• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    Abstract En viss autentiseringsbaserad tjanst implementeras via en fysisk autentiseringsanordning (ORD), exempelvis ett kreditkort. En tjanstebeskrivning (SE) far namnda autentiseringsbaserade tjanst utlases fran den fysiska autentiseringsanordningen (CRD) via en anvandarternninal (100); och baserat darpa, alstras en tjanstebegaran (S-REQ), vilken aven anger en kapacitetsbeskrivning far anvandarterminalen (100). En kommunikationsnod (DN) rnottar tjanstebegaran (S-REQ) och kontrollerar denna mot en databas (DB) innehallande information am vilken nod i en uppsattning noder (SP1, SP2,SPn) som lagrar nedladd- ningsbar mjukvara far implementering av vilka autentiseringsbaserade tjanster pa vilken typ av anvandarterminaler. Om en rnatchning patraffas mellan atminstone en nod i narnnda Lipp- sattning noder (SP1, SP2,SPn) och namnda autentiserings- baserade tjanst skickas ett nedladdningsidentifieringsmeddelande (ID;SP2) till anvandarterminalen (100). Nediaddningsidentifieringsmeddelandet (ID:SP2) anger atminstone en adresstrang unikt identifierande en respektive plats for nedladdningsbar mjukvara lagrad namnda atminstone en matchande nod (SP1, SP2), Den nedladdningsbara mjukvaran är konfigurerad att implementera namnda autentiseringsbaserade tjanst pa namnda anvandarterminal (100). (Fig. 1)
    公开号:SE1351210A1
    申请号:SE1351210
    申请日:2013-10-11
    公开日:2015-04-12
    发明作者:Mattias Eld;Petter Arvidsson;Miguel Cardo Rodriguez
    申请人:Fidesmo Ab;
    IPC主号:
    专利说明:

    ldentifying Service Providers for Integrating a SecureElement into a Short-Range Wireless CommunicationApparatus THE BACKGROUND OF THE INVENTION AND PRIOR ART The present invention relates generally to solutions for imple-menting services based on secure elements stored in mobile de-vices. More particularly the invention relates to a communicationnode according to the preamble of claim 1, a mobile communi-cation apparatus according to the preamble of claim 5 and a me-thod according to the preamble of claim 7. The invention also re-lates to a computer program product according to claim 11 and acomputer readable medium according to claim 12.
    Today, an increasing number of services are implemented byuse of different types of physical authentication devices, e.g.smartcards or access control cards. Recently, various solutionshave also been put forward, which render it possible to emulatesuch physical authentication devices in for example a mobile te-lephone. Thus, the mobile telephone can replace one or more ofthe physical authentication devices.
    US 2011/0276961 discloses a method for installing a non-smart-card-related application on a Near Field Communication (NFC)enabled device, such as an NFC-enabled mobile phone. lf theNFC-enabled device is unable to identify or find the targetapplication associated with a Target ldentifier (Target ID) in areceived Generic Control record, a look-up table in which TargetlDs are associated with target UR|s from which installation filesfor the target applications of the Target lDs can be downloadedis used to retrieve the target URI of the Target ID in the receivedGeneric Control record. One or several installation files for thetarget application is then downloaded from the retrieved targetURI, whereupon the target application of the Target ID in thereceived Generic Control record is installed on the NFC-enabled device using the downloaded installation fi|e(s).
    US 2013/0019323 presents a method, performed in a secureelement, which is arranged to enable user applications of thesecure element to verify authenticity of incoming user applica-tion commands. The method involves: receiving a commandfrom a secure element reader for a user application on the secu-re element, the command including an application identifier ofthe user application; determining whether there is a matchinguser application in the secure element; invoking the matchinguser application; and establishing, when there is an absence ofany matching user applications, a communication channel with aremote application manager server and sending an absent userapplication message to the application manager server indica-ting that the user application has been requested on the secureelement. A corresponding secure element, method for an appli-cation manager server and application manager server are alsopresented.
    US 2013/0124349 describes a solution for utilizing and provisio-ning an aggregated soft card, wherein a request for an aggrega-ted soft card from a mobile device is received, which aggregatedsoft card includes a primary component soft card and at leastone secondary component soft card. Component soft card dataassociated with each of the primary component soft card and theat least one secondary component soft card are requested froma plurality of issuing system servers. Further, aggregated softcard data are generated by establishing a link among the com-ponent soft card data received from the plurality of issuingsystem servers and sending the aggregated soft card data to themobile device.
