CN1235317A - Universal payment coding system for bank - Google Patents
Universal payment coding system for bank Download PDFInfo
- Publication number
- CN1235317A CN1235317A CN 99107777 CN99107777A CN1235317A CN 1235317 A CN1235317 A CN 1235317A CN 99107777 CN99107777 CN 99107777 CN 99107777 A CN99107777 A CN 99107777A CN 1235317 A CN1235317 A CN 1235317A
- Authority
- CN
- China
- Prior art keywords
- card
- key
- certificate
- bank
- payment cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A payments cipher system universal to all banks in the same city features that payment encrypting machine authorized by the general headquarter of the People's bank of China is used in conjunction with both private and public keys. It is composed of of the distribution and management system for certificates authorized by the general headquarter, the management system for certificates authorized by city headquarter, the management system for branch banks in a city and the payment decrypting machine for user. Its advantages are high speed and safety and easy operation.
Description
The bank paying cryptographic system, or be called the bank electronic transaction system, belong to financial industry fund clearing electronization technical field.
At present, one of main mode of China's Financial industry capital settlement is the debit bill clearing, and the foundation of debit ticket payment is the unit's of affixing a seal to official seal and legal representative's name chapter.The gathering row must be submitted original document to paying bank, and it is right to carry out the artificial nucleus by paying bank, after confirming errorless and paying the bill, collects account and is of use.This artificial nucleus not only can not handle the debit bill in real time, and difficulty distinguishes the seal true and false to the mode of official seal, name chapter, often causes the generation of the cheated incident of fund.Thereby, in the last few years, begin one's study both at home and abroad and use the payment cipher technology, in China, the payment cipher technology that use various places roughly has four kinds of patterns, more representational is 1. Changsha pattern: the client buys a payment cipher base after bank's registration, with key elements such as the amount of money, date input scrambler, the password that produces is filled on the check when drawing a cheque, bank is calculated with same method, as conform to then payment.2. Qingdao pattern: the client reserves business entity, financial and accountancy personnel's password in bank earlier, when purchasing check, after bank's password check is errorless, once print the payment cipher of corresponding whole check, the client fills in corresponding password by the printed password list of bank when drawing a cheque.3. Anshan pattern: the client posts the magnetic check of magnetic stripe in advance in banker's buying rate payment cipher base and nominal value lower end, when drawing a cheque, check is streaked at payment cipher base paddle-tumble, information is recorded on the check magnetic stripe, beneficiary and bank carry out verification by scrambler to check.4. Dongguan pattern: adopt the IC-card mode, establish and be responsible for card, accounting card and purchasing agent's card, have three's password in the card, confirm its identity by card, thus the authenticity of indirect acknowledgment bill and validity.The problem that above-mentioned several modes exists is: 1, adopt single key cipher system, being that bank and client are common uses same key to calculate and checks, in case go wrong, responsibility can't be distinguished, 2, the cipher core parts do not separate with utensil, cryptographic algorithm leaves in the lower chip of security, and can't separate with support, payment cipher base complete machine is provided by manufacturer, bank and client worry, and 3, the standard disunity, technology is lack of standardization, a cover does separately to the public affairs system that circulates in each bank, the scrambler that each row is determined can't use by interdepartmental system, makes constituent parts have to open a bank account at Duo Jia, and buys a plurality of scramblers, be unfavorable for that financial and accountancy personnel operate and increase the weight of business burden, 4, the pseudo-close control parts of not setting up defences can't keep out that counterfeit and shoddy goods are sneaked into and hacker attacks, and 5, a little less than the adaptability, to " with no paper at all ", during " eCheck " transition, this utensil can only be scrapped.
The present invention is intended to invent a kind of universal payment coding system that is used for the city fund clearing, safe, adaptability is strong, standard is unified, technical manual, use the IC-card of unified distribution and the payment cipher base of producing by unified code requirement, the system for settling account of each producer can be constructed on it.
