A kind of method and system guaranteeing financial payment safety

文档序号：1744537 发布日期：2019-11-26 浏览：17次中文

阅读说明：本技术 一种保证金融支付安全性的方法及系统 (A kind of method and system guaranteeing financial payment safety ) 是由林加毅丁松燕于 2018-05-17 设计创作，主要内容包括：本申请实施例公开了一种保证金融支付安全性的方法及系统,利用量子密钥代替了写入智能卡中的各类数字证书以及主密钥,量子密钥由量子密钥分发设备或量子随机数发生器生成,基于量子技术的不可窃听、不可复制原理,量子密钥有极高的安全性,极大降低了智能卡中的密钥被破解的风险；同时采用量子密钥代替原有的密钥分散生成方式,实现真正的一卡一密,密钥之间不存在分散关系,不会出现单个密钥被破解后推导出根密钥,从而影响全局安全性的情况出现。从而实现了保证金融支付安全性的目的。(The embodiment of the present application discloses a kind of method and system for guaranteeing financial payment safety, using quantum key instead of all kinds of digital certificates and master key in write-in smart card, quantum key is generated by quantum key distribution equipment or quantum random number generator, can not eavesdrop based on quantum techniques, can not replicating principle, quantum key has high safety, greatly reduces the risk that the key in smart card is cracked；It replaces original key to disperse generating mode using quantum key simultaneously, realizes that a real card is one close, dispersion relation is not present between key, be not in derive root key after single key is cracked, thus appearance the case where influence global safety.To realize the purpose for guaranteeing financial payment safety.)

1. a kind of method for guaranteeing financial payment safety, which is characterized in that the described method includes:

Issuing bank's key management system and quantum key sending system are negotiated to generate quantum key derived parameter；

Issuing bank's key management system is according to the quantum key derived parameter from the quantum key management system amount of acquisition Sub-key；

The quantum key sending system obtains institute from the quantum key management system according to the quantum key derived parameter State quantum key；

Smart card receives the quantum key from the quantum key sending system；

The quantum key is written in the smart card.

2. the method according to claim 1, wherein the quantum key management system is for close in the first quantum Key discharge device and the second quantum key distribution equipment are negotiated after generating the quantum key, and the quantum key is obtained.

3. the method according to claim 1, wherein the quantum key management system is used in quantum random number After generator generates quantum random number as the quantum key, the quantum key is obtained.

4. method according to claim 1-3, which is characterized in that the method also includes:

The smart card carries out encryption to static signature data using the quantum key and generates encryption static signature data, by institute It states encryption static signature data and issuing bank's key management system is sent to by terminating machine；

Issuing bank's key management system is decrypted the encryption static signature data using the quantum key, obtains The static signature data of static signature data after to decryption, static signature data and preservation after verifying the decryption are It is no consistent, if the static signature data after the decryption are consistent with the static signature data of preservation, it is determined that the intelligence It can block correct.

5. according to the method described in claim 4, it is characterized in that, the method also includes:

Issuing bank's key management system generates the first challenge data, using described after determining that the smart card is correct Quantum key encrypts first challenge data and generates the first challenge data of encryption；

First challenge data and the first challenge data of the encryption are passed through institute by issuing bank's key management system It states terminating machine and is sent to the smart card；

The smart card is decrypted the first challenge data of the encryption using the quantum key, first after being decrypted Challenge data, whether the first challenge data and first challenge data after verifying the decryption are consistent, if the decryption The first challenge data afterwards is consistent with first challenge data, and it is legal to determine that issuing bank's key management system has Property；

The smart card generates the second challenge data, is chosen using quantum key encryption first challenge data and second Data of fighting generate encryption third challenge data；The encryption third challenge data and second challenge data are passed through described Terminating machine is sent to issuing bank's key management system；

Issuing bank's key management system is decrypted the encryption third challenge data using the quantum key, obtains The first challenge data after to decryption and the second challenge data after decryption, the first challenge data after verifying the decryption with The second challenge data after whether first challenge data consistent and the verification decryption is with second challenge data It is no consistent, if second after the decryption consistent and described with first challenge data of the first challenge data after the decryption chooses Data of fighting are consistent with second challenge data, it is determined that the smart card is not forged.

6. method according to claim 1-5, which is characterized in that the method also includes:

The smart card generates authorization requests ciphertext ARQC using the quantum key；

The smart card sends the ARQC to issuing bank's key management system by the terminating machine；

Issuing bank's key management system is using ARQC described in the quantum key verification, if ARQC verifying is logical It crosses, generates ARQC response message using the quantum key；

Issuing bank's key management system sends the ARQC response message to the smart card by the terminating machine；

The smart card is using ARQC response message described in the quantum key verification, if ARQC response message verifying is logical It crosses, it is determined that ARQC authorization identifying process is completed.

7. according to the method described in claim 6, it is characterized in that, the method also includes:

Issuing bank's key management system is after the completion of the ARQC authorization identifying process, if the data of the smart card It needs to update, it is complete using the quantum key encryption data more new script and script integrity verification information, the script Property verification information is obtained according to the data more new script；

Issuing bank's key management system is by the data of encryption more new script and the script integrity verification information of encryption The smart card is sent to by the terminating machine；

The smart card using the quantum key decrypt the encryption data more new script and the encryption script it is complete Integrity verification information, data more new script after being decrypted and the script integrity verification information after decryption, using described Data more new script after decryption obtains the script integrity verification information, if the script integrity verification information and institute Script integrity verification information after stating decryption is consistent, the data more new script after executing the decryption.

8. method according to claim 1-3, which is characterized in that the quantum key sending system is bank's hair Card system or bank's quantum key filling system.

9. a kind of method for guaranteeing financial payment safety, which is characterized in that the method is applied to issuing bank's key management System, which comprises

Negotiate to generate quantum key derived parameter with quantum key sending system, so that the quantum key sending system is according to institute State quantum key derived parameter and obtain quantum key from quantum key management system, the quantum key sending system be also used to by The quantum key is sent to smart card, so that the quantum key is written in the smart card；

The quantum key is obtained from the quantum key management system according to the quantum key derived parameter.

10. according to the method described in claim 9, it is characterized in that, the quantum key management system is used in the first quantum Cipher key distribution system and the second quantum key distribution equipment are negotiated after generating the quantum key, and the quantum key is obtained.

11. according to the method described in claim 9, it is characterized in that, the quantum key management system is for random in quantum After number generator generates quantum random number as the quantum key, the quantum key is obtained.

12. according to the described in any item methods of claim 9-11, which is characterized in that the method also includes:

The encryption static signature data that the smart card is sent by terminating machine are received, the encryption static signature data are described What smart card was generated after being encrypted using the quantum key to static signature data；

The encryption static signature data are decrypted using the quantum key, the static signature data after being decrypted, Whether the static signature data of static signature data and preservation after verifying the decryption are consistent, if after the decryption Static signature data are consistent with the static signature data of preservation, it is determined that the smart card is correct.

13. according to the method for claim 12, which is characterized in that the method also includes:

After determining that the smart card is correct, the first challenge data is generated, encrypts first challenge using the quantum key Data generate the first challenge data of encryption；

First challenge data and the first challenge data of the encryption are sent to the smart card by the terminating machine, So that the smart card is decrypted the first challenge data of the encryption using the quantum key, first after being decrypted Challenge data, whether the first challenge data and first challenge data after verifying the decryption are consistent, if the decryption The first challenge data afterwards is consistent with first challenge data, generates the second challenge data, is encrypted using the quantum key First challenge data and the second challenge data generate encryption third challenge data；

Receive the encryption third challenge data and the second challenge number that the smart card is sent by the terminating machine According to, the encryption third challenge data is decrypted using the quantum key, the first challenge data after being decrypted with And whether the second challenge data after decryption, the first challenge data and first challenge data after verifying the decryption are consistent And the second challenge data after the verification decryption and second challenge data it is whether consistent, if the after the decryption The second challenge data and second challenge data after the decryption consistent and described with first challenge data of one challenge data Unanimously, it is determined that the smart card is not forged.

14. according to the described in any item methods of claim 9-13, which is characterized in that the method also includes:

Receiving authorization requests the ciphertext ARQC, the ARQC that the smart card is sent by the terminating machine is to utilize the quantum What key generated；

Using ARQC described in the quantum key verification, if the ARQC is verified, generated using the quantum key ARQC response message；

The ARQC response message is sent to the smart card by the terminating machine, so that the smart card utilizes the quantum ARQC response message described in key authentication, if the ARQC response message is verified, it is determined that ARQC authorization identifying process It completes.

15. according to the method for claim 14, which is characterized in that the method also includes:

It is close using the quantum if the data of the smart card need to update after the completion of the ARQC authorization identifying process Key encryption data more new script and script integrity verification information, the script integrity verification information are according to the data More new script obtains；

The script integrity verification information of the data of the encryption more new script and the encryption is sent out by the terminating machine The smart card is given, so that the smart card decrypts data more new script and the institute of the encryption using the quantum key The script integrity verification information for stating encryption, the script integrity verification after data more new script and decryption after being decrypted Information obtains the script integrity verification information using the more new script of the data after the decryption, if the script is complete Property verification information is consistent with the script integrity verification information after the decryption, the data more new script after executing the decryption.

16. according to method described in claim 9-11, which is characterized in that the quantum key sending system is bank's hair fastener system System or bank's quantum key filling system.

17. a kind of method for guaranteeing financial payment safety, which is characterized in that the method is applied to smart card, the method Include:

Quantum key is received from quantum key sending system, the quantum key sending system is used for and issuing bank's key management System negotiates to generate quantum key derived parameter, obtains institute from quantum key management system according to the quantum key derived parameter State quantum key, issuing bank's key management system is used for according to the quantum key derived parameter from the quantum key Management system obtains the quantum key；

The quantum key is written.

18. according to the method for claim 17, which is characterized in that the quantum key management system is used in the first quantum Cipher key distribution system and the second quantum key distribution equipment are negotiated after generating the quantum key, and the quantum key is obtained.

19. according to the method for claim 17, which is characterized in that the quantum key management system is used for random in quantum After number generator generates quantum random number as the quantum key, the quantum key is obtained.

20. the described in any item methods of 7-19 according to claim 1, which is characterized in that the method also includes:

Encryption is carried out to static signature data using the quantum key and generates encryption static signature data；

The encryption static signature data are sent to issuing bank's key management system by terminating machine, so that the hair Card bank's key management system is decrypted the encryption static signature data using the quantum key, after being decrypted Whether the static signature data of static signature data, static signature data and preservation after verifying the decryption are consistent, such as Static signature data after decrypting described in fruit are consistent with the static signature data of preservation, it is determined that the smart card is correct.

