Detailed description of the invention
It is more fully described the present invention hereinafter with reference to accompanying drawing, wherein, sends out for shown in the drawings
Bright exemplary embodiment.However, it is possible to implement the present invention with the most different forms, the present invention should not
It is construed as limited to embodiment set forth herein.On the contrary, these exemplary embodiments are provided so that these public affairs
Opening is thoroughly, and the scope of the present invention will be fully conveyed to those skilled in the art.It will be appreciated that
Pin purpose of this disclosure, and " each ... at least one " be to be interpreted as representing and follow corresponding language
The combination in any of the element enumerated including the combination of multiple elements enumerated.Such as, " in X, Y and Z
At least one " be to be interpreted as representing only X, only Y, only Z, or X, Y and Z
In two or the combination in any (such as, XYZ, XZ and YZ) of more.At whole accompanying drawing with detailed
Thin describe, unless otherwise described, the most identical drawing reference numeral be understood to mean that identical element,
Feature and structure.For clear, illustrate and facilitate, the relative size of these elements and describe can be exaggerated.
Fig. 1 is trusted service manager (TSM) ecosystem of the exemplary embodiment according to the present invention
System diagram.
As shown in fig. 1, employing has aerial download (OTA) proxy configurations (provisioning)
The example system of TSM technology includes: TSM10;Mobile terminal 11;Network 15;Third party's message passes
Send platform 16;Financial institution 18;Mobile Network Operator (MNO) 19;Mobile-phone manufacturers 20;Card
Manufacturer 21.Before TSM10 fully can be used by user and its participant, service provider (SP)
(such as, with the service provider of 18-21 mark) can stand pre-registration and process.In this example, network
15 can refer to cellular network, and wherein, cellular network can include one or more base station, so that mobile terminal 11
Can communicate with other mobile terminal or third party entity.It addition, network 15 may also include any its
The suitable communication network (such as, the Internet) of its type, traditional telephone line and other is suitable
Network technology.
Mobile-phone manufacturers 20 can include embedded-type security element (SE) manufacturer, and card manufacturer 21 can wrap
Include miniature secure digital (SD) SE(i.e., non-universal integrated circuit card (UICC) SE) manufacturer.
Because different SE manufacturers can provide different from the OTA key provided for traditional UICC SE device
OTA key, so their OTA key can be provided by mobile-phone manufacturers 20 and card manufacturer 21
TSM10 in processing to above-mentioned pre-registration is for process in the future.Selectively, mobile phone
Manufacturer 20 and card manufacturer 21 can provide the OTA key of each of which when request, and without pre-note
Volume processes.In the application 61/428,853 of co-pending (co-pending), provide what pre-registration processed
It is explained in more detail.
In this example, OTA proxy can be initialised during the use of mobile purse application or be configured to
It is connected with TSM10, with saving technique resource.So, acquiescence is in sleep pattern by OTA proxy,
Until being waken up for its use.In order to specify to wake up mechanism up, available third party's message transmission
Platform 16(such as, cloud to device message transmission (C2DM, Cloud to Device Messaging)) come
Waking up OTA proxy up, described OTA proxy will be connected to use with TSM10 successively.If TSM
Message is sent to third party's messaging platform 16, then third party together with wake command and identification information by 10
The mobile terminal 11 that messaging platform 16 sends a message to identify successively moves eventually to wake up up to reside in
OTA proxy in end 11.Once waking up up, OTA proxy will be connected to TSM10 and be used for configuring or it
Its purposes.Selectively, if it is desired to, then OTA proxy can be with upper frequency or be continuously connected
To avoid above-mentioned waking up process up.
