WO2014114047A1 - 实现近场通信中选择安全单元的方法、移动终端与pos机 - Google Patents
实现近场通信中选择安全单元的方法、移动终端与pos机 Download PDFInfo
- Publication number
- WO2014114047A1 WO2014114047A1 PCT/CN2013/077439 CN2013077439W WO2014114047A1 WO 2014114047 A1 WO2014114047 A1 WO 2014114047A1 CN 2013077439 W CN2013077439 W CN 2013077439W WO 2014114047 A1 WO2014114047 A1 WO 2014114047A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- attribute
- instruction
- near field
- field communication
- feature
- Prior art date
Links
- 238000004891 communication Methods 0.000 title claims abstract description 171
- 238000000034 method Methods 0.000 title claims abstract description 108
- 230000003993 interaction Effects 0.000 claims abstract description 79
- 230000007613 environmental effect Effects 0.000 claims description 94
- 230000002452 interceptive effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 description 21
- 238000013459 approach Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 12
- 239000000284 extract Substances 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 6
- 230000011664 signaling Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000002085 persistent effect Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- MOVRNJGDXREIBM-UHFFFAOYSA-N aid-1 Chemical compound O=C1NC(=O)C(C)=CN1C1OC(COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C(NC(=O)C(C)=C2)=O)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C(NC(=O)C(C)=C2)=O)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C(NC(=O)C(C)=C2)=O)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)COP(O)(=O)OC2C(OC(C2)N2C3=C(C(NC(N)=N3)=O)N=C2)CO)C(O)C1 MOVRNJGDXREIBM-UHFFFAOYSA-N 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- H04B5/72—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/45—Security arrangements using identity modules using multiple identity modules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a method for selecting a security unit in an incoming communication, a mobile terminal, and a POS machine. Background technique
- NFC Near Field Co ⁇ unicat ion
- NFC Near Field Co ⁇ unicat ion
- the operating frequency of NFC technology is 13.56MHz, and the effective range of communication is 0_20cm.
- NFC Near Field Communication
- mobile payment is an application of NFC technology, and has been rapidly applied and developed. Users use NFC-enabled mobile terminals (such as mobile phones). Pay with the corresponding POS (Point Of Sale) machine.
- POS Point Of Sale
- an SE Security Element
- DH Device Host, main
- the default SE selection can be performed according to the basic information of the NFC communication acquired by the NFC controller. For example: According to the AID (Application ID, Type Identification), RF protocol, and NFC technology classification of the SE, the default SE is performed. select.
- the embodiment of the invention provides a method for selecting a security unit in the approach communication, a mobile terminal and a POS machine, thereby implementing the mobile terminal to select a security unit according to the environmental characteristics, and completing the communication interaction with the POS machine.
- an embodiment of the present invention provides a configuration method for selecting a security unit in a near field communication, where the configuration method includes:
- the local near field communication controller receives the first configuration command sent by the local controller of the local end, where the first configuration command includes an environment feature for selecting the security unit;
- the near field communication controller configures the environmental feature in the near field communication controller
- the near field communication controller receives a second configuration instruction sent by the main controller
- the near field communication controller configures the environment feature in an attribute reply instruction that interacts with the peer end, so as to continue to interact with the peer end communication according to the configured attribute reply command. And completing the selection of the security unit.
- the method further includes: The near field communication controller receives a routing table generated by the primary controller based on the environmental characteristics.
- the environmental feature specifically includes a location attribute, a quota attribute, a time attribute, and a POS attribute One or more attribute collections.
- the environmental feature includes a quota attribute
- the near field communication controller of the local end receives the main control of the local end Before the first configuration instruction sent by the device, the configuration method further includes:
- the primary controller notifies the first security unit corresponding to the quota attribute to separate the second security unit; the near field communication controller receives the registration command sent by the second security unit.
- an embodiment of the present invention provides an interaction method for selecting a security unit in near field communication, where the interaction method includes:
- the near field communication controller receives the attribute request instruction sent by the peer end, where the attribute request instruction includes the first environment feature supported by the peer end;
- the near field communication controller sends an attribute reply instruction to the peer end, where the attribute reply command includes a second environment feature used by the near field communication controller to select the security unit according to the attribute request instruction;
- the near field communication controller receives a selection instruction sent by the opposite end, where the selection instruction includes a type identifier of the security unit required by the peer end;
- the near field communication controller selects a security unit corresponding to the first environment feature and the type identifier to complete interaction with the peer.
- the determining, by the near field communication controller, the security unit corresponding to the first environment feature and the type identifier, according to the selection instruction specifically includes:
- the near field communication controller selects the security unit corresponding to the first environmental feature and the type identifier.
- an embodiment of the present invention provides an interaction method for selecting a security unit in a near field communication, where the interaction method includes: Sending a first attribute request instruction, where the first attribute request instruction includes a first environment feature supported by the local end;
- the attribute set of the first environment feature includes the attribute set of the second environment feature, sending a selection instruction, where the selection instruction includes a type identifier of the security unit required by the local end.
- the determining whether the attribute set of the first environment feature includes the attribute set of the second environment feature further includes:
- the attribute set of the first environment feature does not include the attribute set of the second environment feature, acquiring a third environment feature, where the third environment feature includes: the first environment feature is not included and the first a set of attributes included in the second environment feature;
- an embodiment of the present invention provides a mobile terminal that implements a security unit in an incoming communication, where the mobile terminal includes:
- a receiving unit configured to receive a first configuration instruction sent by a primary controller of the local end, where the first configuration instruction includes an environment feature for selecting the security unit;
- a configuration unit configured to configure the environment feature in the near field communication controller according to the first configuration instruction
- the receiving unit is further configured to receive a second configuration instruction sent by the main controller
- the configuration unit is further configured to, according to the second configuration instruction, configure the environment feature in an attribute reply instruction that interacts with the peer end, so as to continue to follow the configured attribute reply command.
- the peer communication interaction is performed, thereby completing the selection of the security unit.
- the receiving unit is further configured to receive a routing table generated by the primary controller according to the environmental feature.
- the environment feature received by the receiving unit specifically includes a location attribute, a quota attribute, a time attribute, a POS machine A collection of one or more attributes in an attribute.
- the primary controller when the environmental feature includes a quota attribute, notifies the first security corresponding to the quota attribute After the unit separates the second security unit;
- the receiving unit is further configured to receive a registration command sent by the second security unit.
- an embodiment of the present invention provides a mobile terminal that implements a security unit in an incoming communication, where the mobile terminal includes:
- a receiving unit configured to receive an attribute request instruction sent by the peer end, where the attribute request instruction includes a first environment feature supported by the peer end;
- a sending unit configured to send an attribute reply instruction to the peer according to the attribute request instruction, where the attribute reply instruction includes a second environment feature used by the security unit to select the security unit;
- the receiving unit is further configured to receive a selection instruction sent by the peer, where the selection instruction includes a type identifier of the security unit required by the peer end;
- a selecting unit configured to select, according to the selection instruction, a security unit corresponding to the first environment feature and the type identifier, so as to complete interaction with the peer end.
- the selecting unit is specifically configured to: select, according to the routing table, the security unit corresponding to the first environment feature and the type identifier.
- an embodiment of the present invention provides a POS for selecting a security unit in an incoming communication.
- the POS machine includes:
- a sending unit configured to send a first attribute request instruction, where the first attribute request instruction includes a first environment feature supported by the local end;
- a receiving unit configured to receive a first attribute reply command, where the first attribute reply command includes a second environment feature used by the peer to select the security unit;
- a determining unit configured to determine whether the attribute set of the first environment feature includes an attribute set of the second environment feature
- the sending unit is further configured to: if the attribute set of the first environment feature includes the attribute set of the second environment feature, send a selection instruction, where the selection instruction includes the security required by the local end The type identifier of the unit.
