201205477 六、發明說明: 【發明所屬之技術領域】 解決方案指-敎位在-行動通信裝置(諸如—行動電 話)中之付費終端。為實現付費處理程序該終端甚至可 透過其自身的主要為NPC類型之通信元件進行通信。本發 明亦描述-種使用-無接觸傳輸鍵路之直接帳單付費之方 法。 【先前技術】 已知永久定位在商辦大樓中之付費終端(p〇s(銷售點)線 端W〇s終端以將錢自購買者之帳戶轉帳至商店業者之帳 戶在-協議系統中有安全保護的方式運作。至今,通過 pos終端之付費係作為一種付費之特徵,丨中收款者具有 -POS終端且付費消費者使用—對應卡作為—付費裝置。 在第-階段中’運行卡持有者之—檢查、檢驗,此處理程 序應受咼度安全保護且應在雙方(商家及付費消費者)之合 理努力下實現。隨後,運行付費金額自動記人至商店業者 之帳戶之一處理程序。起初,僅配備有一磁條之卡用於運 仃付費終端應用程式 '然而’關於技術限制,因為磁條可 經複製或隨簡單技術裝置之使用而改變,所以具有載入資 料之磁條呈現一安全風險。讀取來自磁條之内部資料係低 技術的。 因此,在90年代下半期發卡業者歐洲國際萬事達卡 (MasterCard)與VISA間做出使用定位在付費卡上之微型晶 片關於創建EMV標準之一協議。EMV(Eur〇pay MasterCud 154948.doc • 4 - 201205477 心)標準為確保料互通性之目介於付費卡晶片與p〇s終 端之間的互動。微型晶片之使用能夠保護定位在微型晶片 上之資料,以此方式使得在沒有—piN情況下不可能自外 卩存取4等資料。甚至在沒有與處理者總部線上連接情況 下’在卡上使用晶片,亦能夠實現卡持有者檢驗((:祕〇1如 . Verification)。雖然磁條代表被動資料載體,但卡上之晶 片基本上係具有其自身的計算容量、具有記憶體之有安全 保護部分且具有-資料加密單元之一小型電腦。不管提到 的當前POS終端之技術特性,發現在p〇s終端之内侧中之 欺編性調整及操縱之情況下或在將一中間鍵路插入至讀取 裝置之情況下,可揭示來自該卡之資料及PIN碼。此通常 在受操作人員之不足控制情況下或在其他欺騙方式之情況 下不知道具有POS終端之商店所有者時發生。 然而直到現在,並未已知能夠將行動電話轉換成此種類 付費終端之此等技術工具,該等技術工具可由付費消費者 所有且可具有整個業務關係(付款卡發行業者、處理總 部、銀行、商家)之個別參與者需要的安全性。 根據CN10135 1819專利之解決方案指示使用一行動電話 作為一POS終端之可能性;然而,其並未處理系統之個別 基本元件之特定組織。許多解決方案(諸如根據專利 CN101339685、CN101329801、US2008270246(A1)、 SI22595(A)、US2008059375之解決方案)描述行動電話參 與直接帳單付費,儘管在電話中不直接有獨立的p〇s終 端。或者,如其在1^20077241180(入1)檔案中,有一行動 154948.doc 201205477 電話與一靜態POS終端互動之解決方案。 對於此技術解決方案有一要求,即使在網際網路付費 或在一般商店外部實現的其他付費(例如,下載行動業者 處儲存的程式之付費)之情況下,該技術解決方案將具有 EMV付費應用程式之高安全性且將嚴格以標準之形式 產生最終付費密碼。此等種類的解決方案目前並不是已知 的’或者由於可能透露或誤用在(例如)通過網際網路自付 費消費者之付費卡至商家之p〇s終端或虛擬p〇s終端之資 料傳輸期間之通信或者]^1?(:或GpRS通信,該等解決方案 /、有以上事貫中存在的安全風險。若一般商店中之p〇S、= 鈿與付費卡間之初始靠近接觸加長至通過網際網路環境之 通信,則接著安全風險增加。 【發明内容】 提到的缺點很大程度上由使用一行動通信裝置(諸如, 一行動電話)之一付費終端消除,其中該付費終端含有一 記憶體、一介面及微控制器。該微控制器鏈接至該記憶體 且透過一介面亦鏈接至該行動通信裝置之電路。該付費終 端包含具有一 POS付費終端應用程式之一單元且亦包含儲 存在該記憶體之有安全保護部分中之一付費終端之組態資 料單元。本發明之精髓在於付費終端連同有關組態資料可 儲存在一可抽換式記憶體卡上之事實,該可抽換式記憶體 卡以此方式經調整使得可將其插入於行動通信裝置之用於 額外硬體的插槽中’該插槽用於增加超越該行動通信裝置 之基礎功能之功能。 154948.doc 201205477 解決方案之精髓係以下組態:POS終端之整個處理程序 x、了疋位在插入於行動通信裝置中之一可抽換式記憶體 卡上同時最有可月匕的使用存在於該可抽換式記憶體卡插 入至行動電話之共同記憶體插槽中。所有内部付費p〇S終 端應用程式之運行可在插入於行動通信裝置中之該可抽換 式S己憶體卡上實現。可利用付費處理者總部發現通信處理 私序中之例外,在該等付費處理者總部中可使用行動通信 裝置自身的通信頻道(SMS(短訊息服務)、GPRS通用封包 無線電服務)。行動通信裝置之顯示工具可用於顯示付費 應用程式之運行。 p〇s終端之處理核心僅傳送至行動電話中之補充記憶體 卡申f來出人意料的技術優點,但其亦造成載入來自付費 卡之資料之困難,此係因為行動電話不具有晶片讀卡器。 於是當前解決方案之重要特徵在於:甚至在相同硬體設備 上(即,在該可抽換式記憶體卡上)可放置有使用者之一付 費卡或甚至若干付費卡。以此方式技術上可確保除了具有 用於付費終端之資料的該記憶體之該有安全保護部:之 外’《亥可抽換式記憶體卡亦含有具有付費卡資料之記憶體 之一分開有安全保護部分。 在付費應用程式之運行期間,將該可抽換式記憶體卡插 入於該行動通信裝置之用於額外硬體之插槽中,該插槽用 於增加超越該行動通信裝置之基礎功能之功能。然而並不 排除’該插槽將主要係、可自該行動通信裝置(諸如,一行 動電話)外部存取的最常使用的插槽。有關插槽經設計用 154948.doc 201205477 於此技術設備,沒有該插槽,該行動通信裝置可滿足其之 基本功能。因此考慮中的該插槽並不直接影響資料及/或 聲音在業者之網路中之傳輸;事實係該插槽不同於用於 SIM(用戶識別模組)卡之介面。該記憶體卡(其係本發明之 重要元件)不具有SIM卡之功能。考慮中的該解決方案中 描述的該可抽換式記憶體卡並不取決於行動電話之sim卡 且可被移除或插入於該行動電話中而不干擾該電話之常規 功能之任一者。 若付費卡與POS終端間之通信變窄至在運行應用程式期 間插入於行動電話中之一硬體裝置内之資料傳輸,則不可 能由共同構件監測且誤用此通信。實現付費之後,自該可 抽換式記憶體卡發送關於所實現付費之加密資訊。由以 贿標準之形式的充足安全性區分此資訊。在共同組態 中,該行動通信裝置可係—行動電話’該行動電話可確保 作為與付費處理總部通信之外部功能用於在該可抽換式記 憶體卡上運行付費康用:¢3 . 丁買應用程式。該灯動電話亦將確保該可抽 換式記憶體卡之供電。 該可抽換式記憶體卡甚至可包括主要為EMV類型的且有 一付費應用程式之—付費卡單元。根據EMV標準,此種類 的付費卡單元將包括硬體及軟體工具用於確保與晶片具有 的功能類似的功能。此單元之介面可係不同的,此係因為 該单70不破設計為在通常類型的讀取H中讀取,々該單元 將與可抽換式記憶體卡載辦 姐下戰體%固地、不可卸離地連接。 將POS付費終端及付費卡放置在—個而且不可分的硬體 J54948.doc 201205477 设備中直到現在毫無意義,此係因為該等終端被實體放置 在商家處而其等通常由銀行、付費處理者等等所有。透過 當前解決方案,使用者可實現租賃付費終端,且在此情況 下,可能將付費終端及付費卡放置在一硬體設備中。從組 態身份觀點來看,終端將保持由一特定銀行或處理機構擁 有,此係因為銀行或處理機構直到現在通常具有放置在商 家處之該等終端。因為付費卡與P0S終端間之通信將透過 可抽換式記憶體卡之硬體中的控制器、微控制器運行且給 定付費裝置之微型大小,所以接著本質上,自外部非法讀 取此通信在技術上將係不能實行的。 。亥POS付費終端之專用資料(正如加密密鑰及識別資料) 必須儲存在該記憶體之該有安全保護部分中,較佳儲存在 所謂安全元件(Secure Element)中。該$全元件特徵在於特 定硬體特性且經受對應憑證,多虧此憑證,參與部件樂於 相信其之專用資料在此一記憶體裝置中。此等p〇s付費終 端之資料必須與對付費卡資料之存取嚴格分開,反之亦 然。出於此原目’至少兩個獨立分開的有安全保護記憶體 域可係在該可抽換式記憶體卡上。此等域可係(例如卜安 全元件之分開部分之形式。 ▲從最佳化付費終端應用程式中之處理程序觀點來看,若 °亥可抽換式記憶體卡具有兩個獨立的硬體安全元件係有I 的(但非必要)。此等安全元件可係兩個一 玖日日片之形式’ 以晶片可獨立放置在該可抽換式記憶體卡之印刷Μ 上。接著第-安全元件可意欲用於儲存p〇s終端或分別儲 154948.doc 201205477 存不同POS終端之資料。第二安全元件將意欲用於儲存該 付費卡之資料或各種付費卡之資料。所以當前解決方案能 夠將若干業者之pos終端及-使用者之若干付費卡(即以個 人名字發行的各種銀行之付費卡)放置於-硬體裝置。因 為從存取觀點來看,此等組態及付費資料(屬於不同公司) '、、須刀開T以定位’所以該等安全元件將被劃分成若干獨 立的域、部分。若使用兩個安全元件,則接著甚至在安全 7C件將不具有多重任務之情況下,能夠使該等安全元件互 相進行通u運行兩個應用程式。使用兩個或若干安全元 件增加可用的總記憶體容量,以此方式可直接在該等安全 兀件上運行該付費POS终端應用程式。在具有一個安全元 牛之、、且態中,將更適宜於使用另—最便宜但不安全的記憶 體》亥付費P0S終端應用程式將被載入至該記憶體中且將 在付費處理私序期間在該記憶體上運行該付費終端應 用程式。 除了含有共同記憶體自身之外,該記憶體卡可持有具有 安全記憶體的呈一晶片形式之一安全元件,具有終端之組 態資料之-單元儲存在該安全記憶體中。此單元用於安全 儲存該終端需要指派其自己的身份之資料。原則上,此等 大多數係對具有有關資料之終端屬於何人之資料判定。 該安全元件與微控制器連接。術語微控制器甚至可意指 控制器或呈控制器形式之-些變窄的硬體。可以一種方式 定:該微控制器,其中劃分該微控制器之功能,例如,在 另一晶片中將控制器部分與計算部分劃分開。為了能夠運 154948.doc 201205477 行該付費POS終端應用程式,該微控制器亦可連接至該記 憶體卡之記憶體,該記憶體中儲存有具有付費POS終端應 用程式之單元。此應用程式可特別係一 EMV應用程式之形 式。該微控制器讀取來自各別單元之該付費P〇S終端應用 程式’藉由此其變成一所謂通用P〇S終端。其係一通用 P0S付費終端,雖然此刻仍是無差異的。為了使該p〇s付 費終端變成與一些特定銀行、特定機構相關聯,必須自智 慧卡晶片中之所選單元下載終端組態資料。 此組態能夠將可實現付費P〇S終端操作之一經組態且經 調適的記憶體卡插入於一共同行動電話令,該行動電話具 有用於記憶體擴充之一插槽。 該付費卡單元將與具有終端組態資料之單元分開定位在 該s己憶體之一有安全保護部分中,較佳在一特定晶片中之 安全元件之獨立域上。至於該記憶體卡之適宜結構且相對 於具有SD插槽之行動通信裝置之高滲透,該卡適宜於係 SD類型或miniSD或microSD卡或甚至可能係M2(微型記憶 體棒(Memory Stick Micro))。接著朝向行動通信裝置之電 路的δ己憶體卡之介面將係SD或M2類型的介面。該微控制 器可連接至該卡之介面,如由SD卡協會(技術委員會8〇卡 協會)疋義的規定中闡述。 為了達到充足資料滲透性,若該付費卡具有至少一個兩 導體式貝料匯流排或更好一個四導體式資料匯流排可係適 宜的。該卡較佳具有小於24毫米之最大參數及小於抖毫米 之第二最大參數。 154948.doc 201205477 該微控制器可配備有較佳為EEPROM類型的不可刪除内 部s己憶體。為了實現一充足安全層級,該微控制器亦可含 有一開機載入器單元用於控制載入的p〇SM費應用程式之 未經授權的介入。該開機載入器可定位在微控制器處理器 5己憶體之唯讀部分中且其在終端之各自重設之後運行。該 開機載入器功能係用以控制作業系統或應用程式是否由任 何未經授權的介入改變。每次重設之後,該開機載入器根 據程式之外部快閃記憶體之内容計算雜湊值(數位簽章), 該外部快閃記憶體中儲存有該作業系統及該等應用程式。 接著該開機載入器比較結果與該EEpR〇M内部記憶體中儲 存的值。若資料相等,則接著該開機載入器將管理權留給 該作業系統。否則,該開機載入器遞減不成功嘗試之計數 器且接著停止。若該計數器達到〇,不可能再啟動該微控 制器。在該記憶體t,可儲存有一作業系統(作為經定址 區域之一開始及一結束),同時該記憶體之容量之雜凑值 (數位簽章)在第一次作業系統及應用程式儲存期間儲存在 該微控制器中。以後,不可能再改變此資料。 在共同版本中’該微控制器可具有3 2位元微處理器結 構。 可由此一組態明顯增加終端之效用,其中該付費終端可 具有其自己的通信頻道,即,原則上該通信頻道獨立於行 動裝置之通信路徑。此組態版本之特徵將在於含有一無接 觸通信元件之記憶'體卡,該無接觸通信元件連接至安全元 件及/或一微控制器。若該記憶體卡上直接定位有一天線 154948.doc 12 201205477 且若該天線連接至無接觸通信元件,職較佳的。以此方 式’將實現該終端之功能獨立性。該無接觸通信元件可配 備有周圍電磁%之-偵測,由於該谓測,將僅在需要連接 時啟動該無接觸通信元件之φ ^ ^ 义仵之電路,此將造成終端之能量需 求降低。可由該電磁場且可类 過有關&己憶體卡之介面由行 動電話之電力供應器供電办兮故被。兮也括她2 电、、口忑終知。