If mobile terminal 11 is equipped with enabling the chip of near-field communication (NFC) and being configured with and can use
The contactless card small routine of NFC technique, then the owner of mobile terminal 11 can be by selling corresponding
Point (POS) device is brandished (wave) mobile terminal 11 and is purchased in the POS shop enabling NFC
Buy.Subsequently, mobile terminal 11 is once used to be bought, acquirer (acquirer) network 23 He
Process payment 22 just can work together to guarantee payment to obtain in financial institution 18 and update.But, should
Terminal use's application does not include the TSM ecosystem described and is shown as providing intact ecocystem
Description.
Describe a kind of for deleting sensitive information (such as, letter from the SE of mobile terminal referring to Fig. 2
Use card certificate) method.Although only describing the method for deleting in this exemplary drawings, but will
Understanding, (such as, locking is to the letter being stored in SE can to use other method for protecting sensitive information
The access of breath).
Fig. 2 is the system diagram illustrating the method for deleting sensitive credit card certificate from SE.For
The purpose of the disclosure, although not shown in Fig. 2-Fig. 5, it will be understood that, by as shown in Figure 1
Network 15 or other suitable method provide outside side or service provider (18-21), TSM10 and
Any communication carried out between mobile terminal 11.In addition, it is to be understood that sensitive information is not limited to credit card letter
Breath, pin purpose of this disclosure, reference credit card information is merely used as example.
As in figure 2 it is shown, in step 201, service provider (SP) (such as, financial institution 18) does
Provide the request of identification information (such as, mobile user comprehensive service digital net (MSISDN)), with
Its certificate (such as, credit card number, deadline, peace is deleted from the mobile terminal 11 of stolen/loss
All-key, Personal Identification Number (PIN)).In this example, can by the owner of mobile terminal 11 or each
SP initiates such request.Described request can be special for belonging to the credit card information of specific SP
Fixed, or described request can be used for deleting all credit card informations residing in SE, otherwise deletes and deposits
The storage all sensitive informations in SE.Although described request would generally be only limitted to belong to the letter of the SP of request
With card information, if but various financial institution reach an agreement, the most also can delete the credit of other SP agreed to
Card information.
Equally, in step 201, SP the request sent can be used for locking and comprises the whole of credit card certificate
SE, or only lock each security domain in the SE storing each credit card information.Can be specified by SP and be used for
Locking or the request of deletion specific security domain, or can cater to for locking or delete asking of specific security domain
Ask to meet other business rules/requirements.Although it addition, provide accompanying drawing not shown in, but can by with
Mobile terminal 11 owner that TSM10 directly contacts initiates to protect the request of the information being stored in SE.
Additionally, step can be initiated by the SP request according to the will of oneself or in response to the owner of mobile terminal 11
Request in rapid 201.
In step 202, TSM10 receives request from SP, and by each mobile terminal in its data base
Account is updated to " deletion " state.It addition, TSM10 carries out internal queries to verify problematic movement
Whether terminal 11 has mounted mobile purse application 31(such as, and SK C&C moves purse application
31).In this example, if TSM10 determines that SK C&C moves purse application 31 and is arranged on each and loses
Lose/stolen mobile terminal 11 in, then request is revised as deleting relevant contactless little Cheng by TSM10
Sequence, the wallet management resided in SE application (WMA) 21 credit card certificate (wallet management small routine)
The widgets in purse application 31 is moved with residing in SK C&C.
It addition, TSM10 determine losing/stolen mobile terminal 11 on the type of SE that is equipped with.Cause
For miniature SD and embedded SE(i.e., non-UICC type SE) cannot support that traditional user identifies mould
Block application toolkit (SAT)/USIM application toolkit (USAT)/card application tool
Bag (CAT) framework, so the delete command constructed by TSM10 can pass through OTA proxy, to make
To being stored in non-UICC type SE(such as, miniature SD or embedded SE) in arbitrarily the deleting of information
Remove.But, OTA proxy also can support that the SE(supported by traditional SAT/USAT/CAT framework is all
As, UICC, Services Identity Module (SIM) or USIM (USIM) are (in this collectively
For UICC)).That can find about OTA proxy in co-pending application 61/428,851 is more detailed
Explanation.
