SK322009A3 - Payment terminal using mobile communication device, especially mobile phone, cashless payment method - Google Patents

Abstract

Payment terminal using mobile communication device especially a mobile phone is placed on a removable a memory card (1) that is adapted to be inserted to the expansion accessories slot used beyond the basic function of a mobile communication device (4). The platinum application runs on the removable the memory card (1). The microcontroller (12) is loaded a paypal application and then from a smart card the chip (3) read the configuration data of the selected terminal identity. Data from the selected payment card to the microcontroller (12) operating as a payment terminal read from smart card chip (3). Payment card block (7) with payment application is located separately in the protected part of memory from block (6) with terminal configuration data. Memory card (1) is SD or miniSD, or microSD, or M2karty. The memory card (1) is capable of functioning as multiple identity terminal, while also including payment card or multiple payment cards and in a convenient arrangement it is equipped with a contactless communication element (13).

Description

A payment terminal using a mobile communication device, in particular a mobile phone, a non-cash payment method

Technique Area

The invention relates to a payment terminal which is located in a mobile communication device, in particular a mobile phone, and for realizing payment processes the terminal can also communicate via its own communication element, in particular of the NFC type. The invention also discloses a non-cash payment method using a contactless transmission link.

BACKGROUND OF THE INVENTION

There are known payment terminals, POS terminals, which are stably located in commercial premises. Connections are also known in which mobile communication devices are used, in particular in the form of a conventional mobile phone in the execution of a cashless payment transaction.

To date, there are no known technical means that would reliably update a mobile phone to a payment terminal position held by the user.

The solution according to patent CN101351819 mentions the possibility of using a mobile phone as a POS terminal, but does not solve the particular arrangement of the individual necessary elements of the system. Many solutions, such as CN101339685, CN101329801, US2008270246 (A1), SI22595 (A), US2008059375 describe the involvement of a mobile phone in cashless payments, but there are no elements of a standalone POS terminal in the phone, POS terminal, such as US2007241180 (A1).

SUMMARY OF THE INVENTION

These deficiencies are substantially eliminated by a payment terminal utilizing a mobile communication device, in particular a mobile phone, including a memory, an interface, a microcontroller for executing a payment terminal application, where i.

the microcontroller is connected to a memory and interface for connection to the mobile communication device circuit, and wherein the terminal also has a payment terminal application interface coupled to the microcontroller and also includes a terminal configuration data block in the protected portion of the memory of the present invention. the terminal with the associated data is located in a removable memory card adapted to be inserted into a mobile communication device extension accessory used beyond the basic function of the mobile communication device. This will be in particular, but not exclusively, an externally accessible slot of a mobile communication device, in particular a mobile phone. The relevant slot is intended for technical means without which the mobile communication device can fulfill its basic function, i. transmission of data and / or voice over the operator's network. The slot is not intended for a SIM card and the memory card of the present invention is not a SIM card. The removable memory card is not dependent on the phone's SIM card and can be removed and inserted into the mobile phone without interrupting normal phone functions.

In addition to the memory itself, the memory card includes a smart card chip including protected memory on which there is a block with terminal configuration data. This block is used to securely store the data that the terminal needs to assign its identity, essentially the data that determines to whom the terminal belongs to the data.

Smart card chip is connected to microcontroller. A memory card memory is also connected to the microcontroller for running the payment application, where there is a block with the payment application. This will mainly take the form of an EMV application. The microcontroller reads the payment-terminal application from the respective block and thus becomes the so-called. Generic POS Terminal. It is a general POS terminal, currently indifferent. In order for this POS to become a terminal of a particular bank, a particular institution, it downloads data from the terminal configuration data block from the smart card chip.

This arrangement allows a configured and modified memory card to be inserted into a conventional mobile phone having an expansion memory slot so that it is able to execute terminal payment operations.

Another essential feature of the present solution is that the memory card also includes a payment card block with a payment application, in particular an EMV type. The combination of a terminal and a payment card into one, in addition, indivisible hardware means has so far made no useful sense since the payment terminals were physically held by the merchant, usually owned by a bank, payment processor and the like. It is possible to achieve by the present invention that the payment terminals are in the personal possession of the user and then it is possible to connect the terminal and the payment card to one hardware means. In doing so, the terminal will still belong to a particular bank or clearing institution, as has been the case with the terminals held by the merchant.

The payment card block is located in the protected portion of the memory separate from the terminal configuration data block, preferably on separate domains of the secure element contained in the smart card chip. In view of the suitability of the memory card structure and also with regard to the high penetration of mobile communication means with an SD slot, it is preferred that the memory card is of the SD or miniSD type or microSD card or M2 type. Then, the interface of the memory card to the circuits of the mobile communication device will be the corresponding SD or M2 interface. The microcontroller is connected to the card interface as specified by the Technical Committee SD Card Association.