21. according to the method for claim 20, which is characterized in that the method also includes:

Receive the first challenge data and encryption first that issuing bank's key management system is sent by the terminating machine Challenge data, first challenge data, which is issuing bank's key management system, is determining that the smart card correctly generates afterwards , the first challenge data of the encryption is that issuing bank's key management system uses quantum key encryption described first What challenge data generated；

The first challenge data of the encryption is decrypted using the quantum key, the first challenge data after being decrypted, Whether the first challenge data and first challenge data after verifying the decryption are consistent, if first after the decryption chooses Data of fighting are consistent with first challenge data, it is determined that issuing bank's key management system has legitimacy；

The second challenge data is generated, first challenge data is encrypted using the quantum key and the second challenge data generates Encrypt third challenge data；

The encryption third challenge data and second challenge data are sent to the hair fastener silver by the terminating machine Row key management system, so that issuing bank's key management system is using the quantum key to the encryption third challenge Data are decrypted, the second challenge data after the first challenge data and decryption after being decrypted, after verifying the decryption The first challenge data and the second challenge data and institute after whether first challenge data consistent and the verification decryption State whether the second challenge data is consistent, if the first challenge data after the decryption is consistent with first challenge data and institute The second challenge data after stating decryption is consistent with second challenge data, it is determined that the smart card is not forged.

22. the described in any item methods of 7-21 according to claim 1, which is characterized in that the method also includes:

Authorization requests ciphertext ARQC is generated using the quantum key；

The ARQC is sent to issuing bank's key management system by the terminating machine, so that issuing bank's key Management system is using ARQC described in the quantum key verification, raw using the quantum key if the ARQC is verified At ARQC response message；

Receive the ARQC response message that issuing bank's key management system is sent by the terminating machine；

Using ARQC response message described in the quantum key verification, if the ARQC response message is verified, it is determined that ARQC authorization identifying process is completed.

23. according to the method for claim 22, which is characterized in that the method also includes:

After the completion of the ARQC authorization identifying process, if the data of the smart card need to update, the hair fastener silver is received The data for the encryption that row key management system is sent by the terminating machine more new script and the script integrity verification of encryption The script integrity verification information of information, the data of the encryption more new script and the encryption is by the issuing bank Key management system is encrypted using the quantum key, and the script integrity verification information is to update foot according to the data Originally it obtains；

24. the described in any item methods of 7-19 according to claim 1, which is characterized in that the quantum key sending system is silver Row card sending system or bank's quantum key filling system.

25. a kind of system for guaranteeing financial payment safety, which is characterized in that the system comprises:

Issuing bank's key management system, quantum key sending system and smart card；

Issuing bank's key management system generates quantum key export ginseng for negotiating with the quantum key sending system Number；Quantum key is obtained from quantum key management system according to the quantum key derived parameter；

The quantum key sending system, for being obtained according to the quantum key derived parameter from the quantum key management system Obtain the quantum key；

The smart card, for receiving the quantum key from the quantum key sending system；The quantum key is written.

26. system according to claim 25, which is characterized in that the quantum key management system is used in the first quantum Cipher key distribution system and the second quantum key distribution equipment are negotiated after generating the quantum key, and the quantum key is obtained.

27. system according to claim 25, which is characterized in that the quantum key management system is used for random in quantum After number generator generates quantum random number as the quantum key, the quantum key is obtained.

28. according to the described in any item systems of claim 25-27, which is characterized in that

The smart card is also used for the quantum key and carries out encryption generation encryption static signature number to static signature data According to the encryption static signature data are sent to issuing bank's key management system by terminating machine；

Issuing bank's key management system is also used for the quantum key and carries out to the encryption static signature data Decryption, the static signature data after being decrypted, the static label of static signature data and preservation after verifying the decryption Whether name data are consistent, if the static signature data after the decryption are consistent with the static signature data of preservation, really The fixed smart card is correct.

29. system according to claim 28, which is characterized in that

Issuing bank's key management system is also used to after determining that the smart card is correct, is generated the first challenge data, is made First challenge data, which is encrypted, with the quantum key generates the first challenge data of encryption；By first challenge data and The first challenge data of the encryption is sent to the smart card by the terminating machine；

The smart card is also used for the quantum key and the first challenge data of the encryption is decrypted, decrypted The first challenge data afterwards, whether the first challenge data and first challenge data after verifying the decryption are consistent, if The first challenge data after the decryption is consistent with first challenge data, determines issuing bank's key management system tool There is legitimacy；The second challenge data is generated, encrypts first challenge data and the second challenge number using the quantum key Third challenge data is encrypted according to generating；The encryption third challenge data and second challenge data are passed through into the terminal Machine is sent to issuing bank's key management system；

Issuing bank's key management system is also used for the quantum key and carries out to the encryption third challenge data Decryption, the second challenge data after the first challenge data and decryption after being decrypted, first after verifying the decryption chooses War data with first challenge data whether choose with described second by the second challenge data unanimously and after the verification decryption Whether data of fighting are consistent, if after the decryption consistent and described with first challenge data of the first challenge data after the decryption The second challenge data it is consistent with second challenge data, it is determined that the smart card is not forged.

30. according to the described in any item systems of claim 25-29, which is characterized in that

The smart card is also used to generate authorization requests ciphertext ARQC using the quantum key；By the terminating machine to institute It states issuing bank's key management system and sends the ARQC；

Issuing bank's key management system is also used to using ARQC described in the quantum key verification, if the ARQC It is verified, generates ARQC response message using the quantum key；By the terminating machine to described in smart card transmission ARQC response message；

The smart card is also used to using ARQC response message described in the quantum key verification, if ARQC response disappears Breath is verified, it is determined that ARQC authorization identifying process is completed.

31. system according to claim 30, which is characterized in that

Issuing bank's key management system, is also used to after the completion of the ARQC authorization identifying process, if the intelligence The data of card need to update, described using the quantum key encryption data more new script and script integrity verification information Script integrity verification information is obtained according to the data more new script；By the data of the encryption more new script and institute The script integrity verification information for stating encryption is sent to the smart card by the terminating machine；

The smart card, the data more new script for being also used to that the quantum key is utilized to decrypt the encryption and the encryption Script integrity verification information, the script integrity verification information after data more new script and decryption after being decrypted, benefit The script integrity verification information is obtained with the more new script of the data after the decryption, if the script integrity verification is believed Cease, data more new script execute the decryption after consistent with the script integrity verification information after the decryption.

32. according to the described in any item systems of claim 25-27, which is characterized in that the quantum key sending system is silver Row card sending system or bank's quantum key filling system.

33. a kind of device for guaranteeing financial payment safety, which is characterized in that described device is applied to issuing bank's key management System, described device include:

Negotiation element generates quantum key derived parameter for negotiating with quantum key sending system, so that the quantum key Sending system obtains quantum key from quantum key management system according to the quantum key derived parameter, under the quantum key Hair system is also used to the quantum key being sent to smart card, so that the quantum key is written in the smart card；

Obtaining unit, it is close for obtaining the quantum from the quantum key management system according to the quantum key derived parameter Key.

34. device according to claim 33, which is characterized in that the quantum key management system is used in the first quantum Cipher key distribution system and the second quantum key distribution equipment are negotiated after generating the quantum key, and the quantum key is obtained.

35. device according to claim 33, which is characterized in that the quantum key management system is used for random in quantum After number generator generates quantum random number as the quantum key, the quantum key is obtained.

36. according to the described in any item devices of claim 33-35, which is characterized in that described device further include:

First receiving unit, the encryption static signature data sent for receiving the smart card by terminating machine, the encryption Static signature data are generated after the smart card encrypts static signature data using the quantum key；

First verification unit is decrypted for the encryption static signature data to be decrypted using the quantum key Static signature data afterwards, the static signature data of static signature data and preservation after verifying the decryption whether one It causes, if the static signature data after the decryption are consistent with the static signature data of preservation, it is determined that the smart card Correctly.

37. device according to claim 36, which is characterized in that described device further include:

Generation unit, for generating the first challenge data, being encrypted using the quantum key after determining that the smart card is correct First challenge data generates the first challenge data of encryption；

First transmission unit, for first challenge data and the first challenge data of the encryption to be passed through the terminating machine It is sent to the smart card, so that the smart card solves the first challenge data of the encryption using the quantum key Close, the first challenge data after being decrypted, the first challenge data after verifying the decryption is with first challenge data It is no consistent, if the first challenge data after the decryption is consistent with first challenge data, the second challenge data is generated, is made First challenge data is encrypted with the quantum key and the second challenge data generates encryption third challenge data；

Second verification unit, for receive the smart card by the encryption third challenge data that the terminating machine is sent with And second challenge data, the encryption third challenge data is decrypted using the quantum key, after obtaining decryption The first challenge data and decryption after the second challenge data, the first challenge data and described first after verifying the decryption Whether the second challenge data and second challenge data after whether challenge data consistent and the verification decryption are consistent, such as Described in fruit decrypt after the decryption consistent and described with first challenge data of the first challenge data after the second challenge data and Second challenge data is consistent, it is determined that the smart card is not forged.

38. according to the described in any item devices of claim 33-37, which is characterized in that described device further include:

Second receiving unit, the authorization requests ciphertext ARQC sent by the terminating machine for receiving the smart card are described ARQC is generated using the quantum key；

Third verification unit, for utilizing institute if the ARQC is verified using ARQC described in the quantum key verification It states quantum key and generates ARQC response message；

Second transmission unit, for sending the ARQC response message to the smart card by the terminating machine, so that described Smart card is using ARQC response message described in the quantum key verification, if the ARQC response message is verified, really Determine the completion of ARQC authorization identifying process.

39. the device according to claim 38, which is characterized in that described device further include:

Encryption unit, for if the data of the smart card need to update, making after the completion of the ARQC authorization identifying process With the quantum key encryption data more new script and script integrity verification information, the script integrity verification information is It is obtained according to the data more new script；

Third transmission unit, for by the script integrity verification information of the data of the encryption more new script and the encryption It is sent to the smart card by the terminating machine, so that the smart card decrypts the number of the encryption using the quantum key According to more new script and the script integrity verification information of the encryption, after the data more new script and decryption after being decrypted Script integrity verification information, obtain the script integrity verification information using the more new script of the data after the decryption, If the script integrity verification information is consistent with the script integrity verification information after the decryption, after executing the decryption Data more new script.

40. according to device described in claim 33-35, which is characterized in that the quantum key sending system is bank's hair fastener System or bank's quantum key filling system.