Once TSM10 completes to revise account status, in step 203, just to mobile push service device
(such as, cloud is to device message transmission (C2DM) platform) makes propelling movement request.
In step 204, mobile push service device PUSH message resides in the mobile end of loss/stolen to wake up up
OTA proxy in end 11.
In step 205, OTA proxy is to mobile terminal 11 with the SE customizing messages being associated (such as,
MSISDN and card graphic numbering (CIN, Card Image Number)) retrieve, and they are sent out
Deliver to TSM10.In this example, SE information may also include card reference numbering (CRN), the card life of product
Cycle (CPLC) and card serial number (CSN).
Although it addition, not shown, but once TSM10 receives mobile device and SE information, TSM
10 it is confirmed that the state of SE.Because the process of the SE of storage can be based on its state, so can deposit in access
Storage carries out the analysis to SE state and respective handling before the information in SE.More particularly, based on
SE state, can perform some preparation process with protection for processing the order that received by OTA proxy
SE.In this example, the SE being equipped with in mobile terminal 11 can have a free position in following three state:
Operating system (OS) primary (native), it is initialised and is protected.If the state of SE is determined
For " by protecting ", then can not perform further preparation process." by protecting " state of SE can refer to sign
Expection operation card life cycle state after Faing.On the other hand, if the state of SE is confirmed as " by just
Beginningization ", TSM10 can provide final publisher master key to protect SE the most subsequently.SE " by initially
Change " state can vial reason card Product Status.Finally, if the state of SE is confirmed as " OS is primary ",
Then followed by pre-personalisation process, wherein, described pre-personalisation process can include providing initial to SE
Publisher's master key and final publisher master key." OS is primary " state of SE can refer to that SE is not made
Make the initialized state of initial method of business.
After the state of SE is determined, the analysis to SE type can be performed to determine in OTA generation
The type of the agreement that reason planted agent runs, in order to be configured to the SE identified.If SE be UICC type or
Embedded type, then may have access to the information that SE is stored in SE with amendment.Selectively, if SE
It is miniature SD type, then can perform extra process specific protocol and be stored in SE to access or to revise
Information.Owing to those of ordinary skill in the art understands that the agreement of which type can be used for accessing miniature SD
Type, therefore at this, the descriptions thereof are omitted.
In step 206, TSM10 processes the information provided and orders together with " deletion " and convert them to
Application Protocol Data Unit (APDU) is ordered, and the APDU order of conversion is sent to OTA generation
Reason.
In step 207, OTA proxy can be resident to credit card certificate by the APDU command auto repeat received
SE.Credit card certificate can be resident as contactless card small routine, and can reside in wallet management small routine
(WMA) in 21.For about how creating the more details of corresponding WMA21, refer to altogether
With relevant application number 61/428,846.
The most it is successfully processed " deletion " order, in step 208, sends the result to OTA proxy.
In step 209, result is relayed back TSM10 by OTA proxy.In step 210, TSM10 depends on
The SP of the secondary result sending a notification to its request.
If mobile terminal 11 is activated and has the reception to network, then can provide " deleting disclosed in Fig. 2
Remove " function.
In figure 3, it is provided that for synchronize to reside in mobile purse application 31 in mobile terminal 11 be
System diagram.
In step 301, multiple outside sides or SP can ask to use TSM/ wallet management system (WMS) right
Mobile purse application 31 configuration of user makes a change, and wherein, TSM/ wallet management system (WMS) can
The main configuration of the mobile purse application 31 of storage user.Pin purpose of this disclosure, outside side or SP can
Including (and being not limited to) financial institution 18, Mobile Network Operator (MNO) 19, mobile-phone manufacturers
20 and card manufacturer 21(are referred to as " service provider " or " SP ").Because mobile purse application 31
Will not be always on, so TSM/WMS can be used as central repository to allow various outside sides not examining
Request is made a change in the case of considering the logging status to mobile purse application 31 of user.Such as, each
Outside side or SP can ask extra contactless card is configured to user's according to the time of themselves
Mobile purse application 31, and do not consider the state of user.