Universal payment coding system for bank comprises banking network system, clearance software systems, payment cipher base and some kinds of IC-cards that are used with the payment cipher base, and described IC-card is authorization identifying card, payment cipher card and electronic bill card,
The authorization identifying card is the IC-card that is used for the basic clearing key element of disburser's identity and payment behavior is authenticated and controls the use of payment cipher base that people head office allots, in the card there being essential information: is used for single key algorithm of authorization identifying, instruction, card number, the distribution of information of authorizing master key, the open key signature algorithm that calculates payment cipher being confirmed and differentiating
The payment cipher card is the IC-card that the client is used to note signing and has computing function, essential information in the card has: be used for single key algorithm of authorization identifying, open key signature algorithm, the algorithm of certifying signature, authorization identifying sub-key, the bank outlets of calculating payment cipher authenticate sub-key, user password sub-key, bank outlets' Personal Unlocking Key, payment cipher secret keys, the open key information of People's Bank of China's certificate management workstation, card number, distribution of information, client's essential information
The electronic bill card is an IC-card of depositing the electronic bill of signing and issuing, essential information in the card has: single key cryptographic algorithm of authorization identifying, authorization identifying sub-key, bank outlets authenticate sub-key, user password key, bank outlets' password Personal Unlocking Key, card number, customer information, ticket document, receipt file
Native system comprises following a few part: 1) industry root key generation system, specify by head office of the People's Bank (hereinafter to be referred as people head office) is inner that the special messenger is secret to finish, subordinate's key generates by higher level's key is discrete, 2) the authorization identifying card issuance management system of people head office, comprise security service, card distribution management, card file administration three parts, its security service module is called key schedule and is produced People's Bank of China's mandate master key, authorize People's Bank of China master key and payment cipher card card number to pass to the sub-key computing function, produce payment cipher card authentication sub-key, again authorization identifying card master key and electronic bill card card number are passed to the sub-key computing function, produce electronic bill card authentication sub-key, authorize master key, the authentication sub-key adopts single key cryptography scheme, its card distribution administration module calls the card number that the card number generating function generates various cards, and with the authorization identifying card, payment cipher card and electronic bill card are distributed to city People's Bank of China certificate management workstation.Its card module for managing files will be blocked Classification Management, but query statistic hair fastener situation, the true and false of identification card, authorization date, the term of validity, use region etc., 3) certificate management system of city People's Bank of China, comprise that security service, certificate management, card distribution management and bill receive service routine, its security service module adopts public-key cryptosystem, the rsa cryptosystem scheme, it is right that agreement people head office, bank outlets, client only have a pair of oneself PKI public-key cryptographic keys, open key is used for certifying signature, and secret keys is used for signature.Its certificate management comprises the application of certificate, upgrade, report the loss, reinstate, retransmit and inquiry, subsidiary functions such as statistics, its card distribution management is to sticking into capable application initializes, promptly set up the application card structure, write the application essential information, and block file administration, its bill receives service routine and is responsible for handling electronic bill that the client opens dials in to city liquidation center of People's Bank of China from the payment cipher base reception work, 4) certificate management system of bank outlets, comprise security service, certificate management and bill receive, its security service module, its algorithm is realized by a hardware encryption card that is inserted in the computing machine, its built-in rsa cryptosystem technology, the public-key cryptographic keys that produces site and client is right, to communication packet encryption/deciphering, certificate application information and clearance information are signed/verified, its certificate management comprises the application of certificate, upgrade, report the loss, reinstate, retransmit and inquiry, subsidiary functions such as statistics, its bill receives and comprises that payment cipher base and bill receive program, the payment cipher base has the authorization identifying card, authenticate mutually with the electronic bill card, the order of verification electronic bill bayonet socket, choose bill, the clearance that processing bill reception program is returned is receipt as a result, 5) client's payment cipher base system, comprise the payment cipher base, payment cipher card and electronic bill card, its payment cipher base are to cooperate the authorization identifying card to use, be used to sign and issue and check and accept the terminal device of electronic bill card.
The basic process of using native system to conclude the business is such, system relates to three kinds of IC-cards, promptly play the authorization identifying card of authentication role, the payment cipher card that is equivalent to digital signature, the electronic bill card that is equivalent to eCheck, at first, generate the mandate master key of three kinds of cards at people head office authorization identifying center, the authentication sub-key also produces card number, after the client obtains three kinds of cards by the card issuance system of people head office, during use, earlier the authorization identifying card is inserted the payment cipher base of its purchase, obtain authentication back (the payment cipher base of unauthenticated does not allow to use) in system, on the payment cipher base, payment cipher card and electronic bill card are write data, and pass through liquidation center's clearing of payment cipher base and city People's Bank of China, perhaps by bank outlets and the clearing of city liquidation center of People's Bank of China.Because the payment cipher base just can use after inserting the authorization identifying card, the authorization identifying card is provided by bank again, therefore, and can be effectively false proof.The payment cipher base of special development, its core component payment cipher card, electric check card and payment cipher base are pegged graft, and can separate, and production firm only provides payment cipher base bare machine, has improved security.System adopts single key, PKI and usefulness, and single key is used for people head office authorization identifying, and trade management is strengthened in the behavior of standard manufacturer; Public key system is used for certifying digital signature, promptly solves the safety certification problem of information, and the corresponding a pair of public-key cryptographic keys of each client is right---open key and secret keys, and bank only grasps open key, and the client grasps secret keys.In case occur divulging a secret, distinguish legal liabilities separately easily.Use native system, accelerated fund clearing effectively, and solved the safety issue of bill, can realize transition smoothly to " with no paper at all " and " eCheck " system.
Fig. 1 universal payment coding system for bank synoptic diagram
Fig. 2 universal payment coding system for bank functional block diagram
Fig. 3 authenticates the derivation method of sub-key left side
Fig. 4 authenticates the derivation method of sub-key right-hand part
Fig. 5 customer's certificate application process synoptic diagram
Fig. 6 bill receives the synoptic diagram that concerns of service routine and payment cipher base
Fig. 7 authorization identifying card verification process synoptic diagram
Fig. 8 issue of bill process synoptic diagram
Fig. 9 bill course of receiving synoptic diagram
Below in conjunction with description of drawings most preferred embodiment of the present invention.Referring to Fig. 1, banking network system is set up by various places People's Bank of China, and the clearance software systems are developed and put into operation, the new function that the blacking part provides for this payment coding system.
