WO2017051240A1 - Method and system for updating a contactless smartcard and a computer readable medium for performing said method - Google Patents

Method and system for updating a contactless smartcard and a computer readable medium for performing said method Download PDF

Info

Publication number
WO2017051240A1
WO2017051240A1 PCT/IB2016/001351 IB2016001351W WO2017051240A1 WO 2017051240 A1 WO2017051240 A1 WO 2017051240A1 IB 2016001351 W IB2016001351 W IB 2016001351W WO 2017051240 A1 WO2017051240 A1 WO 2017051240A1
Authority
WO
WIPO (PCT)
Prior art keywords
contactless smartcard
contactless
server
smartcard
transaction log
Prior art date
Application number
PCT/IB2016/001351
Other languages
French (fr)
Inventor
Mathew Smith
Dayan Nirosha BANDULA
Don Hema Tharanga PUNCHIHEWA
Dushantha BANDARA RATHNAYAKE
Original Assignee
Silverleap Technology Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Silverleap Technology Limited filed Critical Silverleap Technology Limited
Priority to CN201680055086.5A priority Critical patent/CN108292400A/en
Priority to EP16848208.1A priority patent/EP3353729A4/en
Publication of WO2017051240A1 publication Critical patent/WO2017051240A1/en
Priority to PH12018500624A priority patent/PH12018500624A1/en
Priority to HK19100964.1A priority patent/HK1258605A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • G07B15/02Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points taking into account a variable factor such as distance or time, e.g. for passenger transport, parking systems or car rental systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/654Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/29Individual registration on entry or exit involving the use of a pass the pass containing active electronic elements, e.g. smartcards