该無接觸通信裝置可 鏈接至該安全元件上之所有單元,惟加密單元例外,該加 密早7G僅透過微控制器存取以降低未授權的碼破壞之風201205477 VI. Description of the Invention: [Technical Field to Which the Invention Is Applied] A solution refers to a pay terminal that is in a mobile communication device such as a mobile phone. In order to implement the payment processing program, the terminal can even communicate through its own communication elements mainly of the NPC type. The present invention also describes a method of direct bill payment using a contactless transmission key. [Prior Art] It is known that a pay terminal (p〇s (point of sale) line terminal W永久s terminal permanently positioned in a commercial building to transfer money from the purchaser's account to the store operator's account in the agreement system has The way of security protection works. Up to now, the payment through the pos terminal is a feature of payment. The payee has a -POS terminal and the paying consumer uses the corresponding card as the payment device. In the first stage, the card is operated. Holder's inspection, inspection, this process should be protected by security and should be achieved with reasonable efforts of both parties (business and paying consumers). Subsequently, the operating payment amount is automatically recorded to one of the store's accounts. Processing program. Initially, only a card with a magnetic stripe is used to operate the pay-per-terminal application 'however' with regard to technical limitations, since the magnetic strip can be copied or changed with the use of a simple technical device, so there is a magnetic load of the data. The article presents a security risk. Reading the internal data from the magnetic strip is low-tech. Therefore, in the second half of the 1990s, the card issuer European International MasterCard (Master) Card) and VISA make a protocol for creating an EMV standard using a microchip positioned on a pay card. The EMV (Eur〇pay MasterCud 154948.doc • 4 - 201205477 heart) standard is for the purpose of ensuring interoperability. The interaction between the card chip and the p〇s terminal. The use of the microchip can protect the data located on the microchip, in such a way that it is impossible to access 4 data from the outside without the -piN. Even without In the case of online connection with the processor's headquarters, 'the use of the chip on the card can also be verified by the card holder ((: Secret 1 such as Verification). Although the magnetic stripe represents the passive data carrier, the wafer on the card is basically A small computer with its own computing capacity, a secure part with memory and a data encryption unit. Regardless of the technical characteristics of the current POS terminal mentioned, it is found to be fraudulent in the inner side of the p〇s terminal. In the case of adjustment and manipulation or in the case of inserting an intermediate key into the reading device, the information and PIN code from the card can be revealed. This is usually insufficient by the operator. In the case of the system or in the case of other deceptive methods, it is not known to have the store owner of the POS terminal. However, until now, there is no known technical tool capable of converting a mobile phone into this type of payment terminal, such technology The tool may be owned by a paying consumer and may have the security required by individual participants of the entire business relationship (payment card issuer, processing headquarters, bank, merchant). The use of a mobile phone as a POS terminal in accordance with the solution of the CN10135 1819 patent Possibility; however, it does not address the specific organization of the individual basic components of the system. Many solutions (such as solutions according to patents CN101339685, CN101329801, US2008270246(A1), SI22595(A), US2008059375) describe mobile phone participation directly The bill is paid, although there is no separate p〇s terminal directly in the phone. Or, as in the 1^20077241180 (into 1) file, there is a solution for the interaction of a mobile 154948.doc 201205477 telephone with a static POS terminal. There is a requirement for this technical solution that the technology solution will have an EMV paid application, even if the Internet pays or other payments made outside the general store (for example, downloading a program stored by the operator) High security and will generate the final paid password strictly in the form of a standard. These types of solutions are currently not known 'or because they may be disclosed or misused, for example, through the Internet's pay-per-use consumer's payment card to the merchant's p〇s terminal or virtual p〇s terminal for data transmission Communication during the period or [^1? (: or GpRS communication, these solutions /, there are security risks in the above events. If the initial proximity between p〇S, = 钿 and the pay card in the general store is lengthened To the communication through the Internet environment, then the security risk increases. [Disclosed] The disadvantages mentioned are largely eliminated by the use of a payment terminal, such as a mobile telephone, wherein the payment terminal A memory, an interface and a microcontroller are included. The microcontroller is linked to the memory and is also linked to the circuit of the mobile communication device via an interface. The payment terminal includes a unit having a POS payment terminal application and A configuration data unit stored in one of the security terminals of the memory is also included. The essence of the invention lies in the payment terminal together with The fact that the data can be stored on a removable memory card, the removable memory card is adjusted in such a way that it can be inserted into the slot of the mobile communication device for additional hardware' This slot is used to add functionality beyond the basic functions of the mobile communication device. 154948.doc 201205477 The essence of the solution is the following configuration: the entire processing program of the POS terminal x, the clamp is inserted in the mobile communication device The most versatile use of the removable memory card is that the removable memory card is inserted into the common memory slot of the mobile phone. All internal paid p〇S terminal applications can be run. Implemented on the removable S-replica card inserted in the mobile communication device. The payment processor's headquarters can be used to discover exceptions in the communication processing private sequence, and the mobile communication device itself can be used in the payment processor headquarters. Communication channel (SMS (Short Message Service), GPRS Universal Packet Radio Service). The display tool of the mobile communication device can be used to display the operation of the paid application. The processing core only transmits the supplementary memory card in the mobile phone to the unexpected technical advantage, but it also causes difficulty in loading the data from the payment card, because the mobile phone does not have a chip card reader. An important feature of the solution is that one of the user's payment cards or even a number of payment cards can be placed even on the same hardware device (ie on the removable memory card). The memory with the information for the payment terminal has a security protection unit: "The hackable memory card also contains a security-protected portion of the memory with the payment card data. In the paid application During operation of the program, the removable memory card is inserted into a slot for the additional hardware of the mobile communication device for adding functionality beyond the basic functionality of the mobile communication device. However, it is not excluded that the slot will be primarily the