    PROBLEIVIS ASSOCIATED WITH THE PRIOR ART Consequently, as stated initially, it is possible to emulate physi-cal authentication devices in mobile devices, such as smart-phones. However, there is yet no straightforward solution to find the appropriate software for emulating a particular physical au-thentication device in a given mobile device. On the contrary, itis typically very complex to execute this task successfully.
    SUMMARY OF THE INVENTION The object of the present invention is therefore to solve the abo-ve problem, and thus offer a simple and reliable means fortransferring the functionality of one or more physical authentica-tion devices to a mobile communication apparatus.
    According to one aspect of the invention, the object is achievedby the initially described communication node, wherein it is pre-sumed that, alternatively, the particular authentication-basedservice is implemented via a physical authentication device.Further, the service request is based on a service description ofthe particular authentication-based service, which service des-cription has been read out from the physical authentication de-vice via the user terminal.
    This communication node is advantageous because it automati-cally finds and presents an access means to a piece of softwarethat is compatible with the user”s mobile communication device(e.g. a smartphone) for emulating a particular physical authen-tication device (e.g. a credit card) therein. Thus, the process ofreplacing the functionality of a credit card with a smartphone ismade very convenient.
    Preferably, the physical authentication device is a smartcard, acontactless ticketing card and/or an access control card. Fur-ther, it is advantageous if the service description contains a Se-cure Element ID, a Mifare ID, a location descriptor and and/orUniversal Resource Locator, URL, since these all represent ac-cepted data sources.
    According to one preferred embodiment of this aspect of the in-vention the communication node also has a second interface,and is further configured to receive a download request mes- sage from a mobile communication apparatus, for example as aneffect of that a user has activated a link to the downloadablesoftware provided by the communication node. The download re-quest message contains an address string uniquely identifying alocation for the downloadable software stored in a selected oneof the at least one matching node. The downloadable software isconfigured to implement the particular authentication-based ser-vice on the mobile communication apparatus. l/loreover, thecommunication node is configured to forward the download re-quest message to the selected matching node; in response the-reto, receive downloaded software from the selected matchingnode via the second interface; and then, forward the downloa-ded software to the mobile communication apparatus. Hence,also implementing the replacement service for the user”s physi-cal authentication device in his/her mobile communication appa-ratus is made exceptionally uncomplicated.
    According to another preferred embodiment of this aspect of theinvention, if no match is found between the particular authenti-cation-based service and a piece of information in the databaseidentifying downloadable software stored in the set of nodes, thecommunication node is configured to perform the followingsteps. Forward the service request to the nodes in the set of no-des. ln response to any download identification message from atleast one matching node in the set of nodes, forward the down-load identification message to the user terminal via the first in-terface. Here, the download identification message specifies atleast one address string uniquely identifying a respective lo-cation for downloadable software stored in the at least one mat-ching node. As mentioned above, the downloadable software isconfigured to implement the particular authentication-based ser-vice on the particular mobile communication apparatus, and thedownload identification message is generated in response to amatch found between the particular authentication-based serviceand software in the at least one matching node. The procedureof this embodiment is advantageous because the proposed communication node may not be fully updated at all points intime regarding which nodes that contain which downloadablesoftware, and by this procedure it possible to find such newlyadded software. Naturally, in connection with encountering anynewly added software, the database of the communication nodeis preferably updated accordingly.
    According to another aspect of the invention, the object is achie-ved by the mobile communication apparatus described initially,which also contains a reader module and a client module. Thereader module is configured to receive a service description of aparticular authentication-based service from a physical authenti-cation device via a wireless interface of the mobile communica-tion apparatus, e.g. a short-range wireless interface of NFC type.The client module is configured to generate a service requestbased on the service description read out via the reader module,and cause the service request to be sent to the above-proposedcommunication node. The advantages of this mobile communi-cation apparatus, as well as the preferred embodiments thereof,are apparent from the discussion above with reference to theproposed system.
    According to still another aspect of the invention, the object isachieved by the method described initially, wherein it is presu-med that, alternatively, the particular authentication-based ser-vice is implemented via a physical authentication device. Themethod further involves: reading out a service description of theparticular authentication-based service from the physical au-thentication device via the user terminal, and generating the ser-vice request based on the service description. The advantagesof this method, as well as the preferred embodiments thereof,are likewise apparent from the discussion above with referenceto the proposed system.
