200929032 九、發明說明 .【發明所屬之技術領域】 本發明涉及資料處理領域,尤其涉及利用包含IC卡 的身分證進行交易的支付系統及方法。 【先前技術】 由於現金交易存在攜帶不方便、安全性低等缺陷,所 _ 以銀行卡被廣泛地應用在各種交易場合,因此越來越多的 Ο 人習慣採用銀行卡進行消費。請參閱圖1,其爲現.有的一 種利用銀行卡進行交易的系統的原理框圖。它包括用於讀 取銀行卡資訊的終端1 3、商戶子系統1 2和收單子系統1 1。 -商戶子系統11包括伺服器和若干用戶端,用戶端連接終端 •,商戶子系統12的伺服器通過專線連接收單行的收單子系 統11。當收單行不是發卡行時,還需要通過銀聯的跨行交 易子系統連接發卡行的發卡子系統。 0 當用戶利用銀行卡進行消費時,終端(如收銀機等)先 通過能否讀取銀行卡來識別銀行卡的真僞,然後用戶端再 將用戶輸入的表徵用戶身分的身分資訊、銀行卡卡號資訊 以及本次交易的交易資訊傳送至商戶子系統12的伺服器; 隨後商戶子系統12的伺服器將該些資訊傳送至收單子系統 11;若收單行是發卡行,則收單子系統直接處理此交易, 否則通過跨行父易子系統發送至發卡行處理。發卡子系糸充 利用銀行卡卡號資訊和身分資訊驗證此用戶的身分,若身 分驗證通過,則對該卡號對應的帳戶進行扣款處理,並將 -4 - 200929032 扣款處理結果返回,否則返回身分驗證不通過資訊。 戶子系統1 2接收到扣款處理成功的消息後,商戶可以 費者在簽購單上簽名確認。 上述公開的是現有技術中最常見的一種交易過程 這種過程下,存在以下缺陷: 在整個交易過程,利用”帳戶名+密碼”以及銀行 完成整個交易過程的身分認證。現有技術通常通過I 如POS機、ATM機)能否讀取銀行卡來識別銀行卡的 存在很大的風險。現有的銀行卡採用磁條卡技術製成 仿造難度低,很容易被仿造。爲此,目前提出了銀行 智慧卡替代磁條卡的方案。比如,採用EMV技術製 智慧卡。EMV是由歐陸 Europay、萬事達 Master、 Visa等三大國際銀行卡組織共同發起制定的一項智賽 銀行卡技術標準,該標準要求銀行卡CPU晶片要具 立運算、加解密和儲存能力,從而達到更高的安全性 是,銀行卡從磁條卡向智慧卡轉換過程中,成本非常 一張智慧卡幾十塊的成本,並且P0S機、ATM機要 該智慧卡就要對其進行改造需要大量成本。即使花費 的人力和物力完成銀行卡從磁條卡向智慧卡的轉換, ,由於巨大的利益存在,不法分子還是能夠僞造出相 智慧卡。也就是說,通過ATM機、POS機等終端能 取銀行卡只能簡單判斷銀行卡是否是僞卡’根本無法 所述銀行卡是否是用戶本人使用由金融機構頒發的銀 。若不法分子獲得用戶資訊(如密碼)後’由於沒有其 當商 讓消 ,在 卡來 冬端( 真僞 的, 卡由 成的 維薩 I 1C 有獨 。但 高: 讀取 大量 但是 應的 否讀 證實 行卡 他可 200929032 行性強的驗證用戶身分的手段,還是容易造成用戶或商戶 財務上的損失。從另一個角度來說,銀行卡從磁條卡向智 慧卡轉換不是一朝一夕的,在這過程中,更需要有其他可 行性強的驗證用戶身分的手段來進一步保證交易的安全性 〇 也就是說,現有技術中當ATM機、POS機接收到用 戶輸入的帳戶密碼及讀取銀行卡的銀行帳戶後’通常僅對 帳戶密碼進行加密後傳送,而銀行帳戶、交易金額等都是 採用明文方式進行傳送。