most commonly used slot that can be accessed externally from the mobile communication device, such as a mobile phone. The slot is designed to be used with this technology device. Without this slot, the mobile communication device can fulfill its basic functions. Therefore, the slot under consideration does not directly affect the transmission of data and/or voice practitioners' networks; in fact, this slot is different from the interface for SIM (Subscriber Identity Module) cards. The memory card, which is an important component of the present invention, does not have the function of a SIM card. The removable memory card described in the solution under consideration does not depend on the sim card of the mobile phone and can be removed or inserted into the mobile phone without interfering with any of the conventional functions of the phone. . If the communication between the payment card and the POS terminal is narrowed to the data transmission inserted in one of the hardware devices in the mobile phone during the running of the application, it is impossible to monitor and misuse the communication by the common component. After the payment is made, the encrypted information about the paid payment is sent from the removable memory card. This information is differentiated by adequate security in the form of bribe standards. In a common configuration, the mobile communication device can be a mobile phone that ensures that the external function of communicating with the payment processing headquarters is used to run a paid service on the removable memory card: ¢3. Ding buy the app. The lighted phone will also ensure power to the removable memory card. The removable memory card may even include a pay card unit that is primarily of the EMV type and has a paid application. According to the EMV standard, this type of payment card unit will include hardware and software tools to ensure functionality similar to that of the wafer. The interface of this unit can be different. This is because the single 70 is not broken to be read in the normal type of reading H, and the unit will be loaded with the removable memory card. Unremovable connection. Placing POS pay-per-use and payment cards in a separate and inseparable hardware J54948.doc 201205477 device until now is meaningless, because the terminals are physically placed at the merchant and they are usually bank, pay processor Wait for all. With the current solution, the user can implement a rental payment terminal, and in this case, the payment terminal and the payment card may be placed in a hardware device. From the point of view of the organizational identity, the terminal will remain in possession by a particular bank or processing organization, as banks or processing agencies up to now typically have such terminals placed at the merchant's premises. Because the communication between the payment card and the POS terminal will be run through the controller and microcontroller in the hardware of the removable memory card and given the micro size of the payment device, then essentially, this is illegally read from the outside. Communication will not be technically feasible. . The private information of the POS pay terminal (such as the encryption key and identification data) must be stored in the secure portion of the memory, preferably in a so-called Secure Element. The $all component is characterized by specific hardware characteristics and is subject to corresponding credentials, and thanks to this credential, the participating components are happy to trust their proprietary material in this memory device. The information of these p〇s payment terminals must be strictly separated from the access to the payment card materials and vice versa. For this purpose, at least two independently separated secured memory domains can be attached to the removable memory card. Such fields may be in the form of separate parts of the secure element. ▲ From the point of view of the processing program in the optimized payment terminal application, if the °H removable memory card has two independent hardware The security element is I (but not required). These security elements can be in the form of two one-day films. The wafer can be placed independently on the print cartridge of the removable memory card. The secure element may be intended to be used to store the p〇s terminal or to store information on different POS terminals, respectively. The second secure element will be intended to store information about the paid card or various payment cards. It is possible to place a number of operators' pos terminals and a number of payment cards of the user (ie, payment cards of various banks issued under the name of the individual) on the hardware device, because from the access point of view, such configuration and payment materials (Belong to different companies) ', must open the knife to locate ' so the security elements will be divided into several separate domains, parts. If two security elements are used, then even in the security 7C pieces will With multiple tasks, the secure elements can be used to run two applications on each other. Two or more secure elements are used to increase the total available memory capacity, which can be directly on the security components. Run the paid POS terminal application. In the case of a secure comma, it will be more suitable to use another - cheapest but insecure memory. The hai paid P0S terminal application will be loaded into the memory. The payment terminal application will be run on the memory during the payment processing private sequence. In addition to containing the common memory itself, the memory card can hold one of the security forms in the form of a wafer. The component, with the configuration data of the terminal, is stored in the secure memory. This unit is used to securely store the information that the terminal needs to assign its own identity. In principle, most of these are terminals with relevant information. The data of the person is determined. The secure element is connected to the microcontroller. The term microcontroller can even mean controller or controller. Some narrowed hardware. One way: the microcontroller, which divides the function of the microcontroller, for example, divides the controller part from the calculation part in another wafer. In order to be able to transport 154948.doc 201205477 The paid POS terminal application, the microcontroller can also be connected to the memory of the memory card, where the memory has a unit with a paid POS terminal application. The application can be specifically an EMV application. In the form of the microcontroller reading the paid P〇S terminal application from the respective unit, by which it becomes a so-called universal P〇S terminal. It is a general-purpose