Technology The invention refers to a payment device located in the mobile communication device, such as a mobile phone in the form of a pre-paid card. The invention also described the process of electronic money top-up on the payment device located in the mobile communication device, while the security standard, especially the one according to the EMV (Europay MasterCard Visa) rules remains preserved. The topped-up electronic money is used for contactless payment transactions realized over the mobile communication device. The solution ties up to the previous patent filing SK PP00032-2009 from May 3 ^rd , 2009.

Present technology

There exist several configurations of an electronic wallet with pre-paid credit for the payment of off-line contactless payments. Some pre-paid money systems, e.g. as the one according to the CN101013489A use the mobile phone for the data flow, requests for payment hand over and for the management of contactless transaction in total. The electronic money itself, the data on the amount of electronic cash, is however not stored within the mobile communication device. There are known pre-paid cards, into which the electronic money, so basically the data on the current credit amount are inserted using contactless devices. The communication between the top-up terminal and the card is in case of EMV standard realized over encrypted messages, where ARQC (Authorization Request Cryptogram) is generated and then it is waited for the ARPC (Authorization Response Cryptogram) response with a corresponding command, a script. While waiting, the card remains in contact with the terminal. The interruption of the connection between the card and the terminal would cause a creation of a new, different ARQC on the card, by which the termination of a regular top-up of already prepared money would be disabled.

There is no system known, which would enable secure creation of a payment device with pre-paid electronic money in the mobile phone's structure that would comply with the EMV standard. Also, the system in which this kind of payment device could be topped-up with electronic money, e.g. using messages in the SMS format is not known. It is required for the money top-up process to run even is in time separate phases, since it is not suitable to required for the sender to synchronize with regard the time his steps with the receiver of the money. These two money top-up process's participants can be at a random distance from each other.

The subject matter of the invention The deficiencies mention are to a large extent eliminated by the cashless payment device with pre-paid credit containing a block for storage of current credit amount according to this invention, the subject matter of which is based on the fact that this block is located on the secure element in the removable memory card. The removable memory card is located in the mobile communication device, where the secure element is interconnected with the microcontroller to run the top-up application. Until know, the microcontroller was a part of an independent hardware, to which the pre-paid card was connected in a contact way to realize the electronic money top-up process. This hardware was usually a payment terminal, which had a common payment terminal application for contactless payments with a money top-up subsystem on the card. The microcontroller, over which the top-up application was run, was not held by the user. The new configuration solves the limitations of the current state and it considerably increases application possibilities of the removable memory card. The unit for the creation of the request cryptogram, preferably in the form of ARQC, is located directly on the removable memory card.

The top-up application running on the microcontroller in the memory card can be a part of the payment-terminal application ant in that kind of configuration, it is possible to realize even payment-terminal processes, e.g. of the EMV standard, from the payment device. The architecture and software equipment of the memory card can be set in such a way, that the microcontroller works with a top-up application and the payment from the pre-paid card then operates as in the currently known systems e.g. in paying for transport. The removable memory card will be inserted into the slot for extending accessories used beyond the basic functions of the mobile communication device. The basic function of the mobile communication device is a transfer of voice and data in the mobile operator's network. The important characteristic of the submitted invention is the placement of the pre-paid card, the payment device with the pre-paid credit into the removable memory card, where on the card directly there is the block for storage of the current credit amount data and the unit for the creation of the request cryptogram. So the submitted solution does not use the structure in the mobile communication device only for the management and usage of credit that is located at the payment processor's, but the payment device is adequately implemented into removable memory card, apart from the SIM (subscriber identity module) card. The removable memory card is a carrier of the pre-paid card, where during the top-up, the powering and the communication flow runs over the memory card's interface. The removal of the memory card does not influence other functions of the mobile communication device.

In preferable configuration, the memory card will be of the SD or miniSD or microSD card or M2 card type. Due to its interface and basic architecture, these types of cards are suitable for the creation of the payment device according to this invention and also widespread in common types of phones. The usage of the removable memory card instead of SIM card used in other, previous solution, also offers the advantage in the form of interface capacity, since in the removable memory card at least a two conductor, preferably a four conductor bus is considered for these purposes.