不法分子利用不法手段得到帳戶 密碼後,很容易獲取銀行帳戶等資訊,進而給真正的用戶 造成財產上的損失,大大降低銀行交易的安全性。 【發明內容】 本發明的目的在於提供一種利用包含1C卡的身分證 進行交易的支付系統及方法,以解決現有技術利用銀行卡 進行交易安全性不高的技術問題。 爲了達到上述目的,本發明提供了 一種利用包含1C 卡的身分證進行交易的支付系統,包括受理機具、中間平 台和發卡子系統,所述受理機具包括身分證讀卡器、輸入 單元、輸出單元、加密器、處理器、通信單元,其中, 身分證讀卡器,用於讀取至少包含用戶身分證號的用 戶身分資訊; 輸入單元,用於接收外部輸入的資訊:接收商戶輸入 的交易金額、接收用戶輸入的帳戶密碼或者接收用戶輸 -6 - 200929032 入的帳戶密碼及用戶選定的發卡行資訊; 輸出單元’用於將本次交易結果進行輸出; 處理器’用於將所述輸入單元發送的資訊傳送至加密 器,以及將通信單元回饋的處理結果傳送至輸出單元; 加密器,第一加密器、第二加密器和第三加密器,所 述第一加密器用於將用戶身分資訊用預先設定的第一加密 密鑰加密,所述第二加密器用於將帳戶密碼用所述發卡行 對應的銀行加密密鑰進行加密或者帳戶密碼用第三方提供 的銀行加密密鑰進行加密,所述第三加密器用於將消費金 額用預先設定的第一加密密鑰加密: 通信單元,用於建立與中間平台的交互:將加密後的 資訊傳送至中間平台以及將中間平台傳送的處理結果返回 至處理器; 中間平台,包括包含解密單元的第二處理器和通信介 面, 解密單元’用於使用第一加密密鎗對應的第一解密密 鑰解密所述加密資訊; 第二處理器’用於保存所述解密後的資訊,並將包含 所述解密後資訊和加密的銀行帳戶的交易資訊發送至發卡 子系統’以及將發卡子系統返回的處理結果進行保存後返 回; 通信介面,分別建立與受理機具、發卡子系統之間的 通信; 發卡子系統’若交易資訊未包含銀行帳號,則查找所 200929032 述用戶身分證號對應的銀行帳號,核對解密後的帳戶密碼 ’處理所述交易並將交易處理結果返回。 所述身分證讀卡器包括控制器,且 第一加密器作爲一軟體模組整合在所述控制器上,第 二加密器和第三加密器作爲軟體模組整合在處理器上,或 者 第一加密器和第三加密器作爲軟體模組整合在控制器 0 上’所述第二加密器作爲軟體模組整合在處理器上,或者 所述第一加密器、第二加密器和第三加密器作爲軟體 模組整合在所述控制器上。 輸入單元、輸出單元、處理器和通信單元設置在一電 腦終端’身分證讀卡器和電腦終端分別通過設置在本端的 介面進行互連。 加密器爲一單獨設備,加密器和電腦終端通過設置在 本端的介面進行互連’加密器和身分證讀卡器通過設置在 Q 本端的介面進行互連。 所述第二處理器還包括銀行帳戶獲取單元和資料庫儲 存單兀’所述資料庫儲存單元儲存用戶的身分證號與銀行 帳戶的對應關係,所述銀行帳戶獲取單元用於找到解密後 的身分證號對應的銀行帳戶’並將所述銀行帳戶作爲交易 資訊的一組成部分傳送至所述發卡子系統。 中間平台和發卡子系統上分別設置有第三加/解密單 兀和第四加/解密單元,所述第三加/解密單元用於發送資 訊至發卡子系統之前運用預先保存的與該發卡行約定的密 -8- 200929032 •鑰進行加密,以及在接收到發卡子系統發送的資訊後用預 _ 先保存的與該發卡行約定的密鑰進行解密,所述第四力口/ 解密單元,用於發送資訊至中間平台之前運用預先保存的 密鑰進行加密,以及接收資訊後運用對應的密鑰進行解密 〇 所述處理器還包括API介面,用於建立商戶與中間平 台的銜接:從受理機具上獲得包括用戶身分證號的用戶身 U 分資訊和/或輸入訂單金額。 