    According to a further aspect of the invention the object isachieved by a computer program product, which is loadable intothe memory of a computer, and includes software adapted to im- plement the method proposed above when said computer pro-gram product is run on a computer.
    According to another aspect of the invention the object is achie-ved by a computer readable medium, having a program recordedthereon, where the program is to control a computer to performthe method proposed above when the program is |oaded into thecomputer.
    Further advantages, beneficial features and applications of thepresent invention will be apparent from the following descriptionand the dependent claims.
    BRIEF DESCRIPTION OF THE DRAWINGS The invention is now to be explained more closely by means ofpreferred embodiments, which are disclosed as examples, andwith reference to the attached drawings.
    Figure 1 shows a block diagram over a first example of asystem in which the proposed communication no- de may be included; Figure 2 shows a block diagram over a second example ofa system in which the proposed communication node may be included; Figures 3-5 illustrate how messages and/or data may be sentbetween apparatuses and nodes according to em- bodiments of the invention; Figure 6 illustrates, by means of a flow diagram, the gene- ral method according to the invention; and Figure 7 contains a flow diagram illustrating one embodi- ment of the method according to the invention.
    DESCRIPTION OF PREFERRED EMBODIMENTS OF THE IN-VENTION lnitially, we refer to Figure 1 illustrating, by means of a block diagram, a first example of a system in which a proposed com-munication node DN may be included. The communication nodeDN is configured to identify a network-based service resource, ifany, storing downloadable software for implementing a particularauthentication-based service on a given mobile communicationapparatus 100. Here, the network-based service resources areexemplified by a set of nodes SP1, SP2, SPn.
    The communication node DN has a first interface IF1 via which itis configured to receive a service request S-REQ from a userterminal 100, such as a smartphone. The service request S-REQspecifies a particular authentication-based service and a capa-bility description of a particular mobile communication apparatus100, which is intended to emulate a particular authentication-based service.
    Namely, it is presumed that, alternatively, the particular authen-tication-based service is implemented via a physical authentica-tion device CRD. The physical authentication device CRD, inturn, can be represented by a smartcard, (e.g. implementing acredit card, a debit card, a driver's license, a passport, an iden-tification card, a travel document or an automobile insurancecard), a contactless ticketing card (e.g. implementing a chargecard, a prepaid card, a check card, a loyalty card, an offer, avoucher, a coupon, a transit ticket, an entertainment ticket or astored value ticket) or an access control card (e.g. combinedwith an identification card, a travel document, a loyalty card or aclub membership card).
    The service request S-REQ is based on a service description SEof the particular authentication-based service, which has beenread out from the physical authentication device CRD via theuser terminal 100. To this aim, the mobile communication appa-ratus 100 may contain a reader module 110 configured to re-ceive a service description SE of a particular authentication-based service from a physical authentication device CRD via ashort-range wireless interface of the mobile communication apparatus 100, e.g. an NFC interface. Further preferably, theservice description SE contains one of a Secure Element ID, aMifare ID, a location descriptor and a Universal Resource Lo-cator (URL).
    The mobile communication apparatus 100 also contains a clientmodule 120 configured to generate the service request S-REQbased on the service description SE, and cause the service re-quest S-REQ to be sent to a communication node DN via at leastone interconnecting network NW1, for instance including a wire-less access network. ln response to the service request S-REQ,the communication node DN is configured to check the authen-tication-based service against a database DB containing infor-mation about which node in the set of nodes SP1, SP2, SPnthat stores downloadable software for implementing which au-thentication-based services on which types of mobile communi-cation apparatuses. lf the communication node DN finds a match between at leastone matching node, say SP2, in the set of nodes SP1, SP2, SPn and the particular authentication-based service, the com-munication node DN is configured to send a download identifica-tion message lD:SP2 to the user terminal 100 via the first inter-face IF1 and the at least one network NW1. The download iden-tification message lD:SP2 specifies at least one address stringuniquely identifying a respective location for downloadable soft-ware stored in the at least one matching node SP2. Thedownloadable software is configured to implement the particularauthentication-based service on the particular mobile communi-cation apparatus 100.