- the POS machine further includes:
- An acquiring unit configured to acquire a third environment feature if the attribute set of the first environment feature does not include the attribute set of the second environment feature, where the third environment feature includes: the first environment feature is not Included in the set of attributes included in the second environmental feature;
- the sending unit is further configured to send a second attribute request instruction, where the second attribute request instruction includes a third environment feature.
- an embodiment of the present invention provides a system for implementing a security unit in an incoming communication, the system comprising: a mobile terminal according to the fourth aspect and the fifth aspect of the present invention, and the implementation of the present invention
- the POS machine provided in the sixth aspect of the example.
- an embodiment of the present invention provides a mobile terminal that implements selecting a security unit in the approach communication, where the mobile terminal includes:
- a near field communication controller a main controller, characterized in that
- the main controller is configured to send a first configuration instruction, where the first configuration instruction includes Environmental characteristics of the security unit;
- the near field communication controller is configured to receive the first configuration instruction, and configure the environmental feature according to the first configuration instruction
- the main controller is further configured to send a second configuration instruction
- the near field communication controller is further configured to receive the second configuration instruction, and configure the environment feature in an attribute reply instruction that interacts with the peer end according to the second configuration instruction, so as to be configured according to the configuration.
- the subsequent attribute reply instruction continues to interact with the peer communication to complete the selection of the security unit.
- the local NFC controller receives the strip configuration instruction of the local DH transmission, and the configuration instruction includes selecting the SE.
- the environmental characteristics, and the environment features for selecting the SE are configured in an attribute reply instruction that interacts with the peer communication.
- the problem that the prior art solution can only select SE by the characteristics of the NFC communication itself obtained by the NFC controller is solved.
- the NFC controller of the local end can select the SE according to the configured environment characteristics, thereby improving the practicability of the prior art. .
- FIG. 1 is a flow chart of a method for configuring a security unit in a process communication according to Embodiment 1 of the present invention
- FIG. 2 is a signaling diagram of a method for configuring a security unit in process communication according to Embodiment 2 of the present invention
- 3 is a flowchart of an interaction method for selecting a security unit in near field communication according to Embodiment 3 of the present invention
- 4 is a flowchart of an interaction method for selecting a security unit in near field communication according to Embodiment 4 of the present invention
- FIG. 5 is a signaling diagram of an interaction method for implementing a security unit in near field communication according to Embodiment 5 of the present invention.
- FIG. 6 is a schematic structural diagram of a mobile terminal for implementing a security unit in near field communication according to Embodiment 6 of the present invention.
- Figure ⁇ is a schematic diagram showing the structure of a mobile terminal for selecting a security unit in near field communication according to Embodiment 7 of the present invention.
- FIG. 8 is a schematic diagram showing the structure of a mobile terminal for selecting a security unit in near field communication according to Embodiment 8 of the present invention.
- FIG. 9 is a schematic diagram showing the structure of a mobile terminal for selecting a security unit in near field communication according to Embodiment 9 of the present invention.
- FIG. 10 is a schematic diagram of a structure of a POS machine for selecting a security unit in near field communication according to Embodiment 10 of the present invention
- FIG. 11 is a schematic diagram showing the structure of a POS machine for selecting a security unit in near field communication according to Embodiment 11 of the present invention.
- FIG. 12 is a schematic structural diagram of a mobile terminal for implementing a security unit in an approach communication according to Embodiment 12 of the present invention. detailed description
- FIG. 1 is a flowchart of a method for configuring a security unit in an incoming communication according to Embodiment 1 of the present invention.
- the implementation body in the embodiment shown in Figure 1 is an NFC controller within the mobile terminal. As shown in FIG. 1, this embodiment includes the following steps:
- Step 110 The local near field communication controller receives the first configuration command sent by the local controller of the local end, where the first configuration command includes an environment feature for selecting the security unit.
- the mobile terminal is used as a local end, and includes DH, NFC, and multiple SEs in the mobile terminal.
- the configuration process needs to be performed when the DH of the local end is turned on (or has power).
- the DH of the local end sends a first configuration command to the NFC controller of the local end, where the first configuration command includes an environment feature for selecting the SE, and the NFC controller of the local end receives the first configuration command.
- the environmental feature is a feature other than NFC signal characteristics such as NFC waveform and frame format when the mobile terminal performs NFC interaction with the POS machine.
- the first configuration instruction may be specifically a C0RE-SET-CONFIG-CMD instruction.
- Step 120 The near field communication controller configures the environment feature in the near field communication controller according to the first configuration instruction.
- the local NFC controller parses the configuration command and extracts the carried content, that is, the environment feature for selecting the SE, and the local NFC controller is used to select the environment feature of the SE.
- the environment feature is the basis for the NFC controller of the local end to select the SE during the subsequent interaction.
- Step 1 30 The near field communication controller receives a second configuration instruction sent by the main controller. Specifically, after the NFC controller of the local end sets the environment feature for selecting the SE in step 120, the second configuration command sent by the DH of the local end is received.
- the second configuration instruction may be specifically
- Step 140 The near field communication controller configures the environment feature in an attribute reply instruction that interacts with the peer end according to the second configuration instruction, so as to continue to perform the pair according to the configured attribute reply command.
- the end communication interacts to complete the selection of the security unit.
- the local NFC controller configures an environment feature for selecting the SE in an attribute reply instruction that communicates with the peer according to the second configuration instruction.
- the step 1 30 and the step 140 are used by the NFC controller of the local end to configure an instruction for communicating with the peer end, so that the NFC controller of the local end carries the selection for subsequent communication with the peer end.
- the local NFC controller receives the strip configuration command sent by the local DH, and the configuration command includes an environment feature for selecting the SE, and The environment feature for selecting the SE is configured in an attribute reply instruction that interacts with the peer communication.
- the problem that the prior art solution can only select SE by the characteristics of the NFC communication itself acquired by the NFC controller is solved.
- the NFC controller of the local end can select the SE according to the configured environment characteristics, thereby improving the practicability of the prior art. .
- FIG. 2 is a signaling diagram of a method for configuring a security unit in a process communication according to Embodiment 2 of the present invention.
- this embodiment includes the following steps: Step 21: The main controller of the local end receives the feature information of the user input security unit input by the user. Specifically, in the embodiment of the present invention, the configuration process needs to be performed when the DH of the local end is turned on.
- the DH of the local end Before the DH of the local end receives the feature information of the user input by the user, the user starts the payment application in the mobile terminal, and the DH of the local end initializes the local NFC controller to enter the working state, and at the same time of initialization, The DH of the end acquires the environmental features supported by the local NFC controller.
- the DH of the local end After obtaining the environmental features supported by the local NFC controller, the DH of the local end displays the environment features supported by the NFC controller of the local end to the user, and the user inputs the characteristic information of the SE according to the displayed environmental characteristics.
- the DH of the local end receives the feature information of the SE input by the user input by the user, and the feature information of the user using the SE includes the feature of the SE input by the user.
- the feature information of the user using the SE specifically includes one or more attribute sets in the location attribute, the quota attribute, the time attribute, and the POS attribute.
- the feature information of the user using the SE is: the user presets to use the first SE (SE1) when the user is in the position A, and limits the payment amount when the local DH is closed; the user presets that when the user is in the position B When using the second SE (SE2), when the local DH is turned off, the payment quota is not limited; when the user presets the time from Monday to Friday, the third SE (SE 3 ) is used, and when the local DH is closed, the payment amount is limited; When the user presets time is Saturday or Saturday, the fourth SE (SE4) is used, and when the local DH is turned off, the payment amount is limited.