The cashless payment device can be located on an independent domain of the secure element in the smart card chip. On independent parts of the same secure element, which is in the form of a hardware chip, there can be even other payment applications, e.g. blocks with standard payment cards and also blocks with non-financial applications. For the extended possibilities of the contactless payment transaction outside the mobile communication device's operator's network, it will be suitable if the memory card is equipped with a contactless communication element, especially of the NFC (Near Field Communication) type. In suitable configuration even an antenna, to which a contactless communication device is connected, will be located on the removable memory card. Thanks to this configuration of elements, the payment device will be capable of communication with NFC readers in contactless payments, e.g. when paying for a traffic ticket and similar.

The subject of this description is also a top-up of electronic money to the above described payment device, where the cryptogram of authorization request, especially in the form of ARQC, is requested and generated. In the host a cryptogram of the authorization response, especially in the form of ARPC, is created according to this invention, the subject matter of which is based in the fact, that a message, preferably in the form of SMS, containing information about prepared money for the increase of current credit is sent from the host according the database of assigned payment devices to phone numbers of corresponding mobile communication devices. Subsequently, authorization request cryptogram is generated in the unit for the creation of the request cryptogram on the payment device. This one is in the form of ARQC and the block then switches into the state, in which an equivalent authorization request cryptogram is permanently generated until it receives a corresponding authorization response cryptogram, especially in the form of ARPC. The authorization request cryptogram is created in the block on the payment device and the authorization response cryptogram is created in the host. After the creation of the authorization request cryptogram, the block switches into the described IDLE state, so the authorization process with an equivalent cryptogram can be repeated. This enables to phase the top-up process into independent phases that can be realized over SMS messages. The creation of the new state in the block for the authorization request cryptogram creation is an important characteristic of the solution presented. It enables to phase the top-up process and even an instable, interrupted channel when realizing top-up becomes acceptable. It will also be possible for the electronic money to stay prepared in the interposition in the mobile communication device on a removable memory card. Then, in the process diagram there are set commands, which will unblock the IDLE mode into the common authorization request cryptogram generation with the counters incrementation even in case of unsuccessful money top-up. This can be done in such a way, that the authorization request cryptogram is created in different situations, when a suitably set script with commands is added to a correctly created cryptogram.

Both cryptograms can be sent in both directions in the form of the SMS (Short Message Service) within the mobile operator's network. This is possible since in case of their undesirable change on the route would be detected when decrypted on the other side of the communication channel or it would cause interruption and termination of the top-up process. For the simplicity reasons and as an additional security element, the authorization request cryptogram will be sent to the phone number from which the mobile communication device received the information that the money is prepared.

In the host, the received authorization request cryptogram is evaluated and the authorization response cryptogram is created, which is then sent by the host to the mobile communication device so the command that was added to the authorization response cryptogram in the host would be run. The supplemented command reflects the situation that was found out currently in the host. In case there is money prepared in the host, the command in the script requests an increase of the current credit on the pre-paid card in the mobile communication device and in the same time a record on a realized operation is done in the host.

In case the removable memory card is inserted in the mobile communication device's slot when the message with the authorization response cryptogram is received, the received authorization response cryptogram is transferred into the payment device on the memory card. In case the removable memory card is not inserted in the mobile communication device's slot, the received authorization response cryptogram is stored in the mobile communication device and is prepared for a later transfer into the memory card. In the same time the receiver is informed about the need to insert the removable memory card into the corresponding slot on the display of the mobile communication device. This procedure solves the situation which did not have to be treated in case of current contact top-up.

The mentioned communication procedure can be realized only with small interventions into common EMV procedures and the required security of operations is maintained.

In order to increase security, the removable memory card can have two independent access modes. One access mode is designed and set for the common function of the removable memory card which rests in the extension of the memory capacity of the mobile communication device, such as a mobile phone. This access mode prevents access to the unit with the payment card and to the contactless communication element on the removable memory card. Basically in this access mode on the removable memory card's interface this card appears to be a common removable card without the secure element and without the communication element on the removable memory card.

The second access mode is designed and set for the payment function of the removable memory card, where the access to the unit with the payment card and also to the contactless communication element on the removable memory card is allowed from the mobile communication device's circuits over an interface.

