on the e bill, refusal information is sent to described the Two mobile devices；Or, when the settlement amounts that the user of second mobile device provides are equal to or more than on the e bill Amount payable when, continue payment flow.

According to another embodiment of the invention, the present invention is a kind of gateway of clearing payment, and the gateway includes：One A portal and a server, the portal provide the software mould executed on the first movement device for being embedded with safety element Block configures the software module via the safety element, described first moves wherein the safety element has been personalized Dynamic device includes the data about an e bill.The server includes：One processor and with the processor connect The memory connect is used to store the code executed on the processor, so that the server is able to carry out following behaviour Make：The user of the second mobile device have approved for from the first movement device wireless transmission come e bill After payment, the payment request from second mobile device is received, wherein second mobile device is near-field communication dress It sets, is used to execute the application communicated with the software module in the first movement device to move from described first Dynamic device reads the data；Verify the payment request；With, after the payment request is processed, send payment response to The user of the first movement device.

Compared with prior art, consumer can use the reading of its NFC mobile device about e bill in the present invention Data are fast, easily paid with settling accounts the expense of the e bill to realize.

【Detailed description of the invention】

Next specific embodiment, following claim and attached drawing will be helpful to understand of the invention specific Feature, each embodiment and advantage, wherein：

Fig. 1 shows system architecture according to an embodiment of the invention, and wherein payment network is indicated by financial institution The service of the clearing payment of offer or the set of network；

Fig. 2A shows a mobile payment ecosystem, wherein the related side in the mobile payment ecosystem (parties) it is successively listed；

Fig. 2 B shows the process or process of configuration one or more application according to an embodiment of the invention；

Fig. 2 C shows when configuring an application data flow of not interaction between Tongfang；

Fig. 2 D, which is shown, to be prepared in configuring an application process using the data flow that Tongfang does not interact when data；

Fig. 2 E shows locking or non-enabled one process or process for having installed application；

Fig. 2 F specific embodiment according to the present invention shows portable unit as stored value card and executes electronics quotient Configuration diagram when business and Mobile business；

Fig. 3 A shows dependent module interaction, carries out individualized processing to complete aforementioned electronic wallet by donor Structure chart；

Fig. 3 B shows dependent module interaction, carries out individualized processing to complete aforementioned electronic wallet by its user Structure chart；

Fig. 3 C specific embodiment according to the present invention, shows the process or procedure chart of individualized stored value card；

Fig. 4 A and Fig. 4 B a specific embodiment according to the present invention, show together electron wallet raise funds, register capital to, Process or process when being loaded into or supplementing with money；

Fig. 4 C shows dependent module interaction, to complete the structural schematic diagram of process shown in Fig. 4 A and Fig. 4 B；

Fig. 5 A specific embodiment according to the present invention, shows the configuration diagram of the first portable equipment, is allowed to The various functions of e-commerce and Mobile business can be executed on cellular communications networks (for example, 3G, LTE or GPRS network)；

Fig. 5 B another specific embodiment according to the present invention, shows the configuration diagram of second of portable equipment, makes The various of e-commerce and Mobile business can be executed on wiredly and/or wirelessly data network (such as Internet) Function；

Fig. 5 C is a width flow chart, and a specific embodiment according to the present invention illustrates to make the portable equipment in Fig. 5 A The process schematic being served by that one or more service providers provide can be run；

Fig. 6 A specific embodiment according to the present invention, illustrates a configuration diagram, portable equipment energy therein Enough e-commerce and Mobile business are executed as mobile sale point；

Fig. 6 B specific embodiment according to the present invention, illustrates a configuration diagram, portable equipment energy therein Transaction upload operation is enough executed on network as mobile sale point；

Fig. 6 C is a width flow chart, a specific embodiment according to the present invention, is illustrated using as mobile sale point Portable equipment and support electronic token single function card device, execute the process schematic of Mobile business；

Fig. 6 D is a width flow chart, illustrates using the portable equipment for being used as mobile sale point and supports electronic token Multifunctional card device, execute the process schematic of Mobile business；

Fig. 7 describes structural schematic diagram of the portable equipment for electronic bill application when；

Fig. 8 A shows multi-party schematic diagram as involved in a business running or the TSM arranged；

Fig. 8 B shows the related operating process between each side of TSM in one embodiment；

Fig. 8 C shows the workflow for establishing mutual Agreement Protocol in an exemplary TSM between parties；

Fig. 8 D shows the data flow that ISD between SE publisher and TSM maps (mapping)；

Fig. 8 E shows the corresponding data process between TSM, SE publisher and ISP；

Fig. 8 F shows the data flow for ratifying an application by SE publisher；

Fig. 8 G shows the process of replacement safety element；And

Fig. 9 shows the snapshot example of the display screen of an account of personalized safety element.

Figure 10 shows the process or procedure chart of clearing payment according to the present invention, wherein in software or in software and The process is realized in the combination of hardware；

【Specific embodiment】

Detailed description of the invention is mainly by program, step, logical block, process or other symbolistic descriptions come straight It connects or the running of simulation technical solution of the present invention indirectly.For the thorough explanation present invention, set forth in following description Many specific details.And in these no specific details, the present invention then can may be realized still.Technology people in fields Member is using these descriptions herein and states that the others skilled in the art into fields effectively introduce their working copy Matter.It in other words, is the purpose of the present invention of avoiding confusion, since well known methods and procedures has been readily appreciated that, they It is not described in detail.

" one embodiment " or " embodiment " referred to herein, which refers to, may be included at least one implementation of the invention A particular feature, structure, or characteristic." in one embodiment " that different places occur in the present specification not refers both to same A embodiment, nor the individual or selective embodiment mutually exclusive with other embodiments.In addition, indicate one or The methods of multiple embodiments, flow chart or sequence of modules in functional block diagram and it is revocable refer to any particular order, also not It is construed as limiting the invention.Key set herein refers to a group key." card " can also be referred to as card in the present invention. The meanings such as the fund that payment herein also has payment, needs to pay.

Each embodiment of the invention is introduced below with reference to Fig. 1-Figure 10.However, the ordinary skill people in fields Member it is easily understood that the datail description listed here according to these attached drawings be only it is explanatory, the present invention is not limited in These embodiments.

When the mobile phone with near-field communication (Near Field Communication, abbreviation NFC) function is for all When such as payment services, traffic ticketing service, credit services, physical access control and other infusive new demand servicings, NFC is shown Great business opportunity.In order to support the business environment of this rapid development, the mobile phone or device of various NFC functions (or be NFC device) developing to support the various applications in daily life.

Fig. 1 shows a system architecture 100 according to an embodiment of the invention.Network 102 is indicated by financial machine The service for the clearing payment that structure provides or the set of network.In other words, it is an offer Electronic Transfer or clearing payment clothes The system of business.The cash substitution used in conventional payment is the file that can be fulfilled, such as draft (draft) (such as check (check)).With going out for computer and telecommunications Existing, many selectable electronic fare payment systems start to occur, this includes debit card, credit card, electronic funds transfer (electronic funds transfer), direct credit (direct credits), direct debit (direct debits), Web bank and electronic payment (payment) system.Payment system is used to substitute at home or propose when International Transaction existing Gold comprising the main services provided by bank or other financial institutions.

The payment system or network 102 can be physics or electronics, regulation and agreement with own. One example of the payment system that whole world has used is Visa or Master card, real global credit card (true Global credit card) and ATM (automated teller machine) network.Businessman and consumer are Carry out settlement bargain using payment system.

According to one embodiment, intelligent bill payment gateway 104 includes the set of server or server, abbreviation gateway Or server 104, it is used to provide one and applies (or program), and the application can be by user installation in its mobile device In to enjoy bring benefit of the present invention.Herein, the application can be named as intelligent bill payment (smart bill Payment) program, the application are released on internet, can from appointed place (such as server entrance or Portal (portal)) downloading.User downloads the application using mobile device, and is installed in the mobile device.It can Automatically or manually to execute the application to ratify the payment of the e bill for display, wherein according to the movement The safety element of device and the interaction data of another mobile device generate the e bill.Except separately having special instruction, " computing device ", " mobile device ", " hand-held device ", cellular phone, " smart phone ", " hand-held phone " or similar term The use that can will be substituted mutually herein, however the those of ordinary skill in fields is it will be appreciated that above-mentioned vocabulary can also To refer to other devices, such as wearable wrist-watch, tablet computer, laptop, other portable dresses with NFC ability It sets.

Appended drawing reference 106 is means point of sale (point of sale, abbreviation POS) device.Based on realization, the POS dress Setting 106 can be isolated system (single device) or has one or more mancarried devices (such as non-contact card) Stationary apparatus.One purpose of described device 106 is to generate e bill (electronic bill or invoice), should E bill can be loaded to a mancarried device 108 (such as non-contact card or NFC device), which can To be used to contact with the NFC device of consumer to settle accounts the e bill.

