WO2008154872A1 - A mobile terminal, a method and a system for downloading bank card information or payment application information - Google Patents

A mobile terminal, a method and a system for downloading bank card information or payment application information Download PDF

Info

Publication number
WO2008154872A1
WO2008154872A1 PCT/CN2008/071358 CN2008071358W WO2008154872A1 WO 2008154872 A1 WO2008154872 A1 WO 2008154872A1 CN 2008071358 W CN2008071358 W CN 2008071358W WO 2008154872 A1 WO2008154872 A1 WO 2008154872A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
information
mobile terminal
middleware
bank
Prior art date
Application number
PCT/CN2008/071358
Other languages
French (fr)
Chinese (zh)
Inventor
Shuo He
Hongwen Meng
Jia Hu
Original Assignee
China Unionpay Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN2007100426150A external-priority patent/CN101329786B/en
Priority claimed from CN 200710042616 external-priority patent/CN101330675B/en
Application filed by China Unionpay Co., Ltd. filed Critical China Unionpay Co., Ltd.
Publication of WO2008154872A1 publication Critical patent/WO2008154872A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications

Definitions

  • the invention relates to a mobile terminal and a method for downloading a bank card information or a payment application.
  • the application is submitted to the Chinese Patent Office on June 20, 2007, and the application number is 200710042615.0, and the invention name is "mobile terminal obtains bank card track information or
  • the priority of the Chinese patent application for the method and system of payment application and the priority of the Chinese patent application filed on June 20, 2007, the Chinese Patent Office, application number 200710042616.5, and the invention name "a mobile payment terminal device" The entire contents of which are incorporated herein by reference.
  • the present invention relates to a method for issuing a bank card, and more particularly to a mobile terminal and a method and system for downloading bank card information or payment applications.
  • the bank card includes a magnetic stripe card, a smart card, and the like, wherein the magnetic stripe card, such as a debit card or a cargo card, records information such as a bank card track for payment (referred to as bank card information) on the magnetic strip.
  • the bank card information paid includes the card number, the cardholder name, the card expiration date, and the card check code.
  • Smart cards are usually used to implement payment applications. Payment applications refer to a set of payment rules and data storage defined by banks according to different storage media, security and convenience, such as smart card applications such as electronic wallets, foreign payment card organizations such as VISA or MasterCard also defines a number of similar applications. In essence, the borrowing function implemented by the magnetic stripe card is also a payment application.
  • FIG. 1 it is a schematic diagram of issuing a bank card through a card punching machine, and the specific process is as follows:
  • the bank collects cardholder information
  • the second step is to open an account in the bank account system
  • the third step is to transfer the data of the cardholder information and the account information to the host of the card issuing system;
  • the main transmission mode is the file mode, and the data is transmitted through the network, and the card issuing system stores the file in the form of a file;
  • the card issuing machine is driven by the card issuing software on the host of the card issuing system to read all the information of each card holder one by one, and the personal information is embossed or printed on the card surface by the punching machine. Then, if it is a magnetic stripe card, the information such as the bank card track for payment is output to the magnetic strip of the bank card; if it is a smart card, the smart card interface on the punching machine and the chip communication on the smart card are used to establish a branch. Paying for an application and completing personalization, the personalization refers to the process of writing personal information to a payment application.
  • the above method of issuing a bank card through a punch card machine has the following characteristics:
  • the card issuance process is carried out in a very closed environment
  • the track data is written to the bank card in clear text
  • the bank card issued by one bank is single, and the bank card of other institutions cannot be issued. Moreover, the card issuance lacks sufficient security.
  • the technical problem to be solved by the present invention is to provide a method and system for downloading bank card information or payment application by a mobile terminal, so as to solve the problem of security and single card issuing in the existing card issuing mode.
  • Another object of the present invention is to provide a mobile terminal for downloading bank card information and payment applications, and implementing a payment function.
  • the present invention discloses the following technical solutions:
  • a system for a mobile terminal to download bank card information or a payment application including a mobile terminal device and a card issuance system, wherein:
  • the mobile terminal device includes a smart card and a middleware, wherein the smart card is configured to store the downloaded payment application and bank card information; the middleware is configured to collect authentication information input by the user, send to the card issuing system, and receive from the card issuing system The encrypted payment application or bank card information is forwarded to the smart card storage; the card issuing system is configured to receive the authentication information from the middleware of the mobile terminal device, and after the authentication, encrypt the corresponding payment application or bank card information and return to the Middleware for mobile terminal devices.
  • the authentication information input by the user is the identity authentication information. If the mobile terminal device downloads the payment application, the authentication information input by the user is the authority authentication information.
  • the middleware of the mobile terminal device sends the identity authentication information input by the user to the smart card for encryption, and then sends the authentication information to the card issuing system; and the authority authentication information is directly sent to the card issuing system.
  • the card issuance system includes a card issuing machine and a card issuance data collection system, wherein the bank card letter
  • the information is stored in the card issuing data collection system, and the card issuing front machine obtains the bank card information from the card issuing data collecting system, and sends the middleware to the mobile terminal device after being encrypted; or the bank card information is directly stored in the card issuing front end machine.
  • the card issuing data collection system and the card issuing front end are connected through a dedicated communication network; the mobile terminal device and the card issuing system are connected by a wireless communication network, and the wireless communication manner includes a short message, USSD or wireless internet.
  • a method for a mobile terminal to download bank card information or pay for an application including:
  • the mobile terminal receives the authentication information input by the user, and sends the authentication information to the card issuing system through the middleware; after the card issuing system performs the authentication, the corresponding payment application or the bank card information is encrypted and returned to the middleware of the mobile terminal;
  • the middleware writes the encrypted result to the smart card storage.
  • the user inputs the authority authentication information and performs the authentication of the download authority. If the bank card information is downloaded, the user inputs the identity authentication information to authenticate the user identity.
  • the method further includes: the mobile terminal middleware sends the identity authentication information input by the user to the smart card for encryption, and then sends the information to the card issuing system.
  • the smart card encrypts the identity authentication information input by the user by using a key negotiated with the card issuing system, and the card issuing system directly decrypts when verifying the identity of the user.
  • the card issuing system encrypts the payment application or the bank card information by using a key unknown to the mobile terminal.
  • the method further comprises: performing process key encryption transmission on the transmission data between the middleware and the card issuance system, the transmission data including the authentication information and the encrypted payment application or bank card information.
  • the payment application is downloaded, the payment application is decomposed into a packet transmission.
  • a mobile payment terminal device comprising:
  • a smart card for storing downloaded payment applications and bank card information
  • the middleware is configured to collect authentication information input by the user, and send the information to the card issuing system; and receive the returned payment application or bank card information from the card issuing system, and forward it to the smart card storage;
  • Communication interface used to input or output bank card information stored by smart card.
  • the smart card has an encryption function. If the card information is downloaded, the middleware sends the authentication information input by the user to the smart card for encryption, and then sends the information to the card issuing system.
  • the payment application and the card information stored by the smart card are encrypted information.
  • the communication interface includes a remote wireless communication interface and/or a proximity contactless communication connection.
  • the communication interface is disposed on the smart card or provided by the mobile payment terminal device.
  • the smart card is a SIM card; or a smart card separately embedded in the device separately from the SIM card.
  • the wireless communication mode between the mobile payment terminal device and the card issuance system includes a short message, USSD or wireless internet.
  • the present invention discloses the following technical effects: securely transmitting and storing from a card issuing host to a smart card embedded in the mobile terminal device through a wireless communication network, which is convenient for the card holder to use. Compared with the traditional card issuance method, it has the following advantages:
  • payment information such as payment applications and tracks are cryptographically shaped at any point on the mobile device side, providing greater security than traditional bank card issuance;
  • the information such as the payment application and the bank card track is downloaded to the smart card of the mobile terminal device by means of wireless communication;
  • a mobile payment terminal device is provided to implement a mobile payment function.
  • the mobile terminal device is embedded with a middleware and a smart card, and the middleware is responsible for a communication connection between the smart card and the card issuance system, and the smart card is responsible for storing information such as a payment application and a bank card track downloaded from the card issuing system;
  • the communication interface provided by the device or smart card outputs information such as the bank card track, and the payment can be completed.
  • the mobile payment has the following advantages:
  • the information such as the bank card track is stored in the smart card of the mobile terminal device, it is not easy to wear and can be effective for a long time;
  • the mobile terminal device can have multiple bank cards built in;
  • remote real-time transactions can be realized by the wireless communication interface provided by the mobile terminal device or the smart card.
  • the communication interface for inputting and outputting information such as bank card tracks may be a remote wireless communication interface for remote downloading and payment; or a short-range contactless communication interface for non-contact on-site download and payment.
  • Two interfaces can be set in the mobile terminal device, and remote and close-range wireless download and payment functions are available.
  • FIG. 1 is a schematic diagram of a bank card issued by a punch card machine in the prior art
  • FIG. 2 is a schematic diagram of downloading information such as a bank card track or a payment application to a mobile terminal according to an embodiment of the present invention
  • FIG. 3 is a flow chart showing the steps of downloading a payment application to a mobile terminal according to an embodiment of the present invention
  • FIG. 4 is a flow chart showing the steps of downloading information such as a bank card track to a mobile terminal according to an embodiment of the present invention
  • Figure 5 is a structural diagram of a response message in the embodiment of Figure 4.
  • FIG. 6 is a structural diagram of an interaction message between a card-issuing front-end machine and a middleware according to an embodiment of the present invention
  • FIG. 7 is a flow chart of steps for completing payment by a mobile terminal according to an embodiment of the present invention.
  • the embodiment of the present invention provides a more secure method for downloading information such as a payment application and a bank card track stored in a traditional bank card from a card issuing system to a smart card built in the mobile terminal, so that the smart card has a bank. Card function.
  • FIG. 2 it is a schematic diagram of downloading information such as a bank card track or a payment application to a mobile terminal.
  • the mobile device 1 and the card-issuing front-end machine 2 are connected through the wireless communication network 3, and the card-issuing front-end machine 2 will be moved.
  • the data to be downloaded is transmitted to the mobile device 1 by wireless communication.
  • the wireless communication network may be a short message, a USSD (Unstructured Supplementary Service Data, which is a new interactive data service based on a GSM network), or a wireless Internet communication method.
  • USSD Unstructured Supplementary Service Data
  • the mobile device 1 refers to a mobile device in which a smart card chip 11 (hereinafter referred to as a smart card 11) is embedded, such as a mobile phone with a built-in SIM card, and the SIM card is a smart card 11.
  • the mobile device 1 stores information such as the downloaded payment application and bank card track on the smart card 11, so that the smart card 11 has the function of a bank card.
  • the middleware 12 in the mobile device 1 is a software for interacting with the user's card front-end machine 2, providing information input, function selection, and communication channels for the card-issuing front-end machine 2 and the built-in smart card 11.
  • the card issuing machine 2 is configured to encrypt and transmit information such as a payment application and a bank card track to the middleware 12 of the mobile device 1.
  • the bank card track and the like may be stored in the card issuing machine 2 or may be stored in the card issuing machine 2 Card issuer 4 or other place in the card issuance data collection system. If it is stored in the card issuing mechanism 4, the card issuing machine 2 and the card issuing mechanism 4 are connected through the dedicated communication network 5, and the card issuing machine 2 needs to acquire the download data such as the track from the card issuing unit 4.
  • the bank card is issued in the manner shown in Figure 2.
  • "Bank Card Application” is a dedicated application for providing secure storage of track information and therefore using interfaces.
  • the "bank card application” is the above-mentioned application for payment, which can be downloaded to the smart card by wireless communication, or can be written into the smart card in advance. Therefore, the card issuing method according to the embodiment of the present invention needs to download the application for payment to the mobile terminal first, and provide a storage space and a use interface for the payment information such as the track, and then download the information such as the bank card track for payment. .
  • the following describes the process of downloading the payment application and downloading information such as tracks.
  • the download of the payment application is usually called application download.
  • the application download means that the card front-end machine uses middleware to securely download an application to a smart card (such as a SIM card).
  • the download process is as follows:
  • Step 301 The user opens a function selection interface provided by the mobile device middleware, and selects a payment application download.
  • step 302 the user inputs the authorization code through the middleware input.
  • the download authorization code is a verification code provided by the card front-end machine to the user to download the payment application, and is mainly used to verify whether the user has the right to download. Lee. If the user downloads the payment application, the registration authorization is required to obtain a unique download authorization code, which can be in the form of short message, email, or telephone notification.
  • Step 303 The middleware sends the download authorization code input by the user to the card issuing front end through a wireless communication network.
  • Step 304 After receiving the request for downloading the application, the card front-end machine confirms whether the user has the download right according to the download authorization code included in the request.
  • Step 305 After the right authentication, the card-issuing front-end machine sends a response message, decomposes the corresponding payment application to be downloaded by the user into a certain number of data packets, encrypts the data packet with a unique key, and then uses the wireless network to encrypt the data packet. Middleware sent to mobile devices.