- SE1 when the user is in the position A, and limits the payment amount when the local DH is closed
- SE2 When using the second SE (SE2), when the local DH is turned off, the payment quota is not limited
- SE 3 when the local DH is used, and when the local DH is closed, the payment amount is limited
- the user presets time is Saturday
- Step 220 When the feature information has a quota attribute, the primary controller notifies the first security unit corresponding to the quota attribute to separate the second security unit.
- the DH of the local end sends a notification command to the first SE corresponding to the quota attribute according to the feature information of the user using the SE, and the notification command is used for the first SE to be separated.
- the second SE of the user's preset limit payment is used for the first SE to be separated.
- the local DH notification separates the second SE master from an SE corresponding to the quota attribute. If it is used, the limit payment when the local DH is closed can protect the user's mobile terminal from being used unrestricted after being lost, and ensure the security of the user interaction data.
- Step 2 30 The first security unit separates the second security unit.
- the first SE after receiving the notification command sent by the DH of the local end, the first SE separates the second SE, and the first SE and the second SE have the same type identifier.
- the first SE separates the second SE. If the feature information of the SE is included in the feature information of the user, the DH of the local end specifies that the feature information of the SE includes the quota attribute, and then sends a notification command to SE1, which is used to separate the SE1 of the user's preset limit payment. SE1 separates SE1 from the notification command. SE1 and SE1 have the same type identifier. The SE1 is used to limit the payment when the local DH is closed. It can protect the user's mobile terminal from being used unrestricted after being lost. Ensure the security of user interaction data.
- Step 240 The separated second security unit sends a registration command to the local near field communication controller.
- the second SE sends a registration command to the NFC controller of the local end, and the NFC controller of the local end receives the registration command, where the registration command is used by the local NFC controller in the subsequent step.
- the second SE is used instead of the first SE, and the second SE is taken as the SE corresponding to the quota attribute.
- Step 250 The local near field communication controller receives a first configuration command sent by the local controller of the local end, where the first configuration command includes an environment feature for selecting the security unit.
- the DH of the local end sends a first configuration command to the NFC controller of the local end, where the first configuration command includes an environment feature for selecting the SE, and the NFC controller of the local end receives the first configuration. instruction.
- the environmental feature is when the mobile terminal performs NFC interaction with the POS machine.
- features other than NFC signal characteristics are possible.
- the first configuration instruction may be specifically a C0RE-SET-CONFIG-CMD instruction.
- Step 260 The near field communication controller configures the environmental feature in the near field communication controller according to the first configuration instruction.
- the local NFC controller parses the configuration command and extracts the carried content, that is, the environment feature for selecting the SE, and the local NFC controller is used to select the environment feature of the SE.
- the environment feature is the basis for the NFC controller of the local end to select the SE during the subsequent interaction.
- the first configuration instruction expands a new parameter type 0x84 (NFCC_ENV_STATE), which is used to carry an environment feature for selecting SE, the parameter type including a 1-byte value.
- NFCC_ENV_STATE a new parameter type 0x84
- Table 1 shows an expanded first configuration instruction.
- the specific content of the parameter 0x84 is a value of 1 byte length
- the NFC controller of the local end configures the specific content of the parameter 0x84 in the storage location of the NFC controller of the local end.
- the NFC controller of the local end configures the environment feature for selecting the SE carried in parameter 0x84 to be configured in the second byte of the NFC controller feature of the local end.
- Table 2 shows the environmental features of the NFC controller configured for selecting SE.
- the environment feature for selecting the SE includes the time attribute and the location attribute, and the time attribute, the position attribute, the DH of the local end, and the corresponding bit of the power-off are configured to 1 to indicate the NFC controller of the local end. Select the environmental characteristics of SE.
- the quota attribute, the POS identifier, the time attribute, and the location attribute respectively have three default selection branches.
- the location attribute has three branches by default, that is, three different positions A, B, and C are configured for the location attribute.
- the NFC controller is used to select the characteristics of the SE to require an extension byte to represent a different branch.
- Step 270 The near field communication controller receives a second configuration instruction sent by the main controller. Specifically, the local NFC controller receives the local feature after setting the environment feature for selecting the SE.
- the second configuration command may be specifically a C0RE-SET-C0NF IG-CMD instruction.
- Step 280 The near field communication controller configures the environment feature in an attribute reply instruction that interacts with the peer end according to the second configuration instruction, so as to continue to continue with the pair according to the configured attribute reply command.
- the end communication interacts to complete the selection of the security unit.
- the local NFC controller configures an environment feature for selecting the SE in an attribute reply instruction that communicates with the peer according to the second configuration instruction.
- the step 270 and the step 280 are used by the local NFC controller to configure the communication with the peer end, so that the NFC controller of the local end carries the SE for selecting when communicating with the peer end. The environmental characteristics, and then complete the choice of SE.
- the second configuration command is extended to a new parameter type Qx5A, and the parameter is used to carry the local NFC controller of the local end to select the ring of the SE when communicating with the peer end.
- the feature type the parameter type includes a 1-byte value, which is used to indicate that the local NFC controller is used to select the environmental characteristics of the SE.
- Table 3 shows the expanded second configuration instruction.
- Step 290 The near field communication controller receives a routing table sent by the primary controller. Specifically, after the DH of the local end sends the second configuration command, the DH of the local end further generates a routing table according to the characteristic information of the user using the SE, and the NFC controller of the local end receives the routing table, where the routing table is used for the NFC controller of the local end.
- the SE that matches the environment feature supported by the peer end and the type identifier included in the selection instruction sent by the peer end is selected according to the routing table.
- Table 4 shows a routing table.
- the routing table shown in Table 4 is only AID-based routing, and there may be protocol-based routing and NFC-based type routing based on actual conditions.
- the information corresponding to the local DH is off, the local DH is on, and the power is off is "ENV", indicating that the SE is determined according to the subsequent environmental characteristics. Further, when SE is selected according to environmental characteristics, it is also necessary to make a corresponding judgment according to the number and condition of the branches, and then perform selection.
- Table 5 shows a judgment environment feature table.
- the position attribute and the time attribute shown in Table 4 have two branches as an example for description.
- the NFC controller of the local end is used to select the environment characteristics of the SE, including the location attribute and the time attribute, and selects the type from the routing table according to the type identifier in the selection instruction sent by the peer.
- the corresponding record is identified, such as the AID1 record, and the selected SE is determined based on the subsequent environmental characteristics based on the AID1 record.
- the local NFC controller utilizes the environment features supported by the peer.
- the environment features supported by the peer include location attributes and time attributes, and the location attributes have explicit coordinate values (x, y), then the local NFC The controller uses Table 5 to determine whether the coordinate value is equal to the coordinates of the position A or the coordinates of the position B.
- the controller explicitly selects Select the position branch 1, and refer to Table 4 to select the SE corresponding to position branch 1 as SE1 '. After selecting SE1 ', the local NFC obtains the interaction data in SE1 and sends the interaction data to the peer to complete the interaction with the peer.
- the local NFC controller receives the routing table sent by the DH of the local end, and the NFC controller of the local end selects the corresponding SE according to the routing table in the process of interacting with the peer according to the received routing table.
- the local NFC controller receives the strip configuration command sent by the local DH, and the configuration command includes an environment feature for selecting the SE, and The environment feature for selecting the SE is configured in an attribute reply instruction that interacts with the peer communication.
