CN-112801656-B - Method, device and security element for conducting a secure financial transaction on a device

Abstract

A method, apparatus and secure element for conducting secure financial transactions on an apparatus are disclosed. The device includes a central processing unit, a communication interface for establishing communication between the device and a financial institution associated with the financial account, an interface for obtaining financial account related data, a secure element for processing at least a portion of the financial account related data obtained by the interface, and control logic for obtaining a purchase amount debited from the financial account and for obtaining a transaction authorization from the financial account related financial institution, the transaction authorization being based at least in part on data independently processed by the secure element that is independent of data processed by the central processing unit. Methods of conducting secure financial transactions and computer program products for execution by secure elements are also disclosed.

Inventors

• FONTAINE SEBASTIEN
• DOLCINO LUC
• DU HAYS BENJAMIN
• DE NANCLAS MAXIME
• ALBERTI XAVIER

Assignees

• 苹果公司

Dates

Publication Date

20260505

Application Date

20130228

Priority Date

20120229

Claims (20)

1. 1. A secure element for installation in a device serving as a payment terminal, the device running a point of sale, POS, application, the POS application comprising a payment control application, the payment control application comprising control instructions for controlling the secure element, the device comprising a processor, an interface, and a communication interface, the secure element comprising instructions accessed from a non-transitory computer readable storage medium to cause the secure element to, when executing the instructions: a universal card, universal card and visa EMV transaction module configured to process data obtained from a payment device by the interface of the device in accordance with authentication criteria, the interface being a contactless interface configured to receive data from the payment device contactlessly; An operating system OS configured to process data provided by the EMV transaction module in accordance with level 1 of EMVCo standards; Wherein the EMV transaction module is configured to: receiving a request to conduct a secure financial transaction with the secure element; Obtaining data regarding a financial account from the payment device via the interface of the apparatus by means of the secure element, the obtaining comprising (i) sending a request to the payment device to select a short range payment system environment PPSE, (ii) receiving a response from the payment device indicating payment applications supported by the payment device, and (iii) selecting one of the available payment applications; Establishing a secure communication channel with a server of a financial institution regarding the financial account through the communication interface of the device by means of the secure element, the establishing comprising sending a request by the secure element to the payment control application to establish the secure communication channel with the server of the financial institution; transmitting an authorization request to perform the secure financial transaction to the server over the secure communication channel with the secure element, the authorization request including at least a portion of the data regarding the financial account; receiving a response to the authorization request from the server over the secure communication channel, and The response to the authorization request is processed to generate a status of the secure financial transaction.
2. 2. The secure element of claim 1, wherein the request to conduct a secure financial transaction is received from the payment control application running on the device.
3. 3. The secure element of claim 1, wherein the data regarding the financial account is processed by the secure element independent of data processed by the processor of the device.
4. 4. The secure element of claim 1, wherein the EMV transaction module is further configured to perform sending the status of the secure financial transaction to the payment control application running on the device via the secure element.
5. 5. The secure element of claim 1, wherein the control instructions for controlling the secure element include instructions for causing sending a start payment applet message to the secure element via the payment control application and activating the secure element based on the start payment applet message.
6. 6. The secure element of claim 1, wherein the secure element is embedded in one of a chipset embedded on a circuit of the device, a subscriber identity module, SIM, a secure digital, SD, card, a non-volatile memory card, and a housing inserted into the device.
7. 7. The secure element of claim 1, wherein the EMV transaction module is a contactless transaction module.
8. 8. The secure element of claim 1, wherein the request to conduct the secure financial transaction includes a purchase amount debited from the financial account.
9. 9. The secure element of claim 1, wherein the payment device is one of a payment card and a mobile device.
10. 10. The secure element of claim 1, wherein the data regarding the financial account comprises at least one of a key, a certificate, and a payment card number.
11. 11. An electronic device comprising a secure element according to any one of claims 1-10.
12. 12. A method of operating a mobile device for use as a payment terminal, the mobile device being different from a dedicated payment terminal, the mobile device being configured to run a point of sale, POS, application and to operate a secure element, the mobile device comprising a central processing unit, a contactless interface comprising a near field communication, NFC, interface, and a communication interface, the method comprising: transmitting, by the secure element, a request to the NFC interface to enable a reader mode of the NFC interface such that radio frequency, RF, and contactless functions of the NFC interface are activated; reading, by the secure element, a payment credential for a payment application, the payment credential including a key, certificate, or payment card number maintained separately processed by and stored within a memory of the secure element; Transmitting, by the secure element, a request to the NFC interface to deactivate RF and contactless functions of the NFC interface; Sending a request to a payment control application to establish a communication channel with a financial server, including establishing a secure communication channel between the secure element and the financial server via the communication interface of the mobile device through an exchange of encryption keys; Transmitting, by the secure element over the secure communication channel, a request for an authorized transaction to the financial server, the request for an authorized transaction including the payment credentials, and Closing the secure communication channel.
13. 13. The method of claim 12, wherein the secure element comprises software embedded in a secure component.
14. 14. The method of claim 12, wherein the secure element comprises a chipset.
15. 15. The method of claim 12, wherein the POS application comprises a payment control application.
16. 16. The method of claim 12, wherein reading, by the secure element, the payment credentials for the payment application comprises: Receiving, by the secure element, a payment initiation applet message; initiating a payment applet on the secure element, and The payment credentials are read from the near-coupled integrated circuit card PICC.
17. 17. The method of claim 12, further comprising: sending a request for selecting a close range payment system environment PPSE to a close coupling integrated circuit card PICC; receiving a response from the PICC indicating payment applications supported by the PICC, and A payment application is selected from among the available payment applications by the secure element.
18. 18. The method of claim 17, wherein communication between the payment control application and the secure element occurs via a contactless front end.
19. 19. The method of claim 17, further comprising: Retrieving, by the payment control application, a personal identification number, PIN, associated with the PICC; Transferring the PIN to the secure element, and The payment credentials are validated using the PIN.
20. 20. The method of claim 17, wherein establishing the secure communication channel between the secure element and the financial server via the communication interface of the mobile device comprises sending, by the secure element, a request to the payment control application to establish the secure communication channel with the financial server.