According to one embodiment, the POS device is one and is embedded with the independent of safety element (secure element) Device.The isolated system can be NFC device, and the NFC device is used to input information to generate an e bill.Than Such as, several assorted cold dishes in midpoint, cashier input the unit price of each dish in the NFC device to generate one to consumer at the restaurant E bill, the e bill show the total price including the expenses of taxation, sometimes can also include some notes.Cashier or clothes The NFC device is given the consumer to ratify and pay by business person.According to another embodiment, the POS device includes One or more non-contact card (contactless of 108 in 106 stationary apparatus and corresponding diagram 1 in corresponding diagram 1 card).The cashier is using stationary apparatus input pay imformation to generate e bill.The e bill is filled It is loaded into the non-contact card, then brings the non-contact card for being mounted with the e bill to the consumer to ratify and prop up It pays.In the following description, unless stated otherwise, POS device can refer to any example, and it is a list that it, which is assumed below, Only device is introduced.Datail description given here enables the those of ordinary skill in fields to fully understand When realizing one embodiment of the present of invention, which kind of POS device used.

As further described below, the POS device is embedded with a safety element.The safety element can To provide the safety and confidentiality of supporting to need between two devices belonging to secure data communication, to help server and movement Communication between device.Generally speaking, safety element is an anti-tamper platform (such as monolithic secure microcontroller), energy It is enough to be proposed according to by the meticulously determining trusted of a batch as expert (well-identified trusted authorities) Rule and safety requirements safety management it is various application and they secret and encryption data (such as key management). The common form of safety element includes：It is embedded in Universal Integrated Circuit Card (the Universal Integrated of safety element Circuit Card, UICC) and mircroSD card (microSD card).UICC the and microSD card is all to remove. In one embodiment, software module (soft module) is provided to as a safety element, by rewriteeing in it Some or all components can update the safety element.Regardless of form, each form can be directed to different quotient Industry is realized, the different market demands are met.For the safety element used, it is necessary to be individualized.Individualized safety member The datail description of part please refer to examine in application No. is 13/749,696 U.S. Patent applications.

According to one embodiment, software module (such as a JAVA program applet) herein refers to intelligent bill branch It pays program (smart bill payment applet), corresponds to an above-described application, be loaded into the POS In device 106, the intelligent bill payment program is configured by the safety element in the POS device.The software module can To be issued by the ISP for runing the gateway or server 104, one is downloaded to by wirelessly or non-wirelessly network NFC device.Once downloading, the software module must can just be configured via the ISP, then can with it is described The interaction of the progress secure data of server 104.In examination application No. is 13/749,96 U.S. Patent application describe it is logical The details that personalized safety element configures an application is crossed, this patent application is specifically please referred to.

Figure 10 shows the process or process 120 of clearing payment according to an embodiment of the invention.The process 120 can be implemented as the combination of software or software and hardware.There is no any implicit limitation, can be better understood in conjunction with Fig. 1 The process 120.

The description of the process 120 for convenience a, it is assumed that consumer (customer) is middle at the restaurant to be had meal, described Restaurant be mounted with include a stationary apparatus POS device, cashier's management/input in the stationary apparatus is various Charge data is to generate an e bill for the consumer.The POS device further includes and one or more contactless cards Exchange the reader of data.In other words, the cashier can produce after inputting necessary information on the stationary apparatus One e bill, and the e bill can be loaded into a untouchable card.

When having meal ending, waiter allows a cashier what a electricity prepared in 106 POS machine in corresponding diagram 1 Sub- bill.The POS machine generates an e bill, and the e bill is sent to non-contact card in operation 122, Wherein the non-contact card is embedded with individualized safety element and the intelligent bill by the personalized safety element configuration Payment program or application.In operation 124, the waiter brings the non-contact card to the consumer.In operation 126 In, the consumer reads the non-contact card using his mobile device.As described above, it is assumed that the movement of the consumer Device is also already installed with corresponding intelligent bill payment application, and the mobile device of the consumer detects in short distance When the non-contact card, the intelligent bill payment application can be executed, and read from the non-contact card in operation 128 About the data of the e bill, then the e bill described in the display screen display of the mobile device is for described Consumer verifies.It is different from the traditional bill usually seen on the screen, it is in the untouchable card and be transferred to institute State the security information that the e bill in mobile device includes registration user relevant to the restaurant or the businessman. The security information include but is not limited to the restaurant bank information and account, in the non-contact card or the POS machine Safety element identifier.In one embodiment, the data further include address or link (such as mobile phone number Code), by it, the businessman obtains a notice (such as payment response) after the completion of the payment and settlement.When realizing, institute Specified mobile device can be sent in a manner of short message or Email by stating notice.

After the e bill for seeing display screen display, it is described to settle accounts that the consumer can choose a method E bill.Based on realization, the consumer can choose to be answered by the stored value card being installed in the mobile device For settling accounts the e bill, also can choose by cash, traditional credit or debit card, Electronic Transfer/payment or its His mode settles accounts the e bill.It will be described below by the clearing form of stored value card.

Figure 10 shows one embodiment using the e-payment, and the e-payment is payment as shown in Figure 1 The one kind for the transfer services that gateway 102 provides.In operation 130, the consumer has selected for the intelligent bill branch of installation The e-payment that application provides is paid, and inputs the amount of money for needing to pay for the e bill.It is understood that described disappear Expense person can input the more amount of money of amount payable in the e bill using as the small of the service provided to the restaurant Take.Once the total amount of money of the consumer entering, in operation 132, the intelligent bill payment in the mobile device of consumer is answered With a payment request is sent to the server 104 to be handled, the payment request includes about the e bill Data.As described further below, in one embodiment, in the mobile device and the gateway or server Data exchange between 104 is carried out in exit passageway, and the exit passageway is according to the number about the e bill What the security information in was established.

After receiving the payment request, in operation 134, the server 104 is used to verify defeated by the consumer Whether the amount of money entered can cover the expense in the e bill.If the amount of money is less than the institute in the e bill When the expense that need to be paid, for example, the consumer may have input a wrong number or the input error in typewriting, it is described Server 104 will retract the payment request to the mobile device.After receiving refusal information, in the mobile dress Intelligent bill payment application in setting will show the refusal information to be prompted to the consumer, the consumer described in this way A proper step can be taken to continue the payment flow.If the amount of money is equal to or more than the e bill In the amount of money (for example the consumer wishes outside the expense separately to a part of tip) dealt with, the server 104 will be Continue the payment request in operation 136.

As shown in Figure 10, after the server 104 receives the payment request ratified by the consumer, continue to combine The payment network 102 handles the payment request.In one embodiment, the server 104 provide it is similar in the U.S. and The payment services of the common shellfish of other countries precious (Paypal) or the Alipay (Alipay) mainly used in China.It is operating In 138, once the transaction is completed or failure, the server 104 can send a notice and (for example eat to the businessman Shop).

As noted above, in one embodiment, the NFC device 110 in Fig. 1 is provided to be used as stored value card, It can be used to directly settle accounts the expense being shown on its display screen.Stored value card in the mobile payment ecosystem how work It will be described below.

Referring now to shown in Fig. 2A, it illustrates a mobile ecosystems 200, wherein participating in the mobile ecology Related side in system sequentially lists.In one embodiment, allow a NFC device from corresponding 202 (ratio of given server Such as application management supplier) in download or installation one or more application, wherein these application be by application developer 204 most It just developed, and issued by ISP 210, application management supplier 202 or other related sides.Assuming that there is safe member The safety element 206 that part supplier 208 provides is personal via TSM or trusted third party (for example, financial institution 212) Change.

Once installing an application in the NFC device (for example, the intelligent bill in the NFC device 110 Intelligent bill payment application in payment application or the POS device 106 in Fig. 1), it will be by the safety member in next step Part configures the application.The configuration process of application can start in several ways.One such mode is a safety element Owner selects an application from TSM entrance on the mobile device, and is initially configured process.Another way is the peace Full element owner is received on the mobile device from the application configuration notice represented using the TSM of supplier.

The TSM or the application that them can be issued on TSM entrance or portal using supplier, for download to tool There is safety element and/or sign user and requests in the mobile device of (such as SE owner).In one embodiment, the TSM Cloud service is provided for multiple SE publishers.In this way, many applications from each ISP can be obtained from the inlet TSM It takes.However, safety element owner may only see that those pass through his safety element supplier when logining the TSM entrance The application of certification.Based on the agreement between safety element and ISP, the ISD key set of safety element or service are used Downloading/installation of application/individualized may be implemented in the specified SSD key set of supplier.If in the safety element simultaneously It is not installed with SSD key set, then it can be installed during an application installation.

The TSM knows that safety element is directed to the storage state of each SSD.Storage allocation strategy based on SSD and described The storage state of safety element can mark the finger for being for the useful application for various SSD in application shop Show, such as " can install " or " installation storage is insufficient ".The unnecessary failure of user can be prevented in this way.

Once installing an application, the application initiate by its own configuration process or TSM server in a NFC device Configuration notification is sent to the NFC device by cellular network or radio data network.According to the type of the NFC device, have Many kinds send the mode of message (PUSH message, or to promote message) so that the NFC device starts described match Set process.One example of sending method includes that short message transmission or Android Google send.Once user receives the notice, institute Configuration process is stated to start.When thinking suitable, configuration process will be described in.