41. a kind of device for guaranteeing financial payment safety, which is characterized in that described device is applied to smart card, described device Include:

First receiving unit, for receiving quantum key from quantum key sending system, the quantum key sending system is used for Negotiate to generate quantum key derived parameter with issuing bank's key management system, according to the quantum key derived parameter from quantum Key management system obtains the quantum key, and issuing bank's key management system is used to be exported according to the quantum key Parameter obtains the quantum key from the quantum key management system；

Writing unit, for the quantum key to be written.

42. device according to claim 41, which is characterized in that the quantum key management system is used in the first quantum Cipher key distribution system and the second quantum key distribution equipment are negotiated after generating the quantum key, and the quantum key is obtained.

43. device according to claim 41, which is characterized in that the quantum key management system is used for random in quantum After number generator generates quantum random number as the quantum key, the quantum key is obtained.

44. according to the described in any item devices of claim 41-43, which is characterized in that described device further include:

Encryption unit generates encryption static signature data for carrying out encryption to static signature data using the quantum key；

First transmission unit, for the encryption static signature data to be sent to issuing bank's key pipe by terminating machine Reason system, so that issuing bank's key management system carries out the encryption static signature data using the quantum key Decryption, the static signature data after being decrypted, the static label of static signature data and preservation after verifying the decryption Whether name data are consistent, if the static signature data after the decryption are consistent with the static signature data of preservation, really The fixed smart card is correct.

45. device according to claim 44, which is characterized in that described device further include:

Second receiving unit, the first challenge sent for receiving issuing bank's key management system by the terminating machine The first challenge data of data and encryption, first challenge data are issuing bank's key management systems described in the determination What smart card correctly generated afterwards, the first challenge data of the encryption is that issuing bank's key management system uses the quantum Key encrypts what first challenge data generated；

First verification unit is decrypted for the first challenge data of the encryption to be decrypted using the quantum key The first challenge data afterwards, whether the first challenge data and first challenge data after verifying the decryption are consistent, if The first challenge data after the decryption is consistent with first challenge data, it is determined that issuing bank's key management system With legitimacy；

First generation unit, for generating the second challenge data, using the quantum key encrypt first challenge data with And second challenge data generate encryption third challenge data；

Second transmission unit, for the encryption third challenge data and second challenge data to be passed through the terminating machine It is sent to issuing bank's key management system, so that issuing bank's key management system uses the quantum key pair The encryption third challenge data is decrypted, the second challenge number after the first challenge data and decryption after being decrypted According to whether the first challenge data and first challenge data after verifying the decryption are unanimously and after the verification decryption Whether the second challenge data and second challenge data are consistent, if the first challenge data and described first after the decryption The second challenge data after challenge data is consistent and the decryption is consistent with second challenge data, it is determined that the smart card It is not forged.

46. according to the described in any item devices of claim 41-45, which is characterized in that described device further include:

Second generation unit, for generating authorization requests ciphertext ARQC using the quantum key；

Third transmission unit, for sending the ARQC to issuing bank's key management system by the terminating machine, with Make issuing bank's key management system using ARQC described in the quantum key verification, if the ARQC is verified, ARQC response message is generated using the quantum key；

Third receiving unit, the ARQC sent for receiving issuing bank's key management system by the terminating machine Response message；

Second verification unit, for disappearing if the ARQC is responded using ARQC response message described in the quantum key verification Breath is verified, it is determined that ARQC authorization identifying process is completed.

47. device according to claim 46, which is characterized in that described device further include:

4th receiving unit is used for after the completion of the ARQC authorization identifying process, if the data of the smart card need more Newly, the data more new script and encryption of the encryption that issuing bank's key management system is sent by the terminating machine are received Script integrity verification information, the script integrity verification information of the data of the encryption more new script and the encryption is It is encrypted by issuing bank's key management system using the quantum key, the script integrity verification information is root It is obtained according to the data more new script；

Execution unit decrypts the data more new script of the encryption and described using the quantum key for the smart card The script integrity verification information of encryption, the script integrity verification letter after data more new script and decryption after being decrypted Breath, obtains the script integrity verification information using the more new script of the data after the decryption, if the script integrality Verification information is consistent with the script integrity verification information after the decryption, the data more new script after executing the decryption.

48. according to device described in claim 41-43, which is characterized in that the quantum key sending system is bank's hair fastener System or bank's quantum key filling system.

Technical field

This application involves technical field of financial safety, and in particular to a kind of method for guaranteeing financial payment safety and is System.

Background technique

Existing financial payment standard uses PBOC (The People's Bank Of China, People's Bank of China) 3.0 standards, financial payment activity rely on the standard, due to being related to financial transaction, largely use in the standard non- Symmetric key algorithm and symmetric key algorithm, to guarantee the safety and stabilization of entire financial system operation.

In the prior art, all kinds of digital certificates and master key can be written according to 3.0 standard of PBOC in smart card, The master key being written in smart card is dispersed by the root key of issuing bank.But with the development of science and technology, special It is not the promotion with computer capacity, many mechanisms have begun all kinds of quantum computers of research and development, and quantum computer is exceedingly fast Calculating speed, it can be achieved that being cracked to digital certificate and key.Therefore, there may be following for existing financial payment systems Security risk: on the one hand the digital certificate in write-in smart card and master key may be cracked, in another aspect smart card Master key, which is cracked, may cause the root key of issuing bank and is cracked by further derivation, once the root key of issuing bank is broken Solution, will face the leakage of a large amount of secrete key of smart card, coverage is huge.

Summary of the invention

In view of this, the embodiment of the present application provides a kind of method and system for guaranteeing financial payment safety, it is existing to solve Some financial payment systems the technical issues of there may be security risks.

To solve the above problems, technical solution provided by the embodiments of the present application is as follows:

In a first aspect, present applicant proposes a kind of methods for guaranteeing financial payment safety, comprising:

Issuing bank's key management system and quantum key sending system are negotiated to generate quantum key derived parameter；

Issuing bank's key management system is obtained according to the quantum key derived parameter from quantum key management system Obtain quantum key；

The quantum key sending system is obtained according to the quantum key derived parameter from the quantum key management system Obtain the quantum key；

Smart card receives the quantum key from the quantum key sending system；

The quantum key is written in the smart card.

In an optional implementation manner, the quantum key management system is used in the first quantum key distribution equipment Negotiate after generating the quantum key with the second quantum key distribution equipment, obtains the quantum key.

In an optional implementation manner, the quantum key management system is used to generate in quantum random number generator After quantum random number is as the quantum key, the quantum key is obtained.

In an optional implementation manner, the method also includes:

The smart card carries out encryption to static signature data using the quantum key and generates encryption static signature data, The encryption static signature data are sent to issuing bank's key management system by terminating machine；

Issuing bank's key management system solves the encryption static signature data using the quantum key It is close, the static signature data after being decrypted, the static signature of static signature data and preservation after verifying the decryption Whether data are consistent, if the static signature data after the decryption are consistent with the static signature data of preservation, it is determined that The smart card is correct.

In an optional implementation manner, the method also includes:

Issuing bank's key management system generates the first challenge data after determining that the smart card is correct, uses The quantum key encrypts first challenge data and generates the first challenge data of encryption；

Issuing bank's key management system leads to first challenge data and the first challenge data of the encryption It crosses the terminating machine and is sent to the smart card；

The smart card is decrypted the first challenge data of the encryption using the quantum key, after being decrypted First challenge data, whether the first challenge data and first challenge data after verifying the decryption are consistent, if described The first challenge data after decryption is consistent with first challenge data, determines that issuing bank's key management system has and closes Method；

The smart card generates the second challenge data, encrypts first challenge data and the using the quantum key Two challenge datas generate encryption third challenge data；The encryption third challenge data and second challenge data are passed through The terminating machine is sent to issuing bank's key management system；

Issuing bank's key management system solves the encryption third challenge data using the quantum key It is close, the second challenge data after the first challenge data and decryption after being decrypted, the first challenge after verifying the decryption Data with first challenge data whether challenge by the second challenge data and described second unanimously and after the verification decryption Whether data are consistent, if after the decryption consistent and described with first challenge data of the first challenge data after the decryption Second challenge data is consistent with second challenge data, it is determined that the smart card is not forged.

In an optional implementation manner, the method also includes:

The smart card generates authorization requests ciphertext ARQC using the quantum key；

The smart card sends the ARQC to issuing bank's key management system by the terminating machine；

Issuing bank's key management system is using ARQC described in the quantum key verification, if the ARQC is verified Pass through, generates ARQC response message using the quantum key；

Issuing bank's key management system sends the ARQC response to the smart card by the terminating machine and disappears Breath；

The smart card is using ARQC response message described in the quantum key verification, if the ARQC response message is tested Card passes through, it is determined that ARQC authorization identifying process is completed.

In an optional implementation manner, the method also includes:

Issuing bank's key management system is after the completion of the ARQC authorization identifying process, if the smart card Data need to update, and use the quantum key encryption data more new script and script integrity verification information, the script Integrity verification information is obtained according to the data more new script；

Issuing bank's key management system is by the data of encryption more new script and the script integrity verification of encryption Information is sent to the smart card by the terminating machine；

The smart card decrypts the data more new script of the encryption and the foot of the encryption using the quantum key This integrity verification information, the script integrity verification information after data more new script and decryption after being decrypted, utilizes Data more new script after the decryption obtains the script integrity verification information, if the script integrity verification information It is consistent with the script integrity verification information after the decryption, the data more new script after executing the decryption.

In an optional implementation manner, the quantum key sending system is bank's card sending system or bank's quantum Key filling system.

Second aspect, present applicant proposes a kind of method for guaranteeing financial payment safety, the method is applied to hair fastener Bank's key management system, which comprises

Negotiate to generate quantum key derived parameter with quantum key sending system, so that the quantum key sending system root Quantum key is obtained from quantum key management system according to the quantum key derived parameter, the quantum key sending system is also used In the quantum key is sent to smart card, so that the quantum key is written in the smart card；

The quantum key is obtained from the quantum key management system according to the quantum key derived parameter.

In an optional implementation manner, the method also includes:

The encryption static signature data that the smart card is sent by terminating machine are received, the encryption static signature data are What the smart card was generated after being encrypted using the quantum key to static signature data；

The encryption static signature data are decrypted using the quantum key, the static signature number after being decrypted According to whether the static signature data of static signature data and preservation after verifying the decryption are consistent, if the decryption Static signature data afterwards are consistent with the static signature data of preservation, it is determined that the smart card is correct.