- the problem that the prior art solution can only select SE by the characteristics of the NFC communication itself acquired by the NFC controller is solved.
- the NFC controller of the local end can select the SE according to the configured environment characteristics, thereby improving the practicability of the prior art. .
- the process of the interaction between the mobile terminal and the POS machine is further included.
- the interaction process provided by the embodiment of the present invention is based on the configuration process described in the foregoing Embodiment 1, and is provided by the embodiment of the present invention.
- the interaction process can be applied when the DH of the local end is turned on or off.
- the NFC controller of the local end can select the corresponding SE according to the routing table, which compensates for the limitations of the prior art solution, and also improves the practicability of the prior art.
- the following steps are included.
- the mobile terminal is used as the local end
- the POS machine is used as the opposite end as an example, which illustrates an interaction method for selecting a security unit in near field communication.
- Step 31 The near field communication controller receives an attribute request instruction sent by the peer end, where the attribute request refers to The first environmental feature including the peer support is included.
- the NFC controller of the local end receives an attribute request instruction sent by the peer end, where the attribute request instruction includes a first environment feature supported by the NFC controller of the peer end.
- the attribute request instruction may be specifically an ATTRBIT REQUEST instruction.
- Step 320 The near field communication controller sends an attribute reply instruction to the opposite end according to the attribute request instruction, where the attribute reply command includes a second environment used by the near field communication controller to select the security unit. feature.
- the local NFC controller parses the attribute request instruction, extracts the first environment feature included, and explicitly sends the supported environment feature, and the local NFC controller is paired.
- the attribute sending reply instruction includes the second environment feature of the local NFC controller for selecting the SE.
- the attribute reply command is the NFC controller passing through the local end in the first embodiment. Configure the attribute reply command.
- the attribute reply command may be specifically an ATTRBIT RESPONSE instruction.
- Step 330 The near field communication controller receives a selection instruction sent by the opposite end, and the selection instruction includes a type identifier of the security unit required by the opposite end.
- the NFC controller of the local end receives the selection instruction sent by the peer end, and the selection instruction includes the type identifier of the SE required by the peer end.
- the type identifier of the SE is specifically a type identifier used to distinguish the interaction data in the SE. For example, if an SE stores the interaction data related to the bank card, the type identifier of the SE is D156000001ED / EP; If an SE stores the interaction data related to the bus card, the type identifier of the SE is D1560XXXX0XGONGJ IAO.
- the selection instruction may be specifically a SELECT instruction.
- Step 340 The near field communication controller selects a security unit corresponding to the first environment feature and the type identifier according to the selection instruction, so as to complete interaction with the peer end.
- the local NFC controller parses and extracts the content carried by the selection instruction, selects an SE corresponding to the first environment feature and the type identifier from the plurality of SEs at the local end, and selects the selected
- the SE sends a selection command, and the selected SE receives the selection command, and then returns the stored interactive data to the local NFC controller, and the local NFC controller acquires the interaction data in the SE.
- the local NFC controller After obtaining the interaction data in the selected SE, the local NFC controller sends the interaction data to the peer NFC controller. After receiving the interaction data, the peer NFC uses the interaction data to complete the interaction.
- the present solution is solved.
- the technical solution can only select the SE by the characteristics of the NFC communication itself acquired by the NFC controller of the mobile terminal.
- the NFC controller of the mobile terminal can perform SE selection according to the configured environment characteristics, thereby improving the prior art. Practicality.
- the mobile terminal is used as the local end
- the POS machine is used as the opposite end as an example, which illustrates an interaction method for selecting a security unit in near field communication.
- the NFC controller in the POS machine is used as an implementation body, and an interaction method for selecting a security unit in near field communication is explained. As shown in Figure 4, the following steps are included.
- a P0S machine is used as a local end, and a mobile terminal is used as a peer end as an example, and an interaction method for selecting a security unit in near field communication is implemented.
- Step 410 Send a first attribute request instruction, where the first attribute request instruction includes a local end support The first environmental feature.
- the local NFC controller sends a first attribute request instruction to the peer end, where the first attribute request instruction includes a first environment feature supported by the local NFC controller.
- the first attribute request instruction may be specifically an ATTRBIT REQUEST instruction.
- Step 420 Receive a first attribute reply instruction, where the first attribute reply instruction includes a second environment feature used by the peer to select the security unit.
- the peer end After receiving the first attribute request command, the peer end clears that the NFC controller of the local end has sent the supported environment feature, and the peer end sends a first attribute reply command to the NFC controller of the local end, where the first attribute reply
- the instructions include a second environmental feature that the peer uses to select the SE.
- the first attribute reply instruction may be specifically an ATTRBIT RESPONSE instruction.
- Step 430 Determine whether the attribute set of the first environment feature includes the attribute set of the second environment feature.
- the local NFC controller parses the first attribute reply command and extracts the carried second environment feature, parses the second environment feature, and extracts the carried content, the local end The NFC controller determines whether the attribute set of the first environmental feature includes a set of attributes of the second environmental feature.
- Step 440 If the attribute set of the first environment feature includes the attribute set of the second environment feature, send a selection instruction, where the selection instruction includes a type identifier of the security unit required by the local end.
- the local NFC controller determines whether the attribute set of the first environment feature includes the attribute combination of the second environment feature, if the attribute set of the first environment feature includes the attribute set of the second environment feature
- the NFC controller of the local end sends a selection command to the peer end, where the selection command includes the type identifier of the SE required by the NFC controller of the local end, and the type identifier of the SE is used to select the peer environment and the first environment.
- the feature and the type identify the corresponding SE, and obtain the interaction data from the SE, thereby completing the interaction process with the local NFC controller.
- the attribute set of the first environment feature includes the attribute set of the second environment feature, specifically: whether the attribute set of the first environment feature is more than or equal to the attribute set of the second environment feature, if the first If the attribute set of the environment feature is more than or equal to the attribute set of the second environment feature, the local NFC controller sends a selection instruction to the peer end.
- the selection instruction may be specifically a SELECT instruction.
- the interaction method for selecting a security unit in the approach communication provided by the embodiment of the present invention, since the NFC controller of the mobile terminal is configured to complete the corresponding configuration, the NFC controller of the POS machine interacts with the mobile terminal.
- the NFC controller of the mobile terminal can perform SE selection according to the previous corresponding configuration, thereby completing subsequent interactions.
- the NFC controller of the mobile terminal can perform SE selection according to the configured environment characteristics, thereby improving the prior art. Practicality.
- FIG. 5 is a schematic diagram of an interaction method for selecting a security unit in a process communication according to an embodiment of the present invention.
- FIG. 5 is a signaling diagram of an interaction method for selecting a security unit in process communication according to Embodiment 5 of the present invention.
- the embodiment of the present invention takes the DH shutdown in the mobile terminal as an example to describe the process in which the mobile terminal interacts with the POS machine.
- the mobile terminal and the POS machine also constitute a system for selecting a security unit in near field communication.
- This embodiment includes the following steps: Step 501: The user brings the mobile terminal to the POS machine.
- the user desires to communicate with the POS machine through the mobile terminal, and the user brings the mobile terminal closer to the POS machine.
- the first NFC controller before the user approaches the mobile terminal to the POS machine, the first NFC controller also performs corresponding configuration to enable the first NFC controller to explicitly support the environmental features.
- the first NFC controller receives a configuration command sent by the DH in the POS machine, the configuration command including an environmental feature supported by the first NFC controller.
- the first NFC controller configures the environmental characteristics in an instruction to communicate with the second NFC controller.
- the configuration instruction in the embodiment of the present invention has the same format as the second configuration instruction shown in Table 3, but the parameter values therein are attribute values as shown in Table 6.