Definitions

  • the invention relates to updating a selected contactless smartcard in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID).
  • RFID Radio-Frequency Identification
  • Contactless smartcards such as, for example, a DESfire® card
  • a DESfire® card can be used to allow the owner of the contactless smartcard access to a specific area, wherein access to said area requires confirmation of the identity and/or information stored on the contactless smartcard.
  • Contactless smartcards can also be used to allow the owner of the contactless smartcard to make a payment.
  • access to a certain area is linked to the possibility to use the contactless smartcard to pay a certain amount.
  • a specific example of the use of a contactless smartcard is providing access to public transport, wherein the owner of a contactless smartcard can use his card to pay for the use of the public transport. In such an arrangement a card reader exploited by the public transit authorities can read and write information on the contactless smartcard.
  • a recurrent problem of the use of contactless smartcards is the fact that a specific infrastructure is needed to allow updating of a selected contactless smartcard. For example, if the owner of the contactless smartcard would like to increase his credit on the contactless smartcard.
  • the specific infrastructure needed is not only cost intensive, it also limits the specific location where an owner of a contactless smartcard can update his contactless smartcard.
  • systems and methods have been disclosed wherein the updating of a selected contactless smartcard is facilitated in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones and a secure server.
  • This secure server is hosted at a network end point, wherein the secure server is adapted to communicate with each of the mobile devices of said plurality of mobile devices.
  • the secure server is adapted to communicate using a wireless communication protocol with said mobile devices in the system.
  • each of the mobile devices used in the system is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID).
  • RFID Radio-Frequency Identification
  • a contactless smartcard can be updated without resource to dedicated hardware or infrastructure needed for updating contactless smartcards in the system.
  • the mobile device serves as a local communication means to facilitate transmittal of messages between the secure server and the contactless smartcard.
  • a communication protocol using ISO 1443 standard APDU packets is adapted to allow secure communication between the secure server and a contactless smartcard to allow updating.
  • an update of the contactless smartcard is controlled by a software application that is downloaded to the mobile device of the user and which is configured for use by personalising the application with personal account details belonging to the owner of the contactless smartcard.
  • a software application that is downloaded to the mobile device of the user and which is configured for use by personalising the application with personal account details belonging to the owner of the contactless smartcard.
  • the updating of a selected contactless smartcard will only require positioning of the contactless smartcard in the vicinity of the associated mobile device to allow the updating of the contactless smartcard.
  • the update that is most frequently envisaged is to add a certain value to a stored value on the contactless smartcard from an online account, such as a bank account.
  • the contactless smartcard provided with a stored value means that the definitive reference value of the cardholder's account balance is stored on the contactless smartcard and is credited or debited during contactless transactions at suitable terminals.
  • These terminals are, for example, access gates used in public transport systems.
  • contactless smartcards having a stored value will require a number of administrative measures to allow the contactless smartcard to be used as a payment means.
  • the account holder will normally need to register a payment instrument from a source of funds which can be used for the adding of value to the contactless smartcard.
  • This source of funds may be, for example, a bank account, a Visa® or MasterCard® Debit card, a PayPal® account, or any other account adapted to be used in the system.
  • the cardholder When performing a transaction to add value to a stored value on the contactless smartcard, the cardholder will first initiate a transfer of value from the selected source of funds to the balance on the account of a cardholder on the secure server. In a further step, to complete the transaction, the cardholder is prompted to place the contactless smartcard in the vicinity of the selected mobile device. The selected mobile device will be able to detect the card and will be able to establish a secure communication channel between the secure server and the contactless smartcard. In this step, the credit value stored on the secure server is added to the balance on the contactless smartcard and the transaction is recorded on the secure server.
  • An important step in the process of updating a contactless smartcard as described above is a final step wherein update messages are sent from the secure server to the contactless smartcard via a secure communication channel.
  • the secure server corresponds with a selected mobile device by means of a wireless communication protocol.
  • communication between both the secure server and the mobile device and the mobile device and the contactless smartcard should not be disrupted during the complete updating process.
  • One challenge in the updating process is that the long-distance connection between a secure server and the contactless smartcard together with a number of network nodes involved make the connection inherently vulnerable to disruption.
  • disrupted communication between the contactless smartcard and the contactless smartcard reader can cause data corruption on the contactless smartcard and cause the contactless smartcard to malfunction and can even cause loss of monetary value for the cardholder.
  • Anti-tearing relates to a method wherein data in a file on the contactless smartcard is copied to a back-up file prior to the start of any transaction capable of modifying the data in said file on the contactless smartcard.
  • the secure server sends a commit command which will allow the back-up files to be erased and the main files to be set as current live data.
  • Unites States Patent US 7,455,234 discloses a recovery device with which, following an unexpected abort of the storing of storage data in a memory, a valid storage state can be restored.
  • United States Patent Application Publication US 2007/0194116 discloses a method and a system for securely managing EEPROM data files to restore data after abortion of a write operation.
  • connection between the secure server and the contactless smartcard is interrupted after the commit command has been sent from the secure server but before the acknowledgment that the commit command has been received, then there is a logical disconnect in terms of data and process state of the contactless smartcard and the secure server that is very difficult to resolve.
  • the invention relates to a method for updating a selected contactless smartcard in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID), wherein the contactless smartcard data structure of each contactless smartcard of said plurality of contactless smartcards is provided with a card- transaction log file, comprising a list of transactions relating to said contactless smartcard, each transaction in said card-transaction log file having a unique identifier, and wherein the secure server is provided with a plurality of server- transaction log files, with one server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards, each server-transaction log file comprising
  • the method comprises:
  • the method comprises:
  • the method comprises:
  • a mobile device to send a request to the secure server to receive feedback on available updates for the contactiess smartcard associated with the mobile device, and - receiving on the mobile device an instruction to position the associated contactless smartcard in the vicinity of the mobile device to allow updating of the associated contactless smartcard.
  • the method comprises:
  • the method comprises:
  • the method comprises: -using the secure server to generate an alert message, and
  • the plurality of contactless smartcards comprise DESfire® contactless smartcards, wherein the card-transaction log file is located in the DESfire® application adapted for data updates.
  • the invention relates to a system for updating a selected contactless smartcard
  • the system comprises a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID), wherein:
  • RFID Radio-Frequency Identification
  • each contactless smartcard of said plurality of contactless smartcards is adapted to store a card-transaction log file, comprising a list of transactions relating to said contactless smartcard, each transaction in said card-transaction log file having a unique identifier,
  • the secure server is adapted to store a plurality of server-transaction log files, with one dedicated server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards, each server-transaction log file comprising a list of completed transactions and possible pending updates related to the contactless smartcard, and wherein - the system is adapted to read the card-transaction log of the associated contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard and to forward said identifier to the secure server,
  • the secure server being adapted to:
  • the system is adapted to establish a secure channel between the secure server and the selected contactless smartcard.
  • the plurality of contactless smartcards comprises DESfire® contactless smartcards, the card-transaction log file being located in the DESfire® application adapted for data updates of said contactless smartcards.
  • the invention also relates to a computer readable medium storing computer- executable instructions, which, when executed by a computer cause the computer to perform each of the method steps of the method according to the invention.
  • Figure 1 shows a flowchart of a method for updating a selected contactless smartcard according to the invention
  • Figure 2 shows schematically a system according to the present invention.
  • FIG. 1 is a flowchart of a method according to the present invention for updating a selected contactless smartcard.
  • the selected contactless smartcard is updated in a system comprising a plurality of smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol which each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID).
  • RFID Radio-Frequency Identification
  • the contactless smartcard data structure of each contactless smartcard is provided with a card-transaction log file, comprising a list of transactions relating to said contactless smartcard; each transaction in said card- transaction log file having a new identifier.
  • the secure server in the system is provided with a server-transaction log files, with one server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards.