  • the encryption may also adopt various encryption methods, such as a symmetric key or an asymmetric key.
  • the encryption key of this step can only be used by the card-issuing front-end machine, and the mobile device cannot know the key.
  • Step 306 After receiving the download information, the middleware does not process the encrypted application information in the data packet, and directly writes the information to the smart card (such as a SIM card), and the smart card saves the information in the controlled storage area. If the response message is unsuccessful, the application download fails.
  • the smart card such as a SIM card
  • Step 307 The middleware confirms whether there is a subsequent data packet according to the indication information of the response message, and if yes, continues to receive the subsequent data packet, and the encrypted application information in the data packet is not processed, and is directly written to the smart card (eg, In the SIM card, until all packets are received.
  • the smart card eg, In the SIM card
  • Step 308 the middleware prompts the user to download successfully.
  • Step 401 The user selects to download information such as a bank card track on the mobile device middleware.
  • Step 402 The user confirms by inputting the bank card information through the middleware.
  • the bank card information includes a bank card number and a password, and is mainly used for issuing the card front-end machine to verify the identity of the user.
  • Step 403 After the middleware encrypts the identity authentication information input by the user to the smart card (such as a SIM card) built in the mobile device, the middleware continues to read the feature information of the mobile device, such as the smart card serial number and the static authentication data on the smart card. It is then sent to the card issuer through the wireless communication network.
  • the smart card such as a SIM card
  • the encryption process may use a symmetric key or an asymmetric key, or may be other encryption means.
  • the key used for encryption is negotiated in advance with the card-issuing front-end machine through a certain mechanism, otherwise the card-fronting machine cannot be decrypted.
  • the keys are stored in the smart card, and the middleware can be used. But don't know the key.
  • Step 404 After receiving the request for downloading information such as the bank card track, the card front-end machine first verifies the static authentication data included in the request, and confirms that the bank card application built in the mobile device is legal and has not been tampered with, and the verification failure will terminate the download process; After the verification is successful, the encrypted identity authentication information is decrypted by using the negotiation key, and then the identity authentication information is sent to the corresponding organization to verify the identity of the user.
  • Step 405 After the identity verification, the card-issuing front-end machine sends a response message, compresses the corresponding track and the like information, and encrypts the encrypted information, and the encrypted result is sent to the middleware of the mobile device as part of the text.
  • the structure of the response message is as shown in FIG. 5: mainly includes the message type, cardholder information, encryption result, and other ancillary information.
  • the encryption key can only be used by the card-issuing front-end machine, and the mobile device cannot know the key.
  • Step 406 After receiving the response information, the middleware parses the cardholder information and the encryption result according to the message header information, and does not process the payment information such as the encrypted track, and directly writes the information to the smart card (such as a SIM card), and the smart card will Information is stored in a controlled storage area. If the response message is unsuccessful, the application download fails.
  • the middleware parses the cardholder information and the encryption result according to the message header information, and does not process the payment information such as the encrypted track, and directly writes the information to the smart card (such as a SIM card), and the smart card will Information is stored in a controlled storage area. If the response message is unsuccessful, the application download fails.
  • Step 407 the middleware prompts the user to download successfully.
  • the card front-end machine authenticates the user download authority by downloading the authorization code; and in the track information downloading process, the card-issuing front-end machine passes the static authentication data and the card number, The password information identifies the user's identity;
  • the middleware in the process of downloading track information, the middleware must distinguish which information is sensitive (such as passwords, track information, etc.), which information can be ignored (such as card name, card number, etc.), and send the sensitive information.
  • the smart card is encrypted and then sent; in the payment application download, the middleware does not need to know whether the information sent or received is ciphertext or plaintext, so the information input by the user is directly sent;
  • re-encryption is performed in the data transmission process to ensure the security of the transmission process.
  • the following structure is defined for the interaction message between the middleware and the card-issuing front-end machine: including the message class Type, action description, process key algorithm and seed, send sequence counter (ssc), message data, etc.
  • the difference between the message shown in FIG. 6 and the message shown in FIG. 5 is that the message in FIG. 6 is a package for all transmission data in the transmission process, that is, the message in FIG. 5 is only a part of the message in FIG. 6.
  • the message initiator is defined as Sender and the receiver is defined as Receiver.
  • the interaction process is: Sender uses the process key algorithm and the seed generation process key, and uses the process key to encrypt the message data, and sets the transmission sequence counter (SSC) to an initial value of 1;
  • SSC transmission sequence counter
  • the key algorithm, the SSC and the encrypted message data are combined to form a message and sent to the Receiver; after receiving the message, the Receiver recovers the process key according to the process key algorithm and the process key seed, and decrypts the message data by using the process key.
  • the original text of the sent message (which may also be ciphertext) is obtained, and the decrypted data is determined according to the action description.
  • the mobile terminal stores information such as a certain payment application that has been encrypted and a bank card track of the individual user, and the mobile terminal user can directly use the smart card (such as a SIM card) in the mobile device to complete the bank payment function.
  • the smart card such as a SIM card
  • Step 701 The user performs a card swiping operation on the mobile device carried by the user (such as an ATM, a POS terminal, a bank self-service device, a bank pre-rejection station, etc.), and the mobile device is embedded with a smart card loaded with the bank card application.
  • the mobile device carried by the user (such as an ATM, a POS terminal, a bank self-service device, a bank pre-rejection station, etc.), and the mobile device is embedded with a smart card loaded with the bank card application.
  • Step 702 The smart card provides an interface for outputting the stored download information.
  • a process key SK is automatically generated in the card, and the encrypted download data is encrypted again by using the SK. , get the encrypted result (PI) SK.
  • Step 703 Output the encryption result (PI) SK, the seed data of the generated process key SK, and the process key algorithm through the interface.
  • Step 704 After receiving the encryption result (PI)SK, the seed data of the process key SK, and the process key algorithm, the receiving terminal forms a message together with the transaction data, and sends the message to the transaction processing system.
  • Step 705 The transaction processing system returns the process key SK according to the seed data of the generated process key SK and the process key algorithm, and performs decryption processing to obtain encrypted download data. Since the transaction processing system and the card-issuing front-end machine are the same institution or different institutions negotiated in advance, the transaction processing system can obtain a key for decrypting the downloaded data. The transaction processing system solves the encrypted download data Once the data is downloaded, the transaction can be processed directly.
  • the user can download the payment information such as the payment application and the track to the mobile device anytime and anywhere, and the use is very convenient, and is safer and faster than the traditional bank card issuance method.
  • the present invention also provides a corresponding downloading system for the downloading method.
  • a card issuing machine 2 the card issuing mechanism 4 (possibly storing information such as bank card tracks), and the dedicated communication network 5 are collectively referred to as a card issuing system, so the downloading system includes the mobile device 1, the card issuing system and the wireless communication network 3 .
  • the various components of the system are as described above and will not be described in detail herein.
  • the embodiment of the invention further provides a mobile terminal device for downloading information such as a payment application and a bank card track.
  • the mobile terminal device is different from a commonly used mobile device, and requires a built-in middleware and a smart card chip that provides a download data output interface.
  • the mobile terminal device may be a mobile phone, a PDA, a mobile PC or the like.
  • the middleware is responsible for establishing and maintaining data communication between the smart card and the card issuance system, and the specific functions include: for the payment application download, collecting the authority authentication information input by the user on the mobile device (such as downloading the authorization code); for the bank card track, etc.
  • Downloading information collecting identity authentication information such as the bank card number or password entered by the user, sending sensitive information such as the bank card password entered by the user to the embedded smart card for encryption, and obtaining the encrypted result; establishing a communication link with the card issuing system;
  • the authority authentication information, or the ciphertext of the sensitive information and other collected information, are combined to form a message and sent to the card issuing system; the return information is received from the card issuing system, and the encrypted payment application or track information is parsed and directly forwarded to the Stored in a smart card embedded in the mobile device.
  • the smart card provides storage and encryption functions, such as a SIM card built in the mobile phone, which is a specific application of the smart card in the field of telecommunications, similar to a computer without a display and a keyboard, and has an internal operating system, a memory, and an EEPROM (similar to a hard disk). Store information), CPU and other components.
  • SIM card built in the mobile phone
  • EEPROM electrically erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • CPU electrically erasable programmable read-only memory
  • the reason why a smart card is called a "smart" card is because it has an operating system and a CPU that can flexibly set application logic.
  • a smart card can store many applications. If a telecom application is stored, it is called a SIM card. Of course, smart cards can also save applications such as bank cards. Each application contains two types of data: a key and data necessary for the application; the key defines the logic of the application, and the application data is protected by the logic. Smart cards for various applications can also be separated from the SIM card and built into the mobile device.
  • the encryption function of the smart card is to store a set of keys in the card in advance, and define the encrypted interface of the key for external use. For example, the following interface defines the encrypted function call:
  • Table 1 is a function call table that defines encryption.
  • KID defines the identifier of the calling key
  • 0P defines the encryption or decryption operation
  • DATA defines the input information of the encryption/decryption.
  • the smart card that defines the above interface can encrypt the user input information sent from the middleware.
  • the mobile terminal device has built-in smart cards and middleware to download information such as various payment applications and bank card tracks. If the mobile device with the payment function implements the payment function, it also needs to use the built-in communication interface to output the bank card track information during the payment operation to complete the payment.
  • the communication interface has an information input and output function, and is used for receiving information such as a payment application or a bank card track downloaded through the middleware during the downloading process; and outputting the stored track information to the external device during the payment process; .
  • the communication interface may be provided by a smart card or by a mobile terminal device.
  • a smart card application uses an interface called APDU (see Table 1) to communicate with or provide services to an external device.
  • the APDU interface is a communication interface, and the downloaded bank card track information can be input to the smart card through the APDU interface. Or output to the receiving terminal, and then transmitted to the transaction processing system through the receiving terminal for transaction processing to realize the payment function of the smart card.
  • the communication interface can also be set in the mobile device, and the input and output of the stored data can be performed on multiple smart cards embedded in the mobile terminal.
  • the communication interface can be a remote wireless communication interface, which can realize remote downloading and remote real-time payment transactions; and can also be a close-range contactless communication interface, enabling non-contact close-range downloading and on-site payment transactions.
  • the proximity contactless communication interface is provided by a built-in NFC chip for implementing a contactless function. Two interfaces can be set in the mobile terminal device, and at the same time, remote and close-range wireless download and payment functions are available. For example, after remote or close downloading with payment function, if it can be paid on site, the track information is output through the proximity contactless communication interface; Cheng pays, the track information is output through the remote wireless communication interface, so that the user is very convenient to use.
  • the above NFC technology (close-range non-contact technology) is born out of "contactless radio frequency identification” (RFID) and interconnection technology between wireless devices, which can meet the information exchange, content access and service exchange between any two wireless devices. And to make it more simple - as long as any two devices are close without the need for cable plug-in, you can achieve mutual communication.
  • RFID radio frequency identification
  • the communication method greatly shortens the "communication distance" between any two wireless devices. For example, holding a mobile phone in front of a concert advertisement poster, you can connect the mobile phone to the poster website, and you can connect the mobile phone to the poster website. To buy tickets, you can use the smart card embedded in the mobile phone to pay for the ticket. This is the application of NFC technology.
  • the present invention provides a mobile terminal and a method and system for downloading bank card information or payment application.
  • the principles and embodiments of the present invention are described in the following. The description is only for helping to understand the method of the present invention and its core idea; at the same time, there will be changes in the specific embodiments and application scopes according to the idea of the present invention to those skilled in the art. In conclusion, the content of the present specification should not be construed as limiting the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A mobile terminal, a method and a system for downloading bank card information or payment application information, which can solute some problems about security and singleness in the existing method for launching cards, are disclosed. Said mobile terminal includes a middleware and a smart card. Said method for downloading information includes the following steps: Mobile terminal receives authentication information input by users and sends the information to a system for launching cards through the middleware. The system for launching cards encrypts corresponding payment application information or bank card information and sends the information back to the middleware in the mobile terminal, after the system authenticates the information input by users. The middleware writes the received said encrypted information into the smart card. The information about magnetic track used for payment application or other payments, is transmitted safely and stored from the main launching cards server to the smart card embedded in mobile terminal device through wireless communication network. The user holding the card can use the mobile terminal and the system conveniently. And the method is safer than traditional method for launching bank cards.