The two modes are alternatively selectable, it is important, that the access mode for the payment function of the removable memory card can be active only after physical press of the hardware payment button. Even a common flash memory can be accessible in the payment function access mode.

The removable memory card, on which at least one payment card unit is located, appears to be a removable memory card for the extension of the memory capacity of the mobile communication device on the interface and that up until the moment when the purpose payment button is physically pushed. Then the removable memory card is made accessible on the interface as a card with Secure Element.

The existence of the purpose hardware payment button enables the change of the removable payment card's character on its interface level to be tied exclusively to the physical press of the payment button. The necessity of physical press of the button excludes the possibility to run the payment application by some undesirable software or script imitating the will of the user.

By this configuration we will exclude the risk that the removable memory card's interface will be misused for the trials to overcome the security elements without the user's knowledge. The connection between the physical press of the button and run of the corresponding Firmware can be stored in the memory in such a way that it is either never possible to rewrite it, change it or update it or it is not possible to do it without the corresponding password. The unauthorized program then cannot emulate the signal from the physical payment button in such a way so this signal could appear as a real physical press of the button to the other steps of the application's run. Since the intruder will not have the possibility to physically press the button described on the remote mobile communication device, it is excluded that he could gain uncontrollable access to the payment card's unit or to the unit of the payment terminal on the removable memory card. The removable memory card will behave as a standard memory card and only after physical press of the payment button will switch into the payment card mode. The end of payment application will automatically switch the card's mode into the common card extending the memory capacity mode.

Pictures overview

The invention is described in more detail on the figures 1 and 7. On the figure 1 there is a basic scheme of the memory card with the payment device and the pre-paid credit.

On the figure 2 there is the procedure of sending electronic money from the internet application into the pre-paid card in the mobile phone, where the course of tasks is mentioned from above down. The flow of files between the removable memory card and a mobile phone is similar as a flow of files between the mobile phone and the host. On the figure 3 there is a situation, when the removable memory card and by that even the pre-paid payment card itself, is not inserted in the mobile phone when the ARPC cryptogram is received by the mobile phone.

On the figure 4 there is a schematically displayed diagram showing the successiveness of the payment application's run with the press of the hardware payment button, where it is possible to see the localization of the individual tasks and processes during the launch of the application on the level phone hardware / phone firmware / removable memory card.

On the figure 5 we can see the structure, with which the removable memory card is presented on the outside in case of common extension of the mobile phone's memory access mode. On the figure 6 there is the structure, with which the removable memory card is presented on the outside in case of payment card access mode. In this configuration there is even the unit with the payment terminal located on the removable memory card.

On the figure 7 there is an example of mobile phone with the payment button. Realization examples

Example 1

A mobile communication device 4 in the form of a mobile phone and a removable memory card 1 of the micro SD type is used in this example. On the removable memory card 1 with common standard sizes there is located a top-up (pre-paid) card, so the payment device itself and also the NFC communication element 7.

The memory card 1 has a microcontroller 6 in the form of 32-bit microprocessor operating with a multi-task operating system, in this case with Linux. A flash memory, secure element 3_ and SD interface 5 _. is connected to the microcontroller 6. The microprocessor contains internal EEPROM memory and boot-loader block for the control of unauthorized interventions in the loaded payment-terminal application.

The flash memory is divided into protected and unprotected part. In the unprotected parte, there is an area for freely accessible and freely usable data of the user and also an area for hidden storage of system files, especially the records on the payment transactions running over the payment terminal. In the protected part there is a block with operating system, in this case with Linux and above all the payment-terminal application block, where is the payment- terminal application, in this case of the EMV type. In the protected part of the memory in this example, there is also a download management block that serves for the storage and management of the software update on the memory card L In case it is necessary to load/upgrade applications in the secure element 3_, then the application's binary data are loaded into the unprotected part of the flash memory, e.g. into the system data block in the area for data hidden to the user. The download management block is checking periodically whether there is some new file in the system data block that should be loaded into the secure element 3_. If yes, it starts a corresponding installation. The memory card 1 also has its own NFC contactless communication element 7 with the antenna located on, respectively in the memory card's 1 body. By this configuration, it is enabled to create a NFC communication channel between the common phone without NFC chip with a corresponding reader according ISO 14443. The pre-paid card is located on an independent domain of the secure element in the smart card chip 3_. An encryption block is located in a different domain of the secure element in the smart card chip 3_.