P0S payment terminal, although there is still no difference at the moment. In order to make the p〇s pay terminal become associated with some specific banks and specific institutions, the terminal configuration data must be downloaded from the selected unit in the smart card chip. This configuration enables the configuration of a configured and adapted memory card of one of the paid P〇S terminal operations to be inserted into a common mobile phone order having a slot for memory expansion. The pay card unit will be located separately from the unit having the terminal configuration data in a secured portion of the suffix, preferably on a separate domain of the secure elements in a particular chip. As for the appropriate structure of the memory card and high penetration with respect to the mobile communication device having the SD slot, the card is suitable for an SD type or miniSD or microSD card or even a M2 (Memory Stick Micro) ). The interface to the δ-recall card of the circuit of the mobile communication device will then be the interface of the SD or M2 type. The microcontroller can be connected to the interface of the card as set forth in the provisions of the SD Card Association (Technical Committee 8 Leica Association). In order to achieve sufficient data permeability, it may be appropriate if the payment card has at least one two-conductor billet bus or a better four-conductor data bus. Preferably, the card has a maximum parameter of less than 24 mm and a second maximum parameter of less than a millimeter. 154948.doc 201205477 The microcontroller can be equipped with a non-deletable internal s memory that is preferably of the EEPROM type. In order to achieve an adequate level of security, the microcontroller may also include a boot loader unit for controlling unauthorized intervention of the loaded p〇SM fee application. The boot loader can be located in the read-only portion of the microcontroller processor 5 and it operates after each reset of the terminal. This boot loader function is used to control whether the operating system or application is changed by any unauthorized intervention. After each reset, the boot loader calculates a hash value (digital signature) based on the contents of the external flash memory of the program, and the external flash memory stores the operating system and the applications. The boot loader then compares the result with the value stored in the internal memory of the EEpR〇M. If the data is equal, then the boot loader leaves management to the operating system. Otherwise, the boot loader decrements the counter that failed the attempt and then stops. If the counter reaches 〇, it is not possible to start the microcontroller again. In the memory t, an operating system (starting and ending as one of the addressed areas) can be stored, and the hash value (digital signature) of the capacity of the memory is stored during the first operating system and application storage period. Stored in the microcontroller. In the future, it is impossible to change this information. In a common version, the microcontroller can have a 32-bit microprocessor structure. The utility of the terminal can be significantly increased by this configuration, wherein the paying terminal can have its own communication channel, i.e., in principle the communication channel is independent of the communication path of the mobile device. This configuration version will be characterized by a memory 'body card containing a contactless communication element that is connected to the security element and/or a microcontroller. If the memory card is directly positioned with an antenna 154948.doc 12 201205477 and if the antenna is connected to a contactless communication component, it is preferred. In this way, the functional independence of the terminal will be achieved. The contactless communication component can be equipped with a surrounding electromagnetic %-detection, and due to the presumption, the circuit of the contactless communication component will be activated only when the connection is required, which will result in a reduction in energy demand of the terminal. . It can be powered by the electromagnetic field of the mobile phone by the electromagnetic field and the interface of the & memory card.兮 also includes her 2 electric, and the mouth knows. The contactless communication device can be linked to all units on the secure element, except for the encryption unit, which is accessed only by the microcontroller to reduce the unauthorized code destruction.
險。相對於現有的通信類枣之八你 _ _ ^ L 哎丨η蝴全之为佈,该通信元件較佳係根 據IS014443標準之NFC類型。 該付費終端可具有在該安全元件中之更多個別單元,該 等個別單元具有來自不同獨立終端的組態資料。此等組態 資料將儲存在該安全^件之分開域中。此技術解決方案將 能夠啟動該付費終端進入屬於不同付費處理者之—終端。 此能力將取決於使用者之選擇或取決於其他命令。以此方 式’-記憶計可歸類且運行若干獨立㈣終端之順序功 能。此組態將係㈣的,尤其t考慮描述的該付費終端之 行動性及其與一特定商家之獨立性時或當較佳具有選擇之 可能性及付費終端之身份及所有者時。 該付費終端亦可藉由在該安全元件中具有若干獨立單元 而含有若干付費卡,該等獨立單元持有具有其等之各別付 費應用程式之獨立付費卡。所以該付費終端不僅可係一多 重付費終端而且可係一多重卡。隨著一使用者擁有的卡數 目日益增加,此解決方案將產生此等付費構件之舒適且安 154948.doc 13 201205477 全的結合之空間至插入於一行動電話之一記憶體卡中β 該記憶體卡之記憶體(較佳呈一快閃記憶體之形式)可具 有其之有安全保護空間之至少一部分。在此情況下,一付 費POS終端應用程式單元可儲存至此記憶體中。此單元甚 至可直接定位在該微處理器中或該等安全元件中,但在一 些電路板架構中,當考慮記憶體區域之需要大小時,此種 類的解決方案可能不充分靈活。然而,將需要逐漸更新該 付費POS終端應用程式’可由下載的管理單元實行的活動 儲存在該記憶體中。該記憶體卡可配備有用於資料流程管 理之記憶體控制器處理單元。若在一記憶體卡與一行動電 蛞間有透過網站介面進行通信之任何需要,則一網站伺服 器單元可包含在該記憶體卡中。 根據當前描述,該終端之效用將藉由擴充其之非金融特 徵之功能而增加。該記憶體卡之現有元件、獨立安全元件 域、無接觸通信元件及加密單元可用於控制外部裝置(例 如,遙控器)、至門禁閘之電子鑰等等。在此情況下,通 過該微控制器經初始化之一非金融應用程式單元可在該安 全元件中或在管控智慧卡晶片中。 在根據此解決方案之組態中,具有付費終端功能之該記 憶體卡甚至可進-步履行行動通信I置之擴充記憶體之功 旎。在未受保護的部分中,該記憶體可具有用於使用者之 可自由存取資料(如圖像、音樂檔案及類似物)之區域。當 查看該行動通信裝置時,此部分係直接可見的。在該記憶 體中,對於對使用者隱藏之f料,可有系統f料作為付費 154948.doc 201205477 處理結果及類似物之記錄。 為在標準商店中付費之目的,該系統可補充付費p〇s終 端應用程式啟動器;該啟動器可係呈一簡單硬體元件之形 式或者其可係收銀機之一部分。該啟動器可具有付費值產 生單元。商家通過該啟動器鍵入需要的付費金額。此金額 亦可產生為自該收銀機輸出的最終購買金額。該啟動器附 接至一通信元件或完全配備有該通信元件,該通信元件與 該可抽換式記憶體卡上之該通信元件相容或與該行動通信 裝置之短距離通信元件相容。 根據本發明’使用一行動通信裝置之直接帳單付費方式 係基於以下事實:付費POS終端應用程式可在插入於行動 電話之用於額外硬體的插槽中之可抽換式記憶體卡上運行 且該付費卡應用程式亦可在相同硬體裝置上運行。直到現 在已知的該付費POS終端應用程式之運行特徵在於:在實 現付費期間,該付費卡暫時連接至pos終端。根據當前解 決方案,該付費卡穩固連接至付費終端且因此該P0S終端 與該付費卡間之通信可通過該付費卡之電路直接運行。自 此技術解決方案使各種新付費應用程式程序可能性湧現, 且原則上該付費POS終端應用程式之結果可係現今使用的 格式(EMV付費密碼(Crypt〇gram))。 在可能程序版本之一者中,該付費P0S終端應用程式可 被載入至該記憶體卡中之該微控制器中,且隨後自對應安 全元件載人所選終端之身份之組態資料。重要特徵亦在於 將來自安全元件之付費卡f料載人至操作為付費終端之該 154948.doc 15 201205477 微控制器之可能性,所以自由該付費pos終端應用程式為 其之運行而使用的相同種類的硬體設備載入該資料。若該 安全兀件具有充足計算容量,則該付費pos終端應用程式 可直接在該安全元件中運行。此將在使用兩個安全元件之 情況下發生’一安全元件用於付費終端’另一安全元件用 於付費卡。甚至在此組態中,該付費POS終端應用程式可 產生為用於所有付費終端之身份之一無差異、共同者;且 僅在選擇及付費終端之後’將來自該安全元件之對應獨立 域之識別資料載入至該付費1>08終端應用程式中。使用具 有已經插入組態資料之獨立付費POS終端應用程式之版本 亦未被刪除。 為牦加女全層級,該開機載入器在運行該付費p〇S終端 應用程式自身之前運行該付費PQS終端制程式巾之變化 控制係較佳的《將透過該行動通信裝置之一輸入裝置(主 要為鍵盤)管理該付費P0S終端應用程式。 【實施方式】 圖1至圖6中詳細闡述該解決方案。 實例1 在此實例中,描述利用根據圖3之兩個獨立安全元件 之解决方案。使用分開硬體安全元件3 1、3 2簡化憑 證要求’由付費系統之個別參與者(發卡者結算中心業 者)在储存機密資料於該等安全元件3、31、U上時設定該 等憑證要求°在此實例中,該等安全元件31、32之每-者 亦被劃分為獨立域’該等獨立域可被提供至不同發卡業者 I54948.doc •16· 201205477 且至POS終端之組態資料之不同所有者。