Description

一种移动终端及下载 4艮行卡信息或支付应用的方法、 系统 本申请要求于 2007 年 6 月 20 日提交中国专利局、 申请号为 200710042615.0、 发明名称为"移动终端获取银行卡磁道信息或支付应用的方 法及系统" 的中国专利申请的优先权,以及于 2007年 6月 20日提交中国专利 局、 申请号为 200710042616.5、发明名称为"一种移动支付终端设备"的中国专 利申请的优先权, 其全部内容通过引用结合在本申请中。  The invention relates to a mobile terminal and a method for downloading a bank card information or a payment application. The application is submitted to the Chinese Patent Office on June 20, 2007, and the application number is 200710042615.0, and the invention name is "mobile terminal obtains bank card track information or The priority of the Chinese patent application for the method and system of payment application, and the priority of the Chinese patent application filed on June 20, 2007, the Chinese Patent Office, application number 200710042616.5, and the invention name "a mobile payment terminal device" The entire contents of which are incorporated herein by reference.
技术领域 Technical field
本发明涉及银行卡的发行方式,特别是涉及一种移动终端及下载银行卡信 息或支付应用的方法、 系统。  The present invention relates to a method for issuing a bank card, and more particularly to a mobile terminal and a method and system for downloading bank card information or payment applications.
背景技术 Background technique
银行卡包括磁条卡、 智能卡等类型, 其中磁条卡如借记卡或货记卡, 是将 用于支付的银行卡磁道等信息(简称银行卡信息)记录在磁条上, 所述用于支 付的银行卡信息除磁道信息外, 还包括卡号、 持卡人姓名、 卡片失效期、 卡片 校验码等。智能卡通常用于实现支付应用, 支付应用是指银行根据不同的存储 介质、安全性和便利性定义的一组支付规则和数据存储的集合, 例如电子钱包 等智能卡应用,国外支付卡组织如 VISA或 MasterCard也定义了^艮多类似的应 用。 实质上, 所述磁条卡实现的借货功能也是一种支付应用。  The bank card includes a magnetic stripe card, a smart card, and the like, wherein the magnetic stripe card, such as a debit card or a cargo card, records information such as a bank card track for payment (referred to as bank card information) on the magnetic strip. In addition to the track information, the bank card information paid includes the card number, the cardholder name, the card expiration date, and the card check code. Smart cards are usually used to implement payment applications. Payment applications refer to a set of payment rules and data storage defined by banks according to different storage media, security and convenience, such as smart card applications such as electronic wallets, foreign payment card organizations such as VISA or MasterCard also defines a number of similar applications. In essence, the borrowing function implemented by the magnetic stripe card is also a payment application.
目前,各种类型的银行卡通常是在银行内部环境下制作, 制卡的过程是在 一台具有写磁功能的打卡机上完成, 制卡完毕后交给持卡人使用。 参照图 1 , 是所述通过打卡机发行银行卡的示意图, 具体流程如下:  At present, various types of bank cards are usually produced in the bank's internal environment. The card making process is completed on a card punching machine with magnetic writing function, and the card is handed over to the cardholder after use. Referring to FIG. 1 , it is a schematic diagram of issuing a bank card through a card punching machine, and the specific process is as follows:
第一步, 银行收集持卡人资料;  In the first step, the bank collects cardholder information;
第二步, 在银行账务系统里开户;  The second step is to open an account in the bank account system;
第三步,将持卡人信息和账户信息等需要发卡的数据,传送到发卡系统的 主机上; 其中主要的传送方式是文件方式, 也有通过网络传递的, 发卡系统以 文件的形式存储;  The third step is to transfer the data of the cardholder information and the account information to the host of the card issuing system; the main transmission mode is the file mode, and the data is transmitted through the network, and the card issuing system stores the file in the form of a file;
第四步,在发卡系统的主机上通过发卡软件驱动打卡机,逐条读取每个持 卡人的所有信息, 并通过打卡机将个人信息凸印或印刷在卡面上。 然后, 如果 是磁条卡, 则将用于支付的银行卡磁道等信息明文输出到银行卡的磁条上; 如 果是智能卡, 则通过打卡机上的智能卡接口和智能卡片上的芯片通讯, 建立支 付应用并完成个人化, 所述个人化是指将个人信息写入到支付应用的过程。 上述通过打卡机发行银行卡的方式具有以下特点: In the fourth step, the card issuing machine is driven by the card issuing software on the host of the card issuing system to read all the information of each card holder one by one, and the personal information is embossed or printed on the card surface by the punching machine. Then, if it is a magnetic stripe card, the information such as the bank card track for payment is output to the magnetic strip of the bank card; if it is a smart card, the smart card interface on the punching machine and the chip communication on the smart card are used to establish a branch. Paying for an application and completing personalization, the personalization refers to the process of writing personal information to a payment application. The above method of issuing a bank card through a punch card machine has the following characteristics:
第一, 发卡过程是在一个非常封闭的环境中进行;  First, the card issuance process is carried out in a very closed environment;
第二, 磁道数据是明文方式写到银行卡上的;  Second, the track data is written to the bank card in clear text;
第三, 所有的环节都是通过物理接触的方式完成;  Third, all links are completed through physical contact;
第四, 流程简单, 没有安全控制机制;  Fourth, the process is simple and there is no security control mechanism;
第五, 只能发行自己银行的卡片。  Fifth, you can only issue cards from your own bank.
基于以上特点, 由于发卡环境封闭造成一个银行发行的银行卡单一, 而不 能发行其他机构的银行卡; 而且, 发卡环节缺乏足够的安全性。  Based on the above characteristics, due to the closure of the card issuance environment, the bank card issued by one bank is single, and the bank card of other institutions cannot be issued. Moreover, the card issuance lacks sufficient security.
发明内容 Summary of the invention
本发明所要解决的技术问题是提供一种移动终端下载银行卡信息或支付 应用的方法及系统 , 以解决现有发卡方式存在的安全性及发卡单一的问题。  The technical problem to be solved by the present invention is to provide a method and system for downloading bank card information or payment application by a mobile terminal, so as to solve the problem of security and single card issuing in the existing card issuing mode.
本发明的另一个目的是提供一种移动终端,用于下载银行卡信息和支付应 用, 并实现支付功能。  Another object of the present invention is to provide a mobile terminal for downloading bank card information and payment applications, and implementing a payment function.
为解决上述技术问题,根据本发明提供的具体实施例,本发明公开了以下 技术方案:  In order to solve the above technical problems, according to a specific embodiment provided by the present invention, the present invention discloses the following technical solutions:
移动终端下载银行卡信息或支付应用的系统,包括移动终端设备和发卡系 统, 其中:  A system for a mobile terminal to download bank card information or a payment application, including a mobile terminal device and a card issuance system, wherein:
所述移动终端设备包括智能卡和中间件,其中所述智能卡用于存储下载的 支付应用和银行卡信息; 所述中间件用于收集用户输入的认证信息,发送到发 卡系统,并从发卡系统接收加密的支付应用或银行卡信息,转发给智能卡存储; 所述发卡系统用于从移动终端设备的中间件接收所述认证信息 ,通过认证 后, 将相应的支付应用或银行卡信息加密后返回给移动终端设备的中间件。  The mobile terminal device includes a smart card and a middleware, wherein the smart card is configured to store the downloaded payment application and bank card information; the middleware is configured to collect authentication information input by the user, send to the card issuing system, and receive from the card issuing system The encrypted payment application or bank card information is forwarded to the smart card storage; the card issuing system is configured to receive the authentication information from the middleware of the mobile terminal device, and after the authentication, encrypt the corresponding payment application or bank card information and return to the Middleware for mobile terminal devices.
其中, 若移动终端设备下载银行卡信息, 则所述用户输入的认证信息为身 份认证信息; 若移动终端设备下载支付应用, 则所述用户输入的认证信息为权 限认证信息。  If the mobile terminal device downloads the bank card information, the authentication information input by the user is the identity authentication information. If the mobile terminal device downloads the payment application, the authentication information input by the user is the authority authentication information.
优选的,所述移动终端设备的中间件将用户输入的身份认证信息送到智能 卡加密后, 再发送给发卡系统; 而将权限认证信息直接发送给发卡系统。  Preferably, the middleware of the mobile terminal device sends the identity authentication information input by the user to the smart card for encryption, and then sends the authentication information to the card issuing system; and the authority authentication information is directly sent to the card issuing system.
其中, 所述发卡系统包括发卡前置机和发卡数据收集系统,其中银行卡信 息存储在所述发卡数据收集系统中,所述发卡前置机从发卡数据收集系统获取 银行卡信息,加密后发送给移动终端设备的中间件; 或者银行卡信息直接存储 在发卡前置机。 The card issuance system includes a card issuing machine and a card issuance data collection system, wherein the bank card letter The information is stored in the card issuing data collection system, and the card issuing front machine obtains the bank card information from the card issuing data collecting system, and sends the middleware to the mobile terminal device after being encrypted; or the bank card information is directly stored in the card issuing front end machine.
其中, 所述发卡数据收集系统与发卡前置机之间通过专用通讯网络连接; 所述移动终端设备与发卡系统之间通过无线通讯网络连接,无线通讯方式包括 短信、 USSD或无线互联网。  The card issuing data collection system and the card issuing front end are connected through a dedicated communication network; the mobile terminal device and the card issuing system are connected by a wireless communication network, and the wireless communication manner includes a short message, USSD or wireless internet.
移动终端下载银行卡信息或支付应用的方法, 包括:  A method for a mobile terminal to download bank card information or pay for an application, including:
移动终端接收用户输入的认证信息 , 并通过中间件发送给发卡系统; 发卡系统进行认证后 ,将相应的支付应用或银行卡信息加密后返回给移动 终端的中间件;  The mobile terminal receives the authentication information input by the user, and sends the authentication information to the card issuing system through the middleware; after the card issuing system performs the authentication, the corresponding payment application or the bank card information is encrypted and returned to the middleware of the mobile terminal;