In the host 2 (HOST - Payment processor) there is a database assigning payment devices to the phone numbers of the mobile communication devices 4. The card can be topped-up over SMS from a personal account or even by a money transfer from one mobile phone to another. The card does not have its own realistic account in the bank, however it must have its image (subaccount) in the host 2 (on the HOST). The receiver of electronic money must have and application supporting Push SMS technology for the detection of the incoming SMS messages structure's meaning installed in the mobile communication device 4. The suitable operating systems are e.g. Windows Mobile, Symbian 60, JAVA JSR257. For the fastness purposes, the sender of the electronic money over internet (e.g. parent that wants to sent money to his child's card in the mobile phone) should have a valid account in the bank, that issued the prepaid card in question, otherwise the transfer of money from one bank to another (the pre-paid card's issuer) would take longer, a situation that would lower the operability of the top-up. In case the sender of the electronic money chooses to use ATM (automated teller machine), he should have his payment card issued by the same or connected issuer, as is the issuer of the pre-paid card. On the ATM, the sender will enter the receiver's phone number and the amount (e.g. 25, - EUR), that he wants to be sent to the pre-paid card. The host 2 (HOST) will transfer the money from the sender's account to the receiver's subaccount and it will send an SMS for the receiver with the information meaning: "You have 25 EUR prepared" into the receiver's mobile phone. The money is labeled as "Money_for_top-up".

In case of sending the money over the internet banking, the sender will enter money transfer for the benefit of the receiver, who will be identified by a corresponding phone number. The internet banking application must recognize that the account is entered over a phone number (the pre-paid card subaccount or alias a phone number). The host 2 (HOST) transfers money from the sender's account to the receiver's subaccount and sends the receiver an SMS with information meaning: "You have 25 EUR prepared" to the receiver's mobile phone.

After the receiver received SMS message "You have 25 EUR prepared", the receiver starts the top-up application on the mobile phone. The application asks the EMV processor on the microSD memory card 1 to start the transaction of the "Top-up" type. The EMV processor loads the configuration data from its secure domain and asks the pre-paid card to generate the ARQC. After generation of ARQC, the card goes into the IDLE mode. In this state, the card cannot do anything else but generate the same ARQC in case of any repeated request for generation. The card gets out of the IDLE state only in case it receives a corresponding ARPC from the host from its Issuer. The EMV processor writes the ARQC into the flash memory, which is in this case on the memory card 1. The ARQC is taken in the form of a file from the flash memory and it is sent as SMS into the host 2 (HOST). The phone number to which the SMS is to be sent is the same as the phone number from which the SMS message "You have 25 EUR prepared" was received. This phone number is stored in the application's memory. After the SMS message is received by the electronic money receiver, the host 2 verify whether the card's ID number (PAN) is consistent with the phone number from which the SMS was receive. If yes, it verifies whether it has the money of the "Money_for_top-up" type for the corresponding pre-paid card and if yes, than it generates the ARPC and the corresponding script with the commands. The entire cryptogram is sent back to the receiver and marks the money as "Money is in the wallet" in its database. It makes a record, it stores the received ARPC into the memory. In case that some inconsistency between the card's number and the corresponding phone number is found in the host 2 with the corresponding phone number, the host creates the ARPC file despite this inconsistency, so the ARQC creation block on the pre-paid card could be switch from the IDLE state. In this case, the command of the Response_code=do_nothing type is added to the cryptogram and the entire cryptogram is sent to the receiver.

The top-up phase itself, increasing the amount of money on the card is realized in such a way that the application in the mobile phone receives SMS and detects the received message over the Push SMS technology as a message with data for top-up. In case the microSD card is present in the mobile phone's slot, it sends it directly into the microSD card. In case the microSD card with the pre-paid card, is outside the mobile phone's slot, then the message is temporarily remembered and the receiver is notified that he has received money, which could not be inserted into the card and that top-up is awaited. In that kind of case, after the receiver inserts the microSD card, he starts the application once more and the application tries to write the ARPC again. The terminal resends the ARPC into the card, which checks the ARPC and in case of agreement it runs the corresponding command contained in the script. If for any reason, the APRC was lost (deleted), the transaction must be run again.