In order to achieve sufficient data throughput, it is convenient if the memory card has at least a two-wire, preferably at least a four-wire bus. Preferably, the memory card used has a largest dimension of less than 24 mm and a second largest dimension of less than 14 mm.

The microcontroller is provided with an indelible internal memory, preferably of the EEPROM type. To achieve a sufficient level of security, the microcontroller is also provided with a boot-loader block to control unauthorized hits in the loaded payment-terminal application. The boot loader is stored in the non-rewritable portion of the microcontroller's processor memory and runs whenever the terminal is rebooted. The boot loader task is to check that the operating system and application programs have not been altered by unauthorized intervention. After each boot, Boot-loader calculates the Hash value (digital signature) from the contents of the external flash memory of the program where the operating system and application are stored. The result is compared with the value stored in the internal memory

EEPROM. If the data matches, it leaves control to the operating system. If not, it decrements the failed counter and stops. If the counter reaches 0, the microcontroller can no longer be started. The memory stores the operating system (such as the beginning and end of the address space) and the Hash value of the memory content (digital signature) is burned to the microcontroller the first time the operating system and application are saved. You cannot change this later.

In a conventional embodiment, the microcontroller will have a 32-bit microprocessor structure.

The utility values of the terminal will substantially increase the arrangement in which the payment terminal has its own communication channel, substantially independent of the communication paths of the mobile communication device. This arrangement will be characterized in that the memory card is provided with a contactless communication element which is connected to a smart card chip and / or a microcontroller. It will be advantageous if an antenna is connected directly to the contactless communication element directly on the memory card. This makes the terminal functions independent. The contactless communication element can be equipped with detection of the surrounding electromagnetic field, so that its circuits will only be activated at the time of the required connection, thus reducing the terminal's power requirements. This can be supplied from the electromagnetic field and from the power of the mobile communication device via the respective memory card interface. The contactless communication element may be coupled to blocks on a smart card chip, with the exception of an encryption block that will only be accessible through a microcontroller to reduce the risk of attempts to illegally overcome encryption. In view of the existing extension of communication types, it is preferred that the non-contact communication element is of the NFC type, preferably according to ISO 14443.

The payment terminal may also have several separate blocks with configuration data of independent terminals in the smart card chip. These will be stored separately in separate domains of the secure element. This technical solution will allow the payment terminal to be activated as a terminal of different payment processors at the user's choice or according to other instructions. Thus, one memory card can subsume and perform the functions of several independent payment terminals sequentially. This arrangement will be advantageous precisely in connection with the mobility of the described payment terminal and its independence from the particular merchant, where it would be appropriate to have the choice of identity and affiliation of the payment terminal.

A payment terminal may include multiple payment cards within itself by providing 5 separate smart card blocks in the smart card chip with the respective payment applications. Thus, the payment terminal may not only be a multi-payment terminal but also may be a multiple card. With the increasing number of cards owned by one user, space will be created for convenient and secure connection of these means of payment to one memory card inserted into the mobile phone.

The memory card memory, preferably in the form of a flash memory, may have at least a portion of its space protected. Then we can put a block of payment application in it. This could also be directly in the microprocessor, but such a solution is impractical with respect to the required memory space.

In addition, it will be required that the payment terminal application be updated gradually, for which the download control block located in memory will serve. To control the data streams, the memory is provided with a memory controller process block. The memory may also have a web server block for communication between the memory card and the phone via the web interface.

The utility value of the terminal as described will be enhanced by the addition of non-financial functions. Existing elements of the memory card, separate domains of the secure element, the contactless communication element and possibly also the encryption block can be used to control external devices, such as a remote control, an electronic key to the gateway and the like. Then there is a block of non-financial application running through the microcontroller in the smart card chip.

In the arrangement according to the present invention, the memory card with the function of the payment terminal can continue to fulfill the function of the memory expansion of the mobile communication device. In the unprotected part, the memory has space for freely accessible user data such as pictures, music files and the like. This section is directly visible when viewed from a mobile communication device. System data such as payment transaction result records and the like will be stored in the data hidden from the user.

A non-cash payment method using a mobile communication device according to the present invention is characterized in that the payment terminal application runs on a removable memory card that is inserted into the mobile communication device slot for the expansion accessory. The payment terminal application is loaded into the microcontroller in the memory card and subsequently the configuration data of the selected terminal identity is read from the smart card chip. An essential feature is also the possibility that the data on the selected payment card is read into the microcontroller acting as a payment terminal from the smart card chip, ie from the same hardware means on which the payment terminal application itself runs.

