[19]
`
` [12] Invention Patent Application Publication
`
` [21] Application no. 200710195785.2
`
`[43] Publication date: 17 June 2009
`
`
`
`[11] Publication no.: CN 101459902A
`
`[22] Application date: 2007.12.13
`[21] Application no.: 200710195785.2
`[71] Applicant(s): ZTE Corporation
` Address: Legal Dept., ZTE Plaza, Keji Road South,
`Hi-Tech Industrial Park, Nanshan District,
`Shenzhen, Guangdong 518057
`[72] Inventor(s): Wang Wenjun, Lü Ji
`
`[74] Patent agency: Beijing AFD Intellectual
`Property Agency Co., Ltd.
`Agent(s): Long Hong, Huo Yudong
`
`[54] Title of invention:
`
`A trusted service manager system and method for mobile payments
`
`2 pages Claims, 5 pages Specification, 2 pages
`Drawings
`
`TSM system
`
`Application management module
`
`Security management module
`
`Card management
`module
`
`[57] Abstract:
`
`The present invention provides a mobile
`payment TSM system and a method thereof, characterized
`in that it includes a card management module, a security
`management module, and a management module,
`wherein the card management module includes a card
`information management unit for managing card
`information ; the security management module includes a
`key management unit for key generation, storage, and
`distribution ; the application management module is
`connected to the card management module and security
`management module, for receiving an application request
`submitted by a user terminal, acquiring corresponding
`information from a card management module and security
`management module, and processing the application
`request.
`
`
`Apple Ex. 1009, p. 1
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Claims
`
`Page 1 of 2
`
`1. A trusted service manager system for mobile payments, characterized in that it comprises a
`card management module, security management module, and application management module,
`wherein
`
`the card management module comprises a card information management unit configured to
`manage card information;
`
`the security management module comprises a key management unit configured for key
`generation, storage, and distribution;
`
`the application management module is connected to the card management module and security
`management module, and configured to receive an application request submitted by a user terminal,
`acquire corresponding information from the card management module and security management
`module, and process the application request.
`
`2. The trusted service manager TSM system according to Claim 1, characterized in that the card
`information comprises one or more of the following types of information: card operating system, card
`version, card owner, and card batch information.
`
`3. The TSM system according to Claim 1, characterized in that the card management module
`also comprises a security domain management unit, and the security domain management comprises
`one or more of the following functions: security domain information maintenance, security domain
`creation, and security domain deletion.
`
`4. The TSM system according to Claim 1 or Claim 3, characterized in that the card management
`module also comprises a card status management unit, and the card status management comprises one
`or more of the following: card status recording, card locking, or card unlocking.
`
`5. The TSM system according to Claim 1, characterized in that the security management module
`also comprises a certificate management unit, comprising one or more of the functions of certificate
`requesting, certificate storage, and certificate updating.
`
`6. The TSM system according to Claim 1, characterized in that the application management
`module receives an application request submitted by a user terminal, examines and tests the request,
`and issues the corresponding application to the terminal after the request passes the test.
`
`7. The TSM system according to Claim 6, characterized in that the application management
`module further comprises an application submission unit, an application test unit, and an application
`download unit, wherein,
`
`the application submission unit is configured to receive an application request submitted by a
`user terminal;
`
`the application test unit is configured to examine and testing an application request and
`
`2
`
`Apple Ex. 1009, p. 2
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Claims Page 2 of 2
`
`notify the application download unit after the test is passed;
`
`after receiving a notification from the application test unit, the application download unit
`generates download data and issues the download data to a user terminal.
`
`8. The TSM system according to Claim 6, characterized in that the application management
`module also comprises an application deletion unit configured to delete a user terminal application.
`
`9. A method utilizing a TSM system to perform mobile payments, applied to a TSM system,
`comprising the following steps:
`
`(a) a user terminal submitting an application request to an application management module;
`
`(b) the application management module acquiring card information from a card management
`module;
`
`(c) the application management module acquiring the key information of the security domain of
`this card from a security management module;
`
`(d) the application management module generating download data corresponding to the
`application and issuing the application to the user terminal.