People head office authorization identifying card issuance management system, referring to Fig. 2,
1) security service module produces one and authorizes master key, and in certain operating period of people head office decision, it is unique authorizing master key, can only produce once;
2) for the authorization identifying card generates special-purpose unique card number, put on record, and mandate master key and card number are write the authorization identifying card, the authorization identifying card is distributed to city People's Bank of China certificate management workstation by the IC-card read write line;
3) for the payment cipher card generates special-purpose unique card number, put on record, and generate the authentication sub-key according to authorizing master key and card number to calculate, sub-key and card number are write the payment cipher card by the IC-card read write line together by security module;
4) for the electronic bill card generates special-purpose unique card number, put on record, and generate the authentication sub-key according to authorizing master key and card number to calculate, sub-key and card number are write the electronic bill card by the IC-card read write line together by security module;
5) payment cipher card that generates (authorization identifying) and electronic bill card are distributed to city People's Bank of China certificate management workstation.
The above-mentioned cryptographic algorithm that is used to authorize and authenticate adopt the approval of national password committee, People's Bank of China maintains secrecy and does single key cryptographic algorithm of approval.Authorize master key and authentication sub-key to use 16 byte keys.Authorize master key to produce by people head office is secret, the authentication sub-key generates by authorizing master key and client's card number to derive.Derivation method is referring to Fig. 3 and Fig. 4.
City People's Bank of China certificate management system receives service four parts by security service, certificate management, card distribution management and bill and forms as shown in Figure 2.One, the rsa cryptosystem scheme is adopted in the security service security service, arrange each entity (being city People's Bank of China certificate management workstation, bank outlets, client) and only have a pair of oneself key, open key is used for certifying signature, and secret keys is used for signature, and RSA adopts 1024 moulds long.Signature process is as follows: be the eap-message digest of 20 bytes with original text (native system is the signature key element) by compression algorithm 1,, if original text length is less than 20 bytes, behind original text, mend 0, make original text reach 20 bytes, and then be the eap-message digest of 20 bytes by compression algorithm; 2, with secret keys by signature algorithm to the eap-message digest computing of signing, obtain signature, signature length is 1024 3, it is as follows that original text and signature are passed to recipient's proof procedure: be the eap-message digest of 20 bytes by compression algorithm with the original text of receiving 1,, if original text length is less than 20 bytes, behind original text, mend 0, being that original text reaches 20 bytes, is being the eap-message digest of 20 bytes by compression algorithm then, 2, take out dispatch side's PKI from certificate repository by the dispatch square mark; 3, will the side's of dispatch PKI, eap-message digest and signature give the signature verification algorithm as input in the lump and verify; 4, checking is passed through, and message in-coming is described really from dispatch side, if not by checking, message in-coming system forgery or impaired in transport process is described then.The signature/verification of native system is used for following process: 1, customer's certificate application and management process 2, bill are signed and are tested process 3, bill clearing information transfer process.
Security server is a physical computer, the hardware that is the rsa cryptosystem technology is realized, be responsible for right generation and the storage of public-key cryptographic keys, the signature of clearance information and also computing here of checking, it calls to realize security function for clearance software and certificate management by a cover safe interface function.Interconnect in the express network mode between security server and the clearance server,, improve the overall performance of system to solve the bottleneck problem of network communication.Two, the certificate management system certificate management system is bank outlets and client's grant a certificate, and the management work of responsible certificate, native system is only established a certificate management workstation, it is city People's Bank of China certificate management workstation, the certificate of certificate management workstation is produced and is signed and issued by oneself, and is confirmed by law notarization or mode such as openly publish in the newspaper.Certificate management system comprises certificate management structure, certificate management functions, certificate format three parts.
(1) the certificate management structure is as follows: city People's Bank of China certificate management workstation (CA): CA is set up by city People's Bank of China and safeguards, is responsible for bank outlets and the client issues certificate, and the certificate of CA is distributed to the site, and CA preserves all site certificate and customer's certificate.Bank outlets: be responsible for own and the client to produce public-key cryptographic keys right, and for own and client apply for certificate, the site only is kept at the certificate of the customer's certificate, this site certificate and the CA that open an account this site.The client: the client must have the legal account of bank outlets or carry legal testimonial material and open an account to the site, carries legal testimonial material and handles key generation and certificate request to the site.
(2) certificate management functions as shown in Figure 2,
Certificate issuance is used for native system when using first signing and issuing of various certificates and signing and issuing of new account customer's certificate.In native system, signing and issuing all of all certificates signed and issued by city People's Bank of China certificate management workstation (CA), and the mode of signing and issuing of certificate has artificial transmission and network to transmit two kinds.As shown in Figure 5, customer's certificate to sign and issue process as follows:
1, carries legal testimonial material to the commercial bank site of opening an account
2, the testimonial material that the client provides is verified in the site
3, the site is right for the client produces public-key cryptographic keys by security service module
4, the site forms the certificate request book with client's PKI and customer information, after the signature, sends to CA by bank network;
5, CA receives and checking customer's certificate application form, checks the validity of clients' accounts, simultaneously this customer's certificate is kept in the customer's certificate storehouse of CA;
6, after customer's certificate and checking are received in the site, deposit customer's certificate in local certificate repository.