  • Each server-transaction log file comprises a list of completed transactions and possible pending updates related to the contactless smartcard.
  • the method as shown in Figure 1 comprises; a first step 100 for reading the card-transaction log of the selected contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard.
  • the method further comprises a second step 200 of using said identifier to select the server-transaction log file for the selected contactless smartcard on the secure server.
  • the method comprises reviewing the server- transaction log file for the selected contactless smartcard to detect any pending updates.
  • the method further comprises, in case a pending update is found a step 400 for generating instructions on the secure server relating to said pending update to update the selected contactless smartcard.
  • the method comprises forwarding the instructions to said selected contactless smartcard to update said selected contactless smartcard.
  • FIG 2 shows, schematically, an embodiment of the system 1 according to the present invention.
  • the system 1 comprises a plurality of contactless smartcards 10, in Figure 1 , only one contactless smartcard 10 is visible.
  • Each contactless smartcard 10 comprises a contactless smartcard application data structure 11 which is used to process routine transactions of the contactless smartcard 10.
  • the contactless smartcard application data structure 11 is provided with a card- transaction log file 12 which is part of the contactless smartcard application data structure 11 and used, to ensure that any event linked a disruption of the communication during an update of the contactless smartcard 10 can be recovered.
  • the system 1 further comprises the plurality of mobile devices such as mobile telephones 20.
  • the mobile device 20 is provided with a software application which can be personalised by the cardholder to allow the use of the mobile device 20 during communication with the contactless smartcard 10 and a secure server.
  • Mobile device 20 further comprises a local proxy 21 adapted to handle the local communication between a network proxy 31 (see below) and a Card Update Handler 22.
  • the mobile device 20 is provided with a Card Update Handler 22 adapted to handle all RFID communication with the contactless smartcard 10.
  • the Card Update Handler 22 is also adapted to relay the APDUs that originate on the secure server 30 (see below) to the contactless smartcard 10 and back again to the secure server 30.
  • the system 1 further comprises a secure server 30.
  • the secure server 30 is hosted at a network end point and is adapted to communicate with the mobile device 20 by means of a network proxy 31 and the local proxy 21 in the mobile device 20.
  • the secure server 30 is provided with a server-transaction log 32, comprising one server- transaction log file for each of the contactless smartcards 10 in the system 1.
  • the secure server 30 is connected to a network coordination server 40 adapted to orchestrate communication between the mobile device 20, the secure server 30 and a payment gateway 50.
  • the payment gateway 50 can authorise payments to the system operator to the cardholder via a suitable payment instrument owned by the cardholder.
  • the dedicated card-transaction log 12 is added to the contactless smartcard data structure 11 on the contactless smartcard 10 wherein the system is adapted to synchronise the card-transaction log 12 with the server-transaction log 32 of the secure server 30.
  • the card-transaction log 12 is located in the same DESfire® application adapted for data updates in order to take advantage of existing anti-tearing mechanisms already available on the contactless smartcard application data structure 11 of a selected contactless smartcard 10.
  • each contactless smartcard 10 and a card-transaction log 12 comprising a card-transaction log file is that once a payment initiated by the cardholder is completed and new credit of monetary value stored against the cardholder's account, a new record is created in the server-transaction log file for the associated contactless smartcard that will be used during the contactless smartcard update transaction.
  • the cardholder is notified that there is now an update for the contactless smartcard available and the cardholder is prompted to start the update process.
  • the update process requires the cardholder to have a suitable software application installed on the mobile device 20 that acts as a local coordinator for the update process.
  • a suitable software application installed on the mobile device 20 that acts as a local coordinator for the update process.
  • the mobile device 20 contacts the secure sever 30 and requests to check for available updates for the cardholder's contactless smartcard 10. This part of the updating procedure can be based on the stored credentials in the mobile device 20 or by scanning the contactless smartcard 10 as part of the process.
  • the user is prompted to place the contactless smartcard 10 in the vicinity of the mobile device 20 to allow data transfer between the contactless smartcard 10 and the secure server 30.
  • the contactless smartcard 10 and the mobile device 20 are positioned to allow data transfer by means of RFID, data will be transferred from the contactless smartcard 10 via the mobile device 20 and forwarded to the secure server 30.
  • the secure server 30 establishes a secure communication channel with the contactless smartcard 10.
  • This communication channel is, for example, the DESfire® protocol in case the contactless smartcard 10 is a DESfire® card from NXP®.
  • the secure server 30 will be able to read the card- transaction log file to identify the unique transaction ID of the last successfully completed transaction listed in said card-transaction log file.
  • the secure server 30 is adapted to compare this unique transaction ID with the information contained in the server transaction log file for the associated contactless smartcard 10. The secure server 30 will be able to review whether any pending updates for the associated contactless smartcard 10 are available. If a pending update is found, the secure server 30 is adapted to generate instructions which will be forwarded to the contactless smartcard 10. These instructions relate to the pending update and are intended to ensure that the information in the card- transaction log file is in line with the information available in the server-transaction log file for the association contactless smartcard 10.
  • the secure server 30 will append a record to the server-transaction log file for the associated contactless smartcard 10 comprising the specific and unique transaction ID for the transaction that has been completed.
  • both the card-transaction log and the server-transaction must be completed in the same anti-tear transaction, to ensure that the card- transaction log file is accurate and shows the last completed transaction.
  • the contactless smartcard 10 will automatically revert all files that are configured with back-up files to their pre-update state. If such a network tearing event occurs, the cardholder is informed via the application on the mobile device 20 or via an alternative method provided by the system 1 that an interruption of the update has occurred and will be requested to reinitiate the transaction.
  • the secure server 30 would reinitiate the update as described above. If at the end of a successful update the secure server 30 identifies that there are further pending updates for the associated contactless smartcard 10, the process of updating is repeated by informing the cardholder that there are further pending updates and that the updates need to be reinitiated to allow for those pending updates.
  • the unique transaction ID is a unique value within the system 1 and will be unique for the contactless smartcards 10 which are used in the system and for which the secure server 30 can be used to manage updating.
  • the transaction date and time is the date and time stamp that is generated by the secure server 30 for a specific transaction.
  • the transaction value is the amount of monetary value applied in any update.
  • the use of the different elements of system 1 in the updating process is as follows.
  • the mobile device 20 issues a payment instruction to the network coordination server 40.
  • the network coordination server 40 processes the payment request together with the payment gateway 50.
  • the payment gateway 50 authenticates the payment and sends an approval of the payment notification to the server-transaction log 32 of the secure server 30.
  • the network coordination server 40 also informs the secure server 30 that there is a new pending update in the server-transaction log 32.
  • the secure server 30 queries the server-transaction log 32 for any pending updates.
  • the network coordination server 40 triggers the local proxy 21 in the mobile device 20 to initiate a connection to the secure server 30 via the network proxy 31.
  • the local proxy 21 initiates communication to the secure server 30 by contacting the network proxy 31.
  • the network proxy 31 communicates with the secure server 30.
  • the local proxy 21 triggers the Card Update Handler 22 to start a secure channel with the contactless smartcard 10, which results in a complete end to end secure channel from the contactless smartcard 10 to the secure server 30. Once the channel is set up, this allows for the secure update of the contactless smartcard 10 and the card- transaction log 12 of the contactless smartcard application data structure 11 in the contactless smartcard 10.
  • an existing data application structure of a contactless smartcard 10 can be used to allow the updating of a contactless smartcard 10 according to the present invention, by reusing the existing contactless smartcard application data structure 11 without modifying said application data structure 11. This alternative embodiment would be possible if the existing transaction logs available on said contactless smartcard application data structure 11 meet the following conditions:
  • the existing card-transaction log file should contain a unique sequential transaction number obtained from a central on-line system.
  • the central on-line system records the transaction data, Card UID and account number, if any, and said unique sequential transaction number.
  • writer/update terminals could update cards during top-up/credit transactions; receive update messages from the central update system after it has stored the data in a data base.
  • writer/update terminals could perform card updates whilst in real-time connection with a central system. It is also important for the central system to issue a unique transaction number to the terminal for each transaction that is in turn written to the card. Moreover, the most recent transaction should be clearly identified in the card transaction log file.
  • the existing logging system can be used as the mechanism to provide synchronisation between the remote card updates and the card to allow the updating of a contactless smartcard 10 as described in the present description.