- Step 502 The first NFC controller in the POS machine discovers the second NFC controller in the mobile terminal. Specifically, the POS machine is in an on state, the first NFC controller in the POS machine transmits a radio frequency field, and the user approaches the POS machine when the user approaches the POS machine, and when the payment is ready, the first NFC controller detects the second NFC control in the mobile terminal. The device enters its own range of the RF field. When the DH in the mobile terminal is turned off, the RF field transmitted by the first NFC controller can provide power to the second NFC controller, so that the second NFC can be In normal operation, the first NFC controller and the second NFC controller both turn on the radio frequency communication.
- Step 503 The first NFC controller sends a first attribute request instruction to the second NFC controller, where the first attribute request instruction includes a first environment feature supported by the first NFC controller.
- the first NFC controller since the radio frequency field transmitted by the first NFC controller can provide power to the second NFC controller, so that the second NFC controller can work normally, the first NFC controller sends the first attribute request command to the second NFC controller.
- the first attribute request instruction includes a first environmental feature supported by the first NFC controller.
- the first environment feature carries one or more attribute combinations in a location attribute, a quota attribute, a time attribute, and a POS identifier.
- the first environment feature supported by the first NFC controller is specifically a location attribute and a time attribute.
- the location attribute and the time attribute correspond to a specific attribute value, for example, the attribute value corresponding to the position attribute is a coordinate value (x, y) of the P0S machine; and the attribute value corresponding to the time attribute is a current time (a certain point at a time).
- the first attribute request instruction may be specifically an ATTRBIT REQUEST instruction.
- Step 504 The second NFC controller sends a first attribute reply command to the first NFC controller, where the first attribute reply command includes a second environment feature used by the second NFC controller to select the security unit.
- the second NFC controller specifies that the second NFC controller has sent the supported environment feature, and the second NFC controller sends the first attribute reply command to the first NFC controller.
- the first attribute reply command includes a second environment feature for the second NFC controller to select the SE.
- the first attribute reply command is configured by the second NFC controller in the first embodiment.
- the second environment feature carries one or more attribute combinations in a location attribute, a quota attribute, a time attribute, and a POS attribute.
- the second NFC controller is used to select the SE
- the second environmental feature is specifically a location attribute and a time attribute.
- the first attribute reply instruction may be specifically an ATTRBIT RESPONSE instruction.
- Step 505 The second NFC controller determines whether the attribute set of the first environment feature includes the attribute set of the second environment feature.
- the first NFC controller parses the first attribute reply command and extracts the carried second environment feature, parses the second environment feature, and extracts the carried content, first The NFC controller determines whether the attribute set of the first environmental feature includes a set of attributes of the second environmental feature.
- whether the attribute set that the first environment feature has includes the attribute set that the second environment feature has is: the first environment feature has a set of attributes that is more than or equal to the second environment feature has If the attribute set of the first environment feature includes the attribute set of the second environment feature, step 506 is performed; otherwise, step 511 is performed.
- the set of attributes possessed by the first environmental feature is a location attribute, a time attribute.
- the attribute set of the second environment feature is a location attribute and a time attribute. Then, the first NFC controller determines that the attribute set of the first environment feature includes the attribute set of the second environment feature, and then performs step 506.
- the first set of attributes of the first environment feature is a location attribute, a time attribute, and a quota attribute.
- the attribute set of the second environment feature is a location attribute and a time attribute. Then, the first NFC controller determines that the attribute set of the first environment feature includes the attribute set of the second environment feature, and then performs step 506.
- the set of attributes that the first environmental feature has is a location attribute.
- the second environment feature has a set of attributes: a location attribute and a time attribute, and the first NFC controller determines the first environment. If the attribute set has no (ie, less than) the attribute set possessed by the second environment feature, step 51 1 is performed.
- Step 506 If the attribute set of the first environment feature includes the attribute set of the second environment feature, the first NFC controller sends a selection instruction, where the selection instruction includes a type identifier of the security unit required by the first NFC controller.
- the first NFC controller sends a selection instruction to the second NFC controller, where the selection instruction includes the SE required by the first NFC controller
- the type identifier is used to select, in a subsequent step, the SE corresponding to the first environment feature and the type identifier.
- the type identifier of the SE is specifically a type identifier for distinguishing the interaction data in the SE. For example, if an SE stores the interaction data related to the bank card, the type identifier of the SE is D156000001ED / EP; The stored data is the interaction data related to the bus card, and the type identifier of the SE is D1560XXXX0XG0NGJ IA0 o
- the selection instruction may be specifically a SELECT instruction.
- Step 507 According to the selection instruction, the second NFC controller selects a security unit corresponding to the first environmental feature and the type identifier.
- the first NFC controller parses and extracts the content carried by the selection instruction, and selects the SE corresponding to the first environment feature and the type identifier from the plurality of SEs of the local end according to the routing table.
- Step 508 The second NFC controller acquires interaction data from the selected security unit.
- the second NFC controller selects an SE corresponding to the first environment feature and the type identifier from the plurality of SEs according to the routing table, and sends a selection instruction to the selected SE, and the selected SE receives the selection instruction.
- the interactive data stored by itself is fed back to the second NFC controller, and the second NFC control The controller obtains the interaction data in the SE.
- Step 509 The second NFC controller sends the acquired interaction data to the first NFC controller.
- the second NFC controller after acquiring the interaction data in the selected SE, the second NFC controller sends the interaction data to the first NFC controller.
- Step 51 0 The first NFC controller completes the interaction according to the interaction data.
- Step 51 If the attribute set of the first environment feature does not include the attribute set of the second environment feature, the first NFC controller acquires a third environment feature, where the third environment feature includes, An attribute set that is not included in the environmental feature and that is included in the second environmental feature.
- the first NFC controller acquires the third environment feature, and the third environment feature includes: the first environment feature is not included and the second environment feature Contains a collection of properties.
- the set of attributes that the first environmental feature has is a location attribute.
- the second set of attributes has a set of attributes, a time attribute, and the first NFC controller determines that the set of attributes of the first environment feature does not include (ie, is less than) the set of attributes of the second environment feature, and the first NFC obtains Content not included (ie the first NFC controller gets the time attribute).
- the first NFC controller can acquire the time attribute through its own sensor.
- Step 512 The first NFC controller sends a second attribute request instruction, where the second attribute request instruction includes a third environment feature.
- the first NFC controller sends a second attribute request instruction to the second NFC controller again, and according to the second attribute request instruction, the second NFC controller sends the second attribute reply to the first NFC controller.
- An instruction, the second attribute reply instruction includes a second environmental feature of the second NFC controller for selecting the SE; the first NFC controller continues to determine the first environmental feature and the third environmental feature Whether the set of attributes contains a set of attributes that the second environment feature has.
- the second NFC controller receives the selection instruction sent by the first NFC controller when the first environment feature and the third environment feature have the attribute set that the second environment feature has;
- the second NFC controller still receives the selection instruction sent by the first NFC controller.
- step 51 1 and step 512 are not shown in FIG.
- the present solution is solved.
- the technical solution can only select the SE by the characteristics of the NFC communication obtained by the NFC controller of the mobile terminal, so that the SE selected by the NFC controller of the mobile terminal has certain security risks when paying with the corresponding POS machine. problem.
- the NFC controller of the mobile terminal can perform SE selection according to the configured environment characteristics, thereby improving the prior art. Practicality.
- the sixth embodiment of the present invention further provides a mobile terminal that selects a security unit in the incoming communication to implement the method in the foregoing embodiment.