中间件将所述加密结果写入智能卡存储。  The middleware writes the encrypted result to the smart card storage.
其中,若下载支付应用,则用户输入权限认证信息,进行下载权限的认证; 若下载银行卡信息, 则用户输入身份认证信息, 进行用户身份的认证。  If the payment application is downloaded, the user inputs the authority authentication information and performs the authentication of the download authority. If the bank card information is downloaded, the user inputs the identity authentication information to authenticate the user identity.
优选的, 若下载 4艮行卡信息, 所述方法还包括: 移动终端中间件将用户输 入的身份认证信息送到智能卡加密, 然后再发送到发卡系统。  Preferably, if the card information is downloaded, the method further includes: the mobile terminal middleware sends the identity authentication information input by the user to the smart card for encryption, and then sends the information to the card issuing system.
其中 ,所述智能卡利用与发卡系统协商的密钥对用户输入的身份认证信息 加密, 发卡系统在验证用户身份时直接解密。  The smart card encrypts the identity authentication information input by the user by using a key negotiated with the card issuing system, and the card issuing system directly decrypts when verifying the identity of the user.
其中 ,所述发卡系统利用移动终端未知的密钥对支付应用或银行卡信息加 密。  The card issuing system encrypts the payment application or the bank card information by using a key unknown to the mobile terminal.
优选的, 所述方法还包括: 对中间件与发卡系统间的传输数据采用过程密 钥加密传输 , 所述传输数据包括认证信息以及加密的支付应用或银行卡信息。  Preferably, the method further comprises: performing process key encryption transmission on the transmission data between the middleware and the card issuance system, the transmission data including the authentication information and the encrypted payment application or bank card information.
优选的, 若下载支付应用, 则将支付应用分解成数据包传输。  Preferably, if the payment application is downloaded, the payment application is decomposed into a packet transmission.
一种移动支付终端设备, 包括:  A mobile payment terminal device, comprising:
智能卡, 用于存储下载的支付应用和银行卡信息;  a smart card for storing downloaded payment applications and bank card information;
中间件, 用于收集用户输入的认证信息, 发送到发卡系统; 并从发卡系统 接收返回的支付应用或银行卡信息 , 转发给智能卡存储;  The middleware is configured to collect authentication information input by the user, and send the information to the card issuing system; and receive the returned payment application or bank card information from the card issuing system, and forward it to the smart card storage;
通讯接口 , 用于输入或输出智能卡存储的银行卡信息。  Communication interface, used to input or output bank card information stored by smart card.
优选的, 所述智能卡具有加密功能, 若下载 4艮行卡信息, 则所述中间件将 用户输入的认证信息送到智能卡加密后 , 再发送给发卡系统。 优选的, 所述智能卡存储的支付应用和 4艮行卡信息为加密信息。 其中 , 所述通讯接口包括远程无线通讯接口和 /或近距离非接触式通讯接 。 Preferably, the smart card has an encryption function. If the card information is downloaded, the middleware sends the authentication information input by the user to the smart card for encryption, and then sends the information to the card issuing system. Preferably, the payment application and the card information stored by the smart card are encrypted information. The communication interface includes a remote wireless communication interface and/or a proximity contactless communication connection.
其中,所述通讯接口设置在智能卡上,或者由所述移动支付终端设备提供。 其中, 所述智能卡为 SIM卡; 或者是与 SIM卡分开, 单独内嵌在设备内 的智能卡。  The communication interface is disposed on the smart card or provided by the mobile payment terminal device. The smart card is a SIM card; or a smart card separately embedded in the device separately from the SIM card.
其中 , 所述移动支付终端设备与发卡系统之间的无线通讯方式包括短信、 USSD或无线互联网。 根据本发明提供的具体实施例 , 本发明公开了以下技术效果: 通过无线通讯网络从发卡主机安全地传输并存储到移动终端设备内嵌的智能 卡上, 便于持卡人使用。 与传统的发卡方式相比, 具有以下优点:  The wireless communication mode between the mobile payment terminal device and the card issuance system includes a short message, USSD or wireless internet. According to the specific embodiment provided by the present invention, the present invention discloses the following technical effects: securely transmitting and storing from a card issuing host to a smart card embedded in the mobile terminal device through a wireless communication network, which is convenient for the card holder to use. Compared with the traditional card issuance method, it has the following advantages:
第一, 在一个开放的环境中发卡;  First, issue cards in an open environment;
第二, 支付应用和磁道等支付信息在移动设备端的任何环节都是密文形 式, 提供了比传统的银行卡发行更高的安全性;  Second, payment information such as payment applications and tracks are cryptographically shaped at any point on the mobile device side, providing greater security than traditional bank card issuance;
第三,支付应用和银行卡磁道等信息是通过无线通讯的方式下载到移动终 端设备的智能卡中;  Third, the information such as the payment application and the bank card track is downloaded to the smart card of the mobile terminal device by means of wireless communication;
第四, 经过双重加解密(在数据传输前及传输过程中)等一系列复杂的流 程及安全控制机制;  Fourth, a series of complex processes and security control mechanisms, such as double encryption and decryption (before data transmission and transmission);
第五, 可以发行多家银行的卡片。  Fifth, cards from multiple banks can be issued.
其次, 提供了一种移动支付终端设备, 实现移动支付功能。 所述移动终端 设备内嵌有中间件和智能卡,所述中间件负责智能卡与发卡系统之间的通讯连 接, 所述智能卡负责存储从发卡系统下载的支付应用和银行卡磁道等信息; 通 过移动终端设备或智能卡提供的通讯接口将银行卡磁道等信息输出 ,可以完成 支付。 与传统的 4艮行卡相比, 所述移动化支付具有以下优点:  Secondly, a mobile payment terminal device is provided to implement a mobile payment function. The mobile terminal device is embedded with a middleware and a smart card, and the middleware is responsible for a communication connection between the smart card and the card issuance system, and the smart card is responsible for storing information such as a payment application and a bank card track downloaded from the card issuing system; The communication interface provided by the device or smart card outputs information such as the bank card track, and the payment can be completed. Compared with the traditional 4D line card, the mobile payment has the following advantages:
第一,银行卡磁道等信息由于存储在移动终端设备的智能卡中, 所以不易 磨损, 能够长久有效;  First, since the information such as the bank card track is stored in the smart card of the mobile terminal device, it is not easy to wear and can be effective for a long time;
第二,通过无线通讯方式下载支付应用和银行卡磁道等信息,银行卡磁道 等信息的安全性很高; Second, download information such as payment applications and bank card tracks by wireless communication, bank card tracks Such information is highly secure;
第三, 由于下载的银行卡磁道等信息已加密, 所以智能卡遗失后不易被盗 用;  Third, since the downloaded bank card track and the like are encrypted, the smart card is not easily stolen after being lost;
第四, 携带方便, 移动终端设备可内置多张银行卡;  Fourth, it is convenient to carry, and the mobile terminal device can have multiple bank cards built in;
第五,通过所述移动终端设备或智能卡提供的无线通讯接口, 能够实现远 程实时交易。  Fifth, remote real-time transactions can be realized by the wireless communication interface provided by the mobile terminal device or the smart card.
而且,所述用于输入和输出银行卡磁道等信息的通讯接口可以是远程无线 通讯接口, 实现远程下载和支付; 也可以是近距离非接触式通讯接口, 实现非 接触式的现场下载和支付。移动终端设备中可以设置两种接口, 同时具备远程 和近距离的无线下载、 支付功能。  Moreover, the communication interface for inputting and outputting information such as bank card tracks may be a remote wireless communication interface for remote downloading and payment; or a short-range contactless communication interface for non-contact on-site download and payment. . Two interfaces can be set in the mobile terminal device, and remote and close-range wireless download and payment functions are available.
附图说明 DRAWINGS
图 1是现有技术中通过打卡机发行银行卡的示意图;  1 is a schematic diagram of a bank card issued by a punch card machine in the prior art;
图 2是本发明实施例所述将银行卡磁道等信息或支付应用下载到移动终 端的示意图;  2 is a schematic diagram of downloading information such as a bank card track or a payment application to a mobile terminal according to an embodiment of the present invention;
图 3是本发明实施例所述将支付应用下载到移动终端的步骤流程图; 图 4是本发明实施例所述将银行卡磁道等信息下载到移动终端的步骤流 程图;  3 is a flow chart showing the steps of downloading a payment application to a mobile terminal according to an embodiment of the present invention; FIG. 4 is a flow chart showing the steps of downloading information such as a bank card track to a mobile terminal according to an embodiment of the present invention;
图 5是图 4实施例中的响应报文结构图;  Figure 5 is a structural diagram of a response message in the embodiment of Figure 4;
图 6是本发明实施例所述发卡前置机与中间件之间的交互报文结构图; 图 7是本发明实施例所述通过移动终端完成支付的步骤流程图。  FIG. 6 is a structural diagram of an interaction message between a card-issuing front-end machine and a middleware according to an embodiment of the present invention; FIG. 7 is a flow chart of steps for completing payment by a mobile terminal according to an embodiment of the present invention.
具体实施方式 detailed description
为使本发明的上述目的、特征和优点能够更加明显易懂, 下面结合附图和 具体实施方式对本发明作进一步详细的说明。  The present invention will be further described in detail with reference to the accompanying drawings and specific embodiments.
本发明实施例提供了一种更安全的方法,将存储在传统银行卡中的支付应 用和银行卡磁道等信息,从发卡系统下载到移动终端内置的智能卡上存储,使 所述智能卡具有了银行卡的功能。  The embodiment of the present invention provides a more secure method for downloading information such as a payment application and a bank card track stored in a traditional bank card from a card issuing system to a smart card built in the mobile terminal, so that the smart card has a bank. Card function.