Similarly, TSM10 itself can automatically identify and be stored in SE by internal record based on its own
The contactless card small routine deadline the most close, and point out user update contactless card small routine letter
Breath.In this example, can by mobile purse application 31 or other suitable method (such as, Email,
Text and voice mail) user of prompting mobile terminal 11.Also can be (all by other method by TSM10
As, text, Email, voice mail or the appropriate method of other offer notice) prompting user.Ring
Should in prompting, the user of mobile terminal 11 can by TSM10 system or by contact be responsible for will be expired
The SP of contactless card small routine reconfigure each contactless card small routine.
Subsequently, in step 302, when user signs in the mobile purse application 31 on mobile terminal 11,
Residing in the OTA proxy in mobile purse application 31 will be specific to specific mobile terminal 11 information and SE
Information (such as, MSISDN, international mobile equipment identification number/mobile device identification code, the integrated electricity of CIN/
An outpost of the tax office's identification code (ICCID)) carry out retrieving and send them to TSM10 to be analyzed.
In step 303, TSM10 when receiving the information of offer, use storage information carry out by
The internal verification of the information that OTA proxy provides.
If it find that the cellphone information provided or the information collision of SE information and registration, then in step 304,
TSM10 records this event, and mobile purse application 31 can be ordered to lock or delete sensitive information, until
Till further checking or clarification can be provided that.Sensitive information can include being storable in SE with finance
Account customizing messages that mechanism 18 is relevant (such as, credit number, the deadline, Personal Identification Number and
Other relevant information).It addition, sensitive information may also include the user security information or its being stored in SE
Its personal information.
In this example, thief can steal removable SE(such as from mobile terminal 11, miniature SD), and
User recognize SE just from his or her mobile terminal 11 lose before, on different mobile terminals
Use described removable SE.Mobile terminal identification cross-reference (the cross registered by use
Referencing) SE registered, TSM10 will identify that the SE of registration is the most just being installed in different
On nonregistered (NR) mobile terminal 11.Also, it should be mentioned that TSM10 can be to describe with in step 304
The different mode of mode process the identification of inconsistent device.TSM10 can be according to the business provided by participant
Industry rule (such as, selecting prompting user cipher, safe key or other verification method) processes such
Event.
When the business rules according to them processes such event, can be provided extra by consumer or SP
Or different direction.
When the request made configures another contactless card small routine 23, or whenever request OTA proxy
When being connected with TSM10 or equivalent system, it is possible to carry out this sync check.
Fig. 4 illustrates the exemplary system diagram of the supplying system for reconstructing mobile purse application 31.Once
User has been found that or replaces the mobile terminal of the financial certificate that may no longer comprise all previous users,
The user of device will contact one of SP or TSM10 and move purse application 31 and wherein to reconstruct it
All previously stored content.Pin purpose of this disclosure, mobile purse application 31 can include residing in
Move widgets, the contactless card small routine 23 being stored in SE in purse application 31 and be associated
WMA21 and optional OTA proxy.But, mobile purse application 31 can include retouching than at this
Less element of all elements stated or element more more than element described here.
In step 401, it is the most mobile eventually that the user of mobile terminal 11 contacts notice acquisition (procurement)
The SP of end 11.SP can carry out the certification of its own to verify the correct user of mobile terminal 11.Similarly,
User also can directly notify MNO19 or TSM10.
Once SP have authenticated user, in step 402, SP just transmit the request to TSM10 so that
The new mobile terminal 11 of user is reconfigured with the contactless application of SP and relevant certificate.
In step 403, TSM10 performs whether internal check has in loss his or her with checking user
Other SP account any of configuration before phone.Other SP account, the then pin having if there is user
Its configuration information is made request to each SP.