In an optional implementation manner, the method also includes:

After determining that the smart card is correct, the first challenge data is generated, uses quantum key encryption described first Challenge data generates the first challenge data of encryption；

First challenge data and the first challenge data of the encryption are sent to the intelligence by the terminating machine It can block, so that the smart card is decrypted the first challenge data of the encryption using the quantum key, after obtaining decryption The first challenge data, whether the first challenge data and first challenge data after verifying the decryption consistent, if institute The first challenge data after stating decryption is consistent with first challenge data, generates the second challenge data, close using the quantum Key encrypts first challenge data and the second challenge data generates encryption third challenge data；

It receives the encryption third challenge data that the smart card is sent by the terminating machine and described second chooses War data, are decrypted the encryption third challenge data using the quantum key, the first challenge number after being decrypted Accordingly and the second challenge data after decryption, whether the first challenge data after verifying the decryption and first challenge data Whether the second challenge data and second challenge data after the consistent and verification decryption are consistent, if after the decryption The decryption consistent and described with first challenge data of the first challenge data after the second challenge data and it is described second challenge Data are consistent, it is determined that the smart card is not forged.

In an optional implementation manner, the method also includes:

Receiving authorization requests the ciphertext ARQC, the ARQC that the smart card is sent by the terminating machine is using described What quantum key generated；

It is raw using the quantum key if the ARQC is verified using ARQC described in the quantum key verification At ARQC response message；

The ARQC response message is sent to the smart card by the terminating machine, so that described in smart card utilization ARQC response message described in quantum key verification, if the ARQC response message is verified, it is determined that ARQC authorization identifying Process is completed.

In an optional implementation manner, the method also includes:

After the completion of the ARQC authorization identifying process, if the data of the smart card need to update, the amount is used Sub-key encryption data more new script and script integrity verification information, the script integrity verification information is according to Data more new script obtains；

The script integrity verification information of the data of the encryption more new script and the encryption is passed through into the terminal Machine is sent to the smart card so that the smart card using the quantum key decrypt the data more new script of the encryption with And the script integrity verification information of the encryption, the script integrality after data more new script and decryption after being decrypted Verification information obtains the script integrity verification information using the more new script of the data after the decryption, if the script Integrity verification information is consistent with the script integrity verification information after the decryption, and the data after executing the decryption update foot This.

In an optional implementation manner, the quantum key sending system is bank's card sending system or bank's quantum Key filling system.

The third aspect, present applicant proposes a kind of method for guaranteeing financial payment safety, the method is applied to intelligence Card, which comprises

Quantum key is received from quantum key sending system, the quantum key sending system is used for and issuing bank's key Management system negotiates to generate quantum key derived parameter, is obtained according to the quantum key derived parameter from quantum key management system The quantum key, issuing bank's key management system are used for according to the quantum key derived parameter from the quantum Key management system obtains the quantum key；

The quantum key is written.

In an optional implementation manner, state quantum key management system for the first quantum key distribution equipment with Second quantum key distribution equipment is negotiated after generating the quantum key, and the quantum key is obtained.

In an optional implementation manner, the method also includes:

Encryption is carried out to static signature data using the quantum key and generates encryption static signature data；

The encryption static signature data are sent to issuing bank's key management system by terminating machine, so that institute It states issuing bank's key management system and the encryption static signature data is decrypted using the quantum key, decrypted Static signature data afterwards, the static signature data of static signature data and preservation after verifying the decryption whether one It causes, if the static signature data after the decryption are consistent with the static signature data of preservation, it is determined that the smart card Correctly.

In an optional implementation manner, the method also includes:

Receive the first challenge data and encryption that issuing bank's key management system is sent by the terminating machine First challenge data, first challenge data are issuing bank's key management systems after determining that the smart card is correct It generates, the first challenge data of the encryption is that issuing bank's key management system uses described in quantum key encryption What the first challenge data generated；

The first challenge data of the encryption is decrypted using the quantum key, the first challenge number after being decrypted According to, whether the first challenge data and first challenge data after verifying the decryption are consistent, if after the decryption One challenge data is consistent with first challenge data, it is determined that issuing bank's key management system has legitimacy；

The second challenge data is generated, encrypts first challenge data and the second challenge data using the quantum key Generate encryption third challenge data；

The encryption third challenge data and second challenge data are sent to the hair by the terminating machine Block bank's key management system, so that issuing bank's key management system is using the quantum key to the encryption third Challenge data is decrypted, and the second challenge data after the first challenge data and decryption after being decrypted verifies the solution The first challenge data after close and the second challenge data after whether first challenge data consistent and the verification decryption It is whether consistent with second challenge data, if the first challenge data after the decryption is consistent with first challenge data And the second challenge data after the decryption is consistent with second challenge data, it is determined that the smart card is not forged.

In an optional implementation manner, the method also includes:

Authorization requests ciphertext ARQC is generated using the quantum key；

The ARQC is sent to issuing bank's key management system by the terminating machine, so that the issuing bank Key management system is close using the quantum if the ARQC is verified using ARQC described in the quantum key verification Key generates ARQC response message；

Receive the ARQC response message that issuing bank's key management system is sent by the terminating machine；

Using ARQC response message described in the quantum key verification, if the ARQC response message is verified, Determine that ARQC authorization identifying process is completed.

In an optional implementation manner, the method also includes:

After the completion of the ARQC authorization identifying process, if the data of the smart card need to update, the hair is received The data more new script for the encryption that card bank's key management system is sent by the terminating machine and the script integrality of encryption The script integrity verification information of verification information, the data of the encryption more new script and the encryption is by the hair fastener Bank's key management system is encrypted using the quantum key, the script integrity verification information be according to the data more What new script obtained；

In an optional implementation manner, the quantum key sending system is bank's card sending system or bank's quantum Key filling system.

Fourth aspect, present applicant proposes a kind of system for guaranteeing financial payment safety, the system comprises:

Issuing bank's key management system, quantum key sending system and smart card；

Issuing bank's key management system is led for negotiating generation quantum key with the quantum key sending system Parameter out；Quantum key is obtained from quantum key management system according to the quantum key derived parameter；

The quantum key sending system, for according to the quantum key derived parameter from quantum key management system System obtains the quantum key；

The smart card, for receiving the quantum key from the quantum key sending system；It is close that the quantum is written Key.

In an optional implementation manner,

The smart card is also used for the quantum key and carries out the static label of encryption generation encryption to static signature data The encryption static signature data are sent to issuing bank's key management system by terminating machine by name data；

Issuing bank's key management system is also used for the quantum key to the encryption static signature data Be decrypted, the static signature data after being decrypted, the static signature data and preservation after verifying the decryption it is described quiet Whether state signed data is consistent, if the static signature data after the decryption are consistent with the static signature data of preservation, Then determine that the smart card is correct.

In an optional implementation manner,

Issuing bank's key management system is also used to after determining that the smart card is correct, generates the first challenge number According to using the quantum key to encrypt first challenge data and generate the first challenge data of encryption；By the first challenge number Accordingly and the first challenge data of the encryption by the terminating machine is sent to the smart card；

The smart card is also used for the quantum key and the first challenge data of the encryption is decrypted, obtains The first challenge data after decryption, whether the first challenge data and first challenge data after verifying the decryption are consistent, If the first challenge data after the decryption is consistent with first challenge data, issuing bank's key management system is determined System has legitimacy；The second challenge data is generated, is chosen using quantum key encryption first challenge data and second Data of fighting generate encryption third challenge data；The encryption third challenge data and second challenge data are passed through described Terminating machine is sent to issuing bank's key management system；

Issuing bank's key management system is also used for the quantum key to the encryption third challenge data It is decrypted, the first challenge data after being decrypted and the second challenge data after decryption, the after verifying the decryption The second challenge data after whether one challenge data and first challenge data consistent and the verification decryption and described the Whether two challenge datas are consistent, if the solution consistent and described with first challenge data of the first challenge data after the decryption The second challenge data after close is consistent with second challenge data, it is determined that the smart card is not forged.

In an optional implementation manner,

The smart card is also used to generate authorization requests ciphertext ARQC using the quantum key；Pass through the terminating machine The ARQC is sent to issuing bank's key management system；

Issuing bank's key management system is also used to using ARQC described in the quantum key verification, if described ARQC is verified, and generates ARQC response message using the quantum key；It is sent by the terminating machine to the smart card The ARQC response message；

The smart card is also used to using ARQC response message described in the quantum key verification, if the ARQC is rung Information authentication is answered to pass through, it is determined that ARQC authorization identifying process is completed.

In an optional implementation manner,

Issuing bank's key management system, is also used to after the completion of the ARQC authorization identifying process, if described The data of smart card need to update, using the quantum key encryption data more new script and script integrity verification information, The script integrity verification information is obtained according to the data more new script；By the data of the encryption more new script with And the script integrity verification information of the encryption is sent to the smart card by the terminating machine；

The smart card, be also used to using the quantum key decrypt the encryption data more new script and it is described plus Close script integrity verification information, the script integrity verification letter after data more new script and decryption after being decrypted Breath, obtains the script integrity verification information using the more new script of the data after the decryption, if the script integrality Verification information is consistent with the script integrity verification information after the decryption, the data more new script after executing the decryption.

In an optional implementation manner, the quantum key sending system is bank's card sending system or bank's quantum Key filling system.

5th aspect, present applicant proposes a kind of device for guaranteeing financial payment safety, described device is applied to hair fastener Bank's key management system, described device include:

Negotiation element generates quantum key derived parameter for negotiating with quantum key sending system, so that the quantum Delivering key system obtains quantum key from quantum key management system according to the quantum key derived parameter, and the quantum is close Key sending system is also used to the quantum key being sent to smart card, so that the quantum key is written in the smart card；

Obtaining unit, for obtaining the amount from the quantum key management system according to the quantum key derived parameter Sub-key.

In an optional implementation manner, described device further include:

First receiving unit, the encryption static signature data sent for receiving the smart card by terminating machine are described Encrypting static signature data is generated after the smart card encrypts static signature data using the quantum key；

First verification unit is obtained for the encryption static signature data to be decrypted using the quantum key Static signature data after decryption, whether the static signature data of static signature data and preservation after verifying the decryption Unanimously, if the static signature data after the decryption are consistent with the static signature data of preservation, it is determined that the intelligence Card is correct.