該等安全元件 31、32係呈電路板上之獨立晶片之形式,該等安全元件在 該電路板上與履行微控制器12之角色之控制器連接。該等 女全元件3 1、32朝向該控制器12之介面係ISO 7816。可抽 換式兄憶體卡1係呈micr〇sD卡之形式。ASIC(專用積體電 路)b曰片與έ亥微控制器12連接,該a SIC晶片經設定用以執 行NFC平台通信處理程序且藉由做到此,該ASI(:晶片履行 通#兀件13之功能。直接定位在該可抽換式記憶體卡之本 體1上之天線21根據專利所有人之不同專利申請經設計且 以使忐NFC通信之方式連接至該ASIC晶片,NFC通信獨立 域行動電話4之其他硬體。該可抽換式記憶體卡丨亦含有 (例如)具有2GB容量之一共同快閃記憶體2❶使用者不能自 行動電話之介面4存取該記憶體2之一部分2〇 ;該記憶體之 此部分用於所貫現付費記錄之存檔。該記憶體2之剩餘部 分用於音樂、圖像及類似物之共同儲存,多虧該共同儲 存,整個記憶體卡1對使用者顯現為一共同記憶體媒體。 藉由將P0S終端及付費卡放置在一可抽換式記憶體卡i 上,經設計用以擴充記憶體容量之該行動電話4之插槽之 初始功能不會消失。 付費可以兩個不同種類運行。例如,如圖6中展示,該 行動電話4之使用者判定他想要在一網際網路商店中買呈 電子形式之一地圖。在此情況下,該網際網路商店之業者 可係該行動電話4生產者。根據描述的技術解決方案生產 的該microSD記憶體卡丨被插入於可自該行動電話4之外部 154948.doc 17 201205477 存取的橫向插槽中。該安全元件31上儲存有屬於若干人 (其等間甚至有網際網路商店之業者)之P〇S終端組態資料 6。選擇購買的項目之後,將對應金額之付費要求自該網 際網路商店發送至該行動電話4。使用者按壓該電話配備 有之付費按紐。在另一付費實例中,可由該行動電話4之 顯示器上顯示的軟體按鈕啟動付費選擇。將發動該付費 POS應用程式之要求發送至介面u。該付費p〇s終端應用 程式以與其在一標準!>〇8付費終端與付費卡間之一關係中 之運行方式相同的方式在該記憶體卡1上運行,該付費卡 被插入於POS終端之讀取器中。該行動電話4之顯示器用 於管理付費之運行。使用者根據他想要付所需金額而選擇 該付費卡。啟動所選付費卡之對應單元7中之應用程式之 後,亦可由對應卡之發行者之風險管理之預設定規則管理 付費之運行。取決於此,將有必要或不必要鍵入該付費之 卡通行密碼(password) 〇 結束該付費POS終端應用程式之後,由軟體斷開該p〇s 付費終端與該#費卡間之連接且通過_網路商店中待處 理的GPRS頻道發送所得付費密碼。網際網路商店接收且 解密付費檔案之後,估計該付費且在一肯定結果情況下, 經付費的項目(在此實例中為該地圖)被發送至該行動電話 實例2 此實例中描述在形狀及參數上相當於一標準_〇 之―灿類型的該可抽換式付費^平台上之付費終端。 J54948.doc •18· 201205477 如圖1中,該付費卡i具有呈Μ位元微處理器之形式之一微 控制器12,該微處理器在多任務作業系統8(此實例中係 LinUX)上進行操作。一快閃記憶體2、安全元件3及SD介面 11連接至該微控制器12。微控制器12含有一内部eepr〇m 记憶體10及開機冑入器9,關機冑入器9控制載入的付費 POS終端應用程式中之未授權的介入。 該快閃記憶體2被劃分為有安全保護部分及未受保護部 分。在未受保護部分中有用於自由存取且可見的使用者資 料之一空間15及用於隱藏系統檔案(尤其由付費終端處理 的付費處理之記錄)之一空間2〇。在該記憶體卡之該有安 全保護部分中,有持有作業系統(此實例中係以職)之一單 元8及儲存有一付費P〇s終端應用程式(在此情況下係一 EMV類型的應用程式)之首要的付費p〇s終端應用程式單元 5。在此實例中,在該記憶體2之該有安全保護部分中,亦 有用於該記憶體卡1上之儲存及軟體更新管理之下載管理 單元19。若有必要載入/升級智慧卡晶片3中之應用程式’ 則接著將該應用程式之二進位資料載X至該快閃記憶體2 之未受保護部分中,例如至儲存有對使用者隱藏之資料之 該空間20中之系統資料單元。該下載管理單元吻期性檢 查該系統資料單元中是否有應載入至該安全元件3中之任 何新檔案。若有,則接著運行一各別安裝。 在該記憶體2之該有安全保護部分中,亦有用於管理儲 存在該安全元件3中之應用程式(惟EMV付費應用程式除 外)的SCWS網站伺服器單元。在該微控制器〖2中有儲存 154948.doc •19- 201205477 有作業系統(作為經定址區域之_開始及_結束)之一纪憶 體空間。該記憶體之容量之雜凑值(數位簽章)在第一作業: 系統及應用程式儲存期間儲存在該微控制器12中。以後, 不可能再改變此資料,其確保對禁止軟體改變之保護。 在該智慧卡晶片3之該安全元件中產生若干個別域。在 此文件中,該等域有用於持有屬於三個不同付費處理者的 三個獨立終端之三個組態資料單元6。該安全元件之兩部 分含有具有EMV類型的各別#費應用程式之兩個獨立付費 卡7。此處給出的實例因此描述_種解決方案其能夠使 使用者在二個終端處用兩個不同付費卡付費而該等終端 之每一者屬於一不同付費處理者。舉例而言,此等付費處 理者之一者可係一行動電話網路業者,該業者將其之電信 服務連接至直接帳單付費處理處理服務。在該安全元件 上’亦有RSA加密單元1 4。 5亥記憶體卡1亦具有分別放置在該記憶體卡丨内之其自己 的NFC無接觸通信元件13與該天線21。此組態能夠在不具 有NFC晶片之一共同電話與滿足IS〇丨4443標準之有關讀取 器間產生NFC通信連接。 在該安全元件3中,亦有非金融應用程式單元16,其在 此實例中經組態以操作為用於打門之電子無接觸錄。 該快閃記憶體2之控制器17係在該記憶體2之該有安全保 護ep分中且§玄控制器管理s玄行動電話與該記憶體卡1上之 該快閃記憶體2間之資料傳送。該快閃記憶體2之控制器口 單位化檢視資料或寫至該記憶體2之該有安全保護部分之 154948.doc •20· 201205477 可能性且亦單位化檢視該記憶體2之該未受保護部分之可 能性,系統資料單元(准許讀取及寫入)定位在該未受保言蔓 部分中。 該付費POS終端應用程式在插入於該行動通信裝置之用 於額外硬體的插槽4中之該可抽換式記憶體卡丨上運行。該 付費POS終端應用程式被載入至該記憶體卡1中之該微控 制器12中且隨後自該安全元件3載入所選終端之身份的組 態資料。將所選付費卡資料自該安全元件3載入至操作為 付費終食而之s亥微控制益12中。載入哪·—付費卡資料取決 於使用者之選擇。 在開始該付費POS終端應用程式自身之前,該開機載入 器9運行該付費POS終端應用程式之一改變控制。使用該 行動通信裝置4之鍵盤及顯示器管理該付費p〇s終端應用 程式。該行動電話具有一圖形Gm介面(圖形使用者介 面),該GUI讓使用者、記憶體卡j及主機處理器之間能夠 進行通信。該電話中亦有推送(push)SMS技術。該付費 pos終端應用程式係使用該如以〇8]〇記憶體卡1上之付費應 用程式使能線上付費及離線付費之一 SD微控制器應用程式 12。當「卡存在」時實現付費,其高度增加安全性(用密 碼簽章處理)且在每一處理期間,ATC計數器遞增丨,此意 。胃著不可此產生無限次處理以便得到一些密錄。用戶端透 過安裝在其自己的電話中之—GUI應用程式管理該付費 pos終端應用程式。在此實例中,該付費p〇s終端應.用程 式連同該微控制器12形成一通用p〇s終端1在一不.同組態 154948.doc 201205477 中’可由付費POS終端應用程式連同一計算元件形成該通 用P0S終端’該計算元件直接在具有該安全元件之晶片 中。隨後’連同組態參數’其等形成嵌入式p〇S終端 (EMBEDDED POS TERMINAL) : Terminal_type lx=屬於一 金融機構之終端,2x=屬於一商家之一終端,3?{=屬於卡持 有者之一終端(卡持有者終端)。該終端之組態資料單元6含 有終端之ID號碼、PD0L資料(處理選項資料物件列表)、 終端風險管理、離線批次檔案格式、主機上之SMS選通 器、主機上之IP位址、簽章離線處理之代碼。付費可係離 線或線上的》可透過SMS訊息或透過GPRS實現與付費處 理者之通信。 實例3 此實例中描述一種可抽換式記憶體卡丨,其僅含有用於 實現付費必要的-最小組。圖4中展示該可抽換式記憶體 卡1之結構。此種類的可抽換式記憶體卡經設計僅用預買 入金額的錢作為一預付付費卡出售且意欲(例如)出售仏來 自使用不同貨幣之-國家之旅遊者。該可抽換式記憶體卡 1含有根據micrc>SD格式之具有接觸件之—介面1卜在該可 抽換式記憶體卡1之塑膠本體中有兩個安全元件3 1、32。 在第一安全元件31中有由預付卡系統之業者產生的P0S级 端之組態資料》在第:安全元件32中有—次性付費卡(咖 tlmepaymentcard)之資料。連同該可抽換式記憶體卡卜 ,業套件樹具有-剪輯櫚位⑽apfidd)之—紙張輸送 盗㈣以㈣㈣,該剪輯欄位中有用於管理對該付費卡之 I54948.doc •22· 201205477 存取之一對應PIN碼。當由商家持有的一共同p〇s終端連 接至付費消費者之付費卡時,該記憶體卡1執行所有操 作。該行動電話4之設施用於顯示及通信。 實例4 在此實例中’系統補充該付費P0S終端應用程式啟動器 22。β玄啟動益22可係呈具有NFC通信元件之一單用裝置之 形式。在此實例中,該啟動器連接至收銀機26之輸出端, 該收銀機26將發送關於總共需要的付費之資訊至輸出端。 該啟動器22產生含有付費值、商家帳戶之資訊及要求命令 之一檔案。該啟動器22通過通信元件24發送此檔案至應用 於此之該行動電話4。此檔案在該記憶體卡丨上之接收造成 該付費POS終端應用程式之發動。此解決方案能夠使用使 用者之該行動電話4之付費終端用於在不具有其自己的 P0S終端之一般商店中之直接帳單付費。 商業適用性 商業適用性顯而易見。利用本發明,可歲 製造並使用實施至記憶體卡中之付費終端, 可能產業上且重複 一記憶體卡中 具有一或多個付費卡。 【圖式簡單說明】 示的記憶體卡上之個別risk. Compared with the existing communication class, the _ _ ^ L 哎丨 蝴 butterfly is all cloth, and the communication component is preferably based on the NFC type of the IS014443 standard. The paying terminal can have more individual units in the secure element, the individual units having configuration data from different independent terminals. These configuration data will be stored in separate fields of the security component. This technical solution will enable the paying terminal to enter terminals that belong to different pay processors. This ability will depend on the user's choice or on other commands. In this way, the memory meter can be categorized and run a number of independent (four) terminal sequence functions. This configuration will be (iv), especially when considering the mobility of the paying terminal described and its independence from a particular merchant or when there is a better likelihood of selection and the identity and owner of the paying terminal. The paying terminal may also contain a number of paying cards by having a number of separate units in the secure element, the independent units holding independent payment cards having their respective payment applications. Therefore, the pay terminal can be not only a multi-paid terminal but also a multi-card. As the number of cards owned by a user increases, this solution will generate the comfort of these paid components and the space of the integration of the full 154948.doc 13 201205477 into a memory card inserted in a mobile phone. The memory of the body card (preferably in the form of a flash memory) may have at least a portion of its security space. In this case, the one-pay POS terminal application unit can be stored in this memory. This unit can even be located directly in the microprocessor or in such secure components, but in some board architectures, such a solution may not be sufficiently flexible when considering the size of the memory area. However, it will be necessary to gradually update the paid POS terminal application's activities that can be performed by the downloaded management unit in the memory. The memory card can be equipped with a memory controller processing unit for data flow management. If there is any need for communication between the memory card and a mobile device via the website interface, a web server unit can be included in the memory card. According to the current description, the utility of the terminal will be increased by expanding the functionality of