[19]
`
` [12] Invention Patent Application Publication
`
` [21] Application no. 200710195785.2
`
`[43] Publication date: 17 June 2009
`
`
`
`[11] Publication no.: CN 101459902A
`
`[22] Application date: 2007.12.13
`[21] Application no.: 200710195785.2
`[71] Applicant(s): ZTE Corporation
` Address: Legal Dept., ZTE Plaza, Keji Road South,
`Hi-Tech Industrial Park, Nanshan District,
`Shenzhen, Guangdong 518057
`[72] Inventor(s): Wang Wenjun, Lü Ji
`
`[74] Patent agency: Beijing AFD Intellectual
`Property Agency Co., Ltd.
`Agent(s): Long Hong, Huo Yudong
`
`[54] Title of invention:
`
`A trusted service manager system and method for mobile payments
`
`2 pages Claims, 5 pages Specification, 2 pages
`Drawings
`
`TSM system
`
`Application management module
`
`Security management module
`
`Card management
`module
`
`[57] Abstract:
`
`The present invention provides a mobile
`payment TSM system and a method thereof, characterized
`in that it includes a card management module, a security
`management module, and a management module,
`wherein the card management module includes a card
`information management unit for managing card
`information ; the security management module includes a
`key management unit for key generation, storage, and
`distribution ; the application management module is
`connected to the card management module and security
`management module, for receiving an application request
`submitted by a user terminal, acquiring corresponding
`information from a card management module and security
`management module, and processing the application
`request.
`
`
`Apple Ex. 1009, p. 1
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Claims
`
`Page 1 of 2
`
`1. A trusted service manager system for mobile payments, characterized in that it comprises a
`card management module, security management module, and application management module,
`wherein
`
`the card management module comprises a card information management unit configured to
`manage card information;
`
`the security management module comprises a key management unit configured for key
`generation, storage, and distribution;
`
`the application management module is connected to the card management module and security
`management module, and configured to receive an application request submitted by a user terminal,
`acquire corresponding information from the card management module and security management
`module, and process the application request.
`
`2. The trusted service manager TSM system according to Claim 1, characterized in that the card
`information comprises one or more of the following types of information: card operating system, card
`version, card owner, and card batch information.
`
`3. The TSM system according to Claim 1, characterized in that the card management module
`also comprises a security domain management unit, and the security domain management comprises
`one or more of the following functions: security domain information maintenance, security domain
`creation, and security domain deletion.
`
`4. The TSM system according to Claim 1 or Claim 3, characterized in that the card management
`module also comprises a card status management unit, and the card status management comprises one
`or more of the following: card status recording, card locking, or card unlocking.
`
`5. The TSM system according to Claim 1, characterized in that the security management module
`also comprises a certificate management unit, comprising one or more of the functions of certificate
`requesting, certificate storage, and certificate updating.
`
`6. The TSM system according to Claim 1, characterized in that the application management
`module receives an application request submitted by a user terminal, examines and tests the request,
`and issues the corresponding application to the terminal after the request passes the test.
`
`7. The TSM system according to Claim 6, characterized in that the application management
`module further comprises an application submission unit, an application test unit, and an application
`download unit, wherein,
`
`the application submission unit is configured to receive an application request submitted by a
`user terminal;
`
`the application test unit is configured to examine and testing an application request and
`
`2
`
`Apple Ex. 1009, p. 2
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Claims Page 2 of 2
`
`notify the application download unit after the test is passed;
`
`after receiving a notification from the application test unit, the application download unit
`generates download data and issues the download data to a user terminal.
`
`8. The TSM system according to Claim 6, characterized in that the application management
`module also comprises an application deletion unit configured to delete a user terminal application.
`
`9. A method utilizing a TSM system to perform mobile payments, applied to a TSM system,
`comprising the following steps:
`
`(a) a user terminal submitting an application request to an application management module;
`
`(b) the application management module acquiring card information from a card management
`module;
`
`(c) the application management module acquiring the key information of the security domain of
`this card from a security management module;
`
`(d) the application management module generating download data corresponding to the
`application and issuing the application to the user terminal.