7, the site writes client's payment cipher card immediately to the certificate of client's secret keys, CA and out of Memory, hands over the client to take back, the do not detain a guest payment cipher at family of site.The site certificate to sign and issue process as follows:
1, the site is right by the public-key cryptographic keys that security service module produces the site
2, the site key is kept at place of safety (in encrypted card);
3, the site is sent the special messenger or by network this site PKI and related credentials application material is delivered to the certificate management workstation CA of city People's Bank of China;
4, the legitimacy of CA checking site;
5, CA is that the site produces the site certificate, and the signature back is given special messenger that send the site certificate of certificate, CA together and taken back, or gives notice by network, deposits the site certificate in the CA certificate storehouse simultaneously;
6, after the site obtains CA certificate, deposit the certificate of this site, the certificate of CA the certificate repository of this site in.CA certificate is signed and issued by oneself, and process is as follows:
1, to produce a pair of PKI by security server right for CA;
2, CA is kept at secret keys in the security server;
3, CA is own Generate Certificate, and the secret keys of using oneself is the certificate signature, the certificate of CA is deposited in the certificate repository of CA
4, city People's Bank of China certificate management workstation is confirmed CA certificate by law notarization or mode such as openly publish in the newspaper.All certificates of certificate update are answered regular update, and the cycle of renewal is by city People's Bank of China decision, its process with sign and issue similar process.Certificate is reported the loss certificate and is reported the loss reporting the loss of finger customer's certificate, is accepted to bank of deposit site by the client, and process is as follows:
1, the client carries effective testimonial material, to client bank of deposit site,
2, the testimonial material that the client provides is verified in the site,
3, the site generates customer's certificate and reports the loss application form, and the signature back sends to CA by bank network,
4, CA acceptance and checking customer's certificate are reported the loss application form, form certificate and report the loss the approval receipt, issue the site after the signature, write the certificate repository of reporting the loss of CA simultaneously, and the state of revising this certificate in the CA certificate storehouse is for reporting the loss state;
5, the site receives and the checking receipt, writes this locality and reports the loss certificate repository, and the state of revising this certificate in the local certificate repository is for reporting the loss state;
6, the site is opened certificate to the client and is reported the loss proof, hands over the client to take back.The certificate reinstate refers to the reinstate of customer's certificate, and reinstate reason such as is given for change by client's payment cipher card and cause that the certificate reinstate must be handled in certificate is reported the loss the term of validity, exceeds the time limit and must retransmit by the application certificate.Process is as follows:
1, the client carries certificate that bank outlets open and reports the loss proof and valid certificates material to client bank of deposit site;
2, the testimonial material that the client provides is verified in the site;
3, the site generates customer's certificate reinstate application form, and the signature back sends to CA by bank network;
4, CA receives and checking customer's certificate reinstate application form, forms certificate reinstate approval receipt, issues the site after the signature, and certificate repository is reported the loss in the modification that writes CA simultaneously, and the state of this certificate is an effective status in the replacement CA certificate storehouse;
5, the site receives and the checking receipt, revises this locality and reports the loss certificate repository, and the state of this certificate is an effective status in the local certificate repository of resetting;
6, the site is regained certificate to the client and is reported the loss proof, notifies the client reinstate.
Certificate is retransmitted the repeating transmission that refers to customer's certificate, and process is as follows:
1, the client carries certificate that bank outlets open and reports the loss proof and valid certificates material to client bank of deposit site;
2, the testimonial material that the client provides is verified in the site;
3, certificate repository is reported the loss in the site inquiry, examines this customer's certificate and reports the loss;
4, the site is right for the client produces public-key cryptographic keys by security module;
5, the site writes the certificate of client's secret keys, CA and other information client's payment cipher card friendship client immediately;
6, the site generates customer's certificate and retransmits application form, and the signature back sends to CA by bank network;
7, CA receives and the checking customer's certificate is retransmitted application form, produces new customer's certificate, issues the application site after the signature, and simultaneously, certificate repository is reported the loss in the CA modification, changes this client's old certificate over to the inefficacy certificate repository, and new authentication is write the CA certificate storehouse;
8, the site receives and the checking customer's certificate, revises this locality and reports the loss certificate repository, changes old customer's certificate over to the inefficacy certificate repository, deposits new customer's certificate in local certificate repository;
9, the site is regained certificate to the client and is reported the loss proof, notifies the client to retransmit.
Subsidiary function comprises work such as the inquiry, statistics of all kinds of certificates
(3) certificate format
Three, card distribution management at first is after application initializes city People's Bank of China certificate management workstation is reclaimed payment cipher card and electric check card from people head office, payment cipher card and electronic bill are sticked into capable application initializes work, set up the application card structure, write and use essential information etc., after finishing, take away by each bank outlets, finally issue.Three, bill receives the electronic bill that the service routine client opens and can dial in to city liquidation center by PSTN from the payment cipher base, bill by liquidation center receives the service routine reception and submits clearance to, and the relation of bill reception server and payment cipher base as shown in Figure 6.Bill receives the processing procedure of service routine and describes:
| Title | Describe |
| Version | Certificate version number |
| Sequence number | CA gives unique sequence number of certificate |
| Signature algorithm | The algorithm that definition is used to sign |
| Signature | Certificate signature |
| The person of signing and issuing | The title of CA |
| The term of validity | Validity period of certificate (from date) |
| The term of validity | Validity period of certificate (date of expiry) |
| Organization | Customer name |
| Bank of deposit | Bank of deposit's code of client |
| Account number | Client's account No. |
| Public key algorithm | The algorithm that PKI uses is described |
| PKI | The PKI content |
1, receives the bill that the payment cipher base transmits from PORT COM;
2, send bill to the payment cipher base and received information;
3, number be key assignments inquiry bill clearing state repository with the account number of bill and bill;
If 4 exist information, illustrate that this bill has been submitted to clear that information extraction forms receipt, issues the payment cipher base after the signature, and disconnect communication and connect;
5, if there is no information, explanation is the bill of submitting to first;
6, bill is submitted to clearance software, carry out bill clearing by clearance software;
7, the bill clearing state repository of cyclic query liquidation center;
8, extract the clearance object information from the clearance state repository;
9, will clear object information and form receipt, with liquidation center's key signature;
10, will send to the payment cipher base that is in waiting status with the receipt of liquidation center's signature;
11, disconnection is connected with communication between the payment cipher base.The certificate management system of bank outlets as shown in Figure 2, comprises that security service and bill receive.One, security service because three work such as security algorithm, certificate management, card distribution management are closely related, is managed so concentrate on security service module in the system of bank outlets.The security algorithm of bank outlets is realized by a hardware encryption card that is inserted in the computing machine, its built-in rsa cryptosystem technology, provide a cover safe interface function for calling on software, the safe interface function is identical with the interface function that the security server of liquidation center provides, and acts on as follows:
1, generation site and client's public-key cryptographic keys is right;
2, the encrypt/decrypt of communication bag;
3, the signature/checking of certificate request information;
4, the signature/checking of clearance information;
The certificate management collaborative work of the certificate management of certificate management site and liquidation center, finish certificate application, sign and issue, upgrade, report the loss, work such as reinstate, repeating transmission.