As a part of the application configuration, TSM server executes some protective mechanisms.One is to prevent from pacifying Full element surprisingly locks.The other is if preventing the downloading of application when there is no enough memory spaces in safety element.One In a little examples, if there is the too many failure that is mutually authenticated during exit passageway is established, then safety element may be locked permanently Oneself.The safety element surprisingly locks in order to prevent, described when establishing exit passageway between two sides (entities) TSM persistently tracks the number of the authentification failure between safety element and TSM.In one embodiment, if reaching predetermined pole Limit, the TSM will refuse any further request.If the heart manually restarts the safety element in service, described TSM can continue with SE request.

The storage that the TSM also persistently tracks each safety element uses.The TSM is based on by the SE publisher point The storage distribution of each ISP of dispensing determines whether an application can be installed on a safety element.According to one A embodiment, there are three types of the strategies of type：

● one fixed storage space of predistribution, this is to guarantee space；

● one minimized storage space of predistribution, this is to guarantee that minimum space (implies that the capacity in some cases can be by Extension)；

● best endeavors (for example, contract provision, needs safety element publisher to execute his responsibility using his maximum effort, So that the benefit that user obtains).

In one embodiment, the safety element publisher completes this work using the TSM web portal.

1. the safety element publisher can pre-allocate a storage strategy for ISP for a collection of safety element To install its application by TSM web portal；

2. when mobile device request installation one in application, whether the space of the corresponding ISP of TSM server authentication accords with Close its storage strategy；If do not met, refuse this request；Otherwise, the TSM server will handle the configuration and ask It asks；

3. if configuration successful, the TSM will build up on the storage size of this application service.

When mobile subscriber subscribes to a mobile application (if it has been installed), described using before should It is configured using needs via the safety element in mobile device.In one embodiment, the configuration process includes four main Stage；

● if desired, creation supplement security domain (SSD) on the safety element；

● in a safety element application downloaded and installed；

● the application is individualized in the safety element；

● on downloading UI (user interface) component to mobile device.

Fig. 2 B shows the process or process 220 of configuration one or more application according to an embodiment of the invention. The process 220 can be implemented as the combination of software or software and hardware.In one embodiment, the application configuration process 220 need into configuration manager (such as agency) on the mobile device to interact with the safety element in it.

As shown in Figure 2 B, at operation 222, the application configuration process 220 can be automatic or manual and start.For example, Assuming that it is not configured also, user, which can install to apply by selection one, goes to order related service to start the configuration Process, or activation is described application has been installed when start the configuration process.In another embodiment, it is sent out using supplier Send an information (such as short message) to the mobile phone to start the configuration process.

Under any circumstance, described program 220 enters operation 224, and the dress is extracted from the safety element of mobile device After confidence ceases (for example, CPLC), built with private server (such as TSM server or the server runed by Application issuance person) Vertical communication.At operation 226, described device information is transferred into the server together with the identifier of identification application.It is grasping Make 228, the server is primarily based on the publisher that described device information identifies the safety element, with true in 230 operations Surely it is whether the safety element has been personalized.If the safety element is not personalized also, the process 220 into Enter operation 232, to individualize the safety element, one embodiment of the operation 232 can be according to the process in Figure 10 110 realize.

It is now assumed that the safety element in mobile device has been personalized.The process 220 enters operation 234, herein Exit passageway is established with the safety element using ISD is derived from.Whom provides hardware security module HSM (such as TSM for ISD according to Or SE publisher), the server, which will contact the hardware security module and go to calculate for the safety element, derives from ISD, and makes Exit passageway is established with derivation ISD and the safety element.Then, in operation 236, the server checks whether there is A relevant SSD is applied to this.If this applies none corresponding SSD, the server will check that database sees it Whether it has been installed on the safety element.It is installed if necessary to SSD, the process 220 enters 240 and goes described in installation SSD.In one embodiment, the installation of SSD described in the user (key) is reminded.In operation 238, it is assumed that user refuses peace The SSD is filled, the process 220 stops and enters operation 222, restarts the configuration process 220.

It is now assumed that executing installation SSD process in operation 240.It is similar with installation ISD that the SSD is installed.The TSM clothes Business device contacts the hardware security module HSM for having main SSD key in it, calculates for the safety element and derives from SSD key set.Institute Stating main SSD key can be in TSM, ISP or safety element publisher, this depends primarily on each side is how to assist Fixed.

For downloading/installation application in safety element, in operation 242, the server be used to using derive from SSD with The safety element establishes exit passageway.In one embodiment, be similarly to how based on derive from ISD establish exit passageway. In operation 244, prepare the data of the application, its details will be described in more detail below.According to one embodiment, the clothes Be engaged in the device connection ISP, to prepare storing data Application Protocol Data Unit APDUs.According to being installed on mobile dress An application in setting, the server can repeat publication storing data to individualize the application.If successful execution institute Configurator is stated, the extra data including an appropriate interface (for example, user interface of the application of each mobile device) can be with It is downloaded.In the state for the application that operation 246, the server have been configured to application supplier's notice.According to one Embodiment and described above, Fig. 2 C show when configuring an application data flow 250 of interaction between not Tongfang.

Such as the operation 244 in Fig. 2 B, an important application for configuring application is that preparing customization for targeted security element answers Use data.For example, the personal data of the application includes the device information (ratio based on safety element for electronic wallet application Such as CPLC information) generate various personalized transaction keys.In order to carry stored value card, the part of personal data includes source Key is accessed from the Mifare of the identifier of Mifare card, the server can both individualize Java card piece application, can also To individualize Mifare4Mobile service object.In general, at least two different modes for preparing data, to facilitate then Transaction.

For data preparation, one embodiment of the present of invention support the both of which that is interacted with the ISP with It calculates individualized using data.For the first mode, the TSM server does not access directly associated with ISP Hardware security module.The ISP can be such that the server interacted with its hardware security module generates using key (for example, transmission, stored value card or Mifare key).The TSM data preparation realization is using application programming interfaces (API) Or the agreement that server provides goes request to derive from using key (derived application key).Second of mode is several Hardware security module relevant to ISP can be accessed directly according to preparing to realize to generate and apply key.

According to one embodiment, Fig. 2 D, which is shown, to be prepared in configuring an application process using Tongfang is not handed over when data Mutual data flow 255.Fig. 2 D is first mode, wherein directly access is associated with ISP for the TSM server Hardware security module.In addition to it is described using data preparation realization will directly be interacted with the hardware security module of ISP other than, Second of mode has similar process.

In addition to supporting configuration process, one embodiment of the present of invention also to support the Life Cycle Management of safety element.It is described Life Cycle Management includes but is not limited to that (non-enabled) is deleted in safety element locking, safety element unlock and application.It can lead to TSM notice is crossed to start these activities.In the actual use of mobile device, Fig. 2 E shows the stream that application has been installed in locking Journey or process 260.One NFC device may be mounted with a certain number of applications run on safety element.Because one A little reasons (for example, no activity or expired for a long time), an application is needed non-enabled by its publisher or supplier or is locked It is fixed.

Fig. 2 E shows non-enabled one process 260 for having installed application.Non- enabled one has been installed the process of application 260 start from operation 262.In one embodiment, the process 260 is manually booted by operator by TSM web portal. In another embodiment, the process 260 is by ISP's internal work process (for example using TSM web service API) Automatic starting.Once the process 260 starts, an information is sent to a NFC device (such as in mobile device), in An application need by non-enabled.When realizing, such message can have different-format.In one embodiment, described Message is a PUSH order.In another embodiment, the message is one and is transferred to the NFC device by network Interior TCP/IP request.In operation 264, server (such as TSM server) sends the message.When realizing, in this way A message include that identify will locked or non-enabled application identifier.When receiving such message, operating 266, the card manager agency (card manager proxy) in the NFC device is used to recognize by replying an information Such information is demonstrate,proved whether actually from its primary issuer or supplier.In one embodiment, the message is sent It is authenticated to TSM server.If authentification failure, i.e., such inquiry is not responded, the process 260 will terminate.

Assuming that the certification passes through, i.e. the inquiry of the supplier for the application from described device has received back Multiple confirmation, the raw requests are proved to be true.In general, such reply confirmation includes that will lock in operation 268 Application identifier.The TSM server is used to establish the exit passageway of one with safety element.Then, the TSM clothes Device of being engaged in by card manager agency is that the safety element prepares APDUs appropriate (such as SET STATUS (setting shape State) or/and DELETE (deletion)).In operation 270, described device issues operation requests to the safety element, to lock spy Fixed application.

In any case, the order is responded, in step 272, the safety element SE locking or non-enables the application. According to one embodiment, the SE be caused with using separating, so that the mounted application can no longer use the peace Full element.In operation 274, the safety element is used to issue confirmation to notify related side, this application no longer runs on described Device suffers.In one embodiment, the confirmation is sent to TMS server, where has a record in the TMS server A little applications are installed in which device and the database of the corresponding state of each application.The database root is according to from described The confirmation (acknowledgement) of safety element is updated.

