12E019 中国移动NFC手机钱包客户端规范V1.0.0-USB迷|专注于互联网分享

2023年12月19日发(作者：用景中)

Communication Industry Standard of

the People's Republic of China

QB-E-019-2012

Specification of NFC-Based Mobile

Wallet Client

Version No.: 1.0.0

Issue date: August 27, 2012

Implementation date: August 27, 2012

Issued by China Mobile Communications Corporation

QB-E-019-2012

Contents

Preface .................................................................................................................................................. II

1 Scope ............................................................................................................................................. 1

2 Normative Reference ..................................................................................................................... 1

3 Term, Definition and Abbreviation ................................................................................................ 1

3.1

Abbreviation ...................................................................................................................... 1

3.2

4 Service Overview .......................................................................................................................... 2

6 4

6.1 User registration ...................................................................................................................... 4

6.2 User certification ..................................................................................................................... 4

6.3 Installed application management ........................................................................................... 4

6.4 Installable application management ........................................................................................ 5

6.5 Reverse activation ................................................................................................................... 6

6.6 APDU forwarding .................................................................................................................... 6

6.7 SIM Access API calling ........................................................................................................... 7

6.8 Logoff ...................................................................................................................................... 7

6.9 Preferential WLAN access ...................................................................................................... 7

6.10 Mobile wallet client update ................................................................................................... 7

6.11 Client login password management ....................................................................................... 7

7 Service Process ................................................................................................................................... 7

7.1 User registration ...................................................................................................................... 8

7.2 User certification ..................................................................................................................... 8

.............................................................................................. 8

7.3 Installable application list query

7.4 Application search ................................................................................................................... 9

7.5 Make comments .................................................................................................................... 10

7.6 Application installation .......................................................................................................... 11

7.7 Application update ................................................................................................................. 11

7.8 Application uninstalling ........................................................................................................ 11

7.9 Mobile wallet client update ................................................................................................... 11

7.10 Logoff .................................................................................................................................. 12

8 Interface Requirements ..................................................................................................................... 13

8.1 Interface between mobile wallet and trusted service manager .............................................. 13

8.2 SIM 13

9 . 13

9.1. Communication security ....................................................................................................... 14

9.2. Data storage security ............................................................................................................ 14

9.3 Availability ............................................................................................................................ 14

10 Definition Rules of Mobile Wallet Client Version .......................................................................... 14

........................................................................................................................ 15

11. Preparation History

QB-E-019-2012

Preface

This standard specifies overall requirements for the content of mobile wallet client to be regulated

as needed during the performence of services. It is the programmatic technical document that the

development of Mobile Wallet Client must comply with.

This standard mainly contains the following aspects: service overview, function requirements,

service process, interface requirements, version definition rules, etc.

This standard is one of the contactless service series standards that are structured, named or to be

named as follows:

S/N

[1]

[2]

[3]

[4]

Standard No.

QB-E-014-2012

QB-E-015-2012

QB-E-016-2012

QB-E-017-2012

Standard Name

General Technical Specification of Contactless

Service

Mobile Terminal Application Basic Capacity

Technical Specification – NFC Part

Technical Specification for CMCC User Card

Application Basic Capacity

Technical Specification for CMCC User Card

Application Basic Capacity – Application

Development API Part

Specification for CMCC Trusted Service Manager

Equipment

Specification for NFC-Based Mobile Wallet Client

Safety specification for CMCC Electronic

Commerce Service - General Requirements Part

[5]

[6]

[7]

QB-E-018-2012

QB-E-019-2012

QB-F-010-2012

This standard should be used with contactless service series standards.

This standard was issued and printed by ZYJ (2012) No. 148 document.

This standard was proposed by the Data Department of CMCC and under the jurisdiction of the

Technology Department of CMCC.

Drafting organization of this standard: CMCC Research Institute.