Card distribution managing customer card is reclaimed from city People's Bank of China certificate management workstation by the site, and the client blocks two kinds of branch payment password card and electric check cards, and each client must have a payment cipher card and one or several electronic bill cards.
The final form of card customization card distribution is the customization work of card, is finished when the client applies for certificate by the site, and process is as follows;
1, the client holds effective testimonial material and applies for customer's certificate to bank of deposit;
2, the testimonial material that the client provides is verified in the site;
3, the site generates payment cipher for the client, and to CA application certificate;
4, clientization work is done to payment cipher card and electronic bill card in the site, as writes client and bank's essential information etc., and can password be set by curstomer`s site;
5, the site writes the payment cipher card to payment cipher, CA certificate;
6, giving the client with payment cipher card and electronic bill card takes back.Two, bill receives the bill that the client signs and issues with the payment cipher base and all exists in the electronic bill card, holds when doing shopping, and the seller may not possess the ability by the online clearance of payment cipher base, can arrive bank outlets and handle payment.The site is equipped with the bill receiving system and handles this type of demand.
The bill receiving system of site is made up of payment cipher base and bill reception program.
Payment cipher base processing procedure is as follows;
1, etc. is inserted into the electronic bill card;
2, authenticate mutually with the electronic bill card;
3, checking electronic bill bayonet socket order;
4, choose the bill that is used for this payment;
5, bill data is sent to bill and receive program;
6, wait for that bill receives the clearance result of program;
7, receive receipt after, in the electronic bill card, write down receipt;
8, revise the state of selected bill, withdraw from.
The processing procedure that bill receives program is as follows:
1, waits for that the payment cipher base sends data;
2, read the bill that the payment cipher base is sent;
3, bill is submitted to the clearance service routine of site;
4, the bill clearing state repository of cyclic query site;
5, extract the clearance result from the bill clearing state repository;
6, will clear the result forms receipt and sends to the payment cipher base that is in waiting status;
7, get back to waiting status.
Payment cipher base system such as Fig. 2 of client, client is made up of payment cipher base system, payment cipher card and electronic bill card.Each client must have a payment cipher card and at least one electronic bill card, but not necessarily has the payment cipher base.The payment cipher card and the electronic bill that do not have the client of payment cipher base can carry oneself snap into the client who has the payment cipher base and go to sign the ticket checking certificate there, also can be directly to the site, use the payment cipher base of site to sign the ticket checking certificate.The payment cipher base is a common apparatus that has the authorization identifying card, and any client can carry out signing and issuing and checking and accepting of electronic bill with it, signs and issues and check and accept the online and two kinds of patterns of off line of branch.
The bill that the online mode client uses the payment cipher base to sign and issue or to check and accept directly sends to the bill reception service routine of liquidation center by dialing, receive service routine by bill and directly submit clearance to, the clearance of payment cipher base wait liquidation center is receipt as a result, verify and receipt is recorded in the electronic bill card, on-line mode can be considered as directly initiating bill clearing by the client.
During the offline mode issuance of a note, the client uses the payment cipher base that the bill of signing and issuing is deposited in the electronic bill card, taking the electronic bill card goes out shopping or handles payment to the site, when checking and accepting bill, if beneficiary does not have the payment cipher base, beneficiary can play the site with paying party one and handle payment, if beneficiary has the payment cipher base, beneficiary is checked and accepted the bill of paying party by the payment cipher base, and the bill of checking and accepting write in the electronic bill card of beneficiary, handle payment afterwards to the site or submit to and clear by the payment cipher base.
The composition of payment cipher base comprises storer, display unit, IC-card read-write interface, modulator-demodular unit, print module, keyboard, cooperate the use of authorization identifying card, payment cipher card and electronic bill card, have functions such as authorization identifying, issue of bill, bill examination, bill inquiry, bill submission, auxiliary management.