Fig. 2 E shows the process or process that application has been installed in non-enabled or locking.For ordinary skill in the art For personnel, other operations, such as unlock or enabled one have installed application, and the time limit of application has been installed in extension one, be with Process shown in Fig. 2 E is similar.

Referring to Fig. 2 F, Fig. 2 F root Ju specific embodiment of the invention illustrates portable equipment and holds as stored value card Configuration diagram 280 when row e-commerce and Mobile business.Described Figure 28 0 includes having embedded the portable of smart card module Phone 282.One example of such portable phone is to support short-range communication (NFC, Near Field Communication), and include SmartMX (SMX) module portable phone.It should be noted that safety element and answering It is integrated with can be.Unless stated otherwise, following description will not point out which partially executes the function of safety element Can, which is partially as application.One of ordinary skilled in the art should be understood that detailed according to what is hereafter given Thin description suitably part or function will be performed.

The SMX module is pre-loaded with Mifare simulator 288 (i.e. single function card), to be used to store numerical value (values).The portable phone is equipped with non-contact interface (such as ISO14443RFID), to allow the portable phone Play the role of label.In addition, the SMX module is the Java card piece (JavaCard) that can run Java applet program. The electronic money is configured to the data structure by Mifare simulator described in cryptographic acess, the password using coating It is obtained after conversion appropriate by the access key when the safety element is personalized.

Wallet administration device MIDlet program 284 is provided in the portable phone 282.In order to realize mobile quotient Business, the MIDlet program 284 act as stored value card applet program 286 and one or more payment networks and server Communication agent between 290, so that the transaction between each side is gone on smoothly.MIDlet program described herein is suitble to just Take the component software run in equipment.It is portable that the wallet administration device MIDlet program 284 may be implemented as Java " executable application programs " in " MIDlet program " or personal digital assistant (PDA) equipment on phone.The electronic money The function of package manager MIDlet program 284 first is that access wireless network, and with operate in identical equipment or external smart Stored value card applet program on card is communicated.In addition, MIDlet program 284 is also configured to that management function can be provided Can, such as change Personal Identification Number (PIN), check electronic purse balance amount and transactions history log.The card in an example application Publisher provides for supporting and authenticating any friendship carried out between card and corresponding server (that is, payment server) Easy security identity module (SAM) 292.As shown in Figure 2 F, application protocol number Ju module (APDU) order is by being able to access that safety The server 290 of identification module (SAM) 292 is created, wherein the APDU module is the communication mould between reader and card Block.The construction of the APDU module is according to ISO7816 standard formulation.In general, APDU order is embedded into internet message and is passed It send to the server 290 or the stored value card applet program 286 to receive processing.

In order to carry out e-commerce, the different web agent 294 that is run on computer (not shown) be responsible for one it is non-contact Reader (such as an ISO 14443RFID reader) and the interaction of the network server 290.In actual operation, institute It states agency 294 and passes through the contactless reader 296 to the stored value card applet run on portable phone 282 Program 286 sends APDU order, or receives corresponding reply from the stored value card applet program 286 by identical approach. On the other hand, it 294 producible network requests (such as HTTP) of the agency and is received from the payment server 290 corresponding It replys.

When individualized portable phone 282, the structure chart 300 in Fig. 3 A illustrates correlation module interaction, with complete Personalized process is carried out by donor at stored value card.Structure chart 320 in Fig. 3 B illustrates correlation module interaction, Personalized process is carried out to complete stored value card as shown in Figure 2 F by its user.

Process or procedure chart 350 in Fig. 3 C illustrate a specific embodiment according to the present invention, individualize electronic money Wrap the process of applet program.Fig. 3 C suggestion combines with Fig. 3 A and Fig. 3 B to be understood together.Procedure chart 350 can be by soft The mode of part, hardware or software and hardware combining is realized.

As previously mentioned, wallet administration device is built on personalized safety element, to provide individualized electricity Required security mechanism when sub- wallet applet program.In actual operation, security domain is used to build up the individualized application of connection The exit passageway of server and the stored value card applet program.According to a specific embodiment, by individualizing and being deposited The critical data for entering the stored value card applet program includes that one or more operation keys (such as are loaded into or supplement with money key With purchase key), preset Personal Identification Number, management key (such as obstruction releases PIN key and loading PIN is close again Key) and password (such as password from Mifare).

It is assumed that user wants the individualized stored value card being embedded in portable equipment (such as a portable phone) Applet program.In the step 352 of Fig. 3 C, personalization process is activated.According to the difference of specific implementation, personalization process It may realize in the module in portable equipment, and be activated by manually or automatically mode, it is also possible to is embodied as (logical by donor Be often and the associated personnel of card issuing quotient) starting a physical process.As shown in Figure 3A, donor's starting is individualized Process 304, with the stored value card applet program of personalized user, the personalization process 304 is at existing (existing) In new stored value card security identity module 306 and existing security identity module 308, pass through the non-contact reading as interface Device 310 carries out.Card management device 311 executes at least two functions：(1) exit passageway is established by security domain, in card In personalization process, installation and individualized external application (such as stored value card applet program)；And (2) creation peace Full measure (such as Personal Identification Number), to protect the application program in subsequent operation.As the personalization process Using personalization application server 304 as a result, the stored value card applet program 312 and simulator 314 are personalized.

Similarly, as shown in Figure 3B, electronic purse customer wishes to start personalization process, wirelessly (such as Pass through the Mobile business path in Fig. 2) individualize stored value card applet program.Different from Fig. 3 A, Fig. 3 B allows the individual Change process is activated by manually or automatically mode.For example, a device is housed on portable phone, if the device is pressed, Activate the personalization process.In another scheme, the condition prompting of " not individualizing " can be submitted to user to start State personalization process.As previously mentioned, the MIDlet program 322 (i.e. a service managerZ-HU) in portable equipment serve as agency with Assist the communication between payment server 324 and stored value card applet program 312 and simulator 314, wherein payment services Device 324 possesses the permission for accessing existing new stored value card security identity module 306 and existing security identity module 308.Through The personalization process is crossed, stored value card applet program 312 and simulator 314 are personalized.

Now turn back to referring to Fig. 3 C, in figure 3 a shown in after personalization process is actuated to, contactless reader 310 It is activated and is read from the smart card in equipment in step 354 label identifier (ID) (i.e. RFID tag ID) and crucial Data.By application security domain (such as default security settings of card issuing quotient), the new electronics of connection is established in step 356 Stored value card applet program in wallet security identity module (such as security identity module 306 in Fig. 3 A) and portable equipment The exit passageway of (such as stored value card applet program 312 in Fig. 3 A).

Each application security domain of global platform includes three DES keys.Such as：

Key 1：255/1/DES-ECB/404142434445464748494a4b4c4d4e4f

Key 2：255/2/DES-ECB/404142434445464748494a4b4c4d4e4f

Key 3：255/3/DES-ECB/404142434445464748494a4b4c4d4e4f

Security domain is utilized for the secured session between two entities and generates session key, and described two entities can be card Manager applet program and primary application program (host application), wherein the primary application program may be desktop Individualized application program in machine, it is also possible to by the personalized service for the networking that back-end server provides.

The application domain of default can be installed by card issuing quotient, and distribute to different application/service providers.Each application The program owner can before personalization process (or initial period in the process) change the numerical value of respective key group.It The new key group can be used to create the exit passageway for executing personalization process in application program afterwards.

By the exit passageway of the application security domain foundation by application provider, first group of data can be personalized And it is stored in stored value card applet program.Second group of number Ju again may be by same channel and be individualized.But such as Data described in fruit are stored in different security identity modules, then one uses the new of same key group (or different key groups) Exit passageway can be used for individualizing second group of data.

In step 358, by new stored value card security identity module 306 generate one group of e-wallet implementation key and Personal Identification Number, with for the data exchange between new stored value card security identity module and stored value card applet program, And substantially individualize the stored value card applet program.

Article 2 exit passageway is in existing security identity module (such as the security identity module in Fig. 3 A in step 360 308) between the stored value card applet program (such as stored value card applet program 312 in Fig. 3 A) and in portable equipment It is established.The key after one group of conversion is generated in step 362 using the existing security identity module and tag ID.Described turn Key after changing is stored in the simulator for data access certification later.The existing peace is used in step 358 Full identification module and tag ID generate one group of MF password, and by password deposit stored value card applet program to be used for it Data access certification afterwards.After aforesaid operations are fully completed, the stored value card, including the stored value card applet program With corresponding simulator, " having individualized " state will be arranged to.

Based on a specific embodiment of the invention, Fig. 4 A and Fig. 4 B are illustrated together to raise funds or registers capital to for stored value card Process or procedure chart 400.Process 400 is implemented by the Mobile business path in Fig. 2.Process 400 in order to better understand, Fig. 4 C illustrates a representative block diagram 450, and related square interaction is in figure to complete the process 400. The different situations of practical application according to the present invention, the process 400 may be by way of software, hardware or software and hardware combinings It realizes.