所述通信單元和通信介面爲支援固定電話、各種網路 撥號方式的數據機或直接通過區域網路與對端連接的專用 i阜。 本發明還提供了一種利用包含1C卡的身分證進行交 易的支付方法,包括: (1)身分證讀卡器讀出包含用戶身分證號的用戶身分 資訊; Q (2)將用戶身分資訊和包含商戶輸入的交易金額、用 戶輸入的帳號密碼加密後,傳送至中間平台; (3) 中間平台解密接收到的資訊,並將包括身分證資 訊、帳號密碼、交易金額的交易資訊傳送至對應的發卡子 系統; (4) 若交易資訊未包含銀行帳號,則發卡子系統查找 所述用戶身分證號對應的銀行帳號,核對解密後的帳戶密 碼,處理所述交易並將交易處理結果返回。 步驟(1)之前還包括:預先在中間平台上儲存用戶的 Ο ❹ 200929032 身分證號與銀行帳戶的對應關係; 平台解密出用戶身分證號’若能找至 應的銀行帳戶,則將所述銀行帳戶竹 部分傳送至所述發卡子系統。 步驟(2)中加密進一步爲:將交 訊用預先設定的第一加密密鑰加密公 發卡行對應的銀行加密密鑰或者由舞 密鑰進行加密。 步驟(3 )中間平台解密接收到的 中間平台使用第一加密密鑰對應的凳 加密資訊,並保存解密後的資訊;Ί 戶密碼,則將加密後的帳戶密碼作f 交易資訊。 步驟(4)還包括,發卡子系統查 對應的銀行帳號,若該發卡行中同-銀行帳號,則支付失敗並提示至中間 對應用於支付的銀行帳號。 與現有技術相比,本發明利用包 第二代身分證)進行消費交易,避免 少了制卡的成本,而且利用現有第二 、普及等特點進行消費交易,降低域 具體說,本發明可以通過下述 安全性: 步驟(3)還包括:中間 [J解密後的身分證號對 Ξ爲交易資訊的一組成 易金額和用戶身分資 (及 帳戶密碼用所述 I三方提供的銀行加密 資訊進一步爲:所述 $ —解密密鑰解密所述 ^解密資訊中未包含帳 !發送至發卡子系統的 找所述用戶身分證號 身分證號碼對應多個 Ϊ平台要求用戶設定一 〖含1C卡的身分證(如 使用銀行卡,不僅減 :代身分證加密效果佳 S本投入且安全係數高 L段來提高支付過程的 -10- 200929032 -首先’本發明在支付初期,通過身分證來直接驗證支 .付者的身分。當身分證與消費者明顯不符時,可以直接拒 絕消費者的支付,由此提高支付過程的安全性。 其次’本發明在支付過程中,消費者無需提供銀行卡 的銀行帳號,即使不法分子能夠截獲支付過程中商戶至中 間平台的交易資料,但是由於其不能獲得銀行帳號,因此 不能僞造銀行卡,不容易給客戶造成損失。 U 然後,本發明在支付過程中,銀行密碼可以採用安全 係數較高的數位證書的方式進行加解密,從而保證整個交 易過程中,銀行密碼的安全性,從而也保證了支付過程的 安全性。 最後’本發明的用戶身分資訊在身分證讀卡器中被解 密讀出後’可以直接用與中間平台約定的第一加密密鑰進 行加密,避免在商戶端用戶身分資訊被篡改。用戶輸入的 帳戶密碼用相應的第三方提供或銀行提供的銀行加密密鑰 Q 進行加密,這樣’只有銀行端才能解密對應的帳戶密碼, 通過這種方式’能夠保證用戶身分資訊和帳戶密碼等重要 資訊不被洩露,從而保證了交易過程的安全性。 【實施方式】 以下結合附圖,具體說明本發明。 