Main drafters of this standard: Li Zheng, Ding Lijuan, Ren Xiaoming, Lu Ming, Wu Xiaoqian, Li

Yaqiang, Yu Yuan, Guo Manxue and Huang Gengsheng.

QB-E-019-2012

Scope

This standard specifies functions and technical requirements related to the mobile wallet client and

is only for internal use of CMCC.

Normative Reference

The following documents contain provisions which, through reference in this text, constitute

provisions of this standard. For dated reference, subsequent amendments to, or revisions of, any of

these publications do not apply (excluding any Corrigendum). However, parties to agreements

based on this standard are encouraged to investigate the possibility of applying the most recent

edition of the standards indicated below. For undated references, the latest edition of the normative

document referred to applies.

S/N. Standard No.

QB-E-014-2012

Standard Name

General Technical

Specification of

Contactless Service

Mobile Terminal

Application Basic

Capacity Technical

Specification - NFC Part

Technical Specification for

CMCC User Card

Application Basic

Capacity

Specification for CMCC

Trusted Service Manager

Equipment

Safety Specification for

CMCC Electronic

Commerce Service -

General Requirements

Part

General Technical Scheme

for Preferential WLAN

Access in Self-Service

Issued by

China Mobile

Corporation

China Mobile

Corporation

Communications [1]

[2] QB-E-015-2012 Communications

[3] QB-E-016-2012 China Mobile

Corporation

Communications

[4] QB-E-018-2012 China Mobile

Corporation

Communications

[5] QB-F-010-2012 China Mobile

Corporation

Communications

[5] China Mobile

Corporation

Communications

Term, Definition and Abbreviation

3.1 Abbreviation

Abbreviation

APDU

API

CMS2AC

Meaning

Application Protocol Data Unit 应用协议数据单元

Application Programming Interface 应用程序接口

China Mobile Security and Multi-Space Application Card 运

营商安全多安全域多应用卡

QB-E-019-2012

Abbreviation

3DES

DES

IMSI

NFC

POS

SHA-1

SIM

SSL

SWP

TSM

WLAN

3.2

Meaning

Triple Data Encryption algorithm 三重数据加密算法

Data Encryption Algorithm 数据加密算法

International Mobile Subscriber Identity 国际移动用户识别码

Near Field Communication 近距离无线通信

Personal Identification Number 个人标识符

Point of Sale 销售终端

Secure Hash Algorithm 安全哈希算法

Subscriber Identity Module 用户识别模块

Secure Sockets Layer 安全套接层

Single Wire Protocol 单线协议

Security Element 安全模块

Trusted Service Manager 多应用开放平台

Wireless Local Area Network 无线局域网络

Term

Meaning Term

Confidentiality The status of information not obtained by users or entities that are unauthorized

Integrity Information is not changed or damaged without being unauthorized.

Security domain It is a kind of logic domains in SE. Every domain is responsible for managing

applicable secret keys, to ensure applications and data from different providers

coexist with the same SE and will not destroy the confidentiality and integrity of

each other.

SWP SIM card SIM card supporting SWP protocol

NFC terminal

Security

Element

User mobile device supporting contactless technology and achieving near field

communication

A chip module storing NFC application and user sensible data, and implementing

safe keys calculation.

Service Overview

Mobile wallet client is an intelligent management software managing SE resource and applications

with the installation on mobile over the air, which is usually applied to the trusted service manager,

and it’s also an access channel of trusted service manager service through mobiles. Mobile wallet

client is required to install on the NFC mobile terminals complying with the requirements of

CMCC.

See General Technical Specification of Contactless Service for management functions of SE

QB-E-019-2012

Logical Architecture Chart

Fig. 5-1

Client has seven function modules:

1) User interaction module: accept user operations, call service logical modules to execute

command, and respond the execution results.

2) Service logic module: provide service interface for interaction module and asynchronous callback

of the execution results to the user interaction module.

3) Application management module: responsible for maintaining local installed application list.

Store local application list through storage module.