Abstract

Method for updating a selected contactless smartcard in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID), wherein the contactless smartcard data structure of each contactless smartcard of said plurality of contactless smartcards is provided with a card-transaction log file, comprising a list of transactions relating to said contactless smartcard, each transaction in said card- transaction log file having a unique identifier, and wherein the secure server is provided with a plurality of server-transaction log files, with one server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards, each server-transaction log file comprising a list of completed transactions and possible pending updates related to the contactless smartcard, the method comprising: - reading the card-transaction log of the selected contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard, - using said identifier to select the server-transaction log file for the selected contactless smartcard on the secure server, - reviewing the server-transaction log file for the selected contactless smartcard to detect any pending updates, and in case a pending update is found, - generating instructions on the secure server relating to said pending update to update the selected contactless smartcard, - forwarding the instructions to said selected contactless smartcard to update said selected contactless smartcard.

Description

METHOD AND SYSTEM FOR UPDATING A CONTACTLESS SMARTCARD AND A COMPUTER READABLE MEDIUM FOR PERFORMING SAID METHOD Field of the Invention
The invention relates to updating a selected contactless smartcard in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID). Background of the Invention
Contactless smartcards, such as, for example, a DESfire® card, can be used to allow the owner of the contactless smartcard access to a specific area, wherein access to said area requires confirmation of the identity and/or information stored on the contactless smartcard. Contactless smartcards can also be used to allow the owner of the contactless smartcard to make a payment. Sometimes access to a certain area is linked to the possibility to use the contactless smartcard to pay a certain amount. A specific example of the use of a contactless smartcard is providing access to public transport, wherein the owner of a contactless smartcard can use his card to pay for the use of the public transport. In such an arrangement a card reader exploited by the public transit authorities can read and write information on the contactless smartcard.
A recurrent problem of the use of contactless smartcards is the fact that a specific infrastructure is needed to allow updating of a selected contactless smartcard. For example, if the owner of the contactless smartcard would like to increase his credit on the contactless smartcard. The specific infrastructure needed is not only cost intensive, it also limits the specific location where an owner of a contactless smartcard can update his contactless smartcard. To allow more flexibility in updating contactless smartcards, in the prior art, systems and methods have been disclosed wherein the updating of a selected contactless smartcard is facilitated in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones and a secure server. This secure server is hosted at a network end point, wherein the secure server is adapted to communicate with each of the mobile devices of said plurality of mobile devices. Typically, the secure server is adapted to communicate using a wireless communication protocol with said mobile devices in the system. Moreover, each of the mobile devices used in the system is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID). Using this arrangement, a contactless smartcard can be updated without resource to dedicated hardware or infrastructure needed for updating contactless smartcards in the system. The mobile device serves as a local communication means to facilitate transmittal of messages between the secure server and the contactless smartcard. Typically, a communication protocol using ISO 1443 standard APDU packets is adapted to allow secure communication between the secure server and a contactless smartcard to allow updating.
The wide availability of mobile devices, such as mobile telephones adapted for RFID communication in the current market allows for distributers of contactless smartcards to provide consumer-friendly updating capabilities to their customers. When a customer uses his personal mobile device, this significantly increases the convenience and the utility of the customer without the necessity of presenting the contactless smartcard in a specific location with a dedicated infrastructure adapted for updating contactless smartcards.
Specifically, an update of the contactless smartcard is controlled by a software application that is downloaded to the mobile device of the user and which is configured for use by personalising the application with personal account details belonging to the owner of the contactless smartcard. This means that, in practice, the updating of a selected contactless smartcard will only require positioning of the contactless smartcard in the vicinity of the associated mobile device to allow the updating of the contactless smartcard. For a contactless smartcard, the update that is most frequently envisaged is to add a certain value to a stored value on the contactless smartcard from an online account, such as a bank account. The contactless smartcard provided with a stored value means that the definitive reference value of the cardholder's account balance is stored on the contactless smartcard and is credited or debited during contactless transactions at suitable terminals. These terminals are, for example, access gates used in public transport systems.
The use of the above mentioned contactless smartcards having a stored value will require a number of administrative measures to allow the contactless smartcard to be used as a payment means. For example, the account holder will normally need to register a payment instrument from a source of funds which can be used for the adding of value to the contactless smartcard. This source of funds may be, for example, a bank account, a Visa® or MasterCard® Debit card, a PayPal® account, or any other account adapted to be used in the system.
When performing a transaction to add value to a stored value on the contactless smartcard, the cardholder will first initiate a transfer of value from the selected source of funds to the balance on the account of a cardholder on the secure server. In a further step, to complete the transaction, the cardholder is prompted to place the contactless smartcard in the vicinity of the selected mobile device. The selected mobile device will be able to detect the card and will be able to establish a secure communication channel between the secure server and the contactless smartcard. In this step, the credit value stored on the secure server is added to the balance on the contactless smartcard and the transaction is recorded on the secure server.
An important step in the process of updating a contactless smartcard as described above is a final step wherein update messages are sent from the secure server to the contactless smartcard via a secure communication channel.
During the process of updating a contactless smartcard, the secure server corresponds with a selected mobile device by means of a wireless communication protocol. To allow proper updating of a contactless smartcard, communication between both the secure server and the mobile device and the mobile device and the contactless smartcard should not be disrupted during the complete updating process. One challenge in the updating process is that the long-distance connection between a secure server and the contactless smartcard together with a number of network nodes involved make the connection inherently vulnerable to disruption. Moreover, disrupted communication between the contactless smartcard and the contactless smartcard reader can cause data corruption on the contactless smartcard and cause the contactless smartcard to malfunction and can even cause loss of monetary value for the cardholder. According to the prior art, when contactless smartcard update transactions are performed at a standard contactless smartcard reader, where the secure server end point for the transaction resides in said contactless smartcard reader, the problem of disrupted transactions has been solved by the use of local anti-tearing. Anti-tearing relates to a method wherein data in a file on the contactless smartcard is copied to a back-up file prior to the start of any transaction capable of modifying the data in said file on the contactless smartcard. When the transaction is finished, the secure server sends a commit command which will allow the back-up files to be erased and the main files to be set as current live data.
Unites States Patent US 7,455,234 discloses a recovery device with which, following an unexpected abort of the storing of storage data in a memory, a valid storage state can be restored. United States Patent Application Publication US 2007/0194116 discloses a method and a system for securely managing EEPROM data files to restore data after abortion of a write operation.
The methods described in the prior art relating to anti-tearing have the disadvantage that they all have the implicit assumption that the connection latency between the contactless smartcard and the secure server is negligibly short and that there is no connectivity risk in terms of disruption. However, if in case of this disclosure, the secure server issuing instructions is remote from a mobile device that relays the final correspondence to the contactless smartcard, the network latency and disruption risk is substantially increased.
If the connection between the secure server and the contactless smartcard is interrupted after the commit command has been sent from the secure server but before the acknowledgment that the commit command has been received, then there is a logical disconnect in terms of data and process state of the contactless smartcard and the secure server that is very difficult to resolve.