Authorization identifying refers to authorization identifying card in the payment cipher base and the authentication between client's payment cipher card and the electronic bill card; effect is to guarantee that payment cipher card and electronic bill card that the client uses must be the cards of authorizing distribution through people head office; after having only authentication to pass through; just can carry out other processing; verification process as shown in Figure 7; there is the mandate master key in the authorization identifying card; every client's card (payment cipher card; the electronic bill card) all has on by the authorization identifying sub-key of authorizing master key to calculate according to card number; because card number is unique; authentication sub-key on every card all is different; therefore; during each the authentication; authorization identifying card scene according to card number evaluation work key (being the authorization identifying sub-key) after again with card authentication; like this; what the verification process of every card used is different authenticate keys, thus the safety of key in the protection card effectively.
Issue of bill issue of bill people must hold the payment cipher card, so that bill is signed.In signing and issuing process, each plug-in card all will be through customary verification process, can continue after authentication is passed through.The kind of bill has multiple, as: check for transfer, limited check, cash on bank etc., the typing process of bill should be a definable process, supports various places bill kind and ticket contents.When validation of payment password card and electronic bill bayonet socket make, only allow to input by mistake continuously three times, surpass three cards and be automatically locked, do not allow to try again, must carry out release to the site, the disposition of card authentication password is identical in other processing procedure.The basic process of issue of bill as shown in Figure 8.
After bill examination beneficiary is received the electronic bill of paying party, can be directly check and accept and submit to liquidation center's clearance, also can will be used for paying the electronic bill card that changes oneself after the electronic bill check of this fund in the paying party electronic bill card by the payment cipher base by the payment cipher base.Basic process as shown in Figure 9.
The bill inquiry is used for all bills (comprising the bill of oneself signing and issuing and checking and accepting paying party) of the own electronic bill card of inquiry on the payment cipher base; Bill query processing process is as follows:
1, in the payment cipher base, inserts the electronic bill card;
2, payment cipher base authentication electronic bill card;
3, payment cipher base checking electronic bill bayonet socket order;
4, list the bill number of all bills in the electronic bill card;
5, the client chooses bill number;
6, the payment cipher base extracts the ticket contents that the client chooses and browses for the client;
7, browse finish after, withdraw from.
Bill is submitted to and is used for submitting unliquidated bill to by the payment cipher base, unliquidated bill is included in the bill of not submitting to liquidation center by phone dialing mode at that time in issue of bill or the examination, though and submitted to liquidation center, do not receive the bill of liquidation center's receipt owing to communication fault or other reason.For first kind of situation, processing procedure is as follows:
1, in the payment cipher base, inserts the electronic bill card;
2, payment cipher base authentication electronic bill card;
3, payment cipher base checking electronic bill bayonet socket order;
4, list the bill number of effects not cleared in the electronic bill card;
5, the client chooses bill number;
6, the payment cipher base extracts the ticket contents that the client chooses and browses for the client;
7, payment cipher base prompting client confirms to submit to clearance;
8, the payment cipher base is set up communication by dialing with liquidation center and is connected;
9, the bill that the client is selected sends to liquidation center;
10, wait for the receipt of liquidation center;
11, the receipt of checking liquidation center;
12, in the electronic bill card, write down receipt.
13, withdraw from
Bill for second kind of situation is submitted to, and the processing procedure of processing procedure and first kind of situation is just the same, and just the processing of liquidation center is had any different.After liquidation center receives bill, be unique key assignments retrieval clearance state repository with account number and check number at first, if there is information, then proposition information forms receipt, issues the payment cipher base after the signature, if there is not information, then clears by normal submission program.
Auxiliary management comprises that change payment cipher bayonet socket make, change that the electronic bill bayonet socket makes, the setting of payment cipher base date, liquidation center's telephone number setting, bill arrangement etc., and it is as follows to change the process that the payment cipher bayonet socket makes:
1, in the payment cipher base, inserts the payment cipher card;
2, payment cipher base authentication payment cipher card;
3, payment cipher base validation of payment password bayonet socket order;
4, two all over enter new password;
Whether 5, check the content of twice input consistent;
6, inconsistent, the change failure is withdrawed from;
7, unanimity is sent out the password change instruction to the payment cipher card;
8, correctly return, withdraw from.
The process of change electronic bill bayonet socket order is as follows:
1, in the payment cipher base, inserts the electronic bill card;
2, payment cipher base authentication electronic bill card;
3, payment cipher base checking electronic bill bayonet socket order;
Whether 4, check the content of twice input consistent;
5, inconsistent, the change failure is withdrawed from;
6, unanimity is sent out the password update instruction to the electronic bill card;
7, correctly return, withdraw from.
Native system is applicable to business and the administrative authority thereof that all need in the whole nation or the unified certification management is carried out in domestic certain region, for example, and the management of draft anti-tamper security, national stock exchange transaction management, departments such as property tax, electric power, customs, post and telecommunications, public security.