    According to one preferred embodiment of the invention, thecommunication node DN has a second interface lF2. Via thesecond interface lF2, the communication node DN is configuredto receive a download request message DL-REQ from a mobilecommunication apparatus 100. The download request messageDL-REQ, in turn, may have been produced based on the down- load identification message |D:SP2, and any address stringincluded therein. The download request message DL-REQcontains an address string uniquely identifying a location for thedownloadable software stored in a selected one of the at leastone matching node SP2. l.e. by sending the download requestmessage DL-REQ to the communication node DN, the userindicates which specific software that he/she wishes to install onthe mobile communication apparatus 100 to replace/emulate thephysical authentication device CRD. Thus, the downloadablesoftware is configured to implement the particular authentica-tion-based service on the mobile communication apparatus 100. ln response to the download request message DL-REQ, thecommunication node DN is configured to forward the downloadrequest message DL-REQ to the selected matching node SP2associated with the address string uniquely identifying thelocation for the downloadable software. The selected matchingnode SP2, in turn, is expected to react to the download requestmessage DL-REQ by sending corresponding software DL-D tothe communication node DN.
    When the communication node DN receives the downloadedsoftware DL-D from the selected matching node SP2, the com-munication node DN is further configured to forward the down-loaded software DL-D to the mobile communication apparatus100 to enable installation of the software DL-D therein.
    Figure 2 shows a block diagram over a second example of asystem in which the proposed communication node DN may beincluded. ln Figure 2, all entities, units, devices and messagesthat also occur in Figure 1 designates the same entities, units,devices and messages as described above with reference to Fi-gure 1. ln the embodiment of the invention shown in Figure 2, a readerunit 210 is connected (e.g. via a cable) to a user terminal 200,such as a laptop or other computer apparatus. The reader unit 210 is configured to read out a service description SE of a parti-cular authentication-based service from a physical authenticationdevice CRD inserted into, or by any other means physically orlogically connected to the reader unit 210. Analogous to theabove, the user terminal 200 is configured to generate a servicerequest S-REQ specifying the particular authentication-basedservice implemented by the physical authentication device CRD.
    The service request S-REQ also contains a capability descrip-tion of a particular mobile communication apparatus, which is in-tended to emulate the particular authentication-based service.Here, the particular mobile communication apparatus may eitherbe the user terminal 200, or any other user terminal, such assmartphone synchronized, or by other means associated withthis user terminal 200. ln any case, the user terminal 200 pro-vides said capability description to the communication node DNvia the service request S-REQ. Hence, in this example, the com-munication node DN may find that a node SP1 in the set of no-des SP1, SP2, SPn provides a match with the particular au-thentication-based service and the user terminal 200 or 100.The communication node DN therefore sends a downloadidentification message ID:SP1 to the user terminal 200 via thefirst interface IF1 and the at least one network NW1.
    Figure 3 illustrates schematically how the service request S-REQ specifying: (i) a particular authentication-based service im-plemented by a physical authentication device CRD, and (ii) acapability description of a particular mobile communication ap-paratus is sent from a user terminal 100/200 to the proposedcommunication node DN. ln response to receiving the service re-quest S-REQ, the communication node DN executes a search inthe database DB containing information about which node in aset of nodes that stores downloadable software for implementingwhich authentication-based services on which types of mobilecommunication apparatuses. lf the communication node DNfinds a match between at least one matching node in the set ofnodes and the combination of the (i) particular authentication- 11 based service and (ii) the capability description of the particularmobile communication apparatus, the communication node DNreturns a corresponding download identification message lD:SPto the user terminal 100/200.
    Figure 4 illustrates schematically how the service request S-REQ is sent according to one embodiment of the invention if thecommunication node DN is unable to find a match in the data-base DB. ln Figure 4, all entities and messages that also occurin Figure 3 designates the same entities and messages as des-cribed above with reference to Figure 3. ln Figure 4, when thecommunication node DN concludes that there is no match in thedatabase DB, the communication node DN forwards the servicerequest S-REQ to at least one node SP, preferably all nodes, ina set of nodes which potentially store downloadable software forimplementing authentication-based services mobile communica-tion apparatuses. ln response to the service request S-REQ,each node performs a local search for matching downloadablesoftware. lf a match is found, a corresponding download identi-fication message lD:SP is returned to the communication nodeDN for forwarding to the user terminal 100/200.
    Figure 5 illustrates a procedure according to one embodiment ofthe invention subsequent to the procedures shown in Figures 3and 4, namely when a user initiates downloading of softwarefrom the network-based service resource associated with thedownload identification message lD:SP.