Since the network latency for communication between the mobile device and a network secure server can be significant, existing anti-tearing methods and mechanisms are insufficient to protect the contactless smartcard data during an update that may last more than 1000ms. Therefore it appears that there is need for an improved method and system for updating a contactless smartcard to overcome the problem of disrupted communications.
Short Description of the Invention
The invention relates to a method for updating a selected contactless smartcard in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID), wherein the contactless smartcard data structure of each contactless smartcard of said plurality of contactless smartcards is provided with a card- transaction log file, comprising a list of transactions relating to said contactless smartcard, each transaction in said card-transaction log file having a unique identifier, and wherein the secure server is provided with a plurality of server- transaction log files, with one server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards, each server-transaction log file comprising a list of completed transactions and possible pending updates related to the contactless smartcard, the method comprising: - reading the card-transaction log of the selected contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard,
- using said identifier to select the server-transaction log file for the selected contactless smartcard on the secure server, - reviewing the server-transaction log file for the selected contactiess smartcard to detect any pending updates, and in case a pending update is found,
- generating instructions on the secure server relating to said pending update to update the selected contactiess smartcard,
- forwarding the instructions to said selected contactiess smartcard to update said selected contactiess smartcard. According to an embodiment of the invention, the method comprises:
- updating the card-transaction log file of the selected contactiess smartcard, by adding an identifier relating the completed transaction, and - updating the server-transaction log file for the selected contactiess smartcard on the secure server, by replacing the pending update by the identifier for the completed transaction.
According to an embodiment of the invention, the method comprises:
- reviewing the server-transaction log file for the selected contactiess smartcard to detect any further pending updates, and in case a further pending update is found,
- generating instructions on the secure server relating to said further pending update to update the selected contactiess smartcard,
- forwarding the instructions to said selected contactiess smartcard to update said selected contactiess smartcard. According to an embodiment of the invention, the method comprises:
- using a mobile device to send a request to the secure server to receive feedback on available updates for the contactiess smartcard associated with the mobile device, and - receiving on the mobile device an instruction to position the associated contactless smartcard in the vicinity of the mobile device to allow updating of the associated contactless smartcard.
According to an embodiment of the invention, the method comprises:
- establishing a secure channel between said secure server and said selected contactless smartcard.
According to an embodiment of the invention, the method comprises:
- detecting an interruption of the communication between the secure server and the mobile device during the update of a selected contactless smartcard,
- reverting all files configured during the update process to the pre-update status. According to an embodiment of the invention, the method comprises: -using the secure server to generate an alert message, and
- forwarding the alert message form the secure server to the mobile device to receive on said mobile device a message concerning said interruption of the communication. According to an embodiment of the invention, the plurality of contactless smartcards comprise DESfire® contactless smartcards, wherein the card-transaction log file is located in the DESfire® application adapted for data updates.
According to a further aspect the invention relates to a system for updating a selected contactless smartcard wherein the system comprises a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID), wherein:
- the contactless smartcard data structure of each contactless smartcard of said plurality of contactless smartcards is adapted to store a card-transaction log file, comprising a list of transactions relating to said contactless smartcard, each transaction in said card-transaction log file having a unique identifier,
- the secure server is adapted to store a plurality of server-transaction log files, with one dedicated server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards, each server-transaction log file comprising a list of completed transactions and possible pending updates related to the contactless smartcard, and wherein - the system is adapted to read the card-transaction log of the associated contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard and to forward said identifier to the secure server,
- the secure server being adapted to:
- use said identifier to select the server-transaction log file for the selected contactless smartcard,
- review said server-transaction log file for the selected contactless smartcard to detect any pending updates, and in case a pending update is found,
- generate instructions relating said pending update to update the selected contactless smartcard, and
- forward the instructions to said selected contactless smartcard to update said selected contactless smartcard.
According to an embodiment of the invention, the system is adapted to establish a secure channel between the secure server and the selected contactless smartcard.
According to an embodiment of the invention, the plurality of contactless smartcards comprises DESfire® contactless smartcards, the card-transaction log file being located in the DESfire® application adapted for data updates of said contactless smartcards.
The invention also relates to a computer readable medium storing computer- executable instructions, which, when executed by a computer cause the computer to perform each of the method steps of the method according to the invention.
Short Description of the Drawings
Figure 1 shows a flowchart of a method for updating a selected contactless smartcard according to the invention, and
Figure 2 shows schematically a system according to the present invention.
Description of the Embodiment of the Method and a System
Figure 1 is a flowchart of a method according to the present invention for updating a selected contactless smartcard. The selected contactless smartcard is updated in a system comprising a plurality of smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol which each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID). According to the present invention, the contactless smartcard data structure of each contactless smartcard is provided with a card-transaction log file, comprising a list of transactions relating to said contactless smartcard; each transaction in said card- transaction log file having a new identifier.
The secure server in the system is provided with a server-transaction log files, with one server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards. Each server-transaction log file comprises a list of completed transactions and possible pending updates related to the contactless smartcard. The method as shown in Figure 1 comprises; a first step 100 for reading the card-transaction log of the selected contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard.
The method further comprises a second step 200 of using said identifier to select the server-transaction log file for the selected contactless smartcard on the secure server.
According to a further step 300 the method comprises reviewing the server- transaction log file for the selected contactless smartcard to detect any pending updates.
The method further comprises, in case a pending update is found a step 400 for generating instructions on the secure server relating to said pending update to update the selected contactless smartcard. In again a further step 500 the method comprises forwarding the instructions to said selected contactless smartcard to update said selected contactless smartcard.
Figure 2 shows, schematically, an embodiment of the system 1 according to the present invention. The system 1 comprises a plurality of contactless smartcards 10, in Figure 1 , only one contactless smartcard 10 is visible. Each contactless smartcard 10 comprises a contactless smartcard application data structure 11 which is used to process routine transactions of the contactless smartcard 10.
The contactless smartcard application data structure 11 is provided with a card- transaction log file 12 which is part of the contactless smartcard application data structure 11 and used, to ensure that any event linked a disruption of the communication during an update of the contactless smartcard 10 can be recovered.
The system 1 further comprises the plurality of mobile devices such as mobile telephones 20. The mobile device 20 is provided with a software application which can be personalised by the cardholder to allow the use of the mobile device 20 during communication with the contactless smartcard 10 and a secure server. In Figure 1 , only one mobile device 20 is shown. Mobile device 20 further comprises a local proxy 21 adapted to handle the local communication between a network proxy 31 (see below) and a Card Update Handler 22. The mobile device 20 is provided with a Card Update Handler 22 adapted to handle all RFID communication with the contactless smartcard 10. The Card Update Handler 22 is also adapted to relay the APDUs that originate on the secure server 30 (see below) to the contactless smartcard 10 and back again to the secure server 30.