4) SE operation module: packaging conducts communication operation of interaction APDU in SE

module, call SIM Access API and SE.

5) Security Element: realize encrypt and decryption of data, and conduct data summary algorithm,

and support 3DES and SHA-1 summary algorithm.

6) Storage module: provide storage of application configuration, user information and installed

application information data.

7) Network communication module: communicate with the

trusted service manager.

Location of Client in the System

QB-E-019-2012

Function Requirements

6.1 User registration

SE has no connection with mobile numbers on the trusted service manager. If a user starts the

client, the user must register first. Only when it succeeds can functions be started. Before

registration, users are required to browse and accept User Utilization Protocol in electronic

edition; meanwhile, the client is required to obtain SE-ID information from SE automatically, and

function start information carrying such information is passed on to trusted service managers.

The client will save SE-ID and TOKEN which is allocated by the trusted service manager, and

enter the first interface of client, after successful registration.

If registration fails, the client will give relevant prompts and quit. To start the client next time,

registration is also needed.

6.2 User certification

After user registration succeeds, when mobile wallet client is started, it will take SE-ID and

TOKEN with certification information and pass on to the trusted service manager, requesting for

certification.

After successful certification, mobile wallet client will automatically check the status of installed

application client. (If none application is installed, skip this step.) Enter the main interface directly,

once any uninstallation of application client is founded, main interface should have some relevant

prompts. If certification succeeds, user can use all the functions in mobile wallet client.

If certification fails, the mobile wallet client can also enter main interface. User is only able to

browse installed application list of mobile wallet client local memory rather than use other

functions.

6.3 Installed application management

6.3.1 Installed application display

After mobile wallet successfully certificates, enter the first interface where user installed application

list can be browsed.

If the user clicks the application icon in the list, application function can be started, entering

application interface. If there is new edition to installed application, prompt "updatable" should

appear in client.

6.3.2 Installed application setting

QB-E-019-2012

User can set some application as the default consumption card in some industry. When punching

the card on the POS of this industry, this set card will be used in default.

6.3.3 Installed application uninstalling

User can separately uninstall an application, or select several applications to uninstall in batches.

6.3.4 Installed application update

When there is a new version of installed application, users can select to update. During update, the

progress prompt will appear.

6.4 Installable application management

6.4.1 Application display

Client may show downloadable application list in the latest, recommendation, the hottest and

classification ways and etc. to users. Default is shown in "recommendation" way.

1) "The latest" refers to all the installable applications in reverse chronological order;

2) "Recommendation" refers to some installable applications highly recommended by the trusted

service manager;

3) "The hottest" refers to the installable applications in descending order of number of downloads.

4) "Classification" refers to show installable applications in types, and classification may include

ATM card, transportation card, membership card and etc. Application list should contain all basic

information of applications, such as name, application icon, popularity, charging condition and

installation condition.

6.4.2 Application details

When entering one application in list, the client can show all the details of this application,

including application name, application icon, application version number, function introduction,

application size, release time, application provider, number of downloads, popularity index,

whether the application is equipped with the supporting client. If the supporting client exists,

screenshot and others of this client should be shown.

6.4.3 Application downloading

Users can download applications through the mobile wallet client:

QB-E-019-2012

1) Under the condition where SE application is uninstalled, download it and install in SE. If

necessary, the establishment of security domain may be involved.

2) For the application which needs further individualization, SE application individualization

operation will be performed.

3) Under the condition where application is equipped with the supporting client already,

downloading and installation of the client will be performed. If the supporting client is installed,

skip this step.

In the process of installation, there may appear process prompt and execution process. After

successful downloading, this application can be added to the installed application list.

6.4.4 Application comments

Provide existing search-read function of application comment. When comments exceed one screen,

page turning is allowed. It may show all the user comments about some application.

Users can make comments about applications only in limited words.

6.4.5 Application search

The client provides keyword search of installable application function. The trusted service

manager begins to search according to the matching rate of input keyword and application name,

and presents the search results returned to the client.

