TREA

CONFIGURATION WITH THE PAYMENT BUTTON IN THE MOBILE COMMUNICATION DEVICE, THE WAY THE PAYMENT PROCESS IS STARTED

Follow

Information

  • Patent Application
  • 20110021175
  • Publication Number
    20110021175
  • Date Filed
    October 06, 2010
    13 years ago
  • Date Published
    January 27, 2011
    13 years ago
Information
Abstract
On the interface side (7), a removable memory card (2), on which at least one payment card unit is located (5), appears to be a removable memory card (2) for the extension of the mobile communication device's (4) memory capacity up till the moment when the payment purpose button (1) is physically pressed. Then the removable memory card (2) switches into the payment function's access mode and is made accessible on its interface (7) as a card with a Secure Element (3) having at least one payment card unit (5). After the termination and/or interruption of the payment process, the removable memory card (2) switches into the access mode for the memory capacity extension function of the mobile communication device (4). This configuration and method increase the security of the payment process while retaining high level of manipulation comfort. At the mobile communication device with a payment purpose button (1) it is possible to switch the access mode exclusively by physical press of the hardware payment button (1) by which the unauthorized start of the payment application without the user's knowledge is prevented.
Description
TECHNICAL FIELD

The solution refers to increase in security and comfort of payments over the mobile communication device, such as a mobile phone, where data on the payment card and possibly even on the payment terminal are stored on the removable memory card that is e.g. in the form of a SD, microSD card and that is inserted into a corresponding slot of the mobile communication device.


BACKGROUND

In times when the usage of mobile communication devices, such as mobile phones, for cashless payment applications is increasing, the request for increase in comfort and security of payment processes will rise. Mobile communication devices have the possibility of intentional but also unobserved connection to a mobile data network, a fact that raises the risk of penetration by harmful programs into the mobile communication device's environment.


A purpose Pay-button is known according to the patent file published as WO 2010/011670 A2. The NFC communication element necessary for the run of contactless payment application is started by it. This button simplifies launch of the payment application, however its connection to the NFC communication element does not offer increased security in comparison to older solutions, where the payment application was started by a virtual button displayed in the menu on the mobile communication device's display. The analysis of possible attacks on the payment card stored within the mobile communication device pointed out a risk based on the fact that an unsuitable program, e.g. in the form of Trojan horse, can initialize the payment application without the user's knowledge. Because the payment card in the mobile communication device is inserted in the payment card reader all the time, then this kind of placement itself includes the possibility that there will be constant trials to read data from the card. For this reason there is a danger that in the future it will come to the failure of the payment card's security level, e.g. even of the EMV (EuropayMastercardVisa) standard, a situation that was considered to be improbable until recently since the payment card was inserted in the reader, e.g. in the POS (Point of sales) terminal, or in the ATM, for a long time and practically without interruption. For this reason, such a solution is required, which will not only increase the comfort but also the security of the payment card. The existing purpose buttons as e.g. the photo button in the mobile phone had only the purpose of accelerating and simplifying the access to selected function of the phone and it was not necessary to solve the security question of intentional start of the selected function.


The new, more secure solution should be comfortable enough so it would not lower the comfort of the attendant, which is an important presumption in order to spread cashless payments using a mobile phone.


SUMMARY

The deficiencies mentioned are to a great extent eliminated by a configuration with a payment button in the mobile communication device, where in accordance with this solution a removable memory card with at least one payment card unit is also located. The subject matter of this solution lies in the fact that the removable memory card has two independent access modes. One access mode is designed and set for the common function of the removable memory card which rests in the extension of the memory capacity of the mobile communication device, such as a mobile phone. This access mode prevents access to the unit with the payment card and to the contactless communication element on the removable memory card. Basically, on the removable memory card's interface this card appears to be a common removable card without the Secure Element and without the communication element on the removable memory card when the card is in this access mode.


The second access mode is designed and set for the payment function of the removable memory card, where the access to the unit with the payment card and also to the contactless communication element on the removable memory card is allowed from the mobile communication device's circuits over an interface. In preferable configuration even the unit with the payment terminal can be located on the removable memory card and then this unit is also accessible just and only in the access mode for the payment function.


The two modes are alternatively selectable, it is important that the access mode for the payment function of the removable memory card is active only after physical press of the hardware payment button. Even the common flash memory can be accessible in the payment function access mode.


The removable memory card, on which at least one payment card unit is located, appears to be a removable memory card for the extension of the memory capacity of the mobile communication device on the interface and that up until the moment when the purpose payment button is physically pressed. Then the removable memory card is made accessible on the interface as a card with Secure Element and at least one payment card unit.


The removable memory card according to this solution has an architecture which encompasses a commonly accessible flash memory and also has hardware and software elements of the payment card, or even of the payment terminal. During common usage of the mobile communication device, the removable memory card behaves as if it contained only a flash memory for the extension of the memory capacity with a corresponding microcontroller. In this state, the reading and writing of files is enabled in the memory of the removable memory card, however other elements, e.g. the Secure Element, the NFC communication element are hidden and cannot be managed or run in this mode.