- the mobile terminal includes: a receiving unit 61 0 And configuration unit 62 0.
- the receiving unit 610 in the device is configured to receive a first configuration command sent by the main controller of the local end, where the first configuration command includes an environment feature for selecting the security unit;
- the configuration unit 620 is configured to configure the environment feature in the near field communication controller according to the first configuration instruction
- the receiving unit 610 is further configured to receive a second configuration instruction sent by the main controller, where the configuration unit 620 is further configured to: configure the environmental feature according to the second configuration instruction In the attribute reply instruction that interacts with the peer end, in order to continue the interaction with the peer communication according to the configured attribute reply instruction, the selection of the security unit is completed.
- the receiving unit 610 is further configured to receive a routing selection table generated by the primary controller according to the environmental feature.
- the receiving unit 610 and the configuration unit 620 can be used to perform the method described in the first embodiment. For details, refer to the description of a pair of the methods in the embodiment, and details are not described herein.
- the environment feature received by the receiving unit 61 0 specifically includes one or more attribute sets in a location attribute, a quota attribute, a time attribute, and a POS attribute.
- the primary controller When the environment feature includes a quota attribute, the primary controller notifies that the first security unit corresponding to the quota attribute separates the second security unit;
- the receiving unit 610 is further configured to receive a registration command sent by the second security unit.
- the local NFC controller receives the strip configuration command sent by the local DH, and the configuration command includes an environment feature for selecting the SE, and The environment feature for selecting the SE is configured in an attribute reply instruction that interacts with the peer communication.
- the problem that the prior art solution can only select SE by the characteristics of the NFC communication itself acquired by the NFC controller is solved.
- the NFC controller of the local end can select the SE according to the configured environment characteristics, thereby improving the practicability of the prior art. .
- the mobile terminal that implements the security unit in the near field communication provided by the seventh embodiment of the present invention may also be implemented as follows to implement the method in the foregoing embodiment.
- the mobile terminal includes: Interface 710, processor 720, and memory 730.
- System bus 740 is used to connect network interface 71 0, processor 720, and memory 730.
- the network interface 71 0 is used to communicate with the NFC controller in the POS machine.
- the memory 7 30 may be a persistent storage such as a hard disk drive and a flash memory, and the memory 7 30 has a software module and a device driver.
- the software modules are capable of executing the various functional modules of the above described method of the present invention; the device drivers can be network and interface drivers.
- the network interface 710, the processor 720, the memory 730, and the system bus 740 can be used to perform the method described in the first embodiment. For details, refer to the description of a pair of the methods in the embodiment, and details are not described herein.
- the environment feature specifically includes one or more attribute sets in a location attribute, a quota attribute, a time attribute, and a POS attribute.
- the primary controller notifies the first security unit corresponding to the quota attribute to separate the second security unit; Receiving a registration command sent by the second security unit.
- the NFC controller of the local end receives the strip configuration command sent by the local DH by using the configuration of the mobile terminal that implements the selection of the security unit in the approach communication, and the configuration instruction includes the environment feature for selecting the SE.
- the environment features for selecting the SE are configured in an attribute reply instruction that interacts with the peer.
- the ninth embodiment of the present invention further provides a mobile terminal that selects a security unit in the incoming communication to implement the method in the foregoing embodiment.
- the mobile terminal includes: a receiving unit 810, The transmitting unit 820 and the selecting unit 830.
- the receiving unit 810 of the mobile terminal is configured to receive an attribute request instruction sent by the peer end, where the attribute request instruction includes a first environment feature supported by the peer end;
- the sending unit 820 is configured to send, according to the attribute request instruction, an attribute reply instruction to the peer end, where the attribute reply instruction includes a second environment feature used by the security unit to select the security unit;
- the receiving unit 810 is further configured to receive a selection instruction sent by the peer, where the selection instruction includes a type identifier of the security unit required by the peer end;
- the selecting unit 830 is configured to select, according to the selection instruction, a security unit corresponding to the first environment feature and the type identifier, so as to complete interaction with the peer end.
- the receiving unit 810, the sending unit 820, and the selecting unit 830 can be used to perform the method described in the third embodiment. For details, refer to the description of the method in the third embodiment, and details are not described herein again.
- the selecting unit 830 is specifically configured to: select, according to the routing table, the first environment The security unit corresponding to the type identifier is collected.
- the present solution is solved.
- the technical solution can only select the SE by the characteristics of the NFC communication itself acquired by the NFC controller of the mobile terminal.
- the NFC controller of the mobile terminal can perform SE selection according to the configured environment characteristics, thereby improving the prior art. Practicality.
- the mobile terminal that implements the security unit in the near field communication according to the eighth embodiment of the present invention may also be implemented as follows to implement the method in the foregoing embodiment.
- the mobile terminal includes: Interface 910, processor 920, and memory 930.
- System bus 940 is used to interface network interface 91 0, processor 920 and memory 930.
- the network interface 91 0 is used to communicate with the NFC controller in the POS machine.
- Memory 930 can be a persistent storage, such as a hard drive and flash memory, with software modules and device drivers in memory 930.
- the software modules are capable of executing the various functional modules of the above described method of the present invention; the device drivers can be network and interface drivers.
- the network interface 910 0, the processor 920, the memory 930, and the system bus 940 can be used to perform the method described in the third embodiment. For details, refer to the description of the method in the third embodiment, and details are not described herein again.
- the present solution is solved.
- the technical solution can only select the SE by the characteristics of the NFC communication itself acquired by the NFC controller of the mobile terminal.
- the NFC controller of the mobile terminal can perform SE selection according to the configured environment characteristics, thereby improving the prior art. Practicality.
- the ninth embodiment of the present invention further provides a POS machine for implementing a security unit in a near field communication, which is used to implement the method in the foregoing embodiment.
- the POS machine includes: a sending unit. 101 0.
- the sending unit 1001 in the POS machine is configured to send a first attribute request instruction, where the first attribute request instruction includes a first environment feature supported by the local end;
- the receiving unit 1 020 is configured to receive a first attribute reply command, where the first attribute reply command includes a second environment feature used by the peer end to select the security unit; a determining unit 1 030, configured to determine whether the attribute set of the first environment feature includes an attribute set of the second environment feature;
- the sending unit 1010 is further configured to: if the attribute set of the first environment feature includes the attribute set of the second environment feature, send a selection instruction, where the selection instruction includes the security unit required by itself Type identifier.
- the sending unit 1010, the receiving unit 1020, and the determining unit 1030 may be used to perform the method described in the fourth embodiment. For details, refer to the description of the method in the fourth embodiment, and details are not described herein again.
- the POS machine further includes: an acquiring unit 1 040, configured to acquire a third environment feature, where the attribute set of the first environment feature does not include the attribute set of the second environment feature, the third environment feature
- the sending by the sending unit 1010, is further configured to: send a second attribute request instruction, where the second attribute request instruction includes a third environment feature, .
- the POS machine for implementing the security unit in the approach communication provided by the embodiment of the present invention, since the NFC controller of the mobile terminal is in front to complete the corresponding configuration, the NFC controller of the POS machine interacts with the mobile terminal.
- the NFC controller of the mobile terminal can perform SE selection according to the previous corresponding configuration, thereby completing subsequent interactions.
- the NFC controller of the mobile terminal can perform SE selection according to the configured environment characteristics, thereby improving the prior art. Practicality.
- the POS machine for implementing the security unit in the near field communication may also be implemented as follows to implement the method in the foregoing embodiment.
- the POS machine includes: Interface 1 110, processor 1 120 and memory 11 30.
- the system bus 1140 is used to connect the network interface 1110, the processor 1120, and the memory 1 1 30.