In an optional implementation manner, described device further include:

Generation unit, for generating the first challenge data, using the quantum key after determining that the smart card is correct It encrypts first challenge data and generates the first challenge data of encryption；

First transmission unit, for first challenge data and the first challenge data of the encryption to be passed through the end Terminal is sent to the smart card, so that the smart card carries out the first challenge data of the encryption using the quantum key Decryption, the first challenge data after being decrypted, the first challenge data and first challenge data after verifying the decryption It is whether consistent, if the first challenge data after the decryption is consistent with first challenge data, the second challenge data is generated, First challenge data is encrypted using the quantum key and the second challenge data generates encryption third challenge data；

Second verification unit challenges number by the encryption third that the terminating machine is sent for receiving the smart card Accordingly and second challenge data, the encryption third challenge data is decrypted using the quantum key, is solved The first challenge data after close and the second challenge data after decryption, the first challenge data after verifying the decryption with it is described The second challenge data and second challenge data after whether the first challenge data consistent and the verification decryption whether one It causes, if the second challenge number after the decryption consistent and described with first challenge data of the first challenge data after the decryption According to consistent with second challenge data, it is determined that the smart card is not forged.

In an optional implementation manner, described device further include:

Second receiving unit, the authorization requests ciphertext ARQC sent for receiving the smart card by the terminating machine, The ARQC is generated using the quantum key；

Third verification unit, for utilizing ARQC described in the quantum key verification, if the ARQC is verified, benefit ARQC response message is generated with the quantum key；

Second transmission unit, for sending the ARQC response message to the smart card by the terminating machine, so that The smart card is using ARQC response message described in the quantum key verification, if the ARQC response message is verified, Then determine that ARQC authorization identifying process is completed.

In an optional implementation manner, described device further include:

Encryption unit is used for after the completion of the ARQC authorization identifying process, if the data of the smart card need more Newly, using the quantum key encryption data more new script and script integrity verification information, the script integrity verification Information is obtained according to the data more new script；

Third transmission unit, for by the script integrity verification of the data of the encryption more new script and the encryption Information is sent to the smart card by the terminating machine, so that the smart card decrypts the encryption using the quantum key Data more new script and the encryption script integrity verification information, data more new script and solution after being decrypted Script integrity verification information after close obtains the script integrity verification using the more new script of the data after the decryption and believes Breath, if the script integrity verification information is consistent with the script integrity verification information after the decryption, executes the solution Data more new script after close.

In an optional implementation manner, the quantum key sending system is bank's card sending system or bank's quantum Key filling system.

6th aspect, present applicant proposes a kind of device for guaranteeing financial payment safety, described device is applied to intelligence Card, described device include:

First receiving unit, for receiving quantum key, the quantum key sending system from quantum key sending system For with issuing bank's key management system negotiate generate quantum key derived parameter, according to the quantum key derived parameter from Quantum key management system obtains the quantum key, and issuing bank's key management system is used for according to the quantum key Derived parameter obtains the quantum key from the quantum key management system；

Writing unit, for the quantum key to be written.

In an optional implementation manner, described device further include:

Encryption unit generates encryption static signature number for carrying out encryption to static signature data using the quantum key According to；

First transmission unit, it is close for the encryption static signature data to be sent to the issuing bank by terminating machine Key management system, so that issuing bank's key management system is using the quantum key to the encryption static signature data Be decrypted, the static signature data after being decrypted, the static signature data and preservation after verifying the decryption it is described quiet Whether state signed data is consistent, if the static signature data after the decryption are consistent with the static signature data of preservation, Then determine that the smart card is correct.

In an optional implementation manner, described device further include:

Second receiving unit, first sent for receiving issuing bank's key management system by the terminating machine The first challenge data of challenge data and encryption, first challenge data is issuing bank's key management system in determination What the smart card correctly generated afterwards, the first challenge data of the encryption is described in issuing bank's key management system use Quantum key encrypts what first challenge data generated；

First verification unit is obtained for the first challenge data of the encryption to be decrypted using the quantum key The first challenge data after decryption, whether the first challenge data and first challenge data after verifying the decryption are consistent, If the first challenge data after the decryption is consistent with first challenge data, it is determined that issuing bank's key management System has legitimacy；

First generation unit encrypts the first challenge number using the quantum key for generating the second challenge data Accordingly and the second challenge data generates encryption third challenge data；

Second transmission unit, for the encryption third challenge data and second challenge data to be passed through the end Terminal is sent to issuing bank's key management system, so that issuing bank's key management system is close using the quantum The encryption third challenge data is decrypted in key, the second challenge after the first challenge data and decryption after being decrypted Data, whether the first challenge data and first challenge data after verifying the decryption are unanimously and after the verification decryption The second challenge data and second challenge data it is whether consistent, if the first challenge data after the decryption and described the The second challenge data after one challenge data is consistent and the decryption is consistent with second challenge data, it is determined that the intelligence Card is not forged.

In an optional implementation manner, described device further include:

Second generation unit, for generating authorization requests ciphertext ARQC using the quantum key；

Third transmission unit, for passing through the terminating machine to described in issuing bank's key management system transmission ARQC, so that issuing bank's key management system utilizes ARQC described in the quantum key verification, if the ARQC is tested Card passes through, and generates ARQC response message using the quantum key；

Third receiving unit, send for receiving issuing bank's key management system by the terminating machine described in ARQC response message；

Second verification unit, for utilizing ARQC response message described in the quantum key verification, if the ARQC is rung Information authentication is answered to pass through, it is determined that ARQC authorization identifying process is completed.

In an optional implementation manner, described device further include:

4th receiving unit is used for after the completion of the ARQC authorization identifying process, if the data of the smart card need Update, receive the encryption that issuing bank's key management system is sent by the terminating machine data more new script and The script integrity verification of the script integrity verification information of encryption, the data of the encryption more new script and the encryption is believed Breath is to be encrypted by issuing bank's key management system using the quantum key, the script integrity verification information It is to be obtained according to the data more new script；

Execution unit, for the smart card using the quantum key decrypt the encryption data more new script and The script integrity verification information of the encryption, the script integrality after data more new script and decryption after being decrypted are tested Information is demonstrate,proved, the script integrity verification information is obtained using the more new script of the data after the decryption, if the script is complete Integrity verification information is consistent with the script integrity verification information after the decryption, and the data after executing the decryption update foot This.

In an optional implementation manner, described device further include: the quantum key sending system is bank's hair fastener System or bank's quantum key filling system.

It can be seen that the embodiment of the present application has the following beneficial effects:

The embodiment of the present application is using quantum key instead of all kinds of digital certificates and master key in write-in smart card, amount Sub-key is generated by quantum key distribution equipment or quantum random number generator, can not eavesdrop, can not answer based on quantum techniques Principle processed, quantum key have high safety, greatly reduce the risk that the key in smart card is cracked；Simultaneously using amount Sub-key replaces original key to disperse generating mode, realizes that a real card one is close, dispersion relation is not present between key, no It will appear after single key is cracked and derive root key, thus appearance the case where influence global safety.Therefore, the application is real Applying example realizes the purpose for guaranteeing financial payment safety.

Detailed description of the invention

Fig. 1 is the method interaction diagrams of current smart card personalization；

Fig. 2 is the flow chart of current smart card concrete application process；

Fig. 3 is a kind of flow chart of embodiment of the method for guaranteeing financial payment safety provided by the embodiments of the present application；

Fig. 4 is a kind of interaction flow of embodiment of the method for guaranteeing financial payment safety provided by the embodiments of the present application Figure；

Fig. 5 is the interaction flow of another embodiment of the method for guaranteeing financial payment safety provided by the embodiments of the present application Figure；

Fig. 6 is the interaction flow that quantum key is applied to offline data certification in smart card provided by the embodiments of the present application Figure；

The interactive stream that quantum key is applied to online process in Fig. 7 smart card provided by the embodiments of the present application and script is handled Cheng Tu；

Fig. 8 is a kind of structural schematic diagram of system for guaranteeing financial payment safety provided by the embodiments of the present application；

Fig. 9 is a kind of schematic diagram of device for guaranteeing financial payment safety provided by the embodiments of the present application；

Figure 10 is the schematic diagram of another device for guaranteeing financial payment safety provided by the embodiments of the present application.

Specific embodiment

In order to make the above objects, features, and advantages of the present application more apparent, with reference to the accompanying drawing and it is specific real Mode is applied to be described in further detail the embodiment of the present application.

Technical solution provided by the present application in order to facilitate understanding below first carries out the research background of technical scheme Simple declaration.

In recent years, with the development of science and technology, the algorithm that financial payment is relied on is faced with increasing challenge.It is existing Some financial payment technical solutions are roughly divided into two parts, first is that smart card personalization；Second is that smart card concrete application, below This two parts content will be specifically introduced.In the embodiment of the present application, smart card can be IC (Integrated Circuit) all kinds of smart cards such as card.

Shown in Figure 1, it illustrates the method interaction diagrams of current smart card personalization.Wherein, smart card is personal The process of change is other than the essential information of write-in card, it is most important that all kinds of keys is written, to guarantee intelligent card payment Safety.The specific implementation process of smart card personalization may comprise steps of:

Step 101: during smart card personalization, the key management system of issuing bank firstly generates credit card issuer public affairs Key, credit card issuer private key, and credit card issuer public key is sent to authentication center.

Step 102: authentication center is as an authoritative institution, after receiving credit card issuer public key, utilizes authentication center's private Key signs to credit card issuer public key, generates credit card issuer public key certificate, and the credit card issuer public key certificate is sent to issuing bank Key management system.

Step 103: after issuing bank's key management system receives credit card issuer public key certificate, sending it to bank's hair fastener System, in order to which smart card is written in credit card issuer public key certificate by bank's card sending system.

Step 104: issuing bank's key management system generates smart card public key, smart card private key, and generates before use Credit card issuer private key signature smart card public key, generate intelligent card public key certificate, and by smart card private key and intelligent card public key certificate It is sent to bank's card sending system, in order to which smart card is written in smart card private key and intelligent card public key certificate by bank's card sending system.

Step 105: issuing bank's key management system generates credit card issuer application master key IMKac, credit card issuer MAC

(Message Authentication Code, message authentication code) master key IMKmac, credit card issuer data master key IMKenc。

Step 106: issuing bank's key management system utilizes generated hair fastener according to smart card information, such as card number Row disperses smart card out and answers using master key IMKac, credit card issuer MAC master key IMKmac, credit card issuer data master key IMKenc With master key MKac, smart card MAC master key MKmac, intelligent card data master key MKenc, and by smart card information, MKac, MKmac, MKenc are sent to bank's card sending system, in order to which bank's card sending system is written into smart card.

To realize smart card personalization, and in the process, all kinds of keys are written with for smart card, to guarantee intelligence The safety of payment can be blocked, that is, prepare for the certification and safety operation in the concrete application stage of subsequent smart card.

Shown in Figure 2, it illustrates the flow charts of current smart card concrete application process.Wherein, it is related to safe having Two processes, first is that offline data authenticates；Second is that online process and script handling procedure.