    A download request message DL-REQ is originated by the userterminal 100, for instance by clicking on a link contained in thedownload identification message ID:SP, and sent via the at leastone network NW1 to the communication node location DN. Thedownload request message DL-REQ contains an address stringuniquely identifying a location for the downloadable softwarestored in a selected matching node SP. ln response to the download identification message ID:SP, the 12 communication node DN the forwards the download requestmessage DL-REQ to the selected matching node SP. This nodeSP, in response to the download request message DL-REQ,sends software DL-D identified by the download request mes-sage DL-REQ to the communication node DN. The communica-tion node DN finally forwards the software DL-D to the user ter-minal 100.
    To sum up, and with reference to the flow diagram in Figure 6,we will now describe the general method performed in the pro-posed communication node DN in order to find software for imp-lementing a particular authentication-based service in a parti-cular mobile communication apparatus according to the inven-tion. Hence, Figure 6 is basically analogous to what is illustratedin Figure 3. ln a first step 610, it is checked whether or not a service requesthas been received. The service request S-REQ, in turn, is pre-sumed to be based on a service description SE read out from aphysical authentication device CRD via a user terminal. lf aservice request S-REQ from a user terminal is received, a step620 follows. Otherwise, the procedure loops back and stays instep 610.
    Step 620 checks the authentication-based service against adatabase DB containing information about which node in a set ofnodes SP1, SP2, SPn that stores downloadable software forimplementing which authentication-based services on whichtypes of mobile communication apparatuses, and subsequentstep 630 checks if a match is found in the database DB. lf so, astep 650 follows. Otherwise, the procedure continues to a step640, wherein an error message is generated. Then, the procedu-re loops back to step 610.
    Step 650 returns a download identification message lD:SP to theuser terminal, which download identification message lD:SPspecifies at least one address string uniquely identifying a 13 respective location for the downloadable software stored in theat least one matching node. Thereafter, the procedure loopsback to step 610.
    Figure 7 shows a flow diagram illustrating one embodiment ofthe method according to the invention, namely how software isdownloaded via the communication node DN to a user terminal,such as the mobile communication device 100 in which the soft-ware is to be installed, or an intermediary device, such as theabove-mentioned laptop 200. Thus, Figure 7 is essentially equiva-lent to Figure 5.
    A first step 710 checks if a download request message DL-REQhas been received from a user terminal 100/200. lf so, a step720 follows; otherwise, the procedure loops back and stays instep 710. Step 720 forwards the download request message DL-REQ to the selected matching node SP identified thereby. Then,a step 730 checks if, in response to the download requestmessage DL-REQ, software DL-D has been received. lf so, astep 740 follows; otherwise, the procedure loops back and staysin step 730.
    Step 740 forwards the software DL-D to the user terminal 100/200 from which the download request message DL-REQ was re-ceived. Thereafter, the procedure loops back to step 710.
    All of the process steps, as well as any sub-sequence of steps,described with reference to Figures 6 and 7 above may be con-trolled by means of a programmed computer apparatus. More-over, although the embodiments of the invention describedabove with reference to the drawings comprise a computer appa-ratus and processes performed in a computer apparatus, the in-vention thus also extends to computer programs, particularlycomputer programs on or in a carrier, adapted for putting the in-vention into practice. The program may be in the form of sourcecode, object code, a code intermediate source and object codesuch as in partially compiled form, or in any other form suitable 14 for use in the implementation of the process according to the in-vention. The program may either be a part of an operating sys-tem, or be a separate application. The carrier may be any entityor device capable of carrying the program. For example, the car-rier may comprise a storage medium, such as a Flash memory, aROM (Read Only Memory), for example a DVD (Digital Video/Versatile Disk), a CD (Compact Disc) or a semiconductor ROM,an EPROM (Erasable Programmable Read-Only Memory), anEEPROM (Electrically Erasable Programmable Read-Only Me-mory), or a magnetic recording medium, for example a floppydisc or hard disc. Further, the carrier may be a transmissible car-rier such as an electrical or optical signal which may be conve-yed via electrical or optical cable or by radio or by other means.When the program is embodied in a signal which may be con-veyed directly by a cable or other device or means, the carriermay be constituted by such cable or device or means. Alterna-tively, the carrier may be an integrated circuit in which the prog-ram is embedded, the integrated circuit being adapted for perfor-ming, or for use in the performance of, the relevant processes.
    The term “comprises/comprising” when used in this specificationis taken to specify the presence of stated features, integers,steps or components. However, the term does not preclude thepresence or addition of one or more additional features, inte-gers, steps or components or groups thereof.
    The invention is not restricted to the described embodiments inthe figures, but may be varied freely within the scope of theclaims.