The system 1 further comprises a secure server 30. The secure server 30 is hosted at a network end point and is adapted to communicate with the mobile device 20 by means of a network proxy 31 and the local proxy 21 in the mobile device 20. The secure server 30 is provided with a server-transaction log 32, comprising one server- transaction log file for each of the contactless smartcards 10 in the system 1.
The secure server 30 is connected to a network coordination server 40 adapted to orchestrate communication between the mobile device 20, the secure server 30 and a payment gateway 50. The payment gateway 50 can authorise payments to the system operator to the cardholder via a suitable payment instrument owned by the cardholder.
The system according to Figure 2and the method shown in Figure 1 could be used for updating any adapted contactless smartcard, for example, a DESfire® contactless card from NXP®. It is clear that other types of cards can be used to obtain the advantages described below.
The dedicated card-transaction log 12 is added to the contactless smartcard data structure 11 on the contactless smartcard 10 wherein the system is adapted to synchronise the card-transaction log 12 with the server-transaction log 32 of the secure server 30. This means that the aim is to keep the card-transaction log file for a selected contactless smartcard 10 synchronised with the server-transaction log file of said selected contactless smartcard 10 in the server-transaction log 32. In case a DESfire® contactless card is used, the card-transaction log 12 is located in the same DESfire® application adapted for data updates in order to take advantage of existing anti-tearing mechanisms already available on the contactless smartcard application data structure 11 of a selected contactless smartcard 10.
The importance of having each contactless smartcard 10 and a card-transaction log 12 comprising a card-transaction log file is that once a payment initiated by the cardholder is completed and new credit of monetary value stored against the cardholder's account, a new record is created in the server-transaction log file for the associated contactless smartcard that will be used during the contactless smartcard update transaction.
Once the payment is completed, the cardholder is notified that there is now an update for the contactless smartcard available and the cardholder is prompted to start the update process.
The update process requires the cardholder to have a suitable software application installed on the mobile device 20 that acts as a local coordinator for the update process. When the user initiates the update, the following update procedure will be followed.
The mobile device 20 contacts the secure sever 30 and requests to check for available updates for the cardholder's contactless smartcard 10. This part of the updating procedure can be based on the stored credentials in the mobile device 20 or by scanning the contactless smartcard 10 as part of the process.
The user is prompted to place the contactless smartcard 10 in the vicinity of the mobile device 20 to allow data transfer between the contactless smartcard 10 and the secure server 30. Once the contactless smartcard 10 and the mobile device 20 are positioned to allow data transfer by means of RFID, data will be transferred from the contactless smartcard 10 via the mobile device 20 and forwarded to the secure server 30.
The secure server 30 establishes a secure communication channel with the contactless smartcard 10. This communication channel is, for example, the DESfire® protocol in case the contactless smartcard 10 is a DESfire® card from NXP®.
Once the secure communication channel has been established, all communication between the secure server 30 and the contactless smartcard 10 will take place over this communication channel.
By using the mobile device 20, the secure server 30 will be able to read the card- transaction log file to identify the unique transaction ID of the last successfully completed transaction listed in said card-transaction log file.
The secure server 30 is adapted to compare this unique transaction ID with the information contained in the server transaction log file for the associated contactless smartcard 10. The secure server 30 will be able to review whether any pending updates for the associated contactless smartcard 10 are available. If a pending update is found, the secure server 30 is adapted to generate instructions which will be forwarded to the contactless smartcard 10. These instructions relate to the pending update and are intended to ensure that the information in the card- transaction log file is in line with the information available in the server-transaction log file for the association contactless smartcard 10.
Once the update procedure is completed, the secure server 30 will append a record to the server-transaction log file for the associated contactless smartcard 10 comprising the specific and unique transaction ID for the transaction that has been completed.
During an update procedure, both the card-transaction log and the server-transaction must be completed in the same anti-tear transaction, to ensure that the card- transaction log file is accurate and shows the last completed transaction.
In case a network tearing event should occur, the contactless smartcard 10 will automatically revert all files that are configured with back-up files to their pre-update state. If such a network tearing event occurs, the cardholder is informed via the application on the mobile device 20 or via an alternative method provided by the system 1 that an interruption of the update has occurred and will be requested to reinitiate the transaction.
If the update was interrupted due to a network tearing event, the card-transaction log would not include the last transaction available in the server-transaction log file for the associated contactless smartcard 10. Therefore, the secure server 30 would reinitiate the update as described above. If at the end of a successful update the secure server 30 identifies that there are further pending updates for the associated contactless smartcard 10, the process of updating is repeated by informing the cardholder that there are further pending updates and that the updates need to be reinitiated to allow for those pending updates.
The structure of a typical transaction log file will contain at least the following minimal fields:
- a unique transaction ID,
- a transaction date and time, and
- a transaction value.
The unique transaction ID is a unique value within the system 1 and will be unique for the contactless smartcards 10 which are used in the system and for which the secure server 30 can be used to manage updating. The transaction date and time is the date and time stamp that is generated by the secure server 30 for a specific transaction.
The transaction value is the amount of monetary value applied in any update. With reference to Figure 2, the use of the different elements of system 1 in the updating process is as follows.
In a first step, the mobile device 20 issues a payment instruction to the network coordination server 40. The network coordination server 40 processes the payment request together with the payment gateway 50. The payment gateway 50 authenticates the payment and sends an approval of the payment notification to the server-transaction log 32 of the secure server 30. The network coordination server 40 also informs the secure server 30 that there is a new pending update in the server-transaction log 32.
Thereafter, the secure server 30 queries the server-transaction log 32 for any pending updates. The network coordination server 40 triggers the local proxy 21 in the mobile device 20 to initiate a connection to the secure server 30 via the network proxy 31. The local proxy 21 initiates communication to the secure server 30 by contacting the network proxy 31.
The network proxy 31 communicates with the secure server 30. The local proxy 21 triggers the Card Update Handler 22 to start a secure channel with the contactless smartcard 10, which results in a complete end to end secure channel from the contactless smartcard 10 to the secure server 30. Once the channel is set up, this allows for the secure update of the contactless smartcard 10 and the card- transaction log 12 of the contactless smartcard application data structure 11 in the contactless smartcard 10. According to an alternative embodiment of the invention, an existing data application structure of a contactless smartcard 10 can be used to allow the updating of a contactless smartcard 10 according to the present invention, by reusing the existing contactless smartcard application data structure 11 without modifying said application data structure 11. This alternative embodiment would be possible if the existing transaction logs available on said contactless smartcard application data structure 11 meet the following conditions:
To allow reuse of the existing contactless smartcard application data structure 1 the existing card-transaction log file should contain a unique sequential transaction number obtained from a central on-line system. The central on-line system records the transaction data, Card UID and account number, if any, and said unique sequential transaction number. Moreover, writer/update terminals could update cards during top-up/credit transactions; receive update messages from the central update system after it has stored the data in a data base. Alternatively, writer/update terminals could perform card updates whilst in real-time connection with a central system. It is also important for the central system to issue a unique transaction number to the terminal for each transaction that is in turn written to the card. Moreover, the most recent transaction should be clearly identified in the card transaction log file.
In the above-mentioned cases, the existing logging system can be used as the mechanism to provide synchronisation between the remote card updates and the card to allow the updating of a contactless smartcard 10 as described in the present description.