`
`10. The method according to Claim 9, characterized in that, after Step (d), it also comprises Step
`(e): the user terminal feeding back the application download status to the application management
`module.
`
`3
`
`Apple Ex. 1009, p. 3
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 1 of 5
`
`A trusted service manager system and method for mobile payments
`
`Technical field
`
`The present invention relates to mobile communication systems. In particular, it relates to an
`NFC (Near Field Communication, short-range wireless communication) mobile payment TSM (Trusted
`Service Manager) system and a method thereof.
`
`Background
`
`Mobile value-added services are developing extremely rapidly, and services such as SMS, MMS,
`and mobile internet access are becomin
`extremely important part of value-added services, mobile payments have been granted great
`importance by operators. NFC mobile payment
` SIM/UICCs (universal
`integrated circuit cards) in mobile phones in connection with contactless/NFC technology. With a mobile
`phone possessing this function, a user can make a payment simply by waving their mobile phone in front
`of a special card reader.
`
`The NFC working group within the GSMA (Global System for Mobile Communications
`Association) has started research on standardization of NFC technology in the field of mobile
`communications, and has proposed establishing TSMs as the management platforms in NFC systems, to
`be responsible for the management of mobile phone SIM/UICC cards. Today, TSM platform research is
`still in the initial stage. The question of how to effectively design the internal structure of TSM systems,
`providing them with good modularity and scalability requires further research.
`
`Summary of the invention
`
`The technical problem addressed by the present invention is the provision of a TSM system and
`method, enabling TSM platforms to provide mobile payment services as simply and efficiently as
`possible.
`
`To solve this technical problem, the present invention provides a mobile payment TSM system,
`characterized in that it includes a card management module, a security management module, and an
`application management module, wherein,
`
`the card management module includes a card information management unit configured to
`manage card information;
`
`the security management module includes a key management unit configured for key
`generation, storage, and distribution;
`
`4
`
`Apple Ex. 1009, p. 4
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 2 of 5
`
`the application management module is connected to the card management module and security
`management module, and configured to receive an application request submitted by a user terminal,
`acquire corresponding information from the card management module and security management
`module, and process the application request.
`
`Furthermore, this TSM system may also possess the following characteristic: the card
`information includes one or more of the following types of information: card operating system, card
`version, card owner, and card batch information.
`
`Furthermore, this TSM system may also possess the following characteristic: the card
`management module also includes a security domain management unit, and the security domain
`management includes one or more of the following functions: security domain information
`maintenance, security domain creation, and security domain deletion.
`
`Furthermore, this TSM system may also possess the following characteristic: the card
`management module also includes a card status management unit, and the card status management
`includes one or more of the following: card status recording, card locking, or card unlocking.
`
`Furthermore, this TSM system may also possess the following characteristic: the security
`management module also includes a certificate management unit, including one or more of the
`functions of certificate requesting, certificate storage, and certificate updating.
`
`Furthermore, this TSM system may also possess the following characteristic: the application
`management module receives an application request submitted by a user terminal, examines and tests
`the request, and issues the corresponding application to the terminal after the request passes the test.
`
`Furthermore, this TSM system may also possess the following characteristic: the application
`management module further includes an application submission unit, an application test unit, and an
`application download unit, wherein,
`
`the application submission unit is configured to receive an application request submitted by a
`user terminal;
`
`the application test unit is configured to examine and test an application request and notify the
`application download unit after the test is passed,
`
`after receiving a notification from the application test unit, the application download unit
`generates download data and issues the download data to a user terminal.
`
`Furthermore, this TSM system may also possess the following characteristic: the application
`management module also includes an application deletion unit configured to delete a user terminal
`application.