为清楚说明上述下载方法, 先介绍所述方法的应用环境。 参照图 2, 是所 述将银行卡磁道等信息或支付应用下载到移动终端的示意图。 图示中,移动设 备 1与发卡前置机 2通过无线通讯网络 3建立了连接,发卡前置机 2将移动设 备 1要下载的数据通过无线通讯方式传输给移动设备 1。 其中, 所述无线通讯 网络可以是短信、 USSD ( Unstructured Supplementary Service Data, 即非结构 化补充数据业务, 是一种基于 GSM网络的新型交互式数据业务)或无线互联 网等通讯方式。 In order to clearly explain the above download method, the application environment of the method is first introduced. Referring to FIG. 2, it is a schematic diagram of downloading information such as a bank card track or a payment application to a mobile terminal. In the figure, the mobile device 1 and the card-issuing front-end machine 2 are connected through the wireless communication network 3, and the card-issuing front-end machine 2 will be moved. The data to be downloaded is transmitted to the mobile device 1 by wireless communication. The wireless communication network may be a short message, a USSD (Unstructured Supplementary Service Data, which is a new interactive data service based on a GSM network), or a wireless Internet communication method.
所述移动设备 1是指内嵌了智能卡芯片 11 (以下简称智能卡 11 ) 的移动 设备, 例如内置了 SIM卡的手机, 所述 SIM卡即为一种智能卡 11。 移动设备 1将下载到的支付应用和银行卡磁道等信息存储在所述智能卡 11上, 使所述 智能卡 11具备了银行卡的功能。移动设备 1中的中间件 12是一个和用户 ^ 卡前置机 2交互信息的软件, 提供了信息输入、 功能选择, 以及为发卡前置机 2和内置的智能卡 11提供信息沟通的通道。  The mobile device 1 refers to a mobile device in which a smart card chip 11 (hereinafter referred to as a smart card 11) is embedded, such as a mobile phone with a built-in SIM card, and the SIM card is a smart card 11. The mobile device 1 stores information such as the downloaded payment application and bank card track on the smart card 11, so that the smart card 11 has the function of a bank card. The middleware 12 in the mobile device 1 is a software for interacting with the user's card front-end machine 2, providing information input, function selection, and communication channels for the card-issuing front-end machine 2 and the built-in smart card 11.
所述发卡前置机 2 用于将支付应用和银行卡磁道等信息加密传输给移动 设备 1的中间件 12, 所述银行卡磁道等信息可以存储在发卡前置机 2上, 也 可以存储在发卡机构 4或其他地方的发卡数据收集系统中。若存储在发卡机构 4, 则发卡前置机 2和所述发卡机构 4通过专用通讯网络 5连接, 发卡前置机 2需要从发卡机构 4获取磁道等下载数据。  The card issuing machine 2 is configured to encrypt and transmit information such as a payment application and a bank card track to the middleware 12 of the mobile device 1. The bank card track and the like may be stored in the card issuing machine 2 or may be stored in the card issuing machine 2 Card issuer 4 or other place in the card issuance data collection system. If it is stored in the card issuing mechanism 4, the card issuing machine 2 and the card issuing mechanism 4 are connected through the dedicated communication network 5, and the card issuing machine 2 needs to acquire the download data such as the track from the card issuing unit 4.
采用图 2所示方式发行银行卡, 在发卡之前智能卡中必须存在"银行卡应 用"。 "银行卡应用 "是一个专用的应用程序, 用于提供磁道信息安全存储的场 所以及使用接口。 "银行卡应用"即为上述用于支付的应用, 可以通过无线通讯 方式下载到智能卡中, 也可以预先写入到智能卡中。 因此, 本发明实施例所述 的发卡方式需要先将用于支付的应用下载到移动终端,为磁道等支付信息提供 一个存储的空间和使用接口 , 然后才能下载用于支付的银行卡磁道等信息。  The bank card is issued in the manner shown in Figure 2. There must be a "bank card application" in the smart card before the card is issued. "Bank Card Application" is a dedicated application for providing secure storage of track information and therefore using interfaces. The "bank card application" is the above-mentioned application for payment, which can be downloaded to the smart card by wireless communication, or can be written into the smart card in advance. Therefore, the card issuing method according to the embodiment of the present invention needs to download the application for payment to the mobile terminal first, and provide a storage space and a use interface for the payment information such as the track, and then download the information such as the bank card track for payment. .
下面分别说明下载支付应用和下载磁道等信息的过程。  The following describes the process of downloading the payment application and downloading information such as tracks.
参照图 3 , 是所述将支付应用下载到移动终端的步骤流程图。 支付应用的 下载通常称作应用下载,应用下载指发卡前置机利用中间件将某种应用安全地 下载到智能卡(如 SIM卡) 中, 下载流程如下:  Referring to FIG. 3, it is a flow chart of the steps of downloading a payment application to a mobile terminal. The download of the payment application is usually called application download. The application download means that the card front-end machine uses middleware to securely download an application to a smart card (such as a SIM card). The download process is as follows:
步骤 301, 用户打开移动设备中间件提供的功能选择界面, 选择支付应用 下载。  Step 301: The user opens a function selection interface provided by the mobile device middleware, and selects a payment application download.
步骤 302, 用户通过中间件输入下载授权码。 所述下载授权码是发卡前置 机提供给用户下载支付应用的验证码, 主要用于验证用户是否具备下载的权 利。 如果用户下载支付应用, 则需要先通过注册审核, 获取具有唯一性的下载 授权码, 获取方式可以是短信、 电子邮件、 电话通知等形式。 In step 302, the user inputs the authorization code through the middleware input. The download authorization code is a verification code provided by the card front-end machine to the user to download the payment application, and is mainly used to verify whether the user has the right to download. Lee. If the user downloads the payment application, the registration authorization is required to obtain a unique download authorization code, which can be in the form of short message, email, or telephone notification.
步骤 303 , 中间件将所述用户输入的下载授权码通过无线通讯网络发送到 发卡前置机。  Step 303: The middleware sends the download authorization code input by the user to the card issuing front end through a wireless communication network.
步骤 304, 发卡前置机收到支付应用下载的请求后, 根据请求中包含的下 载授权码确认用户是否具备下载权利。  Step 304: After receiving the request for downloading the application, the card front-end machine confirms whether the user has the download right according to the download authorization code included in the request.
步骤 305, 通过权利认证后, 发卡前置机发送响应报文, 将用户要下载的 相应支付应用分解成一定数目的数据包,对数据包用唯一性密钥加密, 然后通 过无线网络将数据包发送到移动设备的中间件。  Step 305: After the right authentication, the card-issuing front-end machine sends a response message, decomposes the corresponding payment application to be downloaded by the user into a certain number of data packets, encrypts the data packet with a unique key, and then uses the wireless network to encrypt the data packet. Middleware sent to mobile devices.
其中, 所述加密也可以采用各种加密方法, 如对称密钥或非对称密钥等。 但是,本步骤的加密密钥只有发卡前置机可以使用 ,移动设备无法获知该密钥。  The encryption may also adopt various encryption methods, such as a symmetric key or an asymmetric key. However, the encryption key of this step can only be used by the card-issuing front-end machine, and the mobile device cannot know the key.
步骤 306, 中间件收到下载信息, 确认是数据包后, 对数据包内的加密应 用信息不作处理, 直接写入到智能卡(如 SIM卡) 中, 智能卡将信息保存在 受控的存储区。 如果响应信息不成功, 则提示应用下载失败。  Step 306: After receiving the download information, the middleware does not process the encrypted application information in the data packet, and directly writes the information to the smart card (such as a SIM card), and the smart card saves the information in the controlled storage area. If the response message is unsuccessful, the application download fails.
步骤 307, 中间件根据响应报文的指示信息确认是否还有后续数据包, 如 果还有, 则继续接收后续数据包, 并将数据包内的加密应用信息不作处理, 直 接写入到智能卡(如 SIM卡) 中, 直到接收全部的数据包。  Step 307: The middleware confirms whether there is a subsequent data packet according to the indication information of the response message, and if yes, continues to receive the subsequent data packet, and the encrypted application information in the data packet is not processed, and is directly written to the smart card (eg, In the SIM card, until all packets are received.
步骤 308, 中间件提示用户下载成功。  Step 308, the middleware prompts the user to download successfully.
参照图 4, 是所述将银行卡磁道等信息下载到移动终端的步骤流程图。 步骤 401 , 用户在移动设备中间件上选择下载银行卡磁道等信息。  Referring to Figure 4, there is shown a flow chart of the steps of downloading information such as bank card tracks to a mobile terminal. Step 401: The user selects to download information such as a bank card track on the mobile device middleware.
步骤 402, 用户通过中间件输入银行卡信息后确认。 所述银行卡信息包括 银行卡卡号和密码, 主要用于发卡前置机验证用户的身份。  Step 402: The user confirms by inputting the bank card information through the middleware. The bank card information includes a bank card number and a password, and is mainly used for issuing the card front-end machine to verify the identity of the user.
步骤 403 , 中间件将用户输入的身份认证信息送移动设备内置的智能卡 (如 SIM卡)加密处理后, 中间件继续读取移动设备的特征信息, 如智能卡 序列号以及智能卡上的静态认证数据,之后通过无线通讯网络发送到发卡前置 机。  Step 403: After the middleware encrypts the identity authentication information input by the user to the smart card (such as a SIM card) built in the mobile device, the middleware continues to read the feature information of the mobile device, such as the smart card serial number and the static authentication data on the smart card. It is then sent to the card issuer through the wireless communication network.
其中,加密处理可以采用对称密钥或非对称密钥,也可以是其他加密手段。 但是,加密所使用的密钥都是和发卡前置机通过一定的机制事先协商好, 否则 发卡前置机就无法解密。而且,所述密钥都存储在智能卡中, 中间件可以使用, 但不知道密钥。 The encryption process may use a symmetric key or an asymmetric key, or may be other encryption means. However, the key used for encryption is negotiated in advance with the card-issuing front-end machine through a certain mechanism, otherwise the card-fronting machine cannot be decrypted. Moreover, the keys are stored in the smart card, and the middleware can be used. But don't know the key.