its non-financial features. The existing components of the memory card, the independent secure component domain, the contactless communication component, and the encryption unit can be used to control an external device (e.g., a remote controller), an electronic key to the access gate, and the like. In this case, one of the non-financial application units initialized by the microcontroller can be in the security element or in the managed smart card chip. In the configuration according to this solution, the memory card with the function of the payment terminal can even perform the function of the extended memory of the mobile communication I. In the unprotected portion, the memory can have an area for the user to freely access data such as images, music files, and the like. This section is directly visible when viewing the mobile communication device. In this memory, for the material hidden from the user, there is a system f material as a record of the processing results and the like of the payment 154948.doc 201205477. For payment purposes in a standard store, the system can be supplemented with a pay-per-use terminal launcher; the launcher can be in the form of a simple hardware component or it can be part of a cash register. The initiator can have a payment value generating unit. The merchant types the required payment amount through the launcher. This amount can also be generated as the final purchase amount output from the cash register. The actuator is attached to or fully equipped with a communication component that is compatible with the communication component on the removable memory card or with the short-range communication component of the mobile communication device. The direct bill payment method using a mobile communication device according to the present invention is based on the fact that a paid POS terminal application can be inserted on a removable memory card in a slot for a mobile phone for additional hardware. Run and the pay card application can also run on the same hardware device. Until now the known paid POS terminal application is characterized by the fact that the pay card is temporarily connected to the pos terminal during the payment of the payment. According to the current solution, the pay card is securely connected to the paying terminal and thus the communication between the POS terminal and the pay card can be run directly through the circuit of the pay card. Since this technology solution has made it possible for various new paid applications to emerge, and in principle the results of the paid POS terminal application can be in the format used today (EMV paid password (Crypt〇gram)). In one of the possible program versions, the paid POS terminal application can be loaded into the microcontroller in the memory card, and then the configuration data of the identity of the selected terminal is carried from the corresponding security component. An important feature is also the possibility of manned the payment card from the secure element to the 154948.doc 15 201205477 microcontroller operating as a payment terminal, so free to use the same for the paid pos terminal application for its operation. A variety of hardware devices load this information. If the security component has sufficient computing capacity, the pay pos terminal application can run directly in the secure element. This will occur with the use of two secure elements 'one secure element for a paying terminal' and another secure element for a paying card. Even in this configuration, the pay-as-you-go POS terminal application can be generated as one of the identities for all paying terminals, with no difference, commonality; and only after selecting and paying the terminal 'will be from the corresponding independent domain of the secure element The identification data is loaded into the payment 1 > 08 terminal application. The version using the stand-alone POS terminal application with the inserted configuration data has also not been deleted. In order to increase the full level of the female, the boot loader runs the control system of the paid PQS terminal device before running the payment server, which is preferably the one that will be input through the mobile communication device. (mainly keyboard) manages the paid POS terminal application. Embodiments This solution is explained in detail in FIGS. 1 to 6. Example 1 In this example, a solution utilizing two independent security elements according to Figure 3 is described. Simplified voucher requirements using separate hardware security elements 3 1 , 3 2 'The individual participants of the payment system (the issuer settlement center) set the voucher requirements when storing confidential information on the secure elements 3, 31, U ° In this example, each of the security elements 31, 32 is also divided into independent domains. These independent domains can be provided to different card issuers I54948.doc •16·201205477 and configuration data to the POS terminal Different owners. The security elements 31, 32 are in the form of separate chips on a circuit board that are connected to the controller that performs the role of the microcontroller 12 on the board. The interface of the female all-in-one components 31, 32 towards the controller 12 is ISO 7816. The removable brother's memory card 1 is in the form of a micr〇sD card. An ASIC (Dedicated Integrated Circuit) b-chip is connected to the 微Hui microcontroller 12, which is configured to execute an NFC platform communication processing program and by doing so, the ASI (: wafer fulfillment pass) The function of 13. The antenna 21 directly positioned on the body 1 of the removable memory card is designed according to different patent applications of the patent owner and is connected to the ASIC chip in a manner of NFC communication, NFC communication independent domain Other hardware of the mobile phone 4. The removable memory card also contains, for example, a common flash memory having a capacity of 2 GB. The user cannot access a portion of the memory 2 from the interface 4 of the mobile phone. 