Assuming that user has obtained the portable equipment (such as a portable phone) for being mounted with stored value card.It is described User wishes to inject fund to the stored value card from the account of bank.In step 402, the user inputs one group of individual Identification number (PIN).It is assumed that the Personal Identification Number is effective, the wallet administration device in portable equipment is activated, and Request (also referred to as aerial (OTA, Over-the-Air) charging request) is initiated in step 404.It is portable in a step 406 to set Standby interior MIDlet program is sent to stored value card applet program requests, and depicts electronic money in the step 406 in Fig. 4 C The process communicated between package manager MIDlet program 434 and stored value card applet program 436.

In a step 408, stored value card applet Program Generating is used to respond the reply of the MIDlet PROGRAMMED REQUESTS. After receiving the reply, the reply is sent to payment network and service by cellular communications networks by the MIDlet program Device.As shown in Figure 4 C, wallet administration device MIDlet program 434 is communicated with stored value card applet program 436 to obtain back Multiple, the reply is sent to payment network and server 440 immediately.In step 410, process 400 needs to verify the reply Validity.If the reply can not be verified, process 400 will be terminated.If the reply is verified to be effective, mistake Journey 400 enters step 412 and checks corresponding account in bank.If the account exists really, value transfer request will It is activated.In step 414, the bank can return to reply after receiving the request to respond the request.In general, described Information exchange between payment network and server and the bank need to abide by network protocol, and (such as Internet uses Http protocol).

In step 416, the reply that the bank returns is transferred into payment network and server.In step 418, MIDlet program extracts source APDU order from the reply and the order is transmitted to stored value card applet program. The stored value card applet program verifies the order at step 420, if the order is verified to be authorized to, The order is then sent to the simulator in step 420, while updating transaction log.Label (ticket) is generated in step 422 To be used to formulate the reply (such as reply of APDU format) sent to the payment server.In step 424, the branch Pay server updates after receiving reply and sends success status information to the MIDlet program, while saving the APDU and returning Again to check later.

As shown in Figure 4 C, payment network and server 440 receive the sending of wallet administration device MIDlet program 434 It replys, and verifying the reply with security identity module 444 is initially by the stored value card applet program 436 by authorization It is issued.After the reply is verified, payment network and server 440 are issued to financing bank 442 and are requested, false Determining user 432 has account in the bank.The bank can verify and authorize the request, then according to scheduled message Format returns to authorization number.After the reply is received from bank 442, payment server 440 can be to MIDlet program 434 A network replies are sent to refuse or ratify the request.

Wallet administration device 434 verifies the validity (for example whether being APDU format) of the network replies, then to Simulator 438, which is sent, orders and updates transaction log.So far, stored value card applet program 436 completes required step simultaneously To and MIDlet program 434 returns to a reply, the MIDlet program 434 again to payment server 440 forward one it is embedded (APDU) network request replied.

Although process 400 is described as injecting fund into stored value card, others skilled in the art can hold It changes places and obtains the process bought using stored value card by network and process 400 is substantially the same conclusion, therefore institute The process bought is stated no longer individually to discuss herein.

A specific embodiment according to the present invention, illustrating in Fig. 5 A enables portable equipment 530 in cellular communications network First exemplary architecture 500 of e-commerce and Mobile business is carried out on network 520 (such as a GPRS network).It is described portable Equipment 530 is made of base band 524 and safety element 529 (such as smart card).One example of the portable equipment is to support closely Portable equipment (such as the portable phone or a of distance communication or near-field communication (NFC, Near Field Communication) Personal digital assistant (PDA)).The base band 524 provides an e-platform or environment (such as miniature edition Java (JME, Java Micro Edition) or mobile information apparatus frame (MIDP, Mobile Information Device Profile)), It can be performed or run on it and apply MIDlet program 523 and server manager 522.The safety element 529 includes complete Ball platform (GP) card management device 526, simulator 528 and other assemblies such as Personal Identification Number manager (being not shown).

To support the portable equipment 530 to execute e-commerce and Mobile business, need to install and be arranged in advance on it One or more service/applications.An an example (such as MIDlet journey for having a graphic user interface for service managerZ-HU 522 Sequence) it needs to be activated.In a specific embodiment, service managerZ-HU 522 can be downloaded and installed.It is specific at another In embodiment, service managerZ-HU 522 can be pre-loaded.No matter which kind of mode is used, once service managerZ-HU 522 is swashed Living, the directory listing comprising various services will be shown.The directory listing may include related with the signing information of user Service item, it is also possible to including the recommended project independently of user signing contract information.The directory listing can be from LIST SERVER It is obtained in catalogue library 502 on 512.LIST SERVER 512 may provide the clothes of product and/or service to be various to registrant Business supplier (such as installation server, personalized service device) plays the role of exchange centre (central hub) (such as Huang Page function).The Yellow Page function of the LIST SERVER 512 may include that (such as service charge starts day to service planning information Phase, Close Date etc.), installation, individualized and/or MIDlet program downloading place (such as the Internet address).The installation It may be to be provided by two different commercial entities, for example the installation process may be by safety element with personalization process 529 publisher is provided, and the personalization process may be handled the service of key by the application for holding application-specific Provider is provided.

According to a specific embodiment, service managerZ-HU 522 is configured as connecting by cellular communications networks 520 and service One or more servers 514 of provider.It is assumed that user has selected one to answer from being presented in his service catalogue With.An exit passageway 518 will be established between one or more described server 514 and global platform manager 526, with Applet program 527 is applied in installation/downloading user selection, then individualizes this again using applet program 527 and can The simulator 528 of choosing, and finally MIDlet program 523 is applied in downloading.Applet program library 504 and MIDlet program library 506 divide Indescribably for general application applet program and using MIDlet program.Global platform security identity module 516 and application program Security identity module 517 is used to build up exit passageway 518 to carry out individualized operation.

Another specific embodiment according to the present invention, Fig. 5 B, which is illustrated, enables portable equipment 530 in public network Second exemplary architecture 540 of e-commerce and Mobile business is executed on 521.Most array in second framework 540 Part is substantially similar with the component in first framework 500 of Fig. 5 A.The difference is that first framework 500 is based on bee Operation on nest communication network 520, and second framework 540 has then used public network 521 (such as Internet).Institute Stating public network 521 may include local area network (LAN, Local Area Network), wide area network (WAN, Wide an Area Network), WiFi (IEEE 802.11) is wirelessly connected, a Wi-Max (IEEE802.16) is wirelessly connected etc..In order to Carry out service operations on the public network 521, an example of service managerZ-HU 532 (i.e. with service managerZ-HU MIDlet journey The example functionally identical or similar of sequence 522) it will be installed on the computer 538 of access public network 521.The computer 538 can be the example of desktop personal computer (PC), laptop or other energy operation service managers 532, and Access the calculating equipment of public network 521.Connection between the computer 538 and portable equipment 530 is non-contact by one Reader 534 carries out.Service managerZ-HU 532 acts as the role of agency, with the one or more clothes of assistance services provider It is engaged between device 514 and global platform card management device 526, the installation and personalization process that are carried out by exit passageway 519.

Fig. 5 C is a flow chart, and a specific embodiment according to the present invention, depicting is able to carry out portable equipment The process 550 of e-commerce and Mobile business function.The process 550 according to the difference of specific implementation, can by software, The mode of hardware or software and hardware combining is realized.The process 550 in order to better understand will be quoted several in following description It illustrates earlier, especially Fig. 5 A and Fig. 5 B.

Before the beginning of process 550, an example of service managerZ-HU 522 or 532 has been downloaded or preloaded in portable set For on 530 or computer 538.In step 552, service managerZ-HU is activated and sends to the server 514 at service provider Service request.User is identified and portable equipment be verified be effectively after, in step 554, the process 550 according to According to the directory listing of signing (subscription) information providing services/application program of the user of portable equipment 530.For example, The list may include mobile sale point application program, electronic wallet application, electronic bill application program, Yi Jiqi His commercialized service.Right the latter service/application is chosen from the directory listing.For example, stored value card or shifting Dynamic point of sale can be selected for configuring portable equipment 530.As the response selected user, process 550 is under step 556 It carries and the selected service/application is installed.For example, stored value card applet application program (applies applet journey Sequence 527) from downloading and be mounted in safety element 529 in applet program library 504.The path of the downloading or installation can be with It is exit passageway 518 or 519.In step 558, if it is desired, process 550 will individualize the application being downloaded Applet program and the simulator 528.Some application applet programs being downloaded do not need to be personalized, other It then needs to individualize.In a specific embodiment, mobile sale point application applet program (" point of sale security identity module (POS SAM) ") it needs to be personalized, then following information or data group must provide：

(a) it is uniquely based on the security identity module ID of underlying security element unique identifiers；

(b) one group of debit master key (debit master key)；

(c) Message Encryption key after a conversion；

(d) message after a conversion identifies key；

(e) maximum length that the remarks section of every off-line transaction can be allowed to；

(f) the batch transaction key after a conversion；And

(g) a global platform Personal Identification Number (GP PIN).