In the prior art, there are three types of form, static data certification, Dynamic Data Authentication and composite numbers for offline data certification According to certification, the process of static data certification can use terminating machine and obtain credit card issuer public key certificate from smart card, extensive by terminating machine Credit card issuer public key appear again to verify smart card static signature data；Dynamic Data Authentication increases on the basis of static data authenticates To the acts of authentication of smart card private key, and complex data certification then increases signed data on the basis of Dynamic Data Authentication It is compound with application cryptogram.The process of entire offline data certification mainly for authentication smart card correctness and validity, really The data for protecting smart card are not tampered with, while not being forged.

And during online process, smart card generates ARQC using application of IC cards session key SKac encryption (Authorisation Request Cryptogram, authorization requests ciphertext), application of IC cards session key SKac be by What MKac dispersed, it is decrypted by issuing bank's key management system and authenticates and reversely send ARPC (Authorisation Response Cryptogram, authorization response message) it is responded, ARPC is equally also encrypted using SKac, with realization pair The verifying of ARQC；In script handling procedure, issuing bank's key management system is when sending more new script to smart card, script Integrity verification information is encrypted using smart card MAC session key SKmac, and smart card MAC session key SKmac is by MKmac What dispersion obtained, and for example some sensitive datas of content for script, sensitive data such as PIN (Personal Identification Number, personal identification number), then use intelligent card data session key SKenc encipherment protection, intelligent card data session key SKenc is dispersed by MKenc.

By the description of above-mentioned two process it is found that smart card personalization process is for its subsequent concrete application stage What certification and safety operation were prepared, such as: correctness, the validity of smart card were written in smart card by the individualized stage The data combination asymmetric key algorithm such as digital certificate, all kinds of master keys solve, and specific trading processing, then by individual All kinds of master key combination symmetric key algorithms in change stage write-in smart card complete the processing finally traded.

As it can be seen that smart card is according to write-in all kinds of digital certificates therein and master key, to ensure specific finance at present Transaction application payment in safety, still, by it is above-mentioned to existing financial payment Technical Analysis it is found that write-in intelligence Master key in card is dispersed by the root key of issuing bank.With the promotion at full speed of computer capacity, especially measure The fast development of sub- computer, the calculating speed being exceedingly fast having can be realized to the digital certificate and master key in smart card Crack, once and the master key in smart card is cracked, it would be possible to cause the root key of issuing bank by it is further derive it is broken Solution, and then may cause a large amount of secrete key of smart card leakages, the coverage broken through is huge.

It is close by introducing quantum present applicant proposes a kind of method and system for guaranteeing financial payment safety based on this Key and its distribution mode, quantum key is written into smart card, provides for the personalization of smart card and concrete application more reliable Safety assurance, it is provided by the present application to be somebody's turn to do compared to traditional method that all kinds of digital certificates and master key are written into smart card Quantum key is written into smart card for method, and it is one close to realize a real card, and dispersion relation is not present between key, reduces Single-point breaks through caused damage range, also ensures the safety that key generates and distributes.

The method provided by the embodiments of the present application for guaranteeing financial payment safety is carried out specifically below with reference to attached drawing It is bright.Shown in Figure 3, it illustrates a kind of embodiments of the method for guaranteeing financial payment safety provided by the embodiments of the present application Flow chart, the present embodiment may comprise steps of:

Step 301: issuing bank's key management system and quantum key sending system are negotiated to generate quantum key export ginseng Number.

In practical applications, above-mentioned derived parameter is issuing bank's key management system and quantum key sending system from amount Sub-key management system obtains the foundation of quantum key, passes through the two and negotiates to generate derived parameter, it can be ensured that the two is from quantum The quantum key that key management system obtains is identical, to prepare for subsequent step.

Step 302: issuing bank's key management system is obtained according to quantum key derived parameter from quantum key management system Obtain quantum key.

Step 303: quantum key sending system is according to quantum key derived parameter from the quantum key management system amount of acquisition Sub-key.

Step 304: smart card receives quantum key from quantum key sending system.

Step 305: quantum key is written in smart card.

The embodiment of the present application issuing bank key management system and the realization of smart card are similar with subsequent embodiment, mutually speak on somebody's behalf Bright to may refer to subsequent embodiment, this will not be repeated here.

In the embodiment of the present application, quantum key can be through the first quantum key distribution equipment and the second quantum key Discharge device negotiates generation, is also possible to the quantum random number generated by quantum random number generator, and pass through both The quantum key that mode generates will be all stored in quantum key management system, in order to which other systems equipment is from quantum key Management system obtains required quantum key.Also, quantum key management system may exist different set-up modes.Such as it can To be set as the system equipment of an independent storage quantum key, it also can be set into two and store quantum key respectively and be Equipment of uniting etc..The application to this with no restriction.

Both different generating modes based on quantum key, below with reference to attached drawing to guarantor provided by the embodiments of the present application The method of card financial payment safety is described in detail.

Shown in Figure 4, it illustrates a kind of method for guaranteeing financial payment safety provided by the embodiments of the present application is real The interaction diagrams of example are applied, the present embodiment may comprise steps of:

Step 401: the first quantum key distribution equipment and the second quantum key distribution equipment negotiate to generate quantum key.

In practical applications, the embodiment of the present application is realized in the smart card personalization stage by quantum key distribution equipment The distribution of quantum key, and quantum key is written into smart card.In the process, it is set first by the first quantum key distribution Standby and the second quantum key distribution equipment negotiation generates quantum key.

Wherein, quantum key distribution refers to the key distribution technique based on quantum mechanics measuring principle, quantum key Distribution is to provide the shared key of unconditional security based on quantum physics and informatics to separate the user of two places, theoretical It is upper that there is unconditional safety, it is considered to be the highest cipher mode of safety.The embodiment of the present application is close by the first quantum The negotiation of key discharge device and the second quantum key distribution equipment generates one or more quantum keys.

Step 402: quantum key management system is in the first quantum key distribution equipment and the second quantum key distribution equipment Negotiate after generating quantum key, obtains the quantum key.

In practical applications, quantum key is uniformly stored in quantum key management system, and the first quantum is close as a result, Key discharge device and the second quantum key distribution equipment can send it to quantum key management after negotiating to generate quantum key System saves, in order to other equipment from quantum key management system obtain needed for quantum key.The quantum key management System can be an independent equipment, and it is close to be also possible to the quantum that two are stored the transmission of the first quantum key distribution equipment respectively The equipment for the quantum key that key and the second quantum key distribution equipment of storage are sent.

One kind being optionally achieved in that the first quantum key distribution equipment and the second quantum key distribution equipment are inherently It can be respectively set to the quantum key management system of storage quantum key, in order to which other equipment can be directly respectively from first Quantum key distribution equipment and the second quantum key distribution equipment get required quantum key.

Step 403: issuing bank's key management system and quantum key sending system are negotiated to generate the export of quantum key Parameter.

In practical applications, by the negotiation of the first quantum key distribution equipment and the second quantum key distribution equipment, One or more quantum keys are generated, and after quantum key generated is saved in quantum key management system, issuing bank Key management system obtains identical quantum key, issuing bank's key management system and amount with quantum key sending system Sub-key sending system need to generate quantum key derived parameter through consultation, and according to the derived parameter, respectively to corresponding amount Sub-key management system sends request, to obtain quantum key.In the concrete realization, issuing bank's key management system and quantum The process that delivering key system obtains quantum key may refer to step 404- step 408.

Step 404: issuing bank's key management system is according to the derived parameter of the quantum key of generation, to quantum key pipe Reason system sends the request for reading quantum key.

Step 405: quantum key management system is sent to issuing bank after being connected to the request, by the quantum key of storage Key management system, in order to which issuing bank's key management system is stored.

Step 406: correspondingly, quantum key sending system is similarly according to the derived parameter of the quantum key of generation, to Quantum key management system sends the request for reading quantum key,

Step 407: quantum key management system is sent to quantum key after being connected to the request, by the quantum key of storage Sending system.

Step 408: smart card is written in the quantum key received by quantum key sending system.

Shown in Figure 5, it illustrates another methods for guaranteeing financial payment safety provided by the embodiments of the present application The interaction diagrams of embodiment, the present embodiment may comprise steps of:

Step 501: quantum random number generator generates quantum random number.

In practical applications, the embodiment of the present application is generated in the smart card personalization stage by quantum random number generator Quantum random number as quantum key, and quantum key is written into smart card.In the process, random by quantum first The quantum random number that number generator generates is as quantum key, and it is close using the quantum random number as quantum key to be sent to quantum Key management system saves the quantum key convenient for it.

Step 502: quantum key management system receives and saves the quantum key of quantum random number generator transmission, that is, Quantum random number.

In practical applications, quantum key is uniformly stored in quantum key management system, as a result, quantum random number After generator generates quantum random number, that is, quantum key, quantum key management system can be sent it to save, in order to it He obtains required quantum key from quantum key management system at equipment.

One kind being optionally achieved in that quantum random number generator inherently can be set to the amount of storage quantum key Sub-key management system, in order to which other equipment can directly get required quantum key from quantum random number generator.

Step 503: issuing bank's key management system obtains quantum key；

In practical applications, issuing bank's key management system obtains quantum key from quantum key management system, that is, obtains Obtain quantum random number.

Step 504: quantum key sending system is then close by quantum after obtaining quantum key from quantum key management system Smart card is written in key.

In practical applications, quantum key sending system can be according to quantum key derived parameter, from quantum key management One or more quantum keys are got in system or quantum key sending system can be from issuing bank's key management system One or more quantum keys are obtained, but during smart card is written in quantum key, different modes, example can be taken Such as, a kind of optional embodiment is that a quantum key is only written in quantum key sending system into smart card, and utilizing should Quantum key replaces all kinds of digital certificates and master key being written in smart card in conventional method, to realize that smart card is subsequent Safety certification in offline data certification, online process and script handling procedure；Another optional embodiment is quantum Multiple quantum keys, such as 30 are written into smart card for delivering key system, and then in the subsequent off line number for realizing smart card In the safety certification process handled according to certification, online process and script, it is necessary to select one from this multiple quantum key A or multiple and different quantum key replaces all kinds of digital certificates and master key being written in smart card in conventional method respectively.

In some possible implementations of the application, smart card can be also used to delete used quantum key, I.e. in the safety certification process of the offline data certification of subsequent smart card, online process and script processing, use every time Quantum key is the quantum key having not been used in smart card, i.e., the quantum key used every time is all different, to protect The safety of smart card is demonstrate,proved.Accordingly, it is possible to the case where there are in smart card without available quantum key, for this purpose, in the application In embodiment, quantum key sending system can be bank's card sending system or bank's quantum key filling system, under for the first time When sending out smart card, bank's card sending system can be used to smart card quantum key, so that quantum key is written in smart card, when When in smart card without available quantum key, it is close to smart card quantum again that bank's quantum key filling system can be used Key, so that quantum key is written in smart card.