2〇; this part of the memory is used for archiving of the paid record. The remainder of the memory 2 is used for the common storage of music, images and the like, thanks to the common storage, the entire memory card 1 pair The user appears as a common memory medium. The initial function of the slot of the mobile phone 4 designed to expand the memory capacity by placing the POS terminal and the payment card on a removable memory card i Will not disappear. The payment can be run in two different categories. For example, as shown in Figure 6, the user of the mobile phone 4 determines that he wants to buy a map in electronic form in an internet store. In this case, the internet The dealer of the road store can be the producer of the mobile phone 4. The microSD memory cartridge produced according to the described technical solution is inserted into a lateral slot accessible from the outside of the mobile phone 4 154948.doc 17 201205477 The security element 31 stores a P〇S terminal configuration material 6 belonging to a number of people (and even those of the Internet shop). After selecting the purchased item, the corresponding amount of payment is requested from the Internet. The road store sends to the mobile phone 4. The user presses the phone with a pay button. In another payment instance, the payment button can be initiated by a software button displayed on the display of the mobile phone 4. The paid POS application will be launched The program request is sent to the interface u. The paid p〇s terminal application is in the relationship with one of the standard!>〇8 paying terminal and the paying card. The same way runs on the memory card 1, which is inserted into the reader of the POS terminal. The display of the mobile phone 4 is used to manage the operation of the payment. The user according to the amount he wants to pay Selecting the payment card. After launching the application in the corresponding unit 7 of the selected payment card, the payment operation can also be managed by the pre-set rules of the risk management of the issuer of the corresponding card. Depending on this, it will be necessary or unnecessary to type The paid cartoon password (password) 〇 after the payment of the paid POS terminal application, the software disconnects the connection between the p〇s paying terminal and the #费卡 and sends it through the GPRS channel to be processed in the _network store The resulting paid password. After the Internet store receives and decrypts the paid file, the payment is estimated and, in the case of a positive result, the paid item (in this example, the map) is sent to the mobile phone instance 2 in this example. A paying terminal on the replaceable payment platform that is equivalent to a standard _ 〇 ― 灿 type in terms of shape and parameters. J54948.doc •18· 201205477 As shown in Fig. 1, the payment card i has a microcontroller 12 in the form of a unit microprocessor, which is in the multitasking operating system 8 (LinUX in this example) Operate on. A flash memory 2, a secure element 3 and an SD interface 11 are connected to the microcontroller 12. The microcontroller 12 includes an internal eepr 〇m memory 10 and a power-on tamper 9 that controls unauthorized intervention in the loaded paid POS terminal application. The flash memory 2 is divided into a secured portion and an unprotected portion. In the unprotected portion, there is a space 15 for free access and visible user information and a space for hiding system files (especially records of payment processing handled by the paying terminal). In the secure part of the memory card, there is a unit 8 holding the operating system (in this example) and a paid P〇s terminal application (in this case, an EMV type) The application of the first payment p〇s terminal application unit 5. In this example, in the secured portion of the memory 2, there is also a download management unit 19 for storage and software update management on the memory card 1. If it is necessary to load/upgrade the application in the smart card chip 3, then the application binary data is loaded into the unprotected portion of the flash memory 2, for example, until the storage is hidden from the user. The system data unit in the space 20 of the data. The download management unit checks the system data unit for any new files that should be loaded into the secure element 3. If so, then run a separate installation. In the secured portion of the memory 2, there is also a SCWS web server unit for managing applications stored in the secure element 3 (except for the EMV paid application). There is storage in the microcontroller 〖2 154948.doc •19- 201205477 There is a memory system (as the start and end of the addressed area). The hash value (digital signature) of the memory capacity is stored in the microcontroller 12 during the first job: system and application storage. In the future, it is impossible to change this information, which ensures protection against software changes. A number of individual fields are created in the secure element of the smart card chip 3. In this file, these fields have three configuration data units 6 for holding three independent terminals belonging to three different payment processors. The two parts of the secure element contain two independent payment cards 7 of the respective #费 application of the EMV type. The example given here thus describes a solution which enables the user to pay with two different payment cards at two terminals and each of the terminals belongs to a different payment processor. For example, one of these payment handlers can be a mobile telephone network operator who connects their telecommunications services to a direct bill payment processing service. There is also an RSA encryption unit 14 on the secure element. The 5H memory card 1 also has its own NFC contactless communication element 13 and the antenna 21 placed in the memory cassette, respectively. This configuration enables an NFC communication connection between a common telephone that does not have an NFC chip and a related reader that satisfies the IS〇丨4443 standard. Also within the secure element 3 is a non-financial application unit 16, which in this example is configured to operate as an electronic contactless record for door knocking. The controller 17 of the flash memory 2 is in the security protection ep of the memory 2 and the sin controller manages the sinuous mobile phone and the flash memory 2 on the memory card 1. Data transfer. The controller port of the flash memory 2 unitizes the viewing data or writes to the protected portion of the memory 2 154948.doc •20· 201205477 possibility and also systematically checks the memory 2 for the unacceptable The possibility of protecting the part, the system data unit (allowing reading and writing) is located in the unprotected part. The pay-as-you-go terminal application runs on the removable memory cartridge inserted in the slot 4 of the mobile communication device for additional hardware. The pay POS terminal application is loaded into the microcontroller 12 in the memory card 1 and subsequently loaded with the configuration information of the identity of the selected terminal from the secure element 3. The selected payment card data is loaded from the secure element 3 into the operating control for the payment of the final food. Which to load – the payment card information depends on the user's choice. The boot loader 9 runs one of the paid POS terminal applications to change control before starting the