In another specific embodiment, when being single function card personalization stored value card applet program, not only need By specific data (key, Start Date, Close Date etc. i.e. after Personal Identification Number, conversion) configuration in stored value card, But also simulator is set as to work in open system.Finally, in step 560, process 550 is downloaded simultaneously MIDlet program 523 is applied according to selection starting.Certain personal datas using in applet program can be accessed and It has been shown that, or provided by user.The process 550 terminates after all service/application components are downloaded, install and individualize.

According to a specific embodiment, enable portable equipment 530 as a mobile sale point come using a generation Table process is as follows：

(a) access installation server (i.e. the server 514 of service provider), and the server is requested to establish first Exit passageway (such as exit passageway 518) with one distribution quotient field (i.e. applet program library 504) of connection and runs on peace Global platform card management device 526 on full element 529；

(b) one or more internet message is received, includes encapsulation point of sale security identity module applet program in the message Several APDU of (such as Java Cap file from applet program library 504) are requested；

(c) the APDU request is extracted from the internet message received；

(d) the APDU request extracted is sent in the correct order to global platform card management device 526, in safety member Point of sale security identity module (applying applet program 527) is installed on part 529；

(e) personal server (server 514 of i.e. one service provider) is accessed, to open Article 2 connection Exit passageway between peopleization server and newly downloaded applet program (i.e. point of sale security identity module) is (according to service The difference in device and/or path, the exit passageway may be may not also be exit passageway 518).

(f) one or more internet message is received to obtain one or more individually " data storage APDU (STORE DATAAPTU)"；

(g) it extracts and sends " data store APDU (STORE DATAAPTU) ", with individualized point of sale safety identification mould Block；And

(h) it downloads and starts point of sale manager (crossing program 523 using MIDlet).

Fig. 6 A illustrates a representative framework 600, a root Ju specific embodiment of the invention, wherein portable set Standby 630 are used as mobile sale point, to execute e-commerce and Mobile business.The portable equipment 630 is by base band 624 and safety Element 629 forms.Point of sale manager 623 is downloaded and installed in the base band 624, point of sale security identity module 628 It is then personalized and is mounted in safety element 629, so that portable equipment 630 potentially acts as the role of mobile sale point.In this way Transaction 639 in real time can be (such as single in the portable equipment 630 for supporting mobile sale point and the device 636 for supporting electronic token Function card or support stored value card mobile device) between carry out.The electronic token may represent the electronics goods in equipment Coin (e-money), electronic business transaction certificate (e-coupon), electronic ticket (e-ticket), electronic vouchers (e-voucher) or any The payment token of other forms.

Real-time deal 639 lower online can carry out (portable equipment not being accessed backend sales point transaction processing server 613).But in specific actual conditions, such as when trading volume has been more than scheduled thresholding, or support setting for electronic token When standby 636 needs are supplemented with money or virtually supplemented with money, or when (single or batch) transaction upload, the portable equipment 630 can pass through bee Nest network 520 accesses the backend sales point transaction processing server 613.

The off-line transaction record of accumulation needs to be uploaded to backend sales point transaction processing server 613 and is handled.Institute Upload operation is stated to be executed by the portable equipment 630 for accessing point of sale (pos) transactions processing server 613 by exit passageway 618.With institute State that installation is similar with personalization process, upload operation can be executed via two different routes：Cellular communications networks 520；Or Public network 521.Fig. 6 A depicts first route.

The Article 2 route is as shown in Figure 6B, and a root Ju specific embodiment of the invention, Fig. 6 B illustrates a generation The framework 640 of table, wherein portable equipment 630 executes transaction batch as mobile sale point and on public network 521 and uploads Operation.General be stacked of off-line transaction record in the mobile sale point is stored in point of sale security identity module 628 Transaction log in.The transaction log is read by contactless reader 634 and is stored in the pin being mounted in computer 638 Sell an agency 633.The point of sale agency 633 accesses point of sale (pos) transactions by exit passageway 619 on public network 521 again Processing server 613.Each upload operation comprising one or more transaction record is collectively labeled as an individually batch upload Operation.It is logical that the data between 632 threes are acted on behalf of in point of sale security identity module 628, contactless reader 634 and point of sale Letter is using format and includes the transaction record.The internet message of encapsulation APDU (such as HTTP) is then used for point of sale agency Communication between 632 and point of sale (pos) transactions processing server 613.

In a specific embodiment, one represents from point of sale manager 623 or having for point of sale agency 633 The batch upload procedure of property includes：

(a) request is sent to initiate batch upload operation to point of sale security identity module 628；

(b) after the point of sale security identity module 628 agrees to the batch upload request, know safely from the point of sale The transaction record of accumulation is fetched in " a batch " or " one group " being labeled in other module 628 in the form of APDU order；

(c) internet message of the creation one or more comprising the APDU order fetched；

(d) one or more internet message is sent to by point of sale (pos) transactions processing server 613 by exit passageway 619；

(e) confirmation signature information is received from the point of sale (pos) transactions processing server 613；

(f) the confirmation signature information is transferred into the point of sale security identity module 628 in the form of APDU to carry out core It is real, then delete the confirmed transaction record being uploaded；And

If (g) transaction record for still having other not to be uploaded in same " batch " or " group ", repeatedly step (b) is extremely Step (f).

Fig. 6 C illustrates a width flow chart, and a specific embodiment according to the present invention depicts use and serves as moving pin Sell portable equipment 630 a little and the mistake for the progress Mobile business of device 636 that electronic token is used and supported as single function card Journey 650.In order to be more convenient for understanding, preferably by process 650 and diagram before, especially Fig. 6 A and Fig. 6 B associate together It investigates.The process 650 can be realized with the mode of software, hardware or soft or hard combination.

When supporting electronic token device (such as Mifare card or to support stored value card and simulate single function card just Hand portable phone) holder, it is desirable to by mobile sale point (i.e. portable equipment 630) buy article or order service when, process 650 (such as process > performed by the point of sale manager 623 in Fig. 6 A will be activated.In step 652, portable equipment 630 It reads the device for supporting electronic token and fetches electronic token (such as tag ID of Mifare card).Then, process 650 verified in step 654 described in the electronic token fetched it is whether effective.If supporting the device 636 of electronic token in Fig. 6 A It is single function card (such as Mifare), then includes by the verification process that point of sale manager 623 executes：(i) institute is read State the card mark (ID) of card, card mark is stored in unprotected or only on the region by known cryptographic key protection； (ii) request identified comprising the card is sent to point of sale security identity module 628；(iii) receive it is one or more by Key (such as key for transaction count, distribution quotient data etc.) after the conversion that point of sale security identity module 628 generates. If after the one or more conversions received key be it is invalid, i.e., described in the electronic token fetched be it is invalid, then terminate Process 650.Else process 650 will be advanced into step 656 along "Yes" branch, will determine to fetch described in step 656 Whether enough remaining sum is had in electronic token to pay the required expense of current transaction.If the result that step 656 determines is "No", process 650 can choose propose the holder supplement with money in step 657 for its electronic token (be loaded into, inject or It raises funds).If the holder selects " negative " described proposal, process 650 terminates.Else if the holder With mean it is described support electronic token device carry out charging in real time, then process 650 is executed in step 658 supplement with money or Virtual intend Supplement operation with money.650 return step 656 of process later.If there is enough coin remaining sums in electronic token, process 650 is in step It is deducted from the electronic token for supporting electronic token device 636 in 660 or debit completes the number that the purchase needs to pay. In the case where the single function card, key is used to that the deduction is authorized to operate after one or more of conversions.Finally The one or more off-line transactions record accumulated in step 662, point of sale security identity module 628 is uploaded to point of sale Transaction processing server 613 is handled.The upload operation can be right by cellular communications networks 520 or public domain network 521 Single transaction or batch transaction carry out.

Process 400 in Fig. 4 A, which describes, above-mentioned supplements operation with money.Virtually supplementing operation with money is described to supplement the special of operation with money Type, usually sponsored people or donor are used to improve the credit line of electronic token.Behaviour is virtually supplemented with money in order to use Make, the sponsor needs to set up an account, and by the account and supports device (such as the single function card of electronic token Piece, Multifunction card, the portable phone for supporting electronic token etc.) binding.For example, by commercial entity (such as enterprise, silver Row etc.) provide line on account.Once the sponsor has been filled with electronic token on the line in account, electronics is supported The holder of token device just can be when accessing mobile sale point from receiving electronic token in account on the line.A variety of differences Safety measure will be carried out to ensure that described virtually to supplement operation with money be safety and reliable.It is described virtually to supplement with money One representative application scenario is that father (mother) close (i.e. sponsor) can be filled with electronics generation in account on a line Coin, portable phone (supporting the device of electronic token) phase of account and a children (i.e. equipment holder) on the line Connection, therefore when the children are when mobile sale point buys article, the children can receive the electronics generation being charged Coin.Other than various e-commerce described herein and Mobile business function, point of sale manager 623 is also configured to can A variety of inquiry operations are provided, for example, (a) checks that the not formed batch accumulated in the security identity module of point of sale is not (i.e. upper Pass) revenue and expenditure record, (b) list the transaction log of the not formed batch in the security identity module of point of sale, (c) display save The details of particular transaction in the security identity module of point of sale (d) checks the current balance for supporting the device of electronic token, (e) transaction log for supporting the device of electronic token is listed, and (f) particular transaction of the device of electronic token is supported in display Details.