Claims (6)
1, universal payment coding system for bank, comprise banking network system, clearance software systems, payment cipher base and some kinds of IC-cards that are used with the payment cipher base, it is characterized in that, described payment cipher base comprises demonstration, keyboard, IC-card read-write interface, communication interface, printing interface, described IC-card is authorization identifying card, payment cipher card and electronic bill card, these three kinds are blocked when using and the grafting of payment cipher base
The authorization identifying card is the IC-card that is used for the basic clearing key element of disburser's identity and payment behavior is authenticated and controls the use of payment cipher base that people head office allots,
The payment cipher card is the IC-card that the client is used to note signing and has computing function,
The electronic bill card is an IC-card of depositing the electronic bill of signing and issuing,
The composition of native system comprises following a few part:
1) industry root key generation system specifies by head office of the People's Bank is inner that the special messenger is secret to finish, and subordinate's key generates by higher level's key is discrete,
2) the authorization identifying card issuance management system of people head office, comprise security service, card distribution management, card file administration three parts, its security service module is called key schedule and is produced People's Bank of China's mandate master key, authorize People's Bank of China master key and payment cipher card card number to pass to the sub-key computing function, produce payment cipher card authentication sub-key, again authorization identifying card master key and electronic bill card card number are passed to the sub-key computing function, produce electronic bill card authentication sub-key, authorize master key, the authentication sub-key adopts single key cryptography scheme, its card distribution administration module calls the card number that the card number generating function generates various cards, and with the authorization identifying card, payment cipher card and electronic bill card are distributed to city liquidation center of People's Bank of China.Its card module for managing files will be blocked Classification Management, but query statistic hair fastener situation, the true and false of identification card, authorization date, the term of validity, use region etc.,
3) certificate management system of city People's Bank of China, comprise that security service, certificate management, card distribution management and bill receive service routine, its security service module adopts public-key cryptosystem, the rsa cryptosystem scheme, it is right that agreement people head office, bank outlets, client only have a pair of oneself public-key cryptographic keys, open key is used for certifying signature, and secret keys is used for signature.Its certificate management comprise certificate application, upgrade, report the loss, subsidiary function such as reinstate, repeating transmission and inquiry, statistics, its card distribution management is to sticking into capable application initializes, promptly set up the application card structure, write the application essential information, and block file administration, its bill receives service routine and is responsible for handling electronic bill that the client opens dials in to city liquidation center of People's Bank of China from the payment cipher base reception work
4) certificate management system of bank outlets, comprise security service, certificate management and bill receive, its security service module, its algorithm is realized by a hardware encryption card that is inserted in the computing machine, its built-in rsa cryptosystem technology, the key that produces site and client is right, to communication packet encryption/deciphering, certificate application information and clearance information are signed/verified, its certificate management comprises the application of certificate, upgrade, report the loss, reinstate, retransmit and inquiry, subsidiary functions such as statistics, its bill receives and comprises that payment cipher base and bill receive program, and the payment cipher base has the authorization identifying card, authenticates mutually with the electronic bill card, the order of verification electronic bill bayonet socket, choose bill, the clearance that processing bill reception program is returned is receipt as a result
5) client's payment cipher base system comprises payment cipher base, payment cipher card and electronic bill card, and its payment cipher base is to cooperate the authorization identifying card to use, be used to sign and issue and check and accept the terminal device of electronic bill card.
2, universal payment coding system for bank according to claim 1, it is characterized in that, in the described authorization identifying card there being essential information: is used for single key algorithm of authorization identifying, instruction, card number, the distribution of information of authorizing master key, the open key signature algorithm that calculates payment cipher being confirmed and differentiating
3, universal payment coding system for bank according to claim 2, it is characterized in that, in the described payment cipher card there being essential information: is used for single key algorithm of authorization identifying, open key signature algorithm, the algorithm of certifying signature, authorization identifying sub-key, the bank outlets of calculating payment cipher authenticate sub-key, user password sub-key, bank outlets' Personal Unlocking Key, payment cipher secret keys, the open key information of liquidation center of People's Bank of China, card number, distribution of information, client's essential information
4, universal payment coding system for bank according to claim 3, it is characterized in that, essential information in the described electronic bill card has: single key cryptographic algorithm of authorization identifying, authorization identifying sub-key, bank outlets authenticate sub-key, user password key, bank outlets' password Personal Unlocking Key, card number, customer information, ticket document, receipt file
5, universal payment coding system for bank according to claim 4, it is characterized in that, the structure of described certificate management is, the certificate management workstation of city People's Bank of China is that bank outlets and client issue certificate, and preserve all site certificate and customer's certificate, bank outlets be responsible for own and the client to produce key right, and be that oneself and client apply for certificate, the certificate of customer's certificate, this site certificate and the city People's Bank of China certificate management workstation of opening an account this site is preserved in the site, the client is with legal testimonial material to open an account to the site, handles key and generates and certificate request.