`
`10. The method according to Claim 9, characterized in that, after Step (d), it also comprises Step
`(e): the user terminal feeding back the application download status to the application management
`module.
`
`3
`
`Apple Ex. 1009, p. 3
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 1 of 5
`
`A trusted service manager system and method for mobile payments
`
`Technical field
`
`The present invention relates to mobile communication systems. In particular, it relates to an
`NFC (Near Field Communication, short-range wireless communication) mobile payment TSM (Trusted
`Service Manager) system and a method thereof.
`
`Background
`
`Mobile value-added services are developing extremely rapidly, and services such as SMS, MMS,
`and mobile internet access are becomin
`extremely important part of value-added services, mobile payments have been granted great
`importance by operators. NFC mobile payment
` SIM/UICCs (universal
`integrated circuit cards) in mobile phones in connection with contactless/NFC technology. With a mobile
`phone possessing this function, a user can make a payment simply by waving their mobile phone in front
`of a special card reader.
`
`The NFC working group within the GSMA (Global System for Mobile Communications
`Association) has started research on standardization of NFC technology in the field of mobile
`communications, and has proposed establishing TSMs as the management platforms in NFC systems, to
`be responsible for the management of mobile phone SIM/UICC cards. Today, TSM platform research is
`still in the initial stage. The question of how to effectively design the internal structure of TSM systems,
`providing them with good modularity and scalability requires further research.
`
`Summary of the invention
`
`The technical problem addressed by the present invention is the provision of a TSM system and
`method, enabling TSM platforms to provide mobile payment services as simply and efficiently as
`possible.
`
`To solve this technical problem, the present invention provides a mobile payment TSM system,
`characterized in that it includes a card management module, a security management module, and an
`application management module, wherein,
`
`the card management module includes a card information management unit configured to
`manage card information;
`
`the security management module includes a key management unit configured for key
`generation, storage, and distribution;
`
`4
`
`Apple Ex. 1009, p. 4
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 2 of 5
`
`the application management module is connected to the card management module and security
`management module, and configured to receive an application request submitted by a user terminal,
`acquire corresponding information from the card management module and security management
`module, and process the application request.
`
`Furthermore, this TSM system may also possess the following characteristic: the card
`information includes one or more of the following types of information: card operating system, card
`version, card owner, and card batch information.
`
`Furthermore, this TSM system may also possess the following characteristic: the card
`management module also includes a security domain management unit, and the security domain
`management includes one or more of the following functions: security domain information
`maintenance, security domain creation, and security domain deletion.
`
`Furthermore, this TSM system may also possess the following characteristic: the card
`management module also includes a card status management unit, and the card status management
`includes one or more of the following: card status recording, card locking, or card unlocking.
`
`Furthermore, this TSM system may also possess the following characteristic: the security
`management module also includes a certificate management unit, including one or more of the
`functions of certificate requesting, certificate storage, and certificate updating.
`
`Furthermore, this TSM system may also possess the following characteristic: the application
`management module receives an application request submitted by a user terminal, examines and tests
`the request, and issues the corresponding application to the terminal after the request passes the test.
`
`Furthermore, this TSM system may also possess the following characteristic: the application
`management module further includes an application submission unit, an application test unit, and an
`application download unit, wherein,
`
`the application submission unit is configured to receive an application request submitted by a
`user terminal;
`
`the application test unit is configured to examine and test an application request and notify the
`application download unit after the test is passed,
`
`after receiving a notification from the application test unit, the application download unit
`generates download data and issues the download data to a user terminal.
`
`Furthermore, this TSM system may also possess the following characteristic: the application
`management module also includes an application deletion unit configured to delete a user terminal
`application.
`
`A method utilizing a TSM system to perform mobile payments, applied to a TSM system,
`including the following steps:
`
`5
`
`Apple Ex. 1009, p. 5
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 3 of 5
`
`(a) a user terminal submitting an application request to an application management module;
`
`(b) the application management module acquiring card information from a card management
`module;
`
`(c) the application management module acquiring the key information of the security domain of
`this card from a security management module;
`
`(d) the application management module generating download data corresponding to the
`application and issuing the application to the user terminal.