The existence of the purpose hardware payment button enables the change of the removable payment card's character on its interface level to be tied exclusively to the physical press of the payment button. The necessity of physical press of the button excludes the possibility to run the payment application by some undesirable software or script imitating the will of the user.


By this configuration we will exclude the risk that the removable memory card's interface will be misused through the trials to overcome the security elements without the user's knowledge. The connection between the physical press of the button and the run of the corresponding Firmware can be stored in the memory in such a way that it is either never possible to rewrite it, change it or update it or that it is not possible to do it without the corresponding password. The unauthorized program then cannot emulate the signal from the physical payment button in such a way so this signal would appear to the other steps of the application's run as a real physical press of the button. Since the intruder will not have the possibility to physically press the described button on the remote mobile communication device, it is excluded that he could gain uncontrollable access to the payment card's unit or to the unit of the payment terminal on the removable memory card. The removable memory card will behave as a standard memory card and only after physical press of the payment button it will switch into the payment card mode. The end of payment application will automatically switch the card's mode into the common extension of the memory capacity mode.


The new way of starting the payment process in the mobile communication device is based on the same principle of the two access modes. This way encompasses the communication between the interface of the mobile communication device and an inserted removable memory card with at least one payment card unit according to this solution, the subject matter of which is based on the fact that before the run of the payment process the removable memory card is in the access mode to the common extension of memory capacity function. Then the unit with the payment card, and pertinently even the contactless communication element and the unit with the payment terminal, in case they are located on the removable memory card, are inaccessible from the side of its interface. Only exclusively after the physical press of the hardware payment button, the removable memory card switches into access mode for the payment function of the removable memory card with allowed access to the unit with the payment card.





BRIEF DESCRIPTION OF THE DRAWINGS

The solution is explained in detail on the FIGS. 1 to 5.


On the FIG. 1, there is a schematically displayed diagram showing the successiveness of the payment application's run with the press of the hardware payment button, where it is possible to see the localization of the individual tasks and processes on the phone hardware/phone firmware/removable memory card level.


On the FIG. 2 we can see the structure, with which the removable memory card presents itself on the outside in case it is in the common extension of the mobile phone's memory access mode.


On the FIG. 3 there is the structure, with which the removable memory card presents itself on the outside in case of payment card access mode. In this configuration there is even the unit with the payment terminal located on the removable memory card.


On the FIG. 4 there is an example of mobile phone with the payment button.


On the FIG. 5 there is removable memory card of the microSD type with two independent Secure Elements and with the communication element that is located directly on the memory card just like antenna is. This figure can also depict the configuration with the unit of indifferent POS payment terminal and with four independent payment cards' units from various banks





DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

In this example according to the FIGS. 1 to 4, there is a description of the system, where a removable memory card 2 is in the form of microSD card. In this example there are two Secure Elements 3 located on it, where one Secure Element 3 is designed for the payment card unit 5, or respectively for several payment card units 5 from different issuers and the second Secure Element 3 contains the payment terminal unit 6. In another example the removable memory card 2 can contain only one payment card unit 5 without the payment terminal unit 6 being localized.


The removable memory card 2 with a common flash memory 13 has the interface 7 of the common microSD standard and it is inserted into the mobile communication device's 4 slot. It is a common slot designed for the insertion of the extension memories.


In this example, the NFC communication element 8 with an antenna 12 is located on the removable memory card 2. The mobile communication device 4 has a payment button 1 located in the keyboard field. The payment button 1 is connected with a microswitch on the printed circuit of the mobile communication device's 4. The specific realization of the microswitch is not important and can be of different formats, e.g. as a membrane switch, capacity switch and similar.


The payment button 1 is connected to the Firmware in such a way that the only acceptable command for the change of access mode of the removable memory card 2 can come from the contact of the payment button 1 or at least in case the mobile communication device 4 is equipped with this kind of payment button 1. In case, the same removable memory card 2 will be inserted into the slot of the mobile communication device 4 without the purpose hardware payment button 1, the change of access mode will be realized over the menu on the display 10 of the mobile communication device 4. That being the case, the removable memory card 2 will be functional in both access modes, however the entire connection with the mobile communication device 4 will have lower security of the payment.


In the mobile phone, which is equipped with the payment button 1, it will not be possible to access Secure Element 3 on the removable memory card by any other way then over the predefined firmware connected with the payment button 1. In this example it will be the LGM application.


The two access modes can have the following characteristics:
















access mode



access mode
for payment


function
extension of the memory
function







read/write files
YES
YES


NFC communication
NO
NO


extended access (SDIO . . .)
YES/NO
YES



(according to the phone)



access to the SE from the
NO
YES


application in the phone




file cache memory in flash
YES/NO
NO



(according to the phone)



permanent powering of the
YES/NO
YES


card
(according to the phone)









In the access mode of the payment function, the caching of the files on the removable memory card 2 will be switched off, the access to the flash memory 13 and the access into the file system will be supported.


In case the mobile communication device 4 will be capable of supporting higher communication interface, e.g. the SDIO standard (Secure Digital Input Output), McEX, the corresponding interface can be accessible even in the access mode of the payment function.