Flow chart in Fig. 6 D, a specific embodiment according to the present invention, depicting use may act as mobile sale point Portable equipment 630 with the device 636 of electronic token is used and supported as Multifunction card, carry out having for Mobile business Representative process 670.In order to be more convenient for understanding, preferably process 670 and diagram before, especially Fig. 6 A and Fig. 6 B are joined System gets up to investigate together.The process 670 can be realized with the mode of software, hardware or soft or hard combination.

When supporting electronic token device 636 (such as Multifunction card or to support stored value card and simulation multifunctional card Portable phone) holder wish by mobile sale point (i.e. portable equipment 630) buy article or order service when, mistake Journey 670 (such as process performed by point of sale manager 623 in Fig. 6 A) will be activated.In step 672, process 670 is to branch The device 636 for holding electronic token sends initial purchase request.Buying expenses and the initial purchase request (such as order) are together It sends.Then process 670 is carried out to determination step 674.When there is no enough remaining sums in the device 636 for supporting electronic token, Point of sale manager 623 will receive receiveing the response for the refusal initial purchase request.The result is that process 670 is due to the purchase Request is bought to be rejected and terminate.If supporting there is enough remaining sums, the knot of determination step 674 in the device 636 of electronics generation section Fruit is "Yes", and process 670 will be carried out along "Yes" branch to step 676.It is received from 636 there of device of support electronic token Reply (such as APDU order) point of sale security identity module 628 will be forwarded to.Information in the reply includes electronics Connection is supported electronics generation by the version of token key, and the random number that will be used to set up exit passageway, the exit passageway The point of sale safety installed in applet program (such as stored value card applet) and portable equipment 630 on the device 636 of coin Identification module 628.Then, in step 678, process 670 is received by point of sale security identity module 628 to respond described turn The debit request (such as APDU order) for sending back to multiple (reply i.e. in step 676) and generating.The debit request includes to disappear Cognizance code (MAC, Message Authentication Code) is ceased so as to applet program (i.e. stored value card applet journey Sequence) debit operation that will be carried out is verified, wherein the debit operation that will be carried out is to respond in step 680 and send Debit request and carry out.Process 670 is advanced to step 682, receives the confirmation message of the debit operation.The confirmation Comprising being respectively intended to verify and be handled by point of sale security identity module 628 and point of sale (pos) transactions processing server 613 in message Additional message cognizance code.Next in step 684, the debit confirmation message is forwarded to point of sale identification mould safely Block 628 is to be verified.Once the message cognizance code is verified to be effective, and purchase-transaction is recorded in point of sale In security identity module 628, the transaction being recorded is shown in step 686, and then process 670 terminates.It needs to infuse Meaning is that aforementioned electronic business transaction can be carried out by point of sale (pos) transactions processing server 613 down or on line online.And when branch When holding that Sorry, your ticket has not enough value in the device of electronic token, it can supplement with money or infuse according to the execution of process 400 described in Fig. 4 A and Fig. 4 B Money operation.

Fig. 7 illustrates representative setting when portable equipment is used for electronic bill application.Portable equipment 730 It is configured to include stored value card 724.When the owner of the portable equipment 730 or holder wish that a spy is participated in purchase When fixed movable bill (such as concert tickets, ball match admission ticket etc.), stored value card 724 can be used to pass through one for the owner 720 booking of electronic ticket service provider.The electronic ticket service provider 720 can contact traditional box office reservation system 716 or Ticketing service application program 710 makes a reservation for and buys the bill on line.Electronic token (such as electronic money) is set from portable later It is deducted in standby 730 stored value card 724, to be bought to (such as financial institution, the bank) pay bills of credit/debit system 714 Expense.Security identity module 718 is accessed the electronic bill service provider 720, to ensure the electricity in portable equipment 730 Sub- wallet 724 is correctly validated.After receiving payment confirmation, electronic ticket by connecting (such as cellular communications networks) quilt in the air It is sent to portable equipment 730, and is stored on safety element 726 in a manner of electronization, such as with electronic ticket code, close The mode of key or password.Later, as the owner of the portable equipment 730, i.e., the holder of the described electronic ticket attends the spy When fixed activity, the electronic ticket holder only needs that entrance registration reader 734 is allowed to read the electricity saved in portable equipment 730 Sub- ticket code or key.In a specific embodiment, the entrance registration reader 734 is a contactless reader (example Such as abide by the very-short-reach coupling device of ISO 14443).The portable equipment 730 is the shifting for supporting short-range communication (NFC) Mobile phone.

Referring now to shown in Fig. 8 A, it illustrates in one embodiment by a service operation or the TSM institute of arrangement The schematic diagram of multi-party (the multiple parties) that is related to.TSM operation team 802 includes being responsible for user management account Manager (administration, abbreviation admin, or referred to as manager or management), these users passed through TSM or Other tasks have individualized their safety element.In one embodiment, TSM operation team 802 includes described in management Account some, management system resource (such as management HSM, create HSM index (index) and GP key mapping) it is some People.In addition, the team is also responsible for from the offline input default ISD information of one or more SE producers.The team further includes Referred to as identify some of engineer (certification engineer), they are responsible for ratifying process according to application (application approval process) and ISP cooperate with SE publisher.The TSM selling group 804, It is also referred to as account working manager, is responsible for the account management of sale and the supplier (vendor) of TSM.The team Some members in 804 can only work for the SE producer, and some members can only work for the SE publisher, Other people can work for the supplier of multiple types.TSM partner services team 806 can also be referred to as and support engineering Teacher, the supplier (such as SE publisher and ISP) for being responsible for TSM provide technical support.The TSM partner services Team 806, it is not direct to be contacted with mobile subscriber, but the log of affiliate's analytical auditing (audit logs) can be helped. The supplier 808 includes one or more of SE publisher, SE producer and ISP.SE publisher is responsible for peace The distribution of full element, and possess the ISD of the safety element.SE publisher works together with the TSM team, if necessary It can install additional SSD for ISP.SE producer is used to be responsible for the manufacture safety element as its name suggests, And the installation default ISD in safety element.It can also work together with TSM team, provide the ISD key set of these defaults. The ISP is responsible for developing NFC mobile application.Application example from the ISP includes but is not limited to hand over Logical wallet, bank electronic wallet and credit card.Small ISP can be to provide those of application as room key People.

Fig. 8 B shows the related pass operating process between each side that TSM in one embodiment is related to.The operation Description be not described in detail herein to avoid the emphasis of fuzzy one embodiment of the present of invention.Fig. 8 C shows one and shows The workflow of mutual Agreement Protocol is established in the TSM of example between parties.SE publisher or ISP require TSM to protect Deposit its GP key set.In one embodiment, for SE publisher, this GP key set is most possibly used as ISD. For ISP, this GP key set is used as SSD.As shown in Figure 8 C, the process for creating key set is related to Key and the creation mapping (mapping) in TSM system are created in HSM.The effective range of the mapping will be set to conjunction The about Expiration Date (contract expiring date).Generally speaking, HSM cipher key index (key index) cannot be same Time is effective for multiple mappings.

When the key set will expire, can be updated.It was created shown in the more new technological process and Fig. 8 C Journey is similar.According to one embodiment, expire a few months ago in the key set, the TSM will regularly give the key The owner of collection will send and notify.Once the owner of the key set updates the contract, then stop the notice.It is described The owner of key set can start the renewal process by one work request of creation or project.One reliable TSM Account working manager ratifies or refuses the job.It is described when receiving the approved job TSM manager updates the expiry date of the key set according to the contract of the update.

Similar, the key set can expire or terminate earlier.Stream is created shown in the end process and Fig. 8 C Journey is similar.The key set owner can request to stop the key set in a future date.The reliable TSM industry Business account administrator will verify immediately, and ratify or refuse the request.The phase of the mapping is arranged in the TSM manager The full date is the scheduled date.The TSM is that other suppliers regenerate the HSM cipher key index.Audit log is saved to record State the trace of transaction.

Fig. 8 D shows the data flow that ISD maps between SE publisher and TSM.On the whole, ISD mapping by Each SE publisher directly manages.SE publisher can create a mapping and unbind an outside or inside key set to one A ISD cipher key index (index).External key collection is the key set not existed in HSM relevant to TSM, internal key collection It is the key set being present in the HSM.In general, the SE publisher should not need specified default ISD, due to defaulting ISD It is from the SE producer.However, if it is desired to which SE publisher, which can choose, rewrites this default ISD.