In order to increase security, it is advantageous for the payment application to be checked for changes in the payment application by means of a boot-loader block when or before starting the payment application. The payment terminal application will be controlled via the input device of the mobile communication device, in particular the keyboard, e.g. by

BRIEF DESCRIPTION OF THE DRAWINGS

BRIEF DESCRIPTION OF THE DRAWINGS The invention is explained in more detail with reference to FIG. Figure 2 shows the connection of a mobile phone with a memory card for payment in an online store.

DETAILED DESCRIPTION OF THE INVENTION

In this example, a payment terminal is described on both a removable memory card and microSD platform with the size and shape of a conventional microSD card. The memory card 1 has a microcontroller 12 in the form of a 32-bit microprocessor operating with a multi-task operating system 8, in this example Linux. The microcontroller 12 is connected with a flash memory 2, a smart card chip 3 and an SD interface 11. The microprocessor 12 includes an internal EEPROM memory 10 and a bootloader block 9 to control unauthorized hits in the loaded payment terminal application.

Flash memory 2 is divided into protected and unprotected part. In the unprotected part there is a space 15 for freely accessible and freely visible user data as well as a space 20 for the hidden storage of the system files, especially the records of payment transactions running through the payment terminal. In the protected part there is a block 8 with an operating system, in this example with Linux, and in particular a block 5 of a payment terminal application where the payment terminal application, in this case EMV type, is loaded. In the protected portion of memory 2, in this example, there is also a download control block 19, which is used to store and control the software on the memory card i. If it is necessary to load / upgrade applications in the smart card chip 3, the application binary data is downloaded to the unprotected portion of the flash memory 2, for example, to the system data block in the space 20 for the data hidden by the user. The download control block 19 periodically checks for a new file in the system data block that needs to be uploaded to the smart card chip 3. If so, it starts the corresponding installation.

Also in the protected part of the memory 2 is block 18 of the SCWS web server for application management on smart card chip 3 outside the payment EMV application. The microcontroller 12 has a portion of memory in which the operating system (beginning and end of the address space) is stored. The Hash value of the memory content (digital signature) is burned into the microcontroller 12 the first time the operating system and application are saved. This information cannot be changed later.

Several separate domains are created in the secure element of the smart card chip 3. In this example, three are used to hold three separate blocks 6 with terminal configuration data of three different payment processors. Two secure element compartments are occupied by blocks 7 of two independent payment cards with corresponding EMV payment applications. Thus, the example describes a circuitry that makes it possible to pay from two different payment cards through three terminals of different payment processors, one of which may, for example, be a mobile telephone network operator and link its offered telecommunications services with credit card payment processing services. The secure element also has an RSA encryption block 14.

The memory card 1 also has its own NFC non-contact communication element 13 with an antenna located on or off. in the memory card body i. This arrangement makes it possible to establish an NFC communication link between a conventional telephone without an NFC chip and a corresponding ISO 14443 reader.

A non-financial application block 16 is also located in the secure element, which in this example is set to function as an electronic contactless key for controlling the door lock.

The flash memory controller 2 located in the protected portion of the memory 2 controls the data transmission between the mobile phone and the flash memory 2 on the memory card i. Blocks the viewing and writing of the protected portion of memory 2 and blocks the viewing of the unprotected portion of memory 2 with the system data block where data writing and reading is enabled.

The payment terminal application is run on a removable memory card 1 which is inserted into a slot of the mobile communication device 4 for the expansion accessory. The payment terminal application is read into the microcontroller 12 in the memory card 1 and subsequently the configuration data of the selected terminal identity is read from the smart card chip 3. The data on the selected payment card is read into the microcontroller 12 acting as a payment terminal from the smart card chip 3 at the user's choice.

Before the payment terminal application is started, the payment application changes are checked using the boot loader loader block 9. The payment terminal application is controlled via the keyboard and display of the mobile communication device 4.

The mobile phone has a GUI (Graphic User Interface) for communication between the user, memory card I, HOST processor and also has push SMS technology. The payment terminal application is an SD microcontroller 12 application allowing online and off-line payments from a payment application on the microSD memory card i. Payment is done as “Card is present”, which significantly increases security 30 the transaction is signed with a cryptogram and for each transaction the ATC is increased by one, ie it is not possible to generate an unlimited number of transactions in order to get some keys. The client controls the payment terminal application via the installed GUI application in its own mobile phone. The payment terminal application in conjunction with the microcontroller 12 forms a Generic POS terminal. Subsequently, with the configuration parameters, they form the Embedded POS TERMINAL as follows: Terminaltype lx = terminal belonging to a financial institution, 2x = terminal belonging to the merchant, 3x = terminal belonging to the cardholder - Card Holder terminal. Block 6 with terminal configuration data contains terminal ID number, PDOL data (Processing Options Data Object List), Terminal Risk management, off-line batch fillet format, SMS gateway to host, IP address to host, cipher to sign off-line transaction. Payments can be off-line or on-line. Communication with the payment processor can be via SMS or GPRS.