Once SP receives the request for configuration information, in step 404, can carry out internal authentication and have
The inspection of effect property, and necessary information is sent to TSM10 to process.
In step 405, carry out another internal check with checking user elder generation in his or her mobile terminal 11
Before there is what move purse application 31.(such as, mobile purse application 31 can include all kinds
SKC&C move purse application 31 or provide by different manufacturers other move purse application).
In this example, in step 406, if it find that be previously mounted with mobile purse application 31, the most subsequently
Retrieval identical version and the user preference being associated with mobile purse application 31 are arranged, to be sent to by system
User.Before moving to step 407, each can be moved the user that purse application 31 configures together with it
Preference is sent to customer mobile terminal 11 by mobile push service device.Pin purpose of this disclosure, it is assumed that
Mobile purse application 31 includes corresponding OTA proxy, wherein, and can be when receiving application by moving end
The end 11 corresponding OTA proxy of installation, maybe can install corresponding OTA proxy by individually processing.
In step 407, the PUSH message being used for waking up up OTA proxy is sent to mobile propelling movement by TSM10
Server (such as, C2DM system).In this example, can be before OTA proxy and mobile wallet
Application 31 simultaneously or sent OTA proxy before mobile purse application 31.
Subsequently, in step 408, the wake command of reception is relayed to OTA proxy by mobile push service device.
In step 409, OTA proxy is to mobile terminal 11 and SE customizing messages (such as, MSISDN
And CIN) carry out retrieving and being sent to TSM10.
Once TSM10 receives the information sent by OTA proxy, and in step 410, TSM10 is just
This information is processed together with configuration order, and converts them to APDU order to be sent to OTA
Agency.In this example, configuration order can include specific instruction (such as, install or delete customizing messages or
Application), and the account customizing messages for contactless card small routine that can be provided by financial institution 18.
Additionally, when receiving for the account customizing messages of contactless card small routine or other sensitive information,
Such information can be replicated to be configured to WMA21.It is used for moving it addition, also obtained by TSM10
The version of the widgets being associated of the mobile purse application 31 of terminal 11, be directly configured to wallet should
With 31.
It follows that in step 411, the APDU order of reception is forwarded to configurable credit by OTA proxy
Card certificate, the SE of contactless small routine.If user is the previous user of mobile purse application 31,
Then APDU order is joined being relayed to by corresponding for the contactless small routine being arranged in WMA21
Put accounts information, wherein, within described WMA21 also is located at SE.It addition, will answer at mobile wallet
With installing the application of corresponding widgets in 31, to provide the figure of the account installed to show.
It is successfully processed configuration order, in step 412, just result is sent back OTA proxy.
Subsequently, in step 413, described result is relayed back TSM10, TSM10 and uses by OTA proxy
The result of request updates its system.
In step 414, the notice of the result of SP configuring request is sent to each SP.
Similar with Fig. 4, as shown in Figure 5, can pass through can be by pulling that mobile terminal 11 owner initiates
Mechanism, the mobile purse application 31 of reconstructing user.
In step 501, the owner of mobile terminal 11 attempts reinstalling mobile money from mobile terminal 11
Bag application 31, and make request from the mobile terminal 11 of new mobile terminal 11 or replacement.Will order
Request is sent to TSM10 together with mobile identifying information.
In step 502, TSM10 receives described request and relevant identification information thereof, and authentication processing occurs
To verify user.Password, safety problem, Social Security Number can be passed through or suitably verified by other
The user of method validation request.The most correctly identify out user, just examined for existing account
Look into.If it find that previously installed mobile purse application 31, the most subsequently system to identical version and with shifting
The relevant user preference of dynamic purse application 31 is arranged to be retrieved, and is sent to user's use in step 503
In being downloaded.By mobile push service device, each can be moved the use that purse application 31 configures together with it
Family preference is sent to customer mobile terminal 11.