- the network interface 1110 is for communicating with an NFC controller in the mobile terminal.
- the memory 11 30 may be a persistent storage such as a hard disk drive and a flash memory having a software module and a device driver therein.
- the software modules are capable of executing the various functional modules of the above described method of the present invention; the device drivers can be network and interface drivers.
- the attribute set of the first environment feature includes the attribute set of the second environment feature, sending a selection instruction, where the selection instruction includes a type identifier of the security unit required by itself.
- the network interface 1110, the processor 1120, the memory 11 30, and the system bus 1140 can be used to perform the method described in the fourth embodiment. For details, refer to the description of the method in the fourth embodiment, and details are not described herein.
- the attribute set of the first environment feature does not include the attribute set of the second environment feature, acquiring a third environment feature, where the third environment feature includes: the first environment feature is not included and the first a set of attributes included in the second environment feature;
- the NFC controller of the mobile terminal can perform SE selection according to the previous corresponding configuration, thereby completing subsequent interactions.
- the NFC controller of the mobile terminal can perform SE selection according to the configured environment characteristics, thereby improving the prior art. Practicality.
- the mobile terminal that implements the security unit in the near field communication provided by the seventh embodiment of the present invention may also be implemented as follows to implement the method in the foregoing embodiment. As shown in FIG. 12, the mobile terminal includes: Field communication controller 1210, main controller 1220.
- the main controller 1220 is configured to send a first configuration instruction, where the first configuration instruction includes an environment feature for selecting the security unit;
- the near field communication controller 121 0 is configured to receive the first configuration instruction, and configure the environmental feature according to the first configuration instruction;
- the main controller 1220 is further configured to send a second configuration instruction.
- the near field communication controller 121 0 is further configured to receive the second configuration instruction, and configure the environmental feature in an attribute reply instruction that interacts with the peer end according to the second configuration instruction, so as to facilitate And continuing to interact with the peer communication according to the configured attribute reply command, thereby completing selection of the security unit.
- the local NFC controller receives the strip configuration command of the local DH transmission, and the configuration instruction includes an environment for selecting the SE.
- the environment feature for selecting the SE is configured in an attribute reply instruction that interacts with the peer communication.
- the problem that the prior art solution can only select the SE by the characteristics of the NFC communication itself acquired by the NFC controller is solved.
- the NFC controller of the local end can select the SE according to the configured environment characteristics, thereby improving the practicability of the prior art. .
- RAM random access memory
- ROM read-only memory
- EEPROM electrically programmable ROM
- EEPROM electrically erasable programmable ROM
- registers hard disk, removable disk, CD-ROM, or technical field Any other form of storage medium known.
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015552974A JP6088664B2 (ja) | 2013-01-22 | 2013-06-19 | 近距離無線通信においてセキュアエレメントの選択を実現する方法、移動端末及びpos機 |
KR1020157021424A KR101788691B1 (ko) | 2013-01-22 | 2013-06-19 | 근접장 통신에서 보안 요소의 선택을 구현하기 위한 방법, 모바일 단말기, 및 pos 머신 |
ES13872468.7T ES2643904T3 (es) | 2013-01-22 | 2013-06-19 | Método para llevar a cabo la selección de la unidad de seguridad en la comunicación de campo cercano y terminal móvil para aquella |
EP13872468.7A EP2930857B1 (en) | 2013-01-22 | 2013-06-19 | Method for realizing selection of security unit in near field communication and mobile terminal therefor |
US14/583,425 US10108948B2 (en) | 2013-01-22 | 2014-12-26 | Method, mobile terminal and POS machine for implementing selection of secure element in near field communication |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310022697.8 | 2013-01-22 | ||
CN201310022697.8A CN103942898B (zh) | 2013-01-22 | 2013-01-22 | 实现近场通信中选择安全单元的方法、移动终端与pos机 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/583,425 Continuation US10108948B2 (en) | 2013-01-22 | 2014-12-26 | Method, mobile terminal and POS machine for implementing selection of secure element in near field communication |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014114047A1 true WO2014114047A1 (zh) | 2014-07-31 |
Family
ID=51190546
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2013/077439 WO2014114047A1 (zh) | 2013-01-22 | 2013-06-19 | 实现近场通信中选择安全单元的方法、移动终端与pos机 |
Country Status (7)
Country | Link |
---|---|
US (1) | US10108948B2 (zh) |
EP (1) | EP2930857B1 (zh) |
JP (1) | JP6088664B2 (zh) |
KR (1) | KR101788691B1 (zh) |
CN (1) | CN103942898B (zh) |
ES (1) | ES2643904T3 (zh) |
WO (1) | WO2014114047A1 (zh) |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2873804A1 (en) | 2011-05-17 | 2012-11-22 | Accells Technologies (2009), Ltd. | System and method for performing a secure transaction |
US8346672B1 (en) | 2012-04-10 | 2013-01-01 | Accells Technologies (2009), Ltd. | System and method for secure transaction process via mobile device |
CA2883318A1 (en) | 2011-08-31 | 2013-03-07 | Ping Identity Corporation | System and method for secure transaction process via mobile device |
US8690412B2 (en) * | 2012-03-15 | 2014-04-08 | Apple Inc. | Backlight structures and backlight assemblies for electronic device displays |
WO2016015258A1 (zh) * | 2014-07-30 | 2016-02-04 | 华为技术有限公司 | 一种路由方法和终端 |
WO2016049885A1 (zh) | 2014-09-30 | 2016-04-07 | 华为技术有限公司 | 路由的方法、近场通信控制器、主控制器和终端 |
US9960812B2 (en) * | 2014-11-14 | 2018-05-01 | Qualcomm Incorporated | Advanced routing mechanisms for secure elements |
US9781105B2 (en) | 2015-05-04 | 2017-10-03 | Ping Identity Corporation | Fallback identity authentication techniques |
CN105550870B (zh) * | 2015-11-27 | 2020-02-21 | 东莞酷派软件技术有限公司 | 一种路由策略处理的方法、装置以及终端 |