In case of repeated authorization, the cryptogram creation block on the card is still in the IDLE mode, it generates the same ARQC as last time. When the host 2 (HOST) receives the ARQC, it runs an internal verification process, the purpose of which is to find out, whether the card asks for a new top-up or whether the previous process ended unsuccessfully. If the host 2 received the same ARQC, as the one stored during the last top-up, then it presumes that the card did not get the ARPC and that the top-up process was not ended successfully. Then the cryptogram creation block on the pre-paid card is blocked and it generates the same ARQC. That being the case, the host sends the ARPC once again with all the data, commands, which should be realized by the pre-paid card. In case the host receives a different ARQC, then the host 2 reaches the conclusion that the pre-paid card wants to be topped-up in a new process. In case the host does not have any money prepared for it, it sends the Response_code=do nothing command back to the mobile phone.

Example 2 In this example according to the figures 4 to 7, there is described a system, in which the removable memory card 1 is in the form of microSD card. There are two Secure Elements 3 _. located on it in this example, where one Secure Element 3_ is designed for the payment card unit 9, or respectively for several payment card units 9 from different issuers and the second Secure Element 3_ contains the payment terminal unit Jj). The removable memory card 1 with a common flash memory 1_4 has the interface 5 _. of the common microSD standard and is inserted into the mobile communication device's 4 slot. It is a common slot designed for the insertion of the extension memories.

In this example the NFC communication element 7 with antenna is j_3 is located on the removable memory card L The mobile communication device 4 has a payment button 8 _. located next to the keyboard field. The payment button 8 _. is connected with microswitch on the mobile communication device's 4. The specific realization of the microswitch is not important and can be in different forms, e.g. as a membrane switch, capacity switch and similar.

The payment button 8 _. is connected to the Firmware in such a way that the only acceptable order for the change of access mode of the removable memory card 1 can be from the contact of the payment button 8 _. at least in case the mobile communication device 4 is equipped with this kind of payment button 8 _. . In case, the same removable memory card 1 will be inserted into the slot of the mobile communication device 4 without the purpose hardware payment button 8 _. , the change of access mode will be realized over menu on the display 12 of the mobile communication device 4. In the mobile phone, which is equipped with the payment button 8 _. , it will not be possible to access Secure Element 3_ on the removable memory card 1 by any other way then over the predefined firmware connected with the payment button 8 _. . In this example it will be the LGM (LOGOMOTION) application.

The two access modes can have the following characteristics: function access mode access mode extension of the memory for payment function

read/write files YES YES

NFC communication NO NO extended access (SDIO ...) YES/ NO YES according to the phone access to the SE from the NO YES application in the phone file cashe memory in flash YES/ NO NO according to the phone permanent powering of the YES/ NO YES card according to the phone

In the access mode of the payment function, the caching of the files on the removable memory card 1 will be switched off, the access to the flash memory 2 and the access into the file system will be supported. In case the mobile communication device 4 will be capable of supporting higher communication interface, e.g. the SDIO standard (Secure Digital Input Output), McEX, the corresponding interface can be accessible even in the access mode of the payment function.

The creation of the request cryptogram is enabled only in the access mode for the payment function of the removable memory card 1 after the hardware payment button 8 _. is physically pressed

Industrial usability

The industrial usability is obvious. According to this invention, it is possible to create and use pre-paid payment devices and it is also possible to top-up these kinds of payment device using messages, especially of the SMS type.

LIST OF RELATED SYMBOLS:

1. a memory card

2. the host

3. a secure element

4. a mobile communication device

5. an interface

6. a microcontroller

7. a contactless communication unit

8. a payment button

9. a payment card unit

10. a payment terminal unit

11. keyboard

12. display

13. antenna

14. a memory

EMV - Europay MasterCard Visa ARQC - Authorization Request Cryptogram ARPC - Authorization Response Cryptogram SIM - subscriber identity module

NFC - Near Field Communication SMS - Short Message Service ATM - automated teller machine