`
`Furthermore, this method may also possess the following characteristic: after Step (d), it also
`includes Step (e): the user terminal feeding back the application download status to the application
`management module.
`
`The present invention divides the TSM system into a card management module, an application
`management module, and a key management module, and by rationally distributing the module
`functions, it enables the TSM platform to provide services in a flexible manner.
`
`Brief description of the drawings
`
`Figure 1 is a block diagram of the structure of the TSM system of the present invention;
`Figure 2 is a flow diagram of a mobile payment made using the TSM system of the present
`invention.
`Detailed description of the invention
`
`A TSM system is an independent data service system of a mobile communications system. It
`serves as the core network element of NFC mobile payments and needs to achieve three major
`functions: card management, security management, and application management.
`
`The present invention provides a TSM system, including three modules: a card management
`module, a security management module, and an application management module.
`
`The functions of the card management module include: card information management, security
`domain management, and card status management, which are achieved by a card information
`management unit, a security domain management unit, and a card status management unit,
`respectively, wherein:
`
` information,
`the card information management unit is configured to manage a card
`such as the card operating system and version, the card owner, and card batch information, etc.;
`
`the security domain management unit is configured to achieve functions such as security
`domain information maintenance, security domain creation, and security domain deletion; here, the
`security domain is a logic domain on a card, for logically dividing the card into different domains, and
`the security permissions of each domain are different.
`
`The card status management unit is configured to achieve operations such as recording card
`status and locking and unlocking the card;
`
`6
`
`Apple Ex. 1009, p. 6
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 4 of 5
`
`here, applications on a locked card cannot be operated, and the corresponding service functions cannot
`be used; for example, if a card originally is equipped with a public transportation card function, the card
`cannot be used as a public transportation card after the card is locked.
`
`Security management module functions include: key management and certificate management,
`achieved by a key management unit and a certificate management unit;
`
`the key management unit is configured to achieve key generation, key storage, and key
`distribution;
`
`the certificate management unit is configured to achieve operations such as certificate
`requesting, certificate storage, and certificate updating;
`
`A certificate represents user identity. It is a document capable of identifying a person, which is
`issued by a trusted third party.
`
`The functions of the application management module include: linking with the card
`management module and security management module, for receiving an application request submitted
`by a user terminal, acquiring corresponding information from the card management module and
`security management module, and processing the application request. Specifically, it includes functions
`such as application submission, application examination and testing, application downloading, and
`application deletion, achieved by an application submission unit, application test unit, application
`download unit, and application deletion unit, respectively, wherein,
`
`the application submission unit: a user terminal submits an application request on a page
`provided by the TSM, and the application submission unit receives this application request;
`
`a user employs a terminal supporting NFC services and requests to download an application
`from the TSM system through a variety of modes.
`
`The application test unit: examines and tests an application request submitted by a user
`terminal; an application passing the test may be downloaded; the application test unit notifies the
`application download unit;
`
`the application download unit: after receiving a notification from the application test unit, i.e.:
`after the examination and testing are passed, the application management module sends the
`application to the user terminal. After being downloaded, the application is stored to the terminal
`SIM/UICC card;
`
`the application deletion unit: deletes an application from a user terminal;
`
`here, a user also may manually delete an application from a user terminal.
`
`Below, an application download example is used to describe the relationships between an
`application and the security management module, application management module, and card
`management module of the TSM system of the present invention:
`
`Step 101: Through a variety of modes, which may be SMS, WAP, or WWW, a user requests to
`
`7
`
`Apple Ex. 1009, p. 7
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification
`
`Page 5 of 5
`
`download an application, and this request is sent to the application management module of the TSM
`system by the user terminal card; here, the user submits the application request through the user
`terminal (card).
`
`When the request is submitted, it carries user card identifier information, such as a card
`identifier, user identifier, etc.