    权利要求:
    Claims (12)
    [1] 1. A communication node (DN) for identifying a network-ba-sed service resource, the communication node (DN) comprisinga first interface (IF1), wherein the communication node (DN) isconfigured to: receive a service request (S-REQ) from a user terminal(100, 200) via the first interface (IF1), the service request (S-REQ) specifying a particular authentication-based service and acapability description of a particular mobile communication ap-paratus (100), check the authentication-based service against a database(DB) containing information about which node in a set of nodes(SP1, SP2, SPn) that stores downloadable software for imp-lementing which authentication-based services on which typesof mobile communication apparatuses, and if a match is foundbetween at least one matching node (SP1, SP2) in the set of no-des (SP1, SP2, SPn) and the particular authentication-basedservice, send a download identification message (lD:SP2) to theuser terminal (100, 200) via the first interface (IF1), the down-load identification message (lD:SP2) specifying at least oneaddress string uniquely identifying a respective location fordownloadable software stored in the at least one matching node(SP1, SP2), which downloadable software is configured to imp-lement the particular authentication-based service on the parti-cular mobile communication apparatus (100),characterized in that alternatively, the particular authentica-tion-based service is implemented via a physical authenticationdevice (CRD), and the service request (S-REQ) is based on aservice description (SE) of the particular authentication-basedservice which has been read out from the physical authentica-tion device (CRD) via the user terminal (100, 200).
    [2] 2. The communication node (DN) according to claim 1, com-prising a second interface (lF2), and being further configured to:receive a download request message (DL-REQ) from a mo- 16 bile communication apparatus (100), the download request mes-sage (DL-REQ) comprising an address string uniquely identi-fying a location for the downloadable software stored in a se-lected one of the at least one matching node (SP1, SP2), whichdownloadable software is configured to implement the particularauthentication-based service on the mobile communication ap-paratus (100), forward the download request message (DL-REQ) to theselected matching node (SP1, SP2), in response thereto receive downloaded software (DL-D) from the selectedmatching node (SP1, SP2), and forward the downloaded software (DL-D) to the mobilecommunication apparatus (100).
    [3] 3. The communication node (DN) according to any one of thepreceding claims, wherein the physical authentication device (CRD) is one of a smart-card, a contactless ticketing card and an access control card,and the service description (SE) contains one of a Secure Ele-ment ID, a Mifare ID, a location descriptor and a Universal Re-source Locator, URL.
    [4] 4. The communication node (DN) according to any one of thepreceding claims, wherein, if no match is found between the par-ticular authentication-based service and a piece of informationin the database (DB) identifying downloadable software stored inthe set of nodes (SP1, SP2, SPn), the communication node(DN) is configured to: forward the service request (S-REQ) to the nodes in theset of nodes (SP1, SP2, SPn), and in response to any down-load identification message (ID:SP1, lD:SP2) from at least onematching node (SP1, SP2) in the set of nodes (SP1, SP2, SPn), which download identification message (ID:SP1, lD:SP2)specifies at least one address string uniquely identifying arespective location for downloadable software stored in the at 17 least one matching node (SP1, SP2), which downloadable soft-ware is configured to implement the particular authentication-based service on the particular mobile communication apparatus(100), and which download identification message (ID:SP1,lD:SP2) is generated in response to a match found between theparticular authentication-based service and software in the atleast one matching node (SP1, SP2) forward the download identification message (ID:SP1,lD:SP2) to the user terminal (100, 200) via the first interface(IF1).
    [5] 5. A mobile communication apparatus (100), characterized inthat it comprises: a reader module (110) configured to receive a service des-cription (SE) of a particular authentication-based service from aphysical authentication device (CRD) via a wireless interface ofthe mobile communication apparatus (100), and a client module (120) configured to: generate a service re-quest (S-REQ) based on the service description (SE), and causethe service request (S-REQ) to be sent to a communication node(DN) according to any one of the preceding claims.
    [6] 6. The mobile communication apparatus (100) according toclaim 5, wherein the physical authentication device (CRD) isconfigured to implement the particular authentication-based ser-vice; the service description (SE) comprises one of a SecureElement ID, a Mifare ID, a location descriptor and a UniversalResource Locator, URL; and the physical authentication device(CRD) being one of a smartcard, a contactless ticketing cardand an access control card.