Claims

What is claimed is:
1. Method for updating a selected contactless smartcard in a system comprising a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID), wherein the contactless smartcard data structure of each contactless smartcard of said plurality of contactless smartcards is provided with a card-transaction log file, comprising a list of transactions relating to said contactless smartcard, each transaction in said card- transaction log file having a unique identifier, and wherein the secure server is provided with a plurality of server-transaction log files, with one server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards, each server-transaction log file comprising a list of completed transactions and possible pending updates related to the contactless smartcard, the method comprising: - reading the card-transaction log of the selected contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard,
- using said identifier to select the server-transaction log file for the selected contactless smartcard on the secure server,
- reviewing the server-transaction log file for the selected contactless smartcard to detect any pending updates, and in case a pending update is found,
- generating instructions on the secure server relating to said pending update to update the selected contactless smartcard,
- forwarding the instructions to said selected contactless smartcard to update said selected contactless smartcard.
2. Method according to claim 1 , wherein the method comprises:
- updating the card-transaction log file of the selected contactless smartcard, by adding an identifier relating the completed transaction, and
- updating the server-transaction log file for the selected contactless smartcard on the secure server, by replacing the pending update by the identifier for the completed transaction.
3. Method according to claim 1 or 2, wherein the method comprises:
- reviewing the server-transaction log file for the selected contactless smartcard to detect any further pending updates, and in case a further pending update is found,
- generating instructions on the secure server relating to said further pending update to update the selected contactless smartcard,
- forwarding the instructions to said selected contactless smartcard to update said selected contactless smartcard.
4. Method according any of the claims 1-3, the method comprising: - using a mobile device to send a request to the secure server to receive feedback on available updates for the contactless smartcard associated with the mobile device, and
- receiving on the mobile device an instruction to position the associated contactless smartcard in the vicinity of the mobile device to allow updating of the associated contactless smartcard.
5. Method according to any of the preceding claims, comprising - establishing a secure channel between said secure server and said selected contactless smartcard.
6. Method according to any of the preceding claims, the method comprising:
- detecting an interruption of the communication between the secure server and the mobile device during the update of a selected contactless smartcard, - reverting all files configured during the update process to the pre-update status.
7. Method according to claim 6, wherein the method comprises: - using the secure server to generate an alert message, and
- forwarding the alert message form the secure server to the mobile device to receive on said mobile device a message concerning said interruption of the communication.
8. Method according to any of the preceding claims, wherein the plurality of contactless smartcards comprise DESfire® contactless smartcards, wherein the card-transaction log file is located in the DESfire® application adapted for data updates.
9. System for updating a selected contactless smartcard, wherein the system comprises a plurality of contactless smartcards, a plurality of mobile devices, such as mobile telephones, and a secure server, wherein the secure server is hosted at a network end point and is adapted to communicate, using a wireless communication protocol, with each of the mobile devices of said plurality of mobile devices, and wherein each mobile device is adapted to communicate with an associated contactless smartcard by means of Radio-Frequency Identification (RFID), wherein: - the contactless smartcard data structure of each contactless smartcard of said plurality of contactless smartcards is adapted to store a card-transaction log file, comprising a list of transactions relating to said contactless smartcard, each transaction in said card-transaction log file having an unique identifier,
- the secure server is adapted to store a plurality of server-transaction log files, with one dedicated server-transaction log file for each of the contactless smartcards in said plurality of contactless smartcards, each server-transaction log file comprising a list of completed transactions and possible pending updates related to the contactless smartcard, and wherein
- the system is adapted to read the card-transaction log of the associated contactless smartcard to identify an identifier relating to the last completed transaction for that contactless smartcard and to forward said identifier to the secure server,
- the secure server being adapted to:
- use said identifier to select the server-transaction log file for the selected contactless smartcard,
- review said server-transaction log file for the selected contactless smartcard to detect any pending updates, and in case a pending update is found,
- generate instructions relating said pending update to update the selected contactless smartcard, and
- forward the instructions to said selected contactless smartcard to update said selected contactless smartcard.
10. System according to claim 9, wherein the system is adapted to establish a secure channel between the secure server and the selected contactless smartcard.
11. System according to claim 9 or 10, wherein the plurality of contactless smartcards comprises DESfire® contactless smartcards, the card-transaction log file being located in the DESfire® application adapted for data updates of said contactless smartcards.
12. Computer readable medium storing computer-executable instructions, which, when executed by a computer cause the computer to perform each of the method steps of claim 1.
PCT/IB2016/001351 2015-09-22 2016-09-22 Method and system for updating a contactless smartcard and a computer readable medium for performing said method WO2017051240A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201680055086.5A CN108292400A (en) 2015-09-22 2016-09-22 It updates the method and system of contact type intelligent card and executes the computer-readable medium of the method
EP16848208.1A EP3353729A4 (en) 2015-09-22 2016-09-22 Method and system for updating a contactless smartcard and a computer readable medium for performing said method
PH12018500624A PH12018500624A1 (en) 2015-09-22 2018-03-21 Method and system for updating a contactless smartcard and a computer readable medium for performing said method
HK19100964.1A HK1258605A1 (en) 2015-09-22 2019-01-18 Method and system for updating a contactless smartcard and a computer readable medium for performing said method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1516782.8A GB2542572A (en) 2015-09-22 2015-09-22 Method and system for updating a contactless smartcard and a computer readable medium for performing said method
GB1516782.8 2015-09-22