As in fig. 8d, the SE publisher creates an ISD mapping for card operation system (Card OS) and unbinds Key set and ISD cipher key index (such as range from 1-127).If key set is not that outside, the TSM not will ensure that It maps and exists with the key set of its HSM.In operation, the SE publisher directly can modify or delete the ISD and reflect It penetrates.As described above, SE producer has the default ISD information of the safety element.The TSM is provided for SE producer and is criticized Amount and real-time mode go to share these information.Based on the agreement with TSM, batch or in real time side is can be used in the SE producer Formula has been described.

For security reason, the ISP (service provider, abbreviation SP) is in order to individualize his answer With may want to themselves SSD.The SSD mapping is created by SE publisher to bind and distribute to the service offer The cipher key index of person is to SP key set.Fig. 8 E shows the corresponding data between TSM, SE publisher, ISP Process.Similar to the creation of the SSD, ISP can request the SE publisher to go to delete a SSD mapping.Institute It states workflow and SSD creation process is substantially similar.

As indicated above, ISP is the application that user provides.An application is ordered and downloaded in mobile subscriber Before, need to ratify or issue the application.For example, ISP need to submit an application to SE publisher and TSM with to Approval.Fig. 8 F shows the data flow for ratifying an application by SE publisher.If necessary to dedicated SSD, the service is provided Person can as above request a SSD in advance, or point out in the request.Before the application of approval is available for ordinary populace, institute It states ISP or the SE publisher can star the open process.The application is disclosed in the TSM for user Before, two sides must agree to.Then, the date applied described in the supplier and validity are notified.

In some instances, safety element needs are replaced.It, can be in mobile subscriber or his SE publisher request Replace the safety element.In general, needing to update safety element with bigger memory space to more service.It should be noted that Following three points：

● for these applications, need to migrate out their application situation, the old safety element from old safety element It needs to remain to by application access (passing through TSM)；

● for not needing these applications of state transition, it is only necessary to reset and individualize the application by the TSM；

● however, state is in safety element, but status of support does not migrate, and the TSM cannot be moved if an application Move their state.For these applications, they will be treated in the second (that is, the application must be reset With it is individualized).

Fig. 8 G shows the process of replacement safety element.Safety element publisher notify TSM about：

● SE publisher notifies TSM about SE replacement request；

● TSM is cooperated with ISP to prepare APDU order, to collect the state of the application on old SE；

● for each application, TSM, which is executed, orders the APDU order to extract application state, and locks the application；

● the safety element that TSM notifies mobile subscriber to go the change of physics new.Mobile subscriber can change his/her idea and go Revocation returns to (rollback) described replacement request.It without revocation or will return after this step；

● if there are no processed, TSM will update the default ISD for it；

● it cooperates with ISP, TSM will install and individualize or configure each application.If desired, TSM will be service Supplier installs the SSD.Static data and dynamic application state based on the ISP prepare the individualized number According to.

As shown in figure 9, it illustrates the snapshot examples of the display screen of an account of personalized safety element.As institute It states menu (menu), the account maintenance (mantains) has the details of personalized safety element.In addition, institute State the application and security key that account includes a series of configurations.Other information can also be maintained, such as using owner's (exploitation The people of the application), the reliable links of TSM, SE log and apply log.

The present invention is more suitable for realizing using software form, but can also be realized with the form of hardware or software and hardware combining.This hair The bright code being readable by a computer being implemented as on computer-readable media.The computer-readable media is to appoint What can save the number Ju storage device for the data that can be read by computer system.The example of computer-readable media includes Read-only memory, random access memory, CD CD (CD-ROM), Digital video disc (DVD), tape, optical data is deposited Storage device and carrier wave.The computer-readable media can also be distributed in the multiple stage computers system being connected by network, The code that can be readable by a computer described in this way will be stored and be run in a distributed fashion.

Above description sufficiently discloses a specific embodiment of the invention.It should be pointed out that being familiar with the field Model of any change that technical staff does a specific embodiment of the invention all without departing from claims of the present invention It encloses.Correspondingly, the scope of the claims of the invention is also not limited only to previous embodiment.

Claims (17)

1. a kind of realize the method for being used for mobile payment between two mobile devices, the method includes：

Software module is provided, the software module executes in first movement device to generate the data comprising e bill；

The second mobile device wirelessly is sent from the first movement device by the e bill, wherein the electronics Bill includes data related with the account information of the amount of money for receiving e bill statement, second mobile device by User's operation, and be caught to execute software module in response to the e bill to show institute in second mobile device E bill is stated, wherein second mobile device generates payment request, and sends the payment request to as third-party Payment gateway, the third party are responsible for after the amount of money that the user confirms in the e bill being the user maintenance account； With

The first movement device receives the notice executed for the payment of the account information from the payment gateway, Described in third party's account for being responsible for verifying the user maintenance whether there is the enough amount of money to go to pay the e bill The amount of money deducts the amount of money of the e bill from the account of the user maintenance and sends institute for the amount of money deducted State the corresponding destiny account of account information.

2. according to the method described in claim 1, the wherein software module in the first movement device and described The software module executed in two mobile devices promotes the number between the first movement device and second mobile device According to communication and the data exchange between them.

3. according to the method described in claim 2, wherein the first movement device and second mobile device pass through near field Communicate (NFC) communication.

4. according to the method described in claim 1, wherein described wirelessly by the e bill from the first movement Device is sent to the second mobile device：Make the amount of money described in the user's checking and pays the gold using selected method of payment Volume, wherein entering institute's selection tool using the software module in second mobile device.

5. according to the method described in claim 4, wherein the selected method of payment is selected from the group being made up of：Exist The stored value card, traditional credit or debit card and the Electronic Transfer that are created in second mobile device, Web bank and Electronic payment system.

6. according to the method described in claim 5, wherein the first movement device is attached to the sale of the destiny account Point (POS) device.

7. according to the method described in claim 6, wherein the first movement device is received from the payment gateway for described The notice that the payment of account information has executed includes：

Make second mobile device that the payment request of the amount of money are transmitted to the payment gateway by exit passageway, Wherein the payment gateway executes each payment request by deducting the amount of money from the account of the user maintenance Authorized moneytary operations, and generate and described notify the POS device.

8. a kind of method that mobile payment is realized between two mobile devices, the method includes：

First movement device receives the e bill from the second mobile device, wherein first movement device execution is therein E bill of the software module with wireless receiving from second mobile device, the described second mobile execution software mould therein Block is to generate the data comprising the e bill；

The amount of money is shown on the display of the first movement device, wherein the amount of money is by first movement device from the electricity It is extracted in sub- bill；

When checking and approving the amount of money using the user of the first movement device, payment is generated in the first movement device and is asked It asks；

The payment request is transmitted to as third-party payment gateway, wherein the payment gateway is responsible for the account from the user It deducts the amount of money and sends the amount of money deducted to the destiny account for belonging to second mobile device in family；And

Second mobile device receives the notice executed for the payment of the account information from the payment gateway.

9. according to the method described in claim 8, the wherein software module in the first movement device and described The software module executed in two mobile devices promotes the number between the first movement device and second mobile device According to communication and the data exchange between them.

10. according to the method described in claim 9, wherein the first movement device and second mobile device pass through near field Communicate (NFC) communication.

11. according to the method described in claim 8, wherein the payment request that generates in the first movement device includes：

Make the amount of money described in the user's checking and pay the amount of money using selected method of payment, wherein utilizing the first movement The software module in device enters institute's selection tool.

12. according to the method for claim 11, wherein the selected method of payment is selected from the group being made up of：? Stored value card, traditional credit or debit card and the Electronic Transfer, Web bank created in the first movement device With electronic payment system.

13. according to the method for claim 12, wherein the first movement device is attached to the pin of the destiny account Sell point (POS) device.

14. the method according to claim 11, wherein the method also includes：

Make the first movement device that the payment request of the amount of money are transmitted to the payment gateway by exit passageway, Wherein the payment gateway deducts the amount of money by the account possessed from the user to execute each payment request Authorized moneytary operations, and generate and described notify the POS device.

15. a kind of mobile device for mobile payment, the mobile device include：

Wireless communication module, the mobile device that relieves oneself being configured are included in a POS device wireless telecommunications with receiving The data of the mark of the e bill and businessman that are generated in the POS device, the mobile device and user-association, the user It is interacted with the businessman by the POS device；

Interface, the user input the amount of money to be paid to the businessman by the interface in the mobile device manually；

The module of payment request is generated in the mobile device, wherein the payment request includes the mark and the gold Volume；

Wherein the wireless communication module transmits the payment request to as third-party payment gateway, wherein the payment net It closes and is responsible for deducting the amount of money from the account of the user and sends the amount of money deducted to the specified account for belonging to the businessman Family, the businessman receive the notice executed for the payment of the destiny account from the payment gateway.

16. mobile device according to claim 15, wherein the mark includes the information of the destiny account, described the Tripartite sends the amount of money deducted from the account of the user to the destiny account based on the information.

17. mobile device according to claim 15, wherein further comprising：

It is personalized via server to include the safety element of one or more operation keys；

The space of software module is stored, the software module is configured via personalized safety element.