    [7] 7. A method of identifying a network-based service resourcein a communication node (DN), the method comprising:receiving, via a first interface (lF1), a service request (S-REQ) from a user terminal (100, 200), the service request (S-REQ) specifying a particular authentication-based service and a 18 capability description of a particular mobile communication ap-paratus (100), checking the authentication-based service against a data-base (DB) containing information about which node in a set ofnodes (SP1, SP2, SPn) that stores downloadable softwarefor implementing which authentication-based services on whichtypes of mobile communication apparatuses, and if a match isfound between at least one matching node (SP1, SP2) in the setof nodes (SP1, SP2, SPn) and the particular authentication-based service, sending a download identification message (ID:SP1,lD:SP2) to the user terminal (100, 200) via the first interface(IF1), the download identification message (ID:SP1, lD:SP2)specifying at least one address string uniquely identifying a res-pective location for the downloadable software stored in the atleast one matching node (SP1, SP2), which downloadable soft-ware is configured to implement the particular authentication-based service on the particular mobile communication apparatus(100), characterized by alternatively, the particular authentica-tion-based service is implemented via a physical authenticationdevice (CRD), and the method comprising: reading out a service description (SE) of the particularauthentication-based service from the physical authenticationdevice (CRD) via the user terminal (100, 200), and generating the service request (S-REQ) based on the ser-vice description (SE).
    [8] 8. The method according to claim 7, further comprising: receiving a download request message (DL-REQ) from amobile communication apparatus (100), the download requestmessage (DL-REQ) comprising an address string uniquely iden-tifying a location for the downloadable software stored in a se-lected one of the at least one matching node (SP1, SP2), whichdownloadable software is configured to implement the particularauthentication-based service on the mobile communication ap-paratus (100), 19 forwarding the download request message (DL-REQ) to theselected matching node (SP1, SP2), in response thereto receiving downloaded software (DL-D) from the selectedmatching node (SP1, SP2), and forward the downloaded software (DL-D) to the mobilecommunication apparatus (100).
    [9] 9. The method according to any one of claims 7 or 8, wherein the physical authentication device (CRD) is one of a smart-card, a contact less ticketing card and an access control card,and the service description (SE) is one of a Secure Element ID,a Mifare ID, a location descriptor and a Universal Resource Lo-cator.
    [10] 10. The method according to any one of the claims 7 to 9,wherein, if no match is found in between the particular authenti-cation-based service and a piece of information in the database(DB) identifying downloadable software stored in the set of no-des (SP1, SP2, SPn), the method comprises: forwarding the service request (S-REQ) to the nodes in theset of nodes (SP1, SP2, SPn), and in response to any down-load identification message (ID:SP1, lD:SP2) from at least onematching node (SP1, SP2) in the set of nodes (SP1, SP2, SPn), which download identification message (ID:SP1, lD:SP2)specifies at least one address string uniquely identifying arespective location for downloadable software stored in the atleast one matching node (SP1, SP2), which downloadable soft-ware is configured to implement the particular authentication-based service on the particular mobile communication apparatus(100), and which download identification message (ID:SP1,lD:SP2) is generated in response to a match found between theparticular authentication-based service and software in the atleast one matching node (SP1, SP2) forwarding the download identification message (ID:SP1,lD:SP2) to the user terminal (100, 200) via the first interface (|F1).
    [11] 11. A computer program product (P) loadable into the memory(I/I) of a computer, comprising software for performing the stepsof any of the claims 7 to 10 when the computer program productis run on the computer.
    [12] 12. A computer readable medium (M), having a program recor-ded thereon, where the program is to make a computer performthe steps of any of the claims 7 to 10.