Based on the different generating mode of quantum key, the embodiment of the present application is from issuing bank's key management system, smart card Etc. different angles realize smart card be written into quantum key, ensure that the safety of financial payment.

In one possible implementation, the quantum key management system is used in the first quantum key distribution equipment Negotiate after generating quantum key with the second quantum key distribution equipment, obtains the quantum key.In alternatively possible realization In mode, the quantum key management system is used to generate quantum random number as quantum key in quantum random number generator Afterwards, the quantum key is obtained.

Based on the realization of issuing bank's key management system, in one possible implementation, issuing bank's key pipe Reason system and quantum key sending system are negotiated to generate quantum key derived parameter so that the quantum key sending system according to The quantum key derived parameter obtains the quantum key from quantum key management system, and the quantum key sending system is also For the quantum key to be sent to smart card, so that the quantum key is written in the smart card；

Quantum key is obtained from quantum key management system according to the quantum key derived parameter.

Optionally, the quantum key management system is used in the first quantum key distribution equipment and the second quantum key point It sends out equipment to negotiate after generating quantum key, obtains the quantum key.

Alternatively, the quantum key management system is used to generate quantum random number as quantum in quantum random number generator After key, the quantum key is obtained.

Realization based on smart card, in one possible implementation, smart card are received from quantum key sending system Quantum key, the quantum key sending system, which is used to negotiate to generate with issuing bank's key management system quantum key export, joins Number, obtains the quantum key from quantum key management system according to the quantum key derived parameter, the issuing bank is close Key management system is used to obtain quantum key from the quantum key management system according to the quantum key derived parameter；

The quantum key is written.

Alternatively, the quantum key management system is used to generate quantum random number as quantum in quantum random number generator After key, the quantum key is obtained.

To which the embodiment of the present application realizes smart card personalization, and in the process, and it is close to be written with quantum for smart card Key is based on quantum using quantum key instead of all kinds of digital certificates and master key that are written in smart card in conventional method Can not the eavesdropping of technology, can not replicating principle, greatly reduce the risk that the key in smart card is cracked；Quantum is used simultaneously Key replaces original key to disperse generating mode, and it is one close to realize a real card, dispersion relation is not present between key, no It will appear after single key is cracked and derive root key, thus appearance the case where influence global safety.Therefore, the application is real Applying example realizes the purpose for guaranteeing financial payment safety.

Through the foregoing embodiment it is found that quantum key can be not only written to smart card, smart card personalization is realized, and then also The quantum key be can use instead of all kinds of digital certificates and master key in smart card are written in conventional method, to realize intelligence The safety certification in subsequent offline data certification, online process and script handling procedure can be blocked, below to above-mentioned realization process It is specifically introduced.

Offline data is authenticated, main purpose is to verify the correctness and legitimacy of smart card, referring to Fig. 6 institute Show, it illustrates the interactive process signals that quantum key in smart card provided by the embodiments of the present application is applied to offline data certification Figure, may comprise steps of:

Step 601: smart card carries out encryption to static signature data using the quantum key of agreement and generates the static label of encryption Name data.

In the embodiment of the present application, during smart card is written in quantum key by quantum key sending system, to amount The number of sub-key is not restricted, that is to say, that it is close that quantum key sending system a quantum can be written into smart card Multiple quantum keys, such as 30 can also be written in key into smart card.

In practical applications, if a quantum key, intelligence is only written in quantum key sending system into smart card The quantum key that card is used with the agreement of issuing bank's key management system is the quantum key, can use the quantum key and adds Close static signature data, and the encryption static signature data are sent to issuing bank's key management system by terminating machine, with Convenient for the correctness of issuing bank's key management system confirmation smart card；If quantum key sending system is written into smart card Multiple quantum keys, then smart card needs to hold consultation with issuing bank key management system, keeps smart card close with issuing bank Key management system common choice from multiple quantum keys uses the quantum key of an agreement, and agreement can be used in smart card Quantum key encrypts static signature data, and the encryption static signature data are then sent to issuing bank's key by terminating machine Management system, in order to the correctness of issuing bank's key management system confirmation smart card.In the present embodiment, subsequent to be related to Quantum key all can be smart card and issuing bank's key management system reach an agreement on the quantum key used.

Step 602: issuing bank's key management system receives encryption static signature data, quiet to encrypting using quantum key State signed data is decrypted, the static signature data after being decrypted.

In practical applications, it is static to receive the encryption that smart card is sent by terminating machine for issuing bank's key management system After signed data, it is decrypted using quantum key, the static signature data after being decrypted.Wherein, terminating machine refers to It is unified into network with computer, and realizes the multi-functional terminal end of electronic transactions such as transferring accounts, such as POS (Point of by smart card Sale, point-of-sale terminal) machine etc..Issuing bank's key management system decrypted after static signature data after execute step 603.

Step 603: the static signature of static signature data and preservation after the verification decryption of issuing bank's key management system Whether data are consistent, if the static signature data after decryption are consistent with the static signature data of preservation, it is determined that smart card is just Really.

In practical applications, issuing bank's key management system will verify after the static signature data after being decrypted Whether it consistent with the static signature data of the smart card of preservation, if the two is consistent, illustrate data in smart card not by Modification, due to sending the side authenticated to issuing bank's key management system using quantum key encryption static signature Data Concurrent Formula, safety is high, if certification passes through, can confirm the correctness of smart card, may be used also in some possible implementations With executable step 604 in turn.

Step 604: issuing bank's key management system generates the first challenge data, encrypts this using quantum key and first chooses Data of fighting generate the first challenge data of encryption, then send out the first challenge data and the first challenge data of encryption by terminating machine It send to smart card.

In practical applications, issuing bank's key management system can continue to test after it confirmed the correctness of smart card Demonstrate,prove its legitimacy.Guarantee that the smart card is issued by quantum key sending system, genuine card, in verifying smart card During legitimacy, issuing bank's key management system firstly generates the first challenge data, for example, a random character string Then the either character string etc. that is arranged regularly encrypts first challenge data using quantum key, generate encryption the One challenge data, finally, the plaintext of the first challenge data of generation and the first challenge data of encryption are sent by terminating machine To smart card, in order to which smart card executes step 605.

Step 605: smart card will use quantum key to challenge encryption first after receiving the first challenge data of encryption Data are decrypted, the first challenge data after being decrypted, and then, execute step 606.

Step 606: smart card will utilize the first challenge data received after the first challenge data after being decrypted Plaintext, verification decryption after the first challenge data it is whether consistent with the plaintext of the first challenge data received, if decrypt The first challenge data afterwards is consistent with the plaintext of the first challenge data received, then can determine issuing bank's key management system It with legitimacy, and then gives a response, that is, generate the second challenge data, and then execute step 607.

Step 607: smart card encrypts the first challenge data and second after generating the second challenge data, using quantum key The data combination producing of challenge data encrypts third challenge data, and the encryption third challenge data of generation and second are challenged number It is sent to issuing bank's key management system according to by terminating machine, in order to which issuing bank's key management system executes step 608.

Step 608: after issuing bank's key management system receives encryption third challenge data and the second challenge data, school Test the legitimacy of confirmation smart card.

In practical applications, issuing bank's key management system receives encryption third challenge data and the second challenge data Afterwards, encryption third challenge data is decrypted using quantum key, after the first challenge data and decryption after being decrypted The second challenge data, then, the first challenge data after verifying the decryption therewith previous existence at the first challenge data whether one It causes, and verifies the second challenge data after decryption and whether the second challenge data for receiving is consistent, if first after decrypting Challenge data it is consistent with the first challenge data and decrypt after the second challenge data it is consistent with the second challenge data, it is determined that intelligently Card is not forged, that is, can confirm that the smart card has legitimacy.

In the present embodiment, in offline data verification process using quantum key realize to the correctness of smart card with The verifying of legitimacy, to ensure that the safety of smart card in offline data verification process.

Online process and script are handled, main purpose is that confirming whether the transaction of smart card progress authorizes passes through And in order to enable credit card issuer does not have to the i.e. changeable smart card personalization data of secondary hair fastener, for example, change smart card parameter, lock Fixed unlock, modification PIN etc..Shown in Figure 7, it illustrates quantum keys in smart card provided by the embodiments of the present application to be applied to The interactive process schematic diagram of online process and script processing, may comprise steps of:

Step 701: smart card and issuing bank's key management system negotiate the quantum key that selection is applied to online process.

In practical applications, if a quantum key, intelligence is only written in quantum key sending system into smart card Card can directly select the quantum key for online process with issuing bank's key management system；If quantum key sending system Multiple quantum keys are written into smart card, then smart card need to be negotiated with issuing bank's key management system, therefrom select one Or multiple quantum keys are used for online process, then, smart card executes step 702.In the present embodiment, the subsequent amount being related to Sub-key all can be smart card and issuing bank's key management system reach an agreement on the quantum key used.

Step 702: smart card generates authorization requests ciphertext ARQC using quantum key.

In practical applications, after choosing the quantum key applied to online process, smart card will use a certain be used for The quantum key of online process replaces SKac, generates authorization requests ciphertext ARQC, and wherein SKac refers to the application meeting of smart card Key is talked about, is dispersed by MKac and is obtained, be mainly used for the encryption and decryption of application cryptogram when online process, but its safety is inadequate, therefore Smart card replaces SKac to generate authorization requests ciphertext ARQC using quantum key, and sends it to issuing bank by terminating machine Key management system, in order to which issuing bank's key management system executes step 703.

Step 703: issuing bank's key management system is then utilized if the verification passes using quantum key verification ARQC Quantum key generates ARQC response message.

In practical applications, issuing bank's key management system is after authorized request ciphertext ARQC, using with intelligence Block the quantum key verification ARQC of agreement, if the verification passes, then generates ARQC response message using the quantum key, and pass through The ARQC response message is sent to smart card by terminating machine.So that smart card executes step 704.

Step 704: smart card utilizes quantum key verification ARQC response message, if correctly, it is determined that ARQC authorization is recognized Card passes through.

In practical applications, smart card is disappeared after receiving ARQC response message using quantum key verification ARQC response Breath, if ARQC response message is verified, it is determined that ARQC authorization identifying process is completed.