步骤 404, 发卡前置机收到银行卡磁道等信息下载的请求后, 首先验证请 求中包含的静态认证数据, 确认移动设备内置的银行卡应用合法且没有被窜 改,验证失败将终止下载过程; 验证成功后则利用所述协商密钥对加密的身份 认证信息进行解密 , 然后将所述身份认证信息发送到相应的机构 ,验证用户的 身份。  Step 404: After receiving the request for downloading information such as the bank card track, the card front-end machine first verifies the static authentication data included in the request, and confirms that the bank card application built in the mobile device is legal and has not been tampered with, and the verification failure will terminate the download process; After the verification is successful, the encrypted identity authentication information is decrypted by using the negotiation key, and then the identity authentication information is sent to the corresponding organization to verify the identity of the user.
步骤 405, 通过身份验证, 发卡前置机发送响应报文, 将相应的磁道等支 付信息压缩后加密, 加密的结果作为 文的一部分发送到移动设备的中间件。 其中, 所述响应报文的结构如图 5所示: 主要包括报文类型、持卡人信息、 加 密结果、 其他附属信息。 同上, 加密密钥只有发卡前置机可以使用, 移动设备 无法获知该密钥。  Step 405: After the identity verification, the card-issuing front-end machine sends a response message, compresses the corresponding track and the like information, and encrypts the encrypted information, and the encrypted result is sent to the middleware of the mobile device as part of the text. The structure of the response message is as shown in FIG. 5: mainly includes the message type, cardholder information, encryption result, and other ancillary information. As above, the encryption key can only be used by the card-issuing front-end machine, and the mobile device cannot know the key.
步骤 406, 中间件收到响应信息后, 根据报文头信息解析出持卡人信息及 加密结果, 对加密的磁道等支付信息不作处理, 直接写入到智能卡(如 SIM 卡)中, 智能卡将信息保存在受控的存储区。 如果响应信息不成功, 则提示应 用下载失败。  Step 406: After receiving the response information, the middleware parses the cardholder information and the encryption result according to the message header information, and does not process the payment information such as the encrypted track, and directly writes the information to the smart card (such as a SIM card), and the smart card will Information is stored in a controlled storage area. If the response message is unsuccessful, the application download fails.
步骤 407, 中间件提示用户下载成功。  Step 407, the middleware prompts the user to download successfully.
上述支付应用下载与磁道等信息的下载过程主要有三点不同:  There are three main differences between the above-mentioned payment application download and the downloading process of information such as tracks:
其一, 两个过程中进行不同的认证: 支付应用下载中, 发卡前置机通过下 载授权码进行用户下载权限的认证; 而磁道信息下载过程中,发卡前置机通过 静态认证数据和卡号、 密码信息进行用户身份的识别;  First, different authentications are performed in two processes: In the payment application download, the card front-end machine authenticates the user download authority by downloading the authorization code; and in the track information downloading process, the card-issuing front-end machine passes the static authentication data and the card number, The password information identifies the user's identity;
其二, 磁道信息下载过程中, 中间件必须区分哪些信息是敏感的 (如密码、 磁道信息等), 哪些信息是可以不关心的 (如卡片名称、 卡号等), 并将所述敏感 信息送智能卡加密后再发送; 而支付应用下载中, 中间件无需知道发送或接收 的信息是密文还是明文, 所以直接将用户输入的信息发送;  Second, in the process of downloading track information, the middleware must distinguish which information is sensitive (such as passwords, track information, etc.), which information can be ignored (such as card name, card number, etc.), and send the sensitive information. The smart card is encrypted and then sent; in the payment application download, the middleware does not need to know whether the information sent or received is ciphertext or plaintext, so the information input by the user is directly sent;
其三, 支付应用下载中, 由于支付应用的下载数据量较大, 所以分解成多 个数据包传输; 而磁道等信息的下载可以完成一次性传输。  Third, in the payment application download, since the amount of downloaded data of the payment application is large, it is decomposed into multiple data packet transmissions; and the download of information such as tracks can be completed in one time.
本发明实施例优选的,为保证发卡前置机和移动终端中间件之间的数据交 互安全, 在数据传输过程中进行了再次加密, 确保传输过程的安全性。 参照图 6所示, 对中间件与发卡前置机之间的交互报文定义了如下结构: 包括报文类 型、 动作描述、 过程密钥算法及种子、 发送序列计数器(ssc )、 报文数据等。 图 6所示报文与图 5所示报文的区别在于:图 6的报文是对传输过程中所有传 输数据的封装, 即图 5的报文只是图 6报文的一部分。 Preferably, in the embodiment of the present invention, in order to ensure data interaction security between the card-issuing front-end machine and the mobile terminal middleware, re-encryption is performed in the data transmission process to ensure the security of the transmission process. Referring to FIG. 6, the following structure is defined for the interaction message between the middleware and the card-issuing front-end machine: including the message class Type, action description, process key algorithm and seed, send sequence counter (ssc), message data, etc. The difference between the message shown in FIG. 6 and the message shown in FIG. 5 is that the message in FIG. 6 is a package for all transmission data in the transmission process, that is, the message in FIG. 5 is only a part of the message in FIG. 6.
在交互过程中, 报文发起方定义为 Sender, 接收方定义为 Receiver。 交互 过程是: Sender使用过程密钥算法及种子生成过程密钥, 并使用所述过程密钥 加密报文数据, 将发送序列计数器 (SSC)置为初始值 1 ; 将过程密钥种子、 过 程密钥算法、 SSC及加密的报文数据一起组成报文发送到 Receiver; Receiver 收到报文后根据过程密钥算法和过程密钥种子恢复过程密钥,并用所述过程密 钥解密报文数据, 得到发送的信息原文 (也可能还是密文), 根据动作描述来决 定如何处理解密的数据。  During the interaction, the message initiator is defined as Sender and the receiver is defined as Receiver. The interaction process is: Sender uses the process key algorithm and the seed generation process key, and uses the process key to encrypt the message data, and sets the transmission sequence counter (SSC) to an initial value of 1; The key algorithm, the SSC and the encrypted message data are combined to form a message and sent to the Receiver; after receiving the message, the Receiver recovers the process key according to the process key algorithm and the process key seed, and decrypts the message data by using the process key. The original text of the sent message (which may also be ciphertext) is obtained, and the decrypted data is determined according to the action description.
通过上述下载流程,移动终端中就存储了已经加密的某种支付应用及个人 用户的银行卡磁道等信息 , 移动终端用户可以直接利用移动设备中的智能卡 (如 SIM卡)完成银行支付功能。 参照图 7, 是所述通过移动终端完成支付的 步骤流程图。  Through the above downloading process, the mobile terminal stores information such as a certain payment application that has been encrypted and a bank card track of the individual user, and the mobile terminal user can directly use the smart card (such as a SIM card) in the mobile device to complete the bank payment function. Referring to Figure 7, a flow chart of the steps of completing payment by the mobile terminal is shown.
步骤 701, 用户将随身携带的移动设备在受理终端(如 ATM、 POS终端、 银行自助设备、银行前置拒台等)进行刷卡操作, 所述移动设备内嵌有装载银 行卡应用的智能卡。  Step 701: The user performs a card swiping operation on the mobile device carried by the user (such as an ATM, a POS terminal, a bank self-service device, a bank pre-rejection station, etc.), and the mobile device is embedded with a smart card loaded with the bank card application.
步骤 702, 智能卡提供了一个用于将存储的下载信息输出的接口, 通过所 述接口输出下载信息时, 卡内会自动生成一个过程密钥 SK, 使用该 SK对已 经加密的下载数据再次进行加密, 得到加密结果 (PI)SK。  Step 702: The smart card provides an interface for outputting the stored download information. When the download information is output through the interface, a process key SK is automatically generated in the card, and the encrypted download data is encrypted again by using the SK. , get the encrypted result (PI) SK.
步骤 703, 将所述加密结果 (PI)SK、 生成过程密钥 SK的种子数据、 过程 密钥算法一起通过所述接口输出。  Step 703: Output the encryption result (PI) SK, the seed data of the generated process key SK, and the process key algorithm through the interface.
步骤 704,受理终端通过所述接口得到加密结果 (PI)SK、生成过程密钥 SK 的种子数据、 过程密钥算法后, 和交易数据一起组成报文, 发送到交易处理系 统。  Step 704: After receiving the encryption result (PI)SK, the seed data of the process key SK, and the process key algorithm, the receiving terminal forms a message together with the transaction data, and sends the message to the transaction processing system.
步骤 705, 交易处理系统根据生成过程密钥 SK的种子数据和过程密钥算 法回复过程密钥 SK, 进行解密处理后得到加密的下载数据。 由于交易处理系 统和发卡前置机是同一个机构,或者是事先协商好的不同机构, 所以交易处理 系统可以获得对下载数据解密的密钥。交易处理系统对加密的下载数据进行解 密得到下载数据后, 交易就可以直接进行了。 Step 705: The transaction processing system returns the process key SK according to the seed data of the generated process key SK and the process key algorithm, and performs decryption processing to obtain encrypted download data. Since the transaction processing system and the card-issuing front-end machine are the same institution or different institutions negotiated in advance, the transaction processing system can obtain a key for decrypting the downloaded data. The transaction processing system solves the encrypted download data Once the data is downloaded, the transaction can be processed directly.
采用上述方法,用户可以随时随地下载支付应用和磁道等支付信息到移动 设备中, 使用十分方便, 而且比传统的银行卡发行方式更安全快速。  By adopting the above method, the user can download the payment information such as the payment application and the track to the mobile device anytime and anywhere, and the use is very convenient, and is safer and faster than the traditional bank card issuance method.
针对所述下载方法,本发明还提供了相应的下载系统,具体实施例可参见 图 2所示。 图中, 所述发卡前置机 2、 发卡机构 4 (可能存放银行卡磁道等信 息)、 专用通讯网络 5统称为发卡系统, 因此所述下载系统包括移动设备 1、 发卡系统和无线通讯网络 3。 系统各个组成部件如前所述, 在此不再详述。  The present invention also provides a corresponding downloading system for the downloading method. For a specific embodiment, reference may be made to FIG. 2. In the figure, the card issuing machine 2, the card issuing mechanism 4 (possibly storing information such as bank card tracks), and the dedicated communication network 5 are collectively referred to as a card issuing system, so the downloading system includes the mobile device 1, the card issuing system and the wireless communication network 3 . The various components of the system are as described above and will not be described in detail herein.