    类似技术:
    公开号 | 公开日 | 专利标题
    US10225145B2|2019-03-05|Method and device for updating client
    CN1975751B|2010-05-19|Test enabled application execution
    US20130262302A1|2013-10-03|Systems, methods, and computer program products for provisioning payment accounts into mobile wallets and managing events
    CN102088691B|2016-05-25|Mobile phone mobile Internet user application certification recognition system and method
    EP3337219B1|2020-07-15|Carrier configuration processing method, device and system, and computer storage medium
    CN103747010A|2014-04-23|Method, system and device for controlling PC | by mobile terminal
    US20140273973A1|2014-09-18|Method and system for replacing key deployed in se of mobile terminal
    SE1351210A1|2015-04-12|Identification of service providers for integrating a secure element into a short-range type wireless communication device
    US11012830B2|2021-05-18|Automated activation and onboarding of connected devices
    CN109495874B|2020-06-02|Profile downloading method and device
    CN101662770B|2012-06-06|Method for accessing wireless application protocol network, mobile terminal, server and system
    EP2849464A1|2015-03-18|Method of communicating between a server and a secure element
    CN108848178B|2021-06-08|Data downloading method and device
    EP3580944B1|2021-12-15|Technique for administrating a subscription at an operator
    CN111614475B|2022-03-18|Data sharing method and block chain main node
    CN114091035A|2022-02-25|Unauthorized verification method, device, equipment and storage medium
    CN110381103A|2019-10-25|A kind of methods, devices and systems for downloading operator's configuration file
    CN112672346A|2021-04-16|Method, device and system for downloading authentication application
    CN112035143A|2020-12-04|Interface information updating method, node and system based on block chain
    CN112105001A|2020-12-18|Method, system, device and storage medium for automatically installing operator APP
    CN112445504A|2021-03-05|Equipment firmware upgrading method, device and system
    CN113455035A|2021-09-28|Method and apparatus for downloading bundle package to intelligent security platform by using activation code
    CN113986315A|2022-01-28|Software upgrading method and device, electronic equipment and computer readable storage medium
    CN111385256A|2020-07-07|Method, device, equipment and medium for migrating batch applications
    CN111343626A|2020-06-26|SIM card initialization method and device, terminal equipment and computer storage medium
    同族专利:
    公开号 | 公开日
    EP3055792A4|2017-04-19|
    EP3055792A1|2016-08-17|
    US9838372B2|2017-12-05|
    US20160241534A1|2016-08-18|
    SE537718C2|2015-10-06|
    WO2015053703A1|2015-04-16|
    CN105659229A|2016-06-08|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    EP1713206A1|2005-04-11|2006-10-18|Last Mile Communications/Tivis Limited|A distributed communications network comprising wirelessly linked base stations|
    US7689664B2|2006-08-10|2010-03-30|Sony Ericsson Mobile Communications Ab|System and method for installing and configuring software applications on a mobile networked terminal|
    EP2043016A1|2007-09-27|2009-04-01|Nxp B.V.|Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications|
    US20090192912A1|2008-01-30|2009-07-30|Kent Griffin|Charge-for-service near field communication transactions|
    WO2010077194A1|2008-12-29|2010-07-08|Telefonaktiebolaget L M Ericsson |Method and device for installing applications on nfc-enabled devices|
    KR101369773B1|2009-07-08|2014-03-06|한국전자통신연구원|Method and apparatus for installation of application using application identifier|
    IN2012DN01925A|2009-12-04|2015-07-24|Ericsson Telefon Ab L M|
    CN102096871A|2011-01-21|2011-06-15|吉林大学|Intelligent self-service search and payment system for global commodities based on Internet of things|
    US9767452B2|2011-11-03|2017-09-19|Mastercard International Incorporated|Methods, systems, and computer readable media for provisioning and utilizing an aggregated soft card on a mobile device|
    EP2602980B1|2011-12-09|2017-02-15|BlackBerry Limited|Transaction provisioning for mobile wireless communications devices and related methods|
    KR101938332B1|2012-07-11|2019-01-14|캠프모바일 주식회사|Method, service server, mobile phone and computer readable recording medium for mobile phone authentication|JP2016157156A|2015-02-23|2016-09-01|株式会社リコー|Information processing apparatus, information processing system, information processing method, and program|
    US9800762B2|2015-03-03|2017-10-24|Ricoh Company, Ltd.|Non-transitory computer-readable information recording medium, information processing apparatus, and communications system|
    法律状态:
    优先权:
    申请号 | 申请日 | 专利标题
    SE1351210A|SE537718C2|2013-10-11|2013-10-11|Identification of service providers for integrating a secure element into a short-range type wireless communication device|SE1351210A| SE537718C2|2013-10-11|2013-10-11|Identification of service providers for integrating a secure element into a short-range type wireless communication device|
    EP14851570.3A| EP3055792A4|2013-10-11|2014-10-10|Identifying service providers for integrating a secure element into a short-range wireless communication apparatus|
    CN201480055989.4A| CN105659229A|2013-10-11|2014-10-10|Identifying service providers for integrating a secure element into a short-range wireless communication apparatus|
    US15/025,235| US9838372B2|2013-10-11|2014-10-10|Identifying service providers for integrating a secure element into a short-range wireless communication apparatus|
    PCT/SE2014/051203| WO2015053703A1|2013-10-11|2014-10-10|Identifying service providers for integrating a secure element into a short-range wireless communication apparatus|
    [返回顶部]