In this example, if it is determined that the user of request does not the most have mobile purse application 31, then at TSM
Create new account in 10, and can be sent to movement purse application 31 move by mobile push service device
Dynamic terminal 11.Pin purpose of this disclosure, it is assumed that mobile purse application 31 includes corresponding OTA proxy,
Wherein, by mobile terminal 11, corresponding OTA proxy can be installed when receiving application, maybe can be by single
Corresponding OTA proxy is installed in only process.
It follows that in step 504, TSM10 is for the user of relevant SP accounts information inspection request
Account.If one or more SP accounts are associated with the account of the user of request, then notice can be sent
To SP, request sends configuration information to the user of request.Although step 503 and step 504 are configured
For single step, but step 503 and step 504 can be carried out in the lump, or also can be according to contrary suitable
Sequence carries out step 503 and step 504.Such as, the disclosure be provided separately mobile purse application 31 and with
The widgets that SP is relevant.But, also can collect the widgets being necessary and mobile purse application from SP
31 so that widgets and mobile purse application 31 can be relayed to user by TSM10 simultaneously.Selectively,
If allowing TSM10 to store account customizing messages, then can be provided mobile purse application 31 by TSM10
And widgets, and without making extra request to SP.
Once SP receives the request to configuration information, in step 505, so that it may carries out internal authentication and has
The inspection of effect property, and necessary information is sent to TSM10 to process.
In step 506, the PUSH message being used for waking up up OTA proxy is sent to mobile propelling movement by TSM10
Server (such as, C2DM system).Although sending mobile purse application before being shown in OTA proxy
31, it should be noted that OTA proxy can be sent with mobile purse application 31 simultaneously, or can be at mobile money
OTA proxy is sent before bag application 31.
Subsequently, in step 507, the wake command of reception is relayed to OTA proxy by mobile push service device.
In step 508, OTA proxy collect mobile terminal 11 customizing messages (such as, MSISDN and
CIN) together with configuration order, and TSM10 is sent it to.In this example, configuration order can include spy
Fixed instruction (such as, installing or delete customizing messages or application) and can by financial institution 18 provide for
The account customizing messages of contactless card small routine.Other sensitive letter can be provided by other SP or TSM10
Breath (such as, the key of SE).The TSM10 as intermediary (intermediary) can be used real by SP
Time ground sensitive information is provided, or sensitive information can be provided previously by be stored in TSM10 by SP.
Once TSM10 receives the information sent by OTA proxy, and in step 509, TSM10 is just
Process this information together with configuration order, convert them to APDU order, and send them to OTA
Agency.If additionally, receive the configuration order of the account customizing messages including contactless card small routine,
The most reproducible such information is to be configured to WMA21.It addition, being associated for purse application 31
The version of widgets also can be obtained by TSM10, to be arranged directly mobile purse application 31.
It follows that in step 510, OTA proxy by the APDU command auto repeat that receives to configurable credit
Card certificate, the SE of contactless small routine.If user is previous mobile purse application 31 user,
Then APDU command auto repeat can be joined to by corresponding for the contactless small routine installed in WMA21
Putting accounts information, wherein, described WMA21 also is located in SE.It addition, can be in mobile purse application
The application of corresponding widgets is installed to provide the figure of the account installed to show in 31.
It is successfully processed configuration order, in step 511, just result is sent back OTA proxy.
Subsequently, in step 512, described result is relayed back TSM10, TSM10 and will make by OTA proxy
Its system is updated by the result of described request.
In step 513, the notice of the result of SP configuring request will be sent to each SP.
It will be clear to those skilled in the art that without departing from the spirit or scope of the present invention
In the case of, various modifications and changes can be carried out in the present invention.If it is therefore intended that described amendment
Fall in the range of claim and equivalent thereof with change, then the present invention covers the described amendment of the present invention
And change.