Industrial usability

Industrial applicability is obvious. According to the invention, it is possible to industrially and repeatedly manufacture and use payment terminals implemented in memory cards, which cards may contain one or more payment cards at the same time.

Claims (20)

PATENT CLAIMS A payment terminal using a mobile communication device, in particular a mobile phone, comprising a memory (2), an interface (11), a microcontroller (12) for executing a payment terminal application, a microcontroller (12) connected to the memory (2) and interface (11) circuitry of a mobile communication device (4) comprising a payment terminal application block coupled to a microcontroller (12), also comprising a terminal (6) with terminal configuration data in a protected portion of memory, characterized by being located on a removable memory card (1) The memory card (1) comprises a smart card chip (3) including a protected memory on which there is a block (6) containing terminal configuration data, which is adapted for insertion into an expansion accessory slot used in addition to the basic function of the mobile communication device (4). , the smart card chip (3) is connected to the microcontroller (12), which is also p the removable memory (2) of the memory card (1) and the smart card chip (3) having an encryption block (14). Payment terminal according to claim 1, characterized in that the memory card (1) has a payment card block (7) with a payment application, wherein the payment card block (7) is located in a protected part of the memory separately from the configuration data block (6). terminal, preferably on separate domains of the secure element contained in the smart card chip (3). Payment terminal according to claim 1 or 2, characterized in that the memory card (1) is of the SD or miniSD type or microSD card or the M2 type and the interface is an SD type or M2 type interface. Payment terminal according to any one of claims 1 to 3, characterized in that the memory card (1) has at least a two-wire, preferably a four-wire bus. Payment terminal according to any one of claims 1 to 4, characterized in that the memory card (1) has a largest dimension of less than 24 mm and a second largest dimension of less than 14 mm. Payment terminal according to any one of claims 1 to 5, characterized in that the microcontroller (12) is provided with an indelible internal memory (10), preferably of the EEPROM type, the microcontroller (12) is also provided with a boot-loader block (9) to control unauthorized hits payment-terminal applications. Payment terminal according to any one of claims 1 to 15, characterized in that the memory card (1) is provided with a contactless communication element (13) which is connected to a smart card chip (3) and / or a microcontroller (12). Payment terminal according to claim 7, characterized in that on the memory card (1) the antenna is connected to a contactless communication element (13). Payment terminal according to any one of claims 1 to 8, characterized in that the smart card chip (3) has at least two blocks (6) with configuration data of independent terminals. Payment terminal according to any one of claims 1 to 9, characterized in that the smart card chip (3) comprises at least two independent payment card blocks (7) with respective payment applications. Payment terminal according to any one of claims 1 to 10, characterized in that the memory (2), preferably of the Flash type, is protected at least in part of its space and in this part there is a block (5) with a payment terminal application. Payment terminal according to any one of claims 1 to 11, characterized in that the memory (2) comprises a memory controller block (17), a download control block (19) and preferably a web server block (18). Payment terminal according to any one of claims 1 to 12, characterized in that there is a non-financial application block (16) in the smart card chip (3). Payment terminal according to any one of claims 7 to 13, characterized in that the contactless communication element (13) is of the NFC type, preferably according to ISO 14443. Payment terminal according to any one of claims 1 to 14, characterized in that the memory (2) has in the unprotected part a data space (20) hidden for the user and a space (15) for the freely accessible user data. A non-cash payment method using a mobile communication device, in particular a mobile phone, comprising running a payment terminal application, in particular an EMV type, characterized in that the payment terminal application runs on a removable memory card (1) which is inserted into a mobile communication device slot (4). accessories. The non-cash payment method according to claim 16, characterized in that a payment terminal application is loaded into the microcontroller (12) in the memory card (1) and subsequently the configuration data of the selected terminal identity is read from the smart card chip (3). Cashless payment method according to claim 16 or 17, characterized in that the selected payment card data is read from the smart card chip (3) into the microcontroller (12) acting as a payment terminal. The non-cash payment method according to any one of claims 16 to 18, characterized in that the change of the payment application is checked by means of a boot-loader block (9) at or before starting the payment application. The non-cash payment method according to any one of claims 16 to 19, characterized in that the payment terminal application is controlled via an input device of the mobile communication device (4), in particular a keyboard.