INDUSTRIAL APPLICABILITY

The industrial applicability is obvious. With this invention, it is possible to industrially and repeatedly arrange configurations including the hardware payment button in the mobile communication device, where this button presents the selector of the current access mode of the removable memory card.


LIST OF RELATED SYMBOLS






    • 1—a payment button


    • 2—a removable memory card


    • 3—a Secure Element


    • 4—a mobile communication device


    • 5—a payment card unit


    • 6—a payment terminal application


    • 7—an interface


    • 8—a communication element


    • 9—a keyboard


    • 10—a display


    • 11—a microcontroller


    • 12—an antenna of the removable memory card


    • 13—a memory




Claims
  • 1. A removable memory card for use in a mobile communication device (4) having a hardware payment button (1), the removable memory card (2) comprising: a secure element (3);a contactless communication element (8);a payment card unit (5); anda memory (13),wherein the removable memory card has a first access mode for extension of a memory capacity of the mobile communication device (4) in which access to the secure element (3) and to the contactless communication element (8) is blocked, anda second access mode for a payment function of the removable memory card (2) with authorized access to the secure element (3) with the payment card unit (5), wherein the second access mode is active only after a physical press of the hardware payment button (1).
  • 2. The removable memory card of claim 1, further comprising a payment terminal unit (6) that is accessible exclusively in the second access mode.
  • 3. The removable memory card of claim 1, further comprising an antenna (12) connected to the contactless communication element (8).
  • 4. The removable memory card of claim 1, wherein the removable memory card (2) is an SD or microSD card.
  • 5. The removable memory card of claim 1, wherein the communication element (8) is a near-field communication (NFC) element.
  • 6. A system for contactless payment, the system comprising: a mobile communication device (4) having a hardware payment button (1); anda removable memory card (2) comprising a secure element (3), a contactless communication element (8), a payment card unit (5), and a memory (13),wherein the removable memory card has a first access mode for extending a memory capacity of the mobile communication device (4), wherein access to the secure element (3) and to the contactless communication element (8) is blocked, anda second access mode for a payment function of the removable memory card (2) with authorized access to the secure element (3) with the payment card unit (5), wherein the second access mode is active only after a physical press of the hardware payment button (1).
  • 7. The system of claim 6, wherein the removable memory card further comprises a payment terminal unit (6) that is accessible exclusively in the second access mode.
  • 8. The system of claim 6, wherein the removable memory card further comprises an antenna (12) connected to the contactless communication element (8).
  • 9. The system of claim 6, wherein the mobile communication device (4) is adapted to block emulation of a signal from the payment button (1) on an impulse from another input to the mobile communication device (4).
  • 10. The system of claim 6, wherein the removable memory card (2) is an SD or microSD card.
  • 11. The system of claim 6, wherein the communication element (8) is a near-field communication (NFC) element.
  • 12. A method for starting a payment process from a mobile communication device (4) having a hardware payment button (1), the method comprising: communicating between the mobile communication device (4) and an interface (7) of a removable memory card (2) inserted into the mobile communication device (4), the removable memory card (2) having a payment card unit (5),wherein, before the payment process is started, the removable memory card (2) is in a first access mode for extending a memory capacity of the mobile communication device (4) in which the payment card unit (5) is inaccessible from a side of interface (7), andwherein, after a physical press of the hardware payment button (1), the removable memory card (2) switches into a second access mode for a payment function of the removable memory card (2) with allowed access to the payment card unit (5).
  • 13. The method of claim 12, wherein the removable memory card (2) comprises a secure element (3) with a payment terminal unit (6) that is accessible only after the removable memory card (2) is switched into the second access mode.
  • 14. The method of claim 12, wherein, after the payment process is ended or interrupted, the removable memory card (2) switches back into the first access mode.
  • 15. The method of claim 12, wherein the removable memory card further comprises an antenna (12) connected to the contactless communication element (8).
  • 16. The method of claim 12, further comprising blocking an emulation of a signal from the payment button (1) on an impulse from another input to the mobile communication device (4).
  • 17. The method of claim 12, wherein the removable memory card (2) is an SD or microSD card.
  • 18. The method of claim 12, wherein the communication element (8) is a near-field communication (NFC) element.
Priority Claims (4)
Number Date Country Kind
PP00032-2009 May 2009 SK national
PP50009-2010 Mar 2010 SK national
PP50012-2010 Apr 2010 SK national
PP50016-2010 Apr 2010 SK national
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of PCT Application No. PCT/IB2010/051915, filed May 1, 2010, which claims priority from Slovak patent applications nos. PP00032-2009, filed May 3, 2009, PP50009-2010, filed Mar. 27, 2010, PP50012-2010, filed Apr. 8, 2010, and PP50016-2010, filed Apr. 19, 2010. The entire disclosure of each of the above-referenced patent applications is hereby incorporated herein by reference.

Continuations (1)
Number Date Country
Parent PCT/IB2010/051915 May 2010 US
Child 12899346 US