本发明实施例还提供了一种移动终端设备,用于下载支付应用和银行卡磁 道等信息。所述移动终端设备不同于普通使用的移动设备, 需要内置中间件和 提供下载数据输出接口的智能卡芯片。 所述移动终端设备可以是手机、 PDA、 移动 PC等。  The embodiment of the invention further provides a mobile terminal device for downloading information such as a payment application and a bank card track. The mobile terminal device is different from a commonly used mobile device, and requires a built-in middleware and a smart card chip that provides a download data output interface. The mobile terminal device may be a mobile phone, a PDA, a mobile PC or the like.
所述中间件负责在智能卡和发卡系统之间建立并维持数据通讯,具体功能 包括: 对于支付应用下载, 收集用户在移动设备上输入的权限认证信息(如下 载授权码); 对于银行卡磁道等信息下载, 收集用户输入的银行卡卡号或密码 等身份认证信息,将用户输入的银行卡密码等敏感信息送到内嵌的智能卡内加 密, 并获得加密的结果; 与发卡系统建立通讯链接; 将所述权限认证信息, 或 者是敏感信息的密文及其他收集到的信息, 一起组成报文发送到发卡系统; 从 发卡系统接收返回信息,解析出加密的支付应用或磁道等信息后直接转发到移 动设备内嵌的智能卡中存储。  The middleware is responsible for establishing and maintaining data communication between the smart card and the card issuance system, and the specific functions include: for the payment application download, collecting the authority authentication information input by the user on the mobile device (such as downloading the authorization code); for the bank card track, etc. Downloading information, collecting identity authentication information such as the bank card number or password entered by the user, sending sensitive information such as the bank card password entered by the user to the embedded smart card for encryption, and obtaining the encrypted result; establishing a communication link with the card issuing system; The authority authentication information, or the ciphertext of the sensitive information and other collected information, are combined to form a message and sent to the card issuing system; the return information is received from the card issuing system, and the encrypted payment application or track information is parsed and directly forwarded to the Stored in a smart card embedded in the mobile device.
所述智能卡提供了存储和加密功能, 例如手机内置的 SIM卡, 是智能卡 在电信领域的具体应用 ,类似一台没有显示器和键盘的电脑,内部有操作系统、 内存、 EEPROM (类似硬盘, 用来存储信息)、 CPU等部件。 智能卡之所以叫"智 能"卡, 就是因为它有可以灵活设定应用逻辑的操作系统和 CPU等部件。  The smart card provides storage and encryption functions, such as a SIM card built in the mobile phone, which is a specific application of the smart card in the field of telecommunications, similar to a computer without a display and a keyboard, and has an internal operating system, a memory, and an EEPROM (similar to a hard disk). Store information), CPU and other components. The reason why a smart card is called a "smart" card is because it has an operating system and a CPU that can flexibly set application logic.
智能卡内可以存放很多应用, 如果存放了电信的应用, 就称作 SIM卡。 当然, 智能卡同时还可以保存诸如银行卡的应用。 其中, 每种应用都包含两种 数据: 密钥和应用所必须的数据; 所述密钥定义应用的逻辑, 并通过所述逻辑 对应用数据进行保护。存放各种应用的智能卡也可以与 SIM卡分开,单独内置 在移动设备中。 智能卡的加密功能就是预先在卡内存储一组密钥,并定义密钥的加密接口 供外部使用, 例如下面的接口就定义了加密的功能调用: A smart card can store many applications. If a telecom application is stored, it is called a SIM card. Of course, smart cards can also save applications such as bank cards. Each application contains two types of data: a key and data necessary for the application; the key defines the logic of the application, and the application data is protected by the logic. Smart cards for various applications can also be separated from the SIM card and built into the mobile device. The encryption function of the smart card is to store a set of keys in the card in advance, and define the encrypted interface of the key for external use. For example, the following interface defines the encrypted function call:
Figure imgf000013_0001
Figure imgf000013_0001
表 1是定义加密的功能调用表  Table 1 is a function call table that defines encryption.
其中, KID定义调用密钥的标识, 0P定义加密或解密操作, DATA定义加 密 /解密的输入信息。 定义了以上接口的智能卡可以将中间件送来的用户输入 信息进行加密处理。  Among them, KID defines the identifier of the calling key, 0P defines the encryption or decryption operation, and DATA defines the input information of the encryption/decryption. The smart card that defines the above interface can encrypt the user input information sent from the middleware.
移动终端设备内置了上述智能卡和中间件,就可以下载各种支付应用和银 行卡磁道等信息。 而具备了支付功能的移动设备如果实现支付功能,还需要通 过内置的通讯接口, 在支付操作时将银行卡磁道信息输出, 才能完成支付。 所 述通讯接口具有信息输入和输出功能,在下载过程中, 用于接收输入通过中间 件下载的支付应用或银行卡磁道等信息; 在支付过程中,用于将存储的磁道信 息输出到外部设备。  The mobile terminal device has built-in smart cards and middleware to download information such as various payment applications and bank card tracks. If the mobile device with the payment function implements the payment function, it also needs to use the built-in communication interface to output the bank card track information during the payment operation to complete the payment. The communication interface has an information input and output function, and is used for receiving information such as a payment application or a bank card track downloaded through the middleware during the downloading process; and outputting the stored track information to the external device during the payment process; .
所述通讯接口可以由智能卡提供, 也可以由移动终端设备提供。 通常, 智 能卡应用使用一种名叫 APDU的接口 (参见表 1 )来和外部设备通讯或提供服 务, 所述 APDU接口即为通讯接口, 可以将下载的银行卡磁道信息通过 APDU 接口输入到智能卡,或者输出到受理终端, 然后再通过所述受理终端传输到交 易处理系统进行交易处理, 实现智能卡的支付功能。 当然, 所述通讯接口也可 以设置在移动设备中,对内嵌在移动终端中的多张智能卡都能够进行存储数据 的输入和输出。  The communication interface may be provided by a smart card or by a mobile terminal device. Generally, a smart card application uses an interface called APDU (see Table 1) to communicate with or provide services to an external device. The APDU interface is a communication interface, and the downloaded bank card track information can be input to the smart card through the APDU interface. Or output to the receiving terminal, and then transmitted to the transaction processing system through the receiving terminal for transaction processing to realize the payment function of the smart card. Of course, the communication interface can also be set in the mobile device, and the input and output of the stored data can be performed on multiple smart cards embedded in the mobile terminal.
而且,通讯接口可以是远程无线通讯接口, 能够实现远程下载和远程实时 支付交易; 还可以是近距离非接触式通讯接口, 实现非接触式的近距离下载和 现场支付交易。所述近距离非接触式通讯接口是由内置的 NFC芯片提供,用来 实现非接触式功能。移动终端设备中可以设置两种接口, 同时具备远程和近距 离的无线下载、 支付功能。 例如, 通过远程或近距离下载具备支付功能后, 如 果能够现场支付,磁道信息就通过近距离非接触式通讯接口输出; 如果需要远 程支付,磁道信息则通过远程无线通讯接口输出 ,这样用户使用起来十分方便。 上述 NFC技术(近距离非接触技术)脱胎于无线设备间的"非接触式射频 识别"(RFID)及互连技术, 它可以满足任何两个无线设备间的信息交换、 内容 访问、服务交换, 并且使之更为简约——只要任意两个设备靠近而不需要线缆 接插, 就可以实现相互间的通信。 所述通讯方式将任意两个无线设备间的"通 信距离 "大大缩短。 例如, 手里拿着手机在一个音乐会的广告海报前, 把手机 接近海报, 就能实现手机与海报网站的连接; 要想买票入场, 可以利用嵌在手 机中的智能卡支付票款。 这就是 NFC技术的应用。 Moreover, the communication interface can be a remote wireless communication interface, which can realize remote downloading and remote real-time payment transactions; and can also be a close-range contactless communication interface, enabling non-contact close-range downloading and on-site payment transactions. The proximity contactless communication interface is provided by a built-in NFC chip for implementing a contactless function. Two interfaces can be set in the mobile terminal device, and at the same time, remote and close-range wireless download and payment functions are available. For example, after remote or close downloading with payment function, if it can be paid on site, the track information is output through the proximity contactless communication interface; Cheng pays, the track information is output through the remote wireless communication interface, so that the user is very convenient to use. The above NFC technology (close-range non-contact technology) is born out of "contactless radio frequency identification" (RFID) and interconnection technology between wireless devices, which can meet the information exchange, content access and service exchange between any two wireless devices. And to make it more simple - as long as any two devices are close without the need for cable plug-in, you can achieve mutual communication. The communication method greatly shortens the "communication distance" between any two wireless devices. For example, holding a mobile phone in front of a concert advertisement poster, you can connect the mobile phone to the poster website, and you can connect the mobile phone to the poster website. To buy tickets, you can use the smart card embedded in the mobile phone to pay for the ticket. This is the application of NFC technology.
以上对本发明所提供的一种移动终端及下载银行卡信息或支付应用的方 法、 系统, 进行了详细介绍, 本文中应用了具体个例对本发明的原理及实施方 式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思 想; 同时, 对于本领域的一般技术人员, 依据本发明的思想, 在具体实施方式 及应用范围上均会有改变之处。 综上所述,本说明书内容不应理解为对本发明 的限制。  The present invention provides a mobile terminal and a method and system for downloading bank card information or payment application. The principles and embodiments of the present invention are described in the following. The description is only for helping to understand the method of the present invention and its core idea; at the same time, there will be changes in the specific embodiments and application scopes according to the idea of the present invention to those skilled in the art. In conclusion, the content of the present specification should not be construed as limiting the invention.