`
`A method utilizing a TSM system to perform mobile payments, applied to a TSM system,
`including the following steps:
`
`5
`
`Apple Ex. 1009, p. 5
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 3 of 5
`
`(a) a user terminal submitting an application request to an application management module;
`
`(b) the application management module acquiring card information from a card management
`module;
`
`(c) the application management module acquiring the key information of the security domain of
`this card from a security management module;
`
`(d) the application management module generating download data corresponding to the
`application and issuing the application to the user terminal.
`
`Furthermore, this method may also possess the following characteristic: after Step (d), it also
`includes Step (e): the user terminal feeding back the application download status to the application
`management module.
`
`The present invention divides the TSM system into a card management module, an application
`management module, and a key management module, and by rationally distributing the module
`functions, it enables the TSM platform to provide services in a flexible manner.
`
`Brief description of the drawings
`
`Figure 1 is a block diagram of the structure of the TSM system of the present invention;
`Figure 2 is a flow diagram of a mobile payment made using the TSM system of the present
`invention.
`Detailed description of the invention
`
`A TSM system is an independent data service system of a mobile communications system. It
`serves as the core network element of NFC mobile payments and needs to achieve three major
`functions: card management, security management, and application management.
`
`The present invention provides a TSM system, including three modules: a card management
`module, a security management module, and an application management module.
`
`The functions of the card management module include: card information management, security
`domain management, and card status management, which are achieved by a card information
`management unit, a security domain management unit, and a card status management unit,
`respectively, wherein:
`
` information,
`the card information management unit is configured to manage a card
`such as the card operating system and version, the card owner, and card batch information, etc.;
`
`the security domain management unit is configured to achieve functions such as security
`domain information maintenance, security domain creation, and security domain deletion; here, the
`security domain is a logic domain on a card, for logically dividing the card into different domains, and
`the security permissions of each domain are different.
`
`The card status management unit is configured to achieve operations such as recording card
`status and locking and unlocking the card;
`
`6
`
`Apple Ex. 1009, p. 6
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 4 of 5
`
`here, applications on a locked card cannot be operated, and the corresponding service functions cannot
`be used; for example, if a card originally is equipped with a public transportation card function, the card
`cannot be used as a public transportation card after the card is locked.
`
`Security management module functions include: key management and certificate management,
`achieved by a key management unit and a certificate management unit;
`
`the key management unit is configured to achieve key generation, key storage, and key
`distribution;
`
`the certificate management unit is configured to achieve operations such as certificate
`requesting, certificate storage, and certificate updating;
`
`A certificate represents user identity. It is a document capable of identifying a person, which is
`issued by a trusted third party.
`
`The functions of the application management module include: linking with the card
`management module and security management module, for receiving an application request submitted
`by a user terminal, acquiring corresponding information from the card management module and
`security management module, and processing the application request. Specifically, it includes functions
`such as application submission, application examination and testing, application downloading, and
`application deletion, achieved by an application submission unit, application test unit, application
`download unit, and application deletion unit, respectively, wherein,
`
`the application submission unit: a user terminal submits an application request on a page
`provided by the TSM, and the application submission unit receives this application request;
`
`a user employs a terminal supporting NFC services and requests to download an application
`from the TSM system through a variety of modes.
`
`The application test unit: examines and tests an application request submitted by a user
`terminal; an application passing the test may be downloaded; the application test unit notifies the
`application download unit;
`
`the application download unit: after receiving a notification from the application test unit, i.e.:
`after the examination and testing are passed, the application management module sends the
`application to the user terminal. After being downloaded, the application is stored to the terminal
`SIM/UICC card;
`
`the application deletion unit: deletes an application from a user terminal;
`
`here, a user also may manually delete an application from a user terminal.
`
`Below, an application download example is used to describe the relationships between an
`application and the security management module, application management module, and card
`management module of the TSM system of the present invention:
`
`Step 101: Through a variety of modes, which may be SMS, WAP, or WWW, a user requests to
`
`7
`
`Apple Ex. 1009, p. 7
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 5 of 5
`
`download an application, and this request is sent to the application management module of the TSM
`system by the user terminal card; here, the user submits the application request through the user
`terminal (card).