6.5

Reverse activation

Reverse activation refers to communication initiated by the trusted service manager with mobile

wallet.

The client is required to support acceptance of awakening function of PUSH messages.

After receiving PUSH messages, the client will automatically get started in the background, and

initiate relevant actions according to the trusted service manager.

If client gets started before receiving PUSH messages, relevant actions should be initiated directly

according to trusted service manager requirements.

6.6 APDU forwarding

The client receives APDU list issued through the trusted service manager, and sends several

APDU order included in list to SE; as well as sends APDU responses returned from SE back to the

trusted service manager for processing. In the process of execution of APDU, if any error or

exception appears, the client will interrupt execution of following APDU, through which error or

exception will be returned to the trusted service manager.

APDU list includes the following APDU: Initialization, Installation, Personalization, Remove,

QB-E-019-2012

Lock/Unlock and etc.

6.7 SIM Access API calling

The client can communicate with SE only through calling SIM Access API.

6.8 Logoff

Users can initiate logoff through the mobile wallet client. None installed application in SE is

required, if logoff needs to be done.

6.9 Preferential WLAN access

The requirements in General Technical Scheme for Preferential WLAN Access in Self-Service

should be followed.

To start the client for the first time, TOKEN allocated by the trusted service manager can be

obtained.

6.10 Mobile wallet client update

Mobile wallet client can be divided into mandatory update and non-mandatory update:

1) Mandatory update: when a user logs in the client and new version is detected, the user must

complete the update first, and then can enter.

2) Non-mandatory update: when a user logs in the client and new version is detected, the user can

make choice to update or not. If the user doesn't update, then the user can also enter the old

version client.

6.11 Client login password management

Mobile wallet client provides function of login password management. Users can choose to use

the password must be input for verification. If login password fails to pass the verification, the

client is not allowed to enter.

There is a valid period for the login password that has passed the verificaiton. When none operation

is conducted in mobile wallet client within the valid period, login password will be invalid, which

requires another input of login password if the user desires to use, or quit the mobile wallet client.

Mobile wallet client provides modification function towards the login password, which requires

another input of old login password once and new login password twice.

Service Process

QB-E-019-2012

7.1 User registration

See General Technical Specification of Contactless Service for definition.

7.2 User certification

See General Technical Specification of Contactless Service for definition.

7.3 Installable application list query

Fig.7-1 Flow Chartof Installable Application List Query8

QB-E-019-2012

Process explanation:

1) Mobile wallet client initiates the latest, or the hottest, or recommendation, or classification query

request.

2) The trusted service manager generates application list according to the rules.

3) Push the contents to the client by responses.

4) The client shows the contents of the application list.

5) The user continues to load at the display page.

6) The client initiates the search request for the next page.

7) Next page will be generated as the application list by the trusted service manager.

8) Push the contents to the client by responses.

9) The client shows the loading content.

7.4

Application search

Fig. 7-2 Application Search Process

QB-E-019-2012

Process explanation:

1) The user inputs search keywords at the mobile wallet client.

2) The client initiates the search request.

3) The trusted service manager does searching according to keywords, and generates matched

application list.

4) Push the contents to the client by responses.

5) The client shows content of application list being searched.

7.5

Make comments

Fig. 7-3 Comment process10

QB-E-019-2012

Process explanation:

1) The user enters the application comment entry

2) The mobile wallet client initiates the application get information request.

3) The trusted service manager prepares the existing comment information.

4) Push the contents to the client by responses.

5) The client presents the application details, below which comment information is showed.

6) The user inputs new comments, and clicks to submit.

7) The client initiates the request for uploading new comments.

8) The trusted service manager records new comments.

9) The trusted service manager sends back the response.

7.6 Application installation

See General Technical Specification of Contactless Service for definition.

7.7 Application update

See General Technical Specification of Contactless Service for definition.