After the completion of ARQC authorization identifying process, if issuing bank's key management system judges that the data of smart card need It updates, then issuing bank's key management system will execute step 705, carry out subsequent script handling procedure.

Step 705: issuing bank's key management system is complete using quantum key encryption data more new script and script Property verification information, and the data of encryption more new script and the script integrity verification information of encryption are sent to by terminating machine Smart card, in order to which smart card executes step 706.

In practical applications, issuing bank's key management system utilizes quantum key encryption data more new script and script Integrity verification information, the script integrity verification information is obtained according to the data more new script, in practical application In, it can be and specific cryptographic Hash is generated according to data more new script, using the cryptographic Hash as script integrity verification information.Generation The intelligent card data session key SKenc for protecting content for script in conventional method and the content for ensuring script are replaced It is the smart card MAC session key SKmac being not tampered with, greatly improves the safety of encryption.

Step 706: smart card is in the data for receiving encryption more new script and the script integrity verification information of encryption Afterwards, it by using the script integrity verification information of the data more new script of quantum key decryption encryption and encryption, is decrypted Script integrity verification information after the more new script of data afterwards and decryption, obtains foot using the more new script of the data after decryption This integrity verification information executes if script integrity verification information is consistent with the script integrity verification information after decryption Data more new script after decryption.

In practical applications, smart card is in the data for receiving encryption more new script and the script integrity verification of encryption After information, SKenc and SKmac is replaced using quantum key, the script of the data more new script and encryption of decrypting encryption is complete Property verification information, data more new script after being decrypted and the script integrity verification information after decryption, after decryption Data more new script obtain specific cryptographic Hash as script integrity verification information, if script integrity verification information with Script integrity verification information after decryption is consistent, the data more new script after executing decryption.So that issuing bank is without secondary The change of data needs, such as change smart card card parameter, locking unlock, modification PIN can be realized in hair fastener.

From above embodiments it is found that ensure that individualized key point by using quantum key as individualized key data The safety of hair, it is close to be truly realized a card one, and dispersion relation is not present between key, it is therefore prevented that single key is cracked pusher Root key is exported, is occurred to influence global situation.

Shown in Figure 8, the application provides a kind of system embodiment for guaranteeing financial payment safety, may include:

Issuing bank's key management system 801, quantum key sending system 802 and smart card 803；

Issuing bank's key management system 801 generates quantum key for negotiating with quantum key sending system 802 Derived parameter；Quantum key is obtained from quantum key management system according to the quantum key derived parameter；

The quantum key sending system 802, for according to the quantum key derived parameter from the quantum key pipe Reason system obtains the quantum key；

Smart card 803, for receiving the quantum key from the quantum key sending system 802；The quantum is written Key.

In some possible implementations, the quantum key management system is used in the first quantum key distribution equipment Negotiate after generating quantum key with the second quantum key distribution equipment, obtains the quantum key.

In some possible implementations, the quantum key management system is used to generate in quantum random number generator After quantum random number is as quantum key, the quantum key is obtained.

In some possible implementations, the smart card 803 is also used for the quantum key to static signature Data carry out encryption and generate encryption static signature data, and the encryption static signature data are sent to the hair by terminating machine Block bank's key management system 801；

Issuing bank's key management system 801 is also used for the quantum key to the encryption static signature Data are decrypted, the static signature data after being decrypted, the institute of static signature data and preservation after verifying the decryption State whether static signature data are consistent, if the static signature data one of static signature data and preservation after the decryption It causes, it is determined that the smart card 803 is correct.

In some possible implementations, issuing bank's key management system 801 is also used to determining the intelligence Can block 803 it is correct after, generate the first challenge data, encrypt first challenge data using the quantum key and generate encryption the One challenge data；First challenge data and the first challenge data of the encryption are sent to by the terminating machine described Smart card 803；

The smart card 803 is also used for the quantum key and the first challenge data of the encryption is decrypted, obtains The first challenge data after to decryption, the first challenge data after verifying the decryption and first challenge data whether one It causes, if the first challenge data after the decryption is consistent with first challenge data, determines issuing bank's key pipe Reason system 801 has legitimacy；Generate the second challenge data, using the quantum key encrypt first challenge data and Second challenge data generates encryption third challenge data；The encryption third challenge data and second challenge data are led to It crosses the terminating machine and is sent to issuing bank's key management system 801；

Issuing bank's key management system 801 is also used for the quantum key to the encryption third challenge Data are decrypted, the second challenge data after the first challenge data and decryption after being decrypted, after verifying the decryption The first challenge data and the second challenge data and institute after whether first challenge data consistent and the verification decryption State whether the second challenge data is consistent, if the first challenge data after the decryption is consistent with first challenge data and institute The second challenge data after stating decryption is consistent with second challenge data, it is determined that the smart card 803 is not forged.

In some possible implementations, the smart card 803 is also used to generate authorization using the quantum key and ask Seek ciphertext ARQC；The ARQC is sent to issuing bank's key management system 801 by the terminating machine；

Issuing bank's key management system 801 is also used to using ARQC described in the quantum key verification, if institute It states ARQC to be verified, generates ARQC response message using the quantum key；By the terminating machine to the smart card 803 Send the ARQC response message；

The smart card 803 is also used to using ARQC response message described in the quantum key verification, if the ARQC Response message is verified, it is determined that ARQC authorization identifying process is completed.

In some possible implementations, issuing bank's key management system 801 is also used to authorize in ARQC and recognize After the completion of card process, if the data of the smart card 803 need to update, the quantum key encryption data more new script is used And script integrity verification information, the script integrity verification information are obtained according to the data more new script；It will The data of the encryption more new script and the script integrity verification information of the encryption are sent to institute by the terminating machine State smart card 803；

The smart card 803 is also used to decrypt data more new script and the institute of the encryption using the quantum key The script integrity verification information for stating encryption, the script integrity verification after data more new script and decryption after being decrypted Information obtains the script integrity verification information using the more new script of the data after the decryption, if the script is complete Property verification information is consistent with the script integrity verification information after the decryption, the data more new script after executing the decryption.

In some possible implementations, the quantum key sending system 802 is bank's card sending system or bank Quantum key filling system.

Shown in Figure 9, the embodiment of the present application also provides a kind of Installation practice for guaranteeing financial payment safety, the dress Setting embodiment can be applied to issuing bank's key management system, may include:

Negotiation element 901 generates quantum key derived parameter for negotiating with quantum key sending system, so that the amount Sub-key sending system obtains the quantum key from quantum key management system according to the quantum key derived parameter, described Quantum key sending system is also used to the quantum key being sent to smart card, so that the smart card write-in quantum is close Key；

Obtaining unit 902, it is close for obtaining quantum from quantum key management system according to the quantum key derived parameter Key.

In some possible implementations, the quantum key management system is used to generate in quantum random number generator After quantum random number is as quantum key, the quantum key is obtained.

In some possible implementations, described device further include:

Second receiving unit, the authorization requests ciphertext ARQC sent for receiving the smart card by the terminating machine, The ARQC is generated using the quantum key；

Third verification unit, for utilizing ARQC described in the quantum key verification, if the ARQC is verified, benefit ARQC response message is generated with the quantum key；

In some possible implementations, described device further include:

Encryption unit, for if the data of the smart card need to update, making after the completion of ARQC authorization identifying process With the quantum key encryption data more new script and script integrity verification information, the script integrity verification information is It is obtained according to the data more new script；

In some possible implementations, the quantum key sending system is bank's card sending system or bank's quantum Key filling system.

It is shown in Figure 10, it is real to show another device for guaranteeing financial payment safety provided by the embodiments of the present application Example is applied, which can be applied to smart card, may include:

First receiving unit 1001, for receiving quantum key from quantum key sending system, the quantum key is issued System is used to negotiate with issuing bank's key management system to generate quantum key derived parameter, is exported and is joined according to the quantum key Number obtains the quantum key from quantum key management system, and issuing bank's key management system is used for according to the quantum Key derived parameter obtains quantum key from the quantum key management system；

Writing unit 1002, for the quantum key to be written.

In some possible implementations, the quantum key management system is used to generate in quantum random number generator After quantum random number is as quantum key, the quantum key is obtained.

In some possible implementations, described device further include:

Encryption unit generates encryption static signature number for carrying out encryption to static signature data using the quantum key According to；

In some possible implementations, described device further include:

Second receiving unit, the first challenge sent for receiving issuing bank's key management system by terminating machine The first challenge data of data and encryption, first challenge data are issuing bank's key management systems described in the determination What smart card correctly generated afterwards, the first challenge data of the encryption is that issuing bank's key management system uses the quantum Key encrypts what first challenge data generated；

In some possible implementations, described device further include:

Second generation unit, for generating authorization requests ciphertext ARQC using the quantum key；

Third receiving unit, send for receiving issuing bank's key management system by the terminating machine described in ARQC response message；

In some possible implementations, described device further include:

4th receiving unit is used for after the completion of ARQC authorization identifying process, if the data of the smart card need more Newly, the data more new script and encryption of the encryption that issuing bank's key management system is sent by the terminating machine are received Script integrity verification information, the script integrity verification information of the data of the encryption more new script and the encryption is It is encrypted by issuing bank's key management system using the quantum key, the script integrity verification information is root It is obtained according to the data more new script；

In some possible implementations, the quantum key sending system is bank's card sending system or bank's quantum Key filling system.

In this way, the embodiment of the present application is close instead of all kinds of digital certificates and master being written in smart card using quantum key Key, quantum key are generated by quantum key distribution equipment or quantum random number generator, can not eavesdrop, no based on quantum techniques Reproducible principle, quantum key have high safety, greatly reduce the risk that the quantum key in smart card is cracked；Together Shi Caiyong quantum key disperses generating mode instead of original key, realizes that a real card one is close, there is no divide between key The relationship of dissipating is not in derive root key after single key is cracked, thus appearance the case where influence global safety.Cause This, the embodiment of the present application realizes the purpose for guaranteeing financial payment safety.

It should be noted that each embodiment in this specification is described in a progressive manner, each embodiment emphasis is said Bright is the difference from other embodiments, and the same or similar parts in each embodiment may refer to each other.For reality For applying system or device disclosed in example, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, phase Place is closed referring to method part illustration.

It should also be noted that, herein, relational terms such as first and second and the like are used merely to one Entity or operation are distinguished with another entity or operation, without necessarily requiring or implying between these entities or operation There are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant are intended to contain Lid non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.

The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of storage medium well known in field.

The foregoing description of the disclosed embodiments makes professional and technical personnel in the field can be realized or use the application. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the application.Therefore, the application It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

41页详细技术资料下载

A kind of method and system guaranteeing financial payment safety

相关技术

网友询问留言