EP3425815A4 (en) * | 2016-03-28 | 2019-03-06 | Huawei Technologies Co., Ltd. | METHOD FOR PROCESSING DATA FRAME ROUTING, CLOSING COMMUNICATION CONTROL DEVICE AND END DEVICE |
SG10201606464RA (en) * | 2016-08-04 | 2018-03-28 | Mastercard International Inc | Method And System For In-store Wireless Mobile Payment |
JP6917835B2 (ja) * | 2017-09-08 | 2021-08-11 | 株式会社東芝 | 非接触通信システム、及び非接触通信方法 |
CN107911785A (zh) * | 2017-10-16 | 2018-04-13 | 青岛海信移动通信技术股份有限公司 | 一种电子终端中nfc应用的操作方法和装置 |
FR3087307A1 (fr) | 2018-10-15 | 2020-04-17 | Proton World International N.V. | Gestion de transactions dans un dispositif nfc |
CN113383527B (zh) * | 2019-02-20 | 2023-08-22 | 华为技术有限公司 | 在可信设备上进行终端用户认证的方法 |
CN111107525B (zh) * | 2019-04-26 | 2022-01-14 | 华为技术有限公司 | 一种se的自动路由方法及电子设备 |
US11361172B2 (en) * | 2019-11-15 | 2022-06-14 | Clover Network, Llc | Shared controller for system with multiple NFC readers |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102271012A (zh) * | 2011-08-18 | 2011-12-07 | 中兴通讯股份有限公司 | 近场通信终端、系统及方法 |
CN102404025A (zh) * | 2011-11-16 | 2012-04-04 | 中兴通讯股份有限公司 | 一种终端和处理支付业务的方法 |
CN102790632A (zh) * | 2011-05-19 | 2012-11-21 | 深圳富泰宏精密工业有限公司 | 具有近场通讯保护功能的移动设备及其保护方法 |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7494055B2 (en) | 2002-09-17 | 2009-02-24 | Vivotech, Inc. | Collaborative negotiation techniques for mobile personal trusted device financial transactions |
KR100979872B1 (ko) | 2005-11-07 | 2010-09-02 | 엘지전자 주식회사 | 엔에프씨 호스트 콘트롤러 인터페이스 |
JP2007241351A (ja) * | 2006-03-06 | 2007-09-20 | Cela System:Kk | 顧客・商品・仕入れ管理システム(posを含む)と携帯端末とによる顧客・商品総合管理システム |
EP1855229B1 (fr) | 2006-05-10 | 2010-08-11 | Inside Contactless | Procédé de routage de données sortantes et entrantes dans un chipset NFC |
US7930249B2 (en) | 2007-07-11 | 2011-04-19 | Qualcomm Incorporated | Mobile wireless financial instrument for automatically selecting a payment instrument |
EP2106107B1 (en) * | 2008-03-27 | 2012-04-18 | Motorola Mobility, Inc. | Method and apparatus for automatic near field communication application selection in an electronic device |
JP2009303107A (ja) * | 2008-06-17 | 2009-12-24 | Sony Corp | 情報処理装置、情報処理方法、およびプログラム |
EP2305002A4 (en) * | 2008-07-20 | 2015-04-08 | Samsung Electronics Co Ltd | METHOD AND SYSTEM FOR MANAGING MULTIPLE APPLICATIONS IN NEAR FIELD COMMUNICATION |
SK50862008A3 (sk) | 2008-09-19 | 2010-06-07 | Logomotion, S. R. O. | Systém na elektronické platobné aplikácie a spôsob autorizácie platby |
US20100153721A1 (en) | 2008-12-12 | 2010-06-17 | Anders Mellqvist | Portable Electronic Devices, Systems, Methods and Computer Program Products for Accessing Remote Secure Elements |
US8428513B2 (en) | 2009-03-27 | 2013-04-23 | Motorola Mobility Llc | Methods, systems and apparatus for selecting an application in power-off mode |
KR101789113B1 (ko) | 2009-05-03 | 2017-10-23 | 에스에무케이 가부시키가이샤 | 휴대폰과 같은 이동 통신 디바이스를 이용하는 지불 단말기;자동 이체 지불 트랜잭션의 방법 |
EP2251986A1 (en) * | 2009-05-15 | 2010-11-17 | Nxp B.V. | A near field communication device |
JP2012039257A (ja) * | 2010-08-04 | 2012-02-23 | Sony Corp | 携帯端末、情報処理方法及びコンピュータプログラム |
JP5429130B2 (ja) * | 2010-10-13 | 2014-02-26 | ソニー株式会社 | 情報処理装置、および情報処理方法 |
JP5641323B2 (ja) * | 2010-11-29 | 2014-12-17 | ソニー株式会社 | 通信装置、通信方法、およびプログラム |
CN102122415B (zh) * | 2011-03-31 | 2012-08-22 | 郑州信大捷安信息技术股份有限公司 | 基于安全tf卡和nfc技术的非接触式移动支付终端及支付方法 |
CN102842193A (zh) * | 2012-08-31 | 2012-12-26 | 深圳盈烨创新通讯技术有限公司 | 一种带现场支付功能的智能移动终端 |
-
2013
- 2013-01-22 CN CN201310022697.8A patent/CN103942898B/zh not_active Expired - Fee Related
- 2013-06-19 JP JP2015552974A patent/JP6088664B2/ja active Active
- 2013-06-19 WO PCT/CN2013/077439 patent/WO2014114047A1/zh active Application Filing
- 2013-06-19 EP EP13872468.7A patent/EP2930857B1/en active Active
- 2013-06-19 KR KR1020157021424A patent/KR101788691B1/ko active IP Right Grant
- 2013-06-19 ES ES13872468.7T patent/ES2643904T3/es active Active
-
2014
- 2014-12-26 US US14/583,425 patent/US10108948B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102790632A (zh) * | 2011-05-19 | 2012-11-21 | 深圳富泰宏精密工业有限公司 | 具有近场通讯保护功能的移动设备及其保护方法 |
CN102271012A (zh) * | 2011-08-18 | 2011-12-07 | 中兴通讯股份有限公司 | 近场通信终端、系统及方法 |
CN102404025A (zh) * | 2011-11-16 | 2012-04-04 | 中兴通讯股份有限公司 | 一种终端和处理支付业务的方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2930857A4 * |
Also Published As
Publication number | Publication date |
---|---|
KR101788691B1 (ko) | 2017-10-20 |
KR20150105976A (ko) | 2015-09-18 |
EP2930857A4 (en) | 2016-02-24 |
ES2643904T3 (es) | 2017-11-27 |
JP6088664B2 (ja) | 2017-03-01 |
EP2930857B1 (en) | 2017-09-06 |
JP2016508677A (ja) | 2016-03-22 |
US10108948B2 (en) | 2018-10-23 |
US20150142589A1 (en) | 2015-05-21 |
EP2930857A1 (en) | 2015-10-14 |
CN103942898A (zh) | 2014-07-23 |
CN103942898B (zh) | 2017-02-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014114047A1 (zh) | 实现近场通信中选择安全单元的方法、移动终端与pos机 | |
WO2020182064A1 (zh) | 自动选择nfc模拟卡的方法、电子设备及通信系统 | |
JP6305559B2 (ja) | セキュアエレメント管理方法及び端末 | |
US20180310157A1 (en) | Near field communication method and mobile terminal | |
WO2016011971A1 (zh) | 双频多协议多功能近场通信集成系统和应用方法 | |
JP6334551B2 (ja) | 設定可能な通知手段を備えるnfcデバイス | |
EP3944588B1 (en) | Method for uwb transaction and electronic device therefor | |
US9736878B2 (en) | NFC radio frequency communication control method, apparatus, and system | |
CN103019981B (zh) | 信号转接控制方法及信号转接装置 | |
WO2013029264A1 (en) | Providing subscriber identity module function | |
EP2680156A1 (en) | Baseband module, mobile device including the baseband module, and method of signal transmission in a mobile device | |
WO2016023152A1 (zh) | 移动支付的方法、装置及近场通信设备 | |
WO2013174265A1 (zh) | 数据传输方法和装置 | |
WO2014117701A1 (zh) | 近场通信方法和近场通信设备 | |
CN104519482B (zh) | 一种设备参数配置方法及装置 | |
CN101009555B (zh) | 一种智能密钥装置与主机信息交互的方法 | |
JP6858200B2 (ja) | データフレームをルーティングするための方法、近距離無線通信コントローラ、および端末 | |
US20210273681A1 (en) | Continuous communication method and apparatus of contactless communication device | |
CN102279940A (zh) | 基于swp协议的移动支付sd卡 | |
US8943244B2 (en) | Mobile device and USB system including the same | |
CN106845974B (zh) | 一种实现近场通信的点对点通信的方法及装置 | |
CN106685485B (zh) | 一种基于近场通信nfc的信号处理方法及装置 | |
KR20210039109A (ko) | 데이터를 송/수신하는 전자 장치 및 그 방법 | |
CN205847259U (zh) | 一种蓝牙设备和蓝牙系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13872468 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2013872468 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013872468 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2015552974 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20157021424 Country of ref document: KR Kind code of ref document: A |