Description

Method, device and security element for conducting a secure financial transaction on a device The present application is a divisional application of the application patent application 201380011751.7 entitled "method, apparatus, and secure element for secure financial transactions on an apparatus" with a filing date of 2013, 2, 28 Cross Reference to Related Applications The application is hereby incorporated by reference in its entirety by reference to the provisional application of U.S. application number US61/604,613 filed by se bastien FONTAINE et al at 29 of 2012, entitled "SYSTEM AND METHOD FOR CONDUCTING A SECURED TRANSACTION ON A DEVICE". Technical Field The present invention relates to a method, apparatus and secure element for conducting secure transactions on a device, and in particular to secure financial transactions. Background This section is intended to introduce the reader to various aspects of art that may be related to various aspects of the present disclosure that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art. Vendors often use payment terminals to conduct secure financial transactions with customers. Such customers typically hold a payment card issued by a financial institution or payment card institution. In some examples, the payment card contains a magnetic stripe and/or a smart card chip to allow the transaction to be initiated by swiping the card in a magnetic stripe reader of the payment terminal or by introducing the payment card in a smart card reader of the payment terminal. In other examples, the payment card may also be a contactless transaction that makes it possible to allow transactions to occur by presenting the payment card in the vicinity of the payment terminal. To ensure security in financial transactions, transaction standards such as universal european card (Europay), mastercard and visa (EMV) have been developed and used to authenticate both payment terminals and payment cards. However, payment terminals used to conduct secure financial transactions are often devices dedicated to the execution of financial transactions due to a variety of factors, including the technical complexity required to meet security standards. There is therefore a need in the art for a method, device and secure element for conducting secure transactions from any device, in particular from a device providing other functions than the execution of a pure financial transaction. Disclosure of Invention It is an object of the present invention to provide a method of conducting a secure financial transaction on a device as a payment terminal, said device comprising a central processing unit and a secure element. The method includes obtaining a purchase amount to be debited from a financial account, obtaining data associated with the financial account via a device, and obtaining transaction authorization from a financial institution associated with the financial account. The authorization is based at least in part on data separately processed by the secure element independent of data processed by the central processing unit. The data separately processed by the secure element includes at least a portion of the obtained financial account related data. It is another object of the present invention to provide a device that is a payment terminal for conducting secure financial transactions. The device includes a central processing unit, a communication interface configured to establish communication between the device and a financial institution associated with the financial account, an interface for obtaining data associated with the financial account, a secure element for processing at least a portion of the data associated with the financial account obtained by the interface, and control logic configured to obtain a purchase amount debited from the financial account and obtain authorization for a transaction from the financial institution associated with the financial account. The transaction authorization is based at least in part on data that is separately processed by the secure element independent of data processed by the central processing unit. The data separately processed by the secure element includes at least a portion of the obtained financial account related data. It is a further object of the invention to provide a secure element arranged in a device as a payment terminal. The secure element includes instructions to run a universal European card, universal card, and visa (EMV) transaction module configured to process data obtained by an interface of a device in accordance with an authentication standard, and an Operating System (OS) configured to process data provided by the EMV transaction module in