pay POS terminal application itself. The paid p〇s terminal application is managed using the keyboard and display of the mobile communication device 4. The mobile phone has a graphical Gm interface (graphical user interface) that enables communication between the user, the memory card j and the host processor. There are also push SMS technologies in the phone. The pay pos terminal application uses one of the pay-as-you-go applications on the memory card 1 to enable online payment and offline payment for one of the SD microcontroller applications 12 . The payment is realized when the "card exists", which increases the security (handled with the password signature) and the ATC counter increments during each processing, which means. The stomach can't be processed indefinitely to get some secrets. The client manages the paid pos terminal application through a GUI application installed in its own phone. In this example, the pay-per-use terminal should use the program together with the microcontroller 12 to form a universal p〇s terminal 1 in the same configuration as 154948.doc 201205477, which can be connected by a paid POS terminal application. The computing element forms the general purpose POS terminal 'the computing element is directly in the wafer having the secure element. Then, along with the configuration parameters, they form an embedded p〇S terminal (EMBEDDED POS TERMINAL): Terminal_type lx=terminal belonging to a financial institution, 2x=one terminal belonging to one merchant, 3?{= belonging to the card holder One terminal (card holder terminal). The configuration data unit 6 of the terminal contains the terminal ID number, PD0L data (processing option data item list), terminal risk management, offline batch file format, SMS strobe on the host, IP address on the host, and signing Chapter offline processing code. Payment can be made offline or online. Communication with payment handlers can be done via SMS messages or via GPRS. Example 3 This example describes a removable memory card that contains only the minimum set necessary to implement the payment. The structure of the removable memory card 1 is shown in FIG. This type of removable memory card is designed to be sold only as a prepaid card with a pre-purchased amount of money and intended to be sold, for example, to tourists from countries that use different currencies. The removable memory card 1 has a connector 1 having a contact according to the micrc>SD format. There are two security elements 3 1 and 32 in the plastic body of the removable memory card 1. In the first secure element 31, there is a configuration data of the POS stage generated by the manufacturer of the prepaid card system. In the first: the secure element 32, there is a data of a tempopayment card. Together with the removable memory card, the business suite tree has a - clipping palm (10) apfidd - paper transport thief (four) to (four) (four), the clip field has I54948.doc • 22· 201205477 for managing the payment card One of the accesses corresponds to the PIN code. When a common p〇s terminal held by a merchant is connected to a paying card of a paying consumer, the memory card 1 performs all operations. The facility of the mobile phone 4 is used for display and communication. Example 4 In this example, the system supplements the paid POS terminal application launcher 22. The β-Xin Starter 22 can be in the form of a single-use device having one of the NFC communication elements. In this example, the initiator is coupled to the output of the cash register 26, which will send information about the total required payment to the output. The launcher 22 generates an archive containing payment values, merchant account information, and request commands. The initiator 22 transmits the file via the communication component 24 to the mobile telephone 4 to which it is applied. The receipt of this file on the memory card causes the payment POS terminal application to be launched. This solution enables the use of the paying terminal of the mobile phone 4 of the user for direct bill payment in a general store that does not have its own POS terminal. Commercial applicability Business applicability is obvious. With the present invention, it is possible to manufacture and use a payment terminal implemented in a memory card, possibly industrially and repeatedly having one or more payment cards in a memory card. [Simple description of the diagram] Individuals on the memory card shown
護資料。 圖1係記憶體卡之個別元件與顯示的兮己 該解決方案中有在網際網路商 圖2展示一種解決方案, 154948.doc -23* 201205477 @中付費期間或在對自行動網路下載的檔案付費期間具有 一記憶體卡之一行動電話。 圖3係具有兩個獨立安全元件且具有直接定位在記憶體 之通仏元件(正如天線)之micr〇SD類型的可抽換式記 憶體卡。 圖4係在具有兩個安全元件之選項申具有一簡化架構之 一預付可抽換式記憶體卡。 圖5係在可抽換式記憶體卡上運行同時為行動網路中提 供的檔案付費之付費應用程式内之任務之連續。 圖6係具有付費啟動器一 _ 、 ^解决万案,其中啟動器實踐 中經定位永久接著實體商店中之收銀機。 【主要元件符號說明】 1 記憶體卡 2 記憶體 3 安全元件 4 行動通信裝置 5 付費POS終端應用程式 6 終端之組態資料單元 7 付費卡單元 8 作業系統單元 9 開機載入器單元 10 内部微控制器記憶體 11 介面 12 微控制器 154948.doc • 24· 201205477 13 通信元件 14 加密單元 15 可自由存取的使用者之資料空間 16 非金融應用程式單元 17 快閃記憶體控制器 18 網站伺服器單元 19 下載管理單元 20 隱藏的資料空間 21 天線 22 啟動器 23 收款者之電腦 24 啟動器之通信元件 25 . 付費處理總部 26 收銀機 31 POS終端之安全元件 32 付費卡之安全元件 -25- 154948.docProtection materials. Figure 1 shows the individual components of the memory card and the display of the solution. In the solution, there is a solution in Figure 2 of the Internet commerce, 154948.doc -23* 201205477 @中paid period or in the self-action network download The file has a mobile phone with one memory card during the payment period. Figure 3 is a replaceable memory card of the micr〇SD type having two separate security elements and having an overnight element (as an antenna) positioned directly in the memory. Figure 4 is a prepaid removable memory card with a simplified architecture with two security elements. Figure 5 is a continuation of the tasks within a paid application running on a removable memory card while paying for the file provided in the mobile network. Figure 6 is a payment initiator that _, ^ solves the case, where the launcher practice is positioned to permanently follow the cash register in the physical store. [Main component symbol description] 1 Memory card 2 Memory 3 Security element 4 Mobile communication device 5 Pay POS terminal application 6 Terminal configuration data unit 7 Payment card unit 8 Operating system unit 9 Boot loader unit 10 Internal micro Controller Memory 11 Interface 12 Microcontroller 154948.doc • 24· 201205477 13 Communication Element 14 Encryption Unit 15 Freely Accessible User Data Space 16 Non-Financial Application Unit 17 Flash Memory Controller 18 Website Servo Unit 19 download management unit 20 hidden data space 21 antenna 22 starter 23 payee's computer 24 starter communication element 25. pay processing headquarters 26 cash register 31 POS terminal security element 32 pay card security element -25 - 154948.doc