Claims

权 利 要 求 Rights request
1、 移动终端下载银行卡信息或支付应用的系统, 包括移动终端设备和发 卡系统, 其特征在于:  1. A system for downloading bank card information or a payment application by a mobile terminal, including a mobile terminal device and a card issuing system, characterized in that:
所述移动终端设备包括智能卡和中间件,其中所述智能卡用于存储下载的 支付应用和银行卡信息; 所述中间件用于收集用户输入的认证信息,发送到发 卡系统,并从发卡系统接收加密的支付应用或银行卡信息,转发给智能卡存储; 所述发卡系统用于从移动终端设备的中间件接收所述认证信息 ,通过认证 后, 将相应的支付应用或银行卡信息加密后返回给移动终端设备的中间件。  The mobile terminal device includes a smart card and a middleware, wherein the smart card is configured to store the downloaded payment application and bank card information; the middleware is configured to collect authentication information input by the user, send to the card issuing system, and receive from the card issuing system The encrypted payment application or bank card information is forwarded to the smart card storage; the card issuing system is configured to receive the authentication information from the middleware of the mobile terminal device, and after the authentication, encrypt the corresponding payment application or bank card information and return to the Middleware for mobile terminal devices.
2、 根据权利要求 1所述的系统, 其特征在于: 若移动终端设备下载银行 卡信息, 则所述用户输入的认证信息为身份认证信息; 若移动终端设备下载支 付应用 , 则所述用户输入的认证信息为权限认证信息。  2. The system according to claim 1, wherein: if the mobile terminal device downloads the bank card information, the authentication information input by the user is identity authentication information; and if the mobile terminal device downloads the payment application, the user input The authentication information is the authority authentication information.
3、 根据权利要求 2所述的系统, 其特征在于: 所述移动终端设备的中间 件将用户输入的身份认证信息送到智能卡加密后,再发送给发卡系统; 而将权 P艮认证信息直接发送给发卡系统。  3. The system according to claim 2, wherein: the middleware of the mobile terminal device sends the identity authentication information input by the user to the smart card for encryption, and then sends the information to the card issuing system; and the right P艮 authentication information is directly Send to the card issuing system.
4、 根据权利要求 1所述的系统, 其特征在于: 所述发卡系统包括发卡前 置机和发卡数据收集系统, 其中银行卡信息存储在所述发卡数据收集系统中, 所述发卡前置机从发卡数据收集系统获取银行卡信息,加密后发送给移动终端 设备的中间件; 或者银行卡信息直接存储在发卡前置机。  4. The system according to claim 1, wherein: said card issuing system comprises a card issuing front end machine and a card issuing data collecting system, wherein bank card information is stored in said card issuing data collecting system, said card issuing front end machine The bank card information is obtained from the card issuance data collection system, and is encrypted and sent to the middleware of the mobile terminal device; or the bank card information is directly stored in the card issuing front machine.
5、 根据权利要求 4所述的系统, 其特征在于: 所述发卡数据收集系统与 发卡前置机之间通过专用通讯网络连接;所述移动终端设备与发卡系统之间通 过无线通讯网络连接, 无线通讯方式包括短信、 USSD或无线互联网。  The system according to claim 4, wherein: the card issuing data collecting system and the card issuing front end are connected by a dedicated communication network; and the mobile terminal device and the card issuing system are connected by a wireless communication network, Wireless communication methods include SMS, USSD or wireless internet.
6、 移动终端下载银行卡信息或支付应用的方法, 其特征在于, 包括: 移动终端接收用户输入的认证信息 , 并通过中间件发送给发卡系统; 发卡系统进行认证后 ,将相应的支付应用或银行卡信息加密后返回给移动 终端的中间件;  6. The mobile terminal downloads the bank card information or the payment application method, and the method includes: the mobile terminal receives the authentication information input by the user, and sends the authentication information to the card issuing system through the middleware; after the card issuing system performs the authentication, the corresponding payment application or The middleware returned to the mobile terminal after the bank card information is encrypted;
中间件将所述加密结果写入智能卡存储。  The middleware writes the encrypted result to the smart card storage.
7、 根据权利要求 6所述的方法, 其特征在于: 若下载支付应用, 则用户 输入权限认证信息, 进行下载权限的认证; 若下载银行卡信息, 则用户输入身 份认证信息, 进行用户身份的认证。 7. The method according to claim 6, wherein: if the payment application is downloaded, the user inputs the authority authentication information to perform authentication of the download authority; if the bank card information is downloaded, the user inputs the identity authentication information to perform the user identity. Certification.
8、 根据权利要求 7所述的方法, 其特征在于, 若下载银行卡信息, 还包 括: 移动终端中间件将用户输入的身份认证信息送到智能卡加密, 然后再发送 到发卡系统。 8. The method according to claim 7, wherein if the bank card information is downloaded, the method further comprises: the mobile terminal middleware sending the identity authentication information input by the user to the smart card for encryption, and then transmitting the information to the card issuing system.
9、 根据权利要求 8所述的方法, 其特征在于: 所述智能卡利用与发卡系 统协商的密钥对用户输入的身份认证信息加密,发卡系统在验证用户身份时直 接解密。  9. The method according to claim 8, wherein: the smart card encrypts the identity authentication information input by the user by using a key negotiated with the card issuing system, and the card issuing system directly decrypts when verifying the identity of the user.
10、根据权利要求 6所述的方法, 其特征在于: 所述发卡系统利用移动终 端未知的密钥对支付应用或银行卡信息加密。  10. The method of claim 6 wherein: said card issuance system encrypts payment application or bank card information using a key unknown to the mobile terminal.
11、 根据权利要求 6所述的方法, 其特征在于, 还包括: 对中间件与发卡 系统间的传输数据采用过程密钥加密传输,所述传输数据包括认证信息以及加 密的支付应用或银行卡信息。  11. The method according to claim 6, further comprising: performing process key encryption transmission on transmission data between the middleware and the card issuance system, the transmission data including authentication information and an encrypted payment application or bank card information.
12、 根据权利要求 6所述的方法, 其特征在于: 若下载支付应用, 则将支 付应用分解成数据包传输。  12. Method according to claim 6, characterized in that if the payment application is downloaded, the payment application is decomposed into data packet transmissions.
13、 一种移动支付终端设备, 其特征在于, 包括:  13. A mobile payment terminal device, comprising:
智能卡, 用于存储下载的支付应用和 4艮行卡信息;  a smart card for storing downloaded payment applications and 4 line card information;
中间件, 用于收集用户输入的认证信息, 发送到发卡系统; 并从发卡系统 接收返回的支付应用或银行卡信息 , 转发给智能卡存储;  The middleware is configured to collect authentication information input by the user, and send the information to the card issuing system; and receive the returned payment application or bank card information from the card issuing system, and forward it to the smart card storage;
通讯接口 , 用于输入或输出智能卡存储的银行卡信息。  Communication interface, used to input or output bank card information stored by smart card.
14、 根据权利要求 13所述的移动支付终端设备, 其特征在于: 所述智能 卡具有加密功能, 若下载银行卡信息, 则所述中间件将用户输入的认证信息送 到智能卡加密后, 再发送给发卡系统。  The mobile payment terminal device according to claim 13, wherein: the smart card has an encryption function, and if the bank card information is downloaded, the middleware sends the authentication information input by the user to the smart card for encryption, and then sends the information. Give the card issuing system.
15、 根据权利要求 13所述的移动支付终端设备, 其特征在于: 所述智能 卡存储的支付应用和银行卡信息为加密信息。  The mobile payment terminal device according to claim 13, wherein: the payment application and the bank card information stored by the smart card are encrypted information.
16、 根据权利要求 13所述的移动支付终端设备, 其特征在于: 所述通讯 接口包括远程无线通讯接口和 /或近距离非接触式通讯接口。  16. The mobile payment terminal device of claim 13, wherein: the communication interface comprises a remote wireless communication interface and/or a proximity contactless communication interface.
17、 根据权利要求 16所述的移动支付终端设备, 其特征在于: 所述通讯 接口设置在智能卡上, 或者由所述移动支付终端设备提供。  17. The mobile payment terminal device according to claim 16, wherein: the communication interface is provided on a smart card or provided by the mobile payment terminal device.
18、 根据权利要求 13所述的移动支付终端设备, 其特征在于: 所述智能 卡为 SIM卡; 或者是与 SIM卡分开, 单独内嵌在设备内的智能卡。 18. The mobile payment terminal device according to claim 13, wherein: the smart card is a SIM card; or a smart card separately embedded in the device separately from the SIM card.
19、 根据权利要求 13所述的移动支付终端设备, 其特征在于: 所述移动 支付终端设备与发卡系统之间的无线通讯方式包括短信、 USSD或无线互联 网。 The mobile payment terminal device according to claim 13, wherein: the wireless communication mode between the mobile payment terminal device and the card issuance system comprises a short message, a USSD or a wireless internet.
PCT/CN2008/071358 2007-06-20 2008-06-19 A mobile terminal, a method and a system for downloading bank card information or payment application information WO2008154872A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN2007100426150A CN101329786B (en) 2007-06-20 2007-06-20 Method and system for acquiring bank card magnetic track information or payment application for mobile terminal
CN200710042616.5 2007-06-20
CN 200710042616 CN101330675B (en) 2007-06-20 2007-06-20 Mobile payment terminal equipment
CN200710042615.0 2007-06-20

Publications (1)

Publication Number Publication Date
WO2008154872A1 true WO2008154872A1 (en) 2008-12-24

Family

ID=40155918

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/071358 WO2008154872A1 (en) 2007-06-20 2008-06-19 A mobile terminal, a method and a system for downloading bank card information or payment application information

Country Status (1)

Country Link
WO (1) WO2008154872A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104348952A (en) * 2013-07-24 2015-02-11 北京握奇数据系统有限公司 Control method of card application management system
CN111652612A (en) * 2020-06-03 2020-09-11 中国银行股份有限公司 Mobile payment method and device
CN114221784A (en) * 2021-11-12 2022-03-22 招银云创信息技术有限公司 Data transmission method and computer equipment
CN116170794A (en) * 2023-04-25 2023-05-26 深圳市微付充科技有限公司 Online idle issuing system and method for smart card

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002021767A1 (en) * 2000-09-04 2002-03-14 Sonera Smarttrust Ltd Virtual payment card
CN1437373A (en) * 2002-02-09 2003-08-20 英业达股份有限公司 Automatic message sending and managing system and method
CN1581183A (en) * 2003-07-31 2005-02-16 上海贝尔阿尔卡特股份有限公司 Anonymous payment and its identification method in mobile environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002021767A1 (en) * 2000-09-04 2002-03-14 Sonera Smarttrust Ltd Virtual payment card
CN1437373A (en) * 2002-02-09 2003-08-20 英业达股份有限公司 Automatic message sending and managing system and method
CN1581183A (en) * 2003-07-31 2005-02-16 上海贝尔阿尔卡特股份有限公司 Anonymous payment and its identification method in mobile environment

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104348952A (en) * 2013-07-24 2015-02-11 北京握奇数据系统有限公司 Control method of card application management system
CN104348952B (en) * 2013-07-24 2017-03-29 北京握奇数据系统有限公司 A kind of control method of card AMS
CN111652612A (en) * 2020-06-03 2020-09-11 中国银行股份有限公司 Mobile payment method and device
CN111652612B (en) * 2020-06-03 2023-08-29 中国银行股份有限公司 Mobile payment method and device
CN114221784A (en) * 2021-11-12 2022-03-22 招银云创信息技术有限公司 Data transmission method and computer equipment
CN114221784B (en) * 2021-11-12 2024-04-09 招银云创信息技术有限公司 Data transmission method and computer equipment
CN116170794A (en) * 2023-04-25 2023-05-26 深圳市微付充科技有限公司 Online idle issuing system and method for smart card
CN116170794B (en) * 2023-04-25 2023-08-08 深圳市微付充科技有限公司 Online idle issuing system and method for smart card

Similar Documents

Publication Publication Date Title
US7357309B2 (en) EMV transactions in mobile terminals
CN1344396B (en) Portable electronic charge and authorization devices and methods therefor
JP5562965B2 (en) Electronic payment application system and payment authentication method
US7870998B2 (en) Private information exchange in smart card commerce
KR20210069055A (en) System and method for cryptographic authentication of contactless card
CN101329786B (en) Method and system for acquiring bank card magnetic track information or payment application for mobile terminal
CN101098225A (en) Safety data transmission method and paying method, paying terminal and paying server
JP2012503242A (en) Contactless authentication system and method used for settlement
WO2001086599A2 (en) Smart communications
WO2009137076A2 (en) A one card system
CN105593886A (en) Methods and apparatus for performing local transactions
CN101330675B (en) Mobile payment terminal equipment
US9792592B2 (en) Portable electronic device for exchanging values and method of using such a device
CN101223729B (en) Updating a mobile payment device
WO2008154872A1 (en) A mobile terminal, a method and a system for downloading bank card information or payment application information
US8290870B2 (en) Method and device for exchanging values between personal portable electronic entities
KR100901297B1 (en) System for Virtual Mechant Network Application
KR100928412B1 (en) Payment processing system using virtual merchant network
KR101212237B1 (en) System and Method for Paying Input by VoIP Terminal, VoIP Terminal and Recording Medium
CN104881782B (en) A kind of method based on Secure Transaction, system
KR101145832B1 (en) Payment terminal and card payment method of a payment terminal via virtual merchant network
CN114424202A (en) System and method for using dynamically tagged content
KR20090016618A (en) Method for settlement process using virtual merchant network and program recording medium
KR20090093234A (en) VoIP Terminal with Function of Virtual Financial Terminal and Method for Financial Transaction, Program Recording Medium
KR20090000585A (en) Transaction point devices for distributed payment by using mobile communication, system and method for distributed payment and program recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08757767

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08757767

Country of ref document: EP

Kind code of ref document: A1