Publications (1)

Publication Number Publication Date
WO2017051240A1 true WO2017051240A1 (en) 2017-03-30

Family

ID=54544633

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2016/001351 WO2017051240A1 (en) 2015-09-22 2016-09-22 Method and system for updating a contactless smartcard and a computer readable medium for performing said method

Country Status (6)

Country Link
EP (1) EP3353729A4 (en)
CN (1) CN108292400A (en)
GB (1) GB2542572A (en)
HK (1) HK1258605A1 (en)
PH (1) PH12018500624A1 (en)
WO (1) WO2017051240A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110334550B (en) * 2019-06-30 2021-03-16 飞天诚信科技股份有限公司 Smart card and method for protecting privacy data thereof
CN114267123B (en) * 2021-12-15 2023-08-04 新奥(中国)燃气投资有限公司 Intelligent NFC card for gas meter and communication processing method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101154281A (en) * 2006-09-30 2008-04-02 联想(北京)有限公司 Method and mobile device for migrating finance data in smart card
US20100274722A1 (en) * 2009-04-28 2010-10-28 Mastercard International Incorporated Apparatus, method, and computer program product for recovering torn smart payment device transactions
US8972338B2 (en) * 2013-01-03 2015-03-03 International Business Machines Corporation Sampling transactions from multi-level log file records

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040127256A1 (en) * 2002-07-30 2004-07-01 Scott Goldthwaite Mobile device equipped with a contactless smart card reader/writer
US7587332B2 (en) * 2005-03-23 2009-09-08 Cubic Corporation Directed autoload of contactless stored value card within a transportation system
SG128516A1 (en) * 2005-06-28 2007-01-30 Ez Link Pte Ltd Updating a mobile payment device
EP2212863A2 (en) * 2007-10-18 2010-08-04 France Telecom System and method for contactless smart-cards
US9473295B2 (en) * 2011-09-26 2016-10-18 Cubic Corporation Virtual transportation point of sale
US8967477B2 (en) * 2011-11-14 2015-03-03 Vasco Data Security, Inc. Smart card reader with a secure logging feature
CN104169955A (en) * 2012-01-16 2014-11-26 移动货币国际私人有限公司 Hybrid payment smartcard

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101154281A (en) * 2006-09-30 2008-04-02 联想(北京)有限公司 Method and mobile device for migrating finance data in smart card
US20100274722A1 (en) * 2009-04-28 2010-10-28 Mastercard International Incorporated Apparatus, method, and computer program product for recovering torn smart payment device transactions
US8972338B2 (en) * 2013-01-03 2015-03-03 International Business Machines Corporation Sampling transactions from multi-level log file records

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3353729A4 *

Also Published As

Publication number Publication date
GB2542572A (en) 2017-03-29
PH12018500624A1 (en) 2018-10-15
HK1258605A1 (en) 2019-11-15
CN108292400A (en) 2018-07-17
GB201516782D0 (en) 2015-11-04
EP3353729A4 (en) 2019-05-01
EP3353729A1 (en) 2018-08-01

Similar Documents

Publication Publication Date Title
US11057229B2 (en) Mobile payment application architecture
US10769614B2 (en) Over the air update of payment transaction data stored in secure memory
KR101709099B1 (en) Method and system of electronic payment transaction, in particular by using contactless payment means
US10037523B2 (en) Over the air update of payment transaction data stored in secure memory
US10147077B2 (en) Financial transaction method and system having an update mechanism
JP4711970B2 (en) Transaction device with expected pre-treatment
US20150227920A1 (en) Management of identities in a transaction infrastructure
KR100725146B1 (en) System and method for settlement by using card recognition equipment
JP2015533236A (en) System, method and computer program product for managing data reinstallation
CN105719391A (en) Mobile device supporting multiple payment cards and method
US20170178121A1 (en) System and method for providing instructions to a payment device
US20150186853A1 (en) Payment terminal, information processing server, payment terminal control method, and program product
EP3761248A1 (en) Transaction device management
US20180181954A1 (en) Configuring a transaction device
WO2017051240A1 (en) Method and system for updating a contactless smartcard and a computer readable medium for performing said method
WO2020152656A1 (en) A payment method and payment system
CN105103180A (en) Method for processing issuance of mobile credit card
US11080698B2 (en) Tokenisation of payment data
EP3474208A1 (en) System and method for performing transactions
US20170039558A1 (en) Methods for processing transactional data, and corresponding devices and programs
KR100990359B1 (en) Method for Operating Dual Application(or Data)
KR100988883B1 (en) System for Operating Application(or Data)
KR20170102155A (en) Method for Operating Card Payment at Financial Sector Offline Affiliated Store by Non-financial Sector Alliance Company's Cash System
KR20160118178A (en) Method for Operating Card Payment at Offline Affiliated Store by Alliance Company's Cash System
KR20150135756A (en) Method for Approving Offline Affiliated Store Settlement which Synchronized by Alliance Company's Cash System

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16848208

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 12018500624

Country of ref document: PH

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2016848208

Country of ref document: EP