7.8 Application uninstalling

See General Technical Specification of Contactless Service for definition.

7.9

Mobile wallet client update

Fig. 7-4 Mobile Wallet Client Update Process

QB-E-019-2012

Process explanation:

1) After certification, mobile wallet client finds a new version, according to the responses sent

back by the trusted service manager.

2) Update prompt is given to the user who makes confirmation of update.

3) The client initiates the downloading request.

4) The trusted service manager sends back the response.

5) Download documents from client.

6) Downloading is completed, and installation is started.

7) After successful installation, successful uploading prompt is given to the user.

7.10 Logoff

Fig. 7-5 Logoff process

Process explanation:

1) The client initiates the logoff request.

2) The user is logged off at the trusted service manager.

3) The trusted service manager sends the logoff results back to the client.

QB-E-019-2012

7.11 Reverse Activation

Fig. 7-6 Reverse Activation Process

Process explanation:

1) The trusted service manager sends Push messages.

2) After receiving messages, the client will automatically get started in the background. After

started, if the mobile wallet client finds the mandatory update, it will automatically update; if

non-mandatory update version is found, it will skip update.

3) The client initiates the request according to the content of messages.

4) The trusted service manager sends back the responses.

Interface Requirements

Interface between mobile wallet and trusted service manager 8.1

See CMCC Multi-application Open Platform Equipment Code for the definition of requirement.

8.2

SIM Access API

See Mobile Terminal Application Basic Capacity Technical Specification –

NFC Part for the

definition of requirement.

Safety Requirements

The safety requirements for clients in Safety specification for CMCC Electronic Commerce

Service - General Requirements Part shall be followed, and following requirements shall be

conformed to.

QB-E-019-2012

9.1

Communication security

The communication between the mobile wallet client and the trusted service manager is required

to adopt SSL protocol, to achieve the confidentiality and integrity of communication data.

9.2 Data storage security

For sensitive data to be stored in the client, the storage requirements are as follows:

Table 9-1 Data Storage Security Requirements

Data Type Security Storage Requirements

Password The client can not store the password input by a user in permanent

storage, and after verification is passed, password in memory should be

cleared safely.

Secret key

Under the condition where specifies clearly that the client will

permanently store secret key, secret key is limited to appear in memory,

and after using, password should be cleared safely.

APDU command

APDU command passed by the trusted service manager and information

related to SIM card can not be stored in permanent storage.

Other relevant

Quit the client, any temporary variable or file in memory and file system

information should be cleared.

9.3 Availability

Client software is able to handle all exceptions or incidents in mobile terminals, and

the requirements are as follows:

Table 9-2 Availability Requirements

Exception/Incident Security Requirements

A call comes during The client enters background and continues working and

transaction transacting. If any transaction prompt appears, it will show when

the client enters the foreground.

Power is After the client is restarted, the user will receive exception

interrupted during information from it, and may choose to continue or cancel

the transaction operation.

Network is

The client gives a relevant error prompt (for example: no

interrupted during response from the server).

the transaction

After the client is reconnected, the user will receive exception

information from it, and may choose to continue or cancel

operation.

10 Definition Rules of Mobile Wallet Client Version

QB-E-019-2012

Version format: Major Version Number, Minor Version Number, Revision Number.

Chinese versions: 主版本号、子版本号、修正版本号.

主版本号 means Major Version Number, 子版本号 means Minor Version Number, and 修订版本号 means Revision Number.

The number of Major Version Number, Minor Version Number and Revision Number should be

an integer from 0-9.

11.

Preparation History

Updated on

2012-7-3

Main Content or

Important Modification

Prepared

Technical

Reviewer

Department

Reviewer

Version

No.

1.0.0

Establish specifications, Li Zheng

mainly including service

overview, function

requirements, service

process, interface

requirements, version

definition, etc

Version No.: 1.1.0; No:

QB-E-019-2012

Guo Manxue Feng

Lingjuan