`
`When the request is submitted, it carries user card identifier information, such as a card
`identifier, user identifier, etc.
`
`Step 102: After the application management module receives this request,
`card information, such as card status, card batch information such as the operating system, previously
`downloaded applications, and the card security domain information, is acquired from the card
`management module based on the identifier information carried in the request.
`
`Step 103: The application management module
`security domain from the security management module;
`
`Step 104: The application management module generates download data corresponding to the
`application;
`
`Step 105: The application management module issues the application (i.e.: download data) to
`the user terminal (card);
`
`Step 106: The user terminal feeds back the application download status to the application
`management module.
`
`8
`
`Apple Ex. 1009, p. 8
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification Drawings
`
`Page 1 of 2
`
`Apple Ex. 1009, p. 9
` Apple v. Fintiv
`IPR2020-00019
`
`TSM system
`
`Application management module
`
`Security management module
`
`Card management module
`
`Figure 1
`
`9
`
`

`

`200710195785.2
`
`Specification Drawings Page 2 of 2
`
`User
`
`TSM card management module
`
`TSM card security management module
`
`TSM application management module
`
`101 Request application download
`
`102 Acquire card information
`
`103 Acquire key
`
`105 Download application to card
`
`106 Feedback application download results
`
`Figure 2
`
`104 Generate download data
`
`10
`
`Apple Ex. 1009, p. 10
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`IP TRANSLATIONS
`welocalize O—
`
`
`TRANSLATOR DECLARATION)
`
`Jennifer Brooks@declarethat:|
`
`lF
`
`oF
`
`elocalize — Park IP.
`
`
`
`
`
`
`
`SI aTentinandpossessknowledgeofpotaitek hinescand Englishadvanced
`
`ParkIP.com
`
`Io W_3/th Street
`NewYork,NY10013)
`31.8370
`
`
`
`
`
`Ihaveworkedasa\ChineseftoEnglishtranslatorforOVeroaVCars.
`
`e attache
`
`inesefinto English translation has
`
`been translated by me and to the best of my
`
`knowledge and belief, it is a true and accurate translation of: (CN101459902A]
`
`I declare that all statements made herein of my own knowledgearetrue andall statements
`
`nade onjinformation and
`
`belief are believed to be true, and further that these statements
`
`ere made with
`
`the
`
`knowledge that willful
`
`false statements and the like are punishable by
`
`tine or imprisonment, or
`
`Statements and the like may jeopardize the validity of the application or submission or
`
`any registration resulting therefrom.
`
`Jennifer Brooks
`
`

`

`1993 - 1994 John Hopkins University — Nanjing University Center for Chinese and
`American Studies
`anjing, PRC
`
`Study of East Asian security and Chinesehistory and culture. Classes were conducted
`in Mandarin.
`989 - 1993 Middlebury College, Middlebury, VT
`B.A. in East Asian Studies. Magna Cum Laude.
`
`PROFESSIONAL ASSOCIATIONS IMember of AIA
`
`1996 - present
`XPERIENCE:
`Chinese-to-English Translation
`Clients: Eleven years with the Office of Naval Intelligence. Other clients include
`Schreiber Translations, the Foreign BroadcastInformation Service and the
`International Monetary Fund.
`Areas of Specialization: Technologies such as electronics, computer-assisted
`design, signal processing, sonar and radar; shipbuilding; industry; trade; economics;
`international affairs; environmental policy; personal correspondence.
`
`Summer 1991 Middlebury College Chinese Language School
`Middlebury, VT
`Advancedstudy of Mandarin Chinese
`
`994 - 1996 Voice of America
`nformation Specialist: China Branch and East Asian Division.
`Translated listener correspondence from Chinese fo English and
`performed daily scans of Chinese-language newspapers and wires.
`
`