6, universal payment coding system for bank according to claim 5, it is characterized in that the form of described certificate comprises certificate version number, sequence number, signature algorithm, certificate signature, the person of signing and issuing, validity period of certificate, customer name, bank of deposit's Routing Number, account number, public key algorithm, PKI.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 99107777 CN1110003C (en) | 1999-05-31 | 1999-05-31 | Universal payment coding system for bank |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 99107777 CN1110003C (en) | 1999-05-31 | 1999-05-31 | Universal payment coding system for bank |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1235317A true CN1235317A (en) | 1999-11-17 |
| CN1110003C CN1110003C (en) | 2003-05-28 |
Family
ID=5272928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 99107777 Expired - Lifetime CN1110003C (en) | 1999-05-31 | 1999-05-31 | Universal payment coding system for bank |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1110003C (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1293482C (en) * | 2000-04-06 | 2007-01-03 | 索尼公司 | Storage area dividing method for portable device |
| CN1302430C (en) * | 2003-06-24 | 2007-02-28 | 深圳达实智能股份有限公司 | Intelligent card-card-secret method and system |
| CN100335985C (en) * | 2001-12-17 | 2007-09-05 | 英特尔公司 | Connectinmg a virtual token to a physical token |
| CN100362508C (en) * | 2002-10-01 | 2008-01-16 | 株式会社Ntt都科摩 | Vertification and payment method, device and operation method of its system and its component |
| CN100425018C (en) * | 2004-09-08 | 2008-10-08 | 中国工商银行股份有限公司 | Dynamic encrypting device in network and its password identification method |
| CN1838187B (en) * | 2006-04-29 | 2010-07-21 | 北京飞天诚信科技有限公司 | Implementation method for applying bank car to identity authentication |
| CN102968865A (en) * | 2012-11-23 | 2013-03-13 | 广州易联商业服务有限公司 | Authentication method and system for mobile payment |
| CN103178963A (en) * | 2001-07-16 | 2013-06-26 | 捷讯研究有限公司 | System and method for supporting multiple certificate authorities on a mobile communication device |
| CN107483185A (en) * | 2017-07-25 | 2017-12-15 | 贵州眯果创意科技有限公司 | A kind of mobile terminal PSAM card paying systems based on safe key |
| CN108198332A (en) * | 2018-01-16 | 2018-06-22 | 飞天诚信科技股份有限公司 | A kind of method and apparatus for reducing financial transaction risk |
-
1999
- 1999-05-31 CN CN 99107777 patent/CN1110003C/en not_active Expired - Lifetime
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1293482C (en) * | 2000-04-06 | 2007-01-03 | 索尼公司 | Storage area dividing method for portable device |
| CN103178963A (en) * | 2001-07-16 | 2013-06-26 | 捷讯研究有限公司 | System and method for supporting multiple certificate authorities on a mobile communication device |
| CN100335985C (en) * | 2001-12-17 | 2007-09-05 | 英特尔公司 | Connectinmg a virtual token to a physical token |
| CN100362508C (en) * | 2002-10-01 | 2008-01-16 | 株式会社Ntt都科摩 | Vertification and payment method, device and operation method of its system and its component |
| CN1302430C (en) * | 2003-06-24 | 2007-02-28 | 深圳达实智能股份有限公司 | Intelligent card-card-secret method and system |
| CN100425018C (en) * | 2004-09-08 | 2008-10-08 | 中国工商银行股份有限公司 | Dynamic encrypting device in network and its password identification method |
| CN1838187B (en) * | 2006-04-29 | 2010-07-21 | 北京飞天诚信科技有限公司 | Implementation method for applying bank car to identity authentication |
| CN102968865A (en) * | 2012-11-23 | 2013-03-13 | 广州易联商业服务有限公司 | Authentication method and system for mobile payment |
| CN102968865B (en) * | 2012-11-23 | 2016-08-31 | 易联支付有限公司 | The authentication method of a kind of mobile payment and system |
| CN107483185A (en) * | 2017-07-25 | 2017-12-15 | 贵州眯果创意科技有限公司 | A kind of mobile terminal PSAM card paying systems based on safe key |
| CN108198332A (en) * | 2018-01-16 | 2018-06-22 | 飞天诚信科技股份有限公司 | A kind of method and apparatus for reducing financial transaction risk |
| CN108198332B (en) * | 2018-01-16 | 2019-10-08 | 飞天诚信科技股份有限公司 | A kind of method and apparatus reducing financial transaction risk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1110003C (en) | 2003-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1271485C (en) | Device and method for proceeding encryption and identification of network bank data | |
| CN1155919C (en) | Transaction method carried out with a mobile apparatus | |
| CN1302406A (en) | Method and system for secure transactions in computer system | |
| CN1858793A (en) | Electronic contract managing system operation platform | |
| CN102306328B (en) | Device and system for manufacturing bank card | |
| US20040068470A1 (en) | Distributing public keys | |
| CN1266520A (en) | Secure transaction system | |
| CN1928907A (en) | Method, system and device for transaction payment using mobile terminal equipment | |
| WO2018133674A1 (en) | Method of verifying and feeding back bank payment permission authentication information | |
| CN1561498A (en) | Apparatus, method and system for payment using mobile device | |
| CN1926567A (en) | Systems and methods for conducting secure payment transactions using a formatted data structure | |
| CN101034449A (en) | Method, system and mobile terminal for implementing electronic payment | |
| CN1744135A (en) | Electronic evidence realizing method and device | |
| CN1565117A (en) | Data certification method and apparatus | |
| CN1831865A (en) | Electronic bank safety authorization system and method based on CPK | |
| CN1304602A (en) | Cryptographic system and method for electronic transactions | |
| CN1574740A (en) | Personal authentication device and method thereof | |
| CN101043337A (en) | Interactive process for content class service | |
| CN1255762C (en) | Document transmitting system and method | |
| CN1434963A (en) | Method for carrying out votes, referendums and polls and system for the implementation thereof | |
| CN1110003C (en) | Universal payment coding system for bank | |
| CN1697376A (en) | Method and system for authenticating or enciphering data by using IC card | |
| KR100468031B1 (en) | Publication and settlement of account for an electronic check | |
| CN112419021B (en) | Electronic invoice verification method, system, storage medium, computer equipment and terminal | |
| CN1601490A (en) | Information security authentication and method for its encrypting device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1044420 Country of ref document: HK |
|
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20030528 |