`
`Step 102: After the application management module receives this request,
`card information, such as card status, card batch information such as the operating system, previously
`downloaded applications, and the card security domain information, is acquired from the card
`management module based on the identifier information carried in the request.
`
`Step 103: The application management module
`security domain from the security management module;
`
`Step 104: The application management module generates download data corresponding to the
`application;
`
`Step 105: The application management module issues the application (i.e.: download data) to
`the user terminal (card);
`
`Step 106: The user terminal feeds back the application download status to the application
`management module.
`
`8
`
`Apple Ex. 1009, p. 8
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`200710195785.2
`
`Specification Drawings
`
`Page 1 of 2
`
`Apple Ex. 1009, p. 9
` Apple v. Fintiv
`IPR2020-00019
`
`TSM system
`
`Application management module
`
`Security management module
`
`Card management module
`
`Figure 1
`
`9
`
`

`

`200710195785.2
`
`Specification Drawings Page 2 of 2
`
`User
`
`TSM card management module
`
`TSM card security management module
`
`TSM application management module
`
`101 Request application download
`
`102 Acquire card information
`
`103 Acquire key
`
`105 Download application to card
`
`106 Feedback application download results
`
`Figure 2
`
`104 Generate download data
`
`10
`
`Apple Ex. 1009, p. 10
` Apple v. Fintiv
`IPR2020-00019
`
`

`

`
`
`I declare that all statements made herein of my own knowledge are true and all statements
`
`.
`
`.
`
`1 pple v. FIntlv
`PR2020-00019
`
`15 W. 37th Street
`
`W3
`
`33 I
`
`mm "am
`
`[P TR \XSL \TI().\S
`'0am.-
`
`
`
`mmmmauwmu
`
`Haul-
`
`flu
`
`elocalize — Park 1P.
`
`1 My qua 1 ications are as To ows:
`
`uni—mum“
`
`{almanac} m
`
`‘ o altlona
`
`etai s regar 111g my qua 11cations can ne oun 011t1eW
`
`e attac 1e
`
`inese 1nto Eng is
`
`trans ation as een trans ate oy me an tot e est 0 my
`
`I 10w ea ge an ue 1e , 1t 1s a t1ue an: accurate trans atlon o :W
`
`1ade 011 11 ormatlon an ne 1e are ue leveo to ue true, an. urt er t1at t1ese statements
`
`ere mae w1t
`
`t1e
`
`ow eget at W1 u a se statements an t e 1e are pums a
`
`e y
`
`rme or 1mpr1sonment, or ot 1, un er 18 U.S.C. 1001, an.
`
`tatements and the like may jeopardize the validity of the application or submission or
`
`. 11y registration resu t1ng t ere rom.
`
`

`

`l 93 — 1994 John Hopkins University — Nanjing University Center for Chinese and
`American Studies
`
`anjing, PRC
`
`Study of East Asian security and Chinese history and culture. Classes were conducted
`In Mandarin
`
`'89 — 1993 Middlebury College, Middlebury, VT
`'.A. in East Asian Studies. Magna Cum Laude.
`
`Summer 1991 Middlebury College Chinese Language School
`Middlebury. VT
`Advanced study of Mandarin Chinese
`
`
`
`i996 — present
`XPERIENCE:
`Chinese—to—English Translation
`Clients: Eleven years with the Office of Naval Intelligence. Other clients include
`Schreiber Translations, the Foreign Broadcast Information Service and the
`International Monetary Fund.
`Areas of Specialization: Technologies such as electronics, computer—assisted
`design, signal processing, sonar and radar: shipbuilding: industry: trade: economics:
`International affairs: environmental policy: personal correspondence.
`
`H994 — 1996 Voice of America
`
`ntormation Specialist: China Branch and East Asian Division.
`
`Translated listener correspondence from Chinese to English and
`oerformed daily scans of Chinese—language newspapers and wires.
`
`’ORFE
`
`IONALA 0
`
`IATIONIMemberOfATA
`
`15 W. 37f Street St F oor
`
`New Yor , NY 10018
`212.581.8870
`
`1 pple v. Fintiv
`
`