本發明的核心在於:本發明利用包含1C卡的身分證( 如第一代身分證)進行消費父易,並結合銀行卡一起使用 ’能夠利用現有的第二代身分證加密效果佳、普及等特點 -11 - 200929032 -進行消費交易’並且在整個交易過程中用密鑰來進一步加 - 強通信過程中的安全,而且利用現有第二代身分證加密效 果佳、普及等特點進行消費交易,降低成本投入且安全係 數高。 相比與第一代身分證,第二代身分證的安全防僞性 能提局。第二代身分證是由9層構成的,最外面的這兩層 記載的是個人的身分資訊,列印上去的。還有一層叫做配 U 平層’防止靜電’在這層上可以看到長城烽火台圖案和“ 中國CHINA”的防僞膜,有橘黃色的、綠色的防僞標誌, 是一個比較先進的技術。這層有一個1C晶片,長8毫米, 寬5毫米’厚度0.4毫米,有兩根天線,一圈都是線圈,主 要是爲了避免洩漏個人資訊,但是可以通過專門讀卡器能 夠閱讀出個人資訊。所以,新一代的身分證從安全性能方 面來講,主要是兩個方面的防僞措施,一個是數位防僞措 施’就是把個人的資訊寫入晶片,採用數位加密的辦法。 Q —個地區—個密碼、每個公民擁有一個密碼。防僞技術是 我們國家自己硏製的,安全性非常高。另一個是印刷防僞 技術’印刷層圖案兩面都有。印刷的防僞技術採取了很多 措施’由於採用了數位防僞措施、印刷防僞措施,所以安 全性得到了大大提高。並且,隨著現有的第二代身分證的 出現’用於讀取第二代身分證的讀卡器也相應的出現。爲 了提高安全性,現有讀卡器是由國家公安部門單獨硏製, 由其提供給與其簽約的第三方。 請參閱圖2,其爲本發明的一種利用包含1C卡的身分 -12- 200929032 .證進行交易的支付系統的結構原理圖。它包括若干受理機 • 具1、中間平台2和若干發卡子系統3。每—受理機具1表示 一商戶。 以下先介紹本發明的受理機具。 請參閱圖3’其爲本發明第一種受理機具的原理結構 圖。所述受理機具包括身分證讀卡器22、輸入單元23、輸 出單元24、處理器21、通信單元25,其中, & 身分證讀卡器22,用於讀取用戶身分證上至少包含用 戶身分證號的用戶身分資訊。 身分證讀卡器22即採用前述提及的第二代身分證資訊 的讀取裝置’用於讀取用戶身分證上的1C卡上的內容。 該身分證讀卡器22主要包括天線221、RF模組222和控制 器223。天線221連接RF模組222,RF模組222連接控制器 223’天線221和RF模組222主要用於接收身分證上的身 分資訊。即RF模組222不斷發出一個固定頻率的電磁場 0 激發信號’當某一身分證靠近身分證讀卡器時,身分證上 的線圈在該電磁場激發信號的感應產生出微弱的電流,作 爲身分證上1C晶片的電源,而該身分證上的1C晶片內貯 存有經過加密的用戶身分資訊,身分證上的晶片在該電磁 場激發信號的作用下,能將該晶片內貯存的加密的用戶身 分資訊回饋至身分證讀卡器22,身分證讀卡器22的天線 22 1和RF模組222接收到加密的用戶身分資訊後,經過控 制器223解密後可以獲得用戶身分證上的用戶身分資訊。 控制器223目前是由公安部指定的十家廠家生產提供。該 -13- 200929032 控制器2 2 3上設置有安全控制模組S A Μ,用於解密接收到 的經加密處理的用戶身分資訊。 本發明可以在控制器223上設置一加密器,所述加密 器包括第一加密器224、第二加密器225和第三加密器226 ,所述第一加密器224用於將用戶身分資訊用預先設定的 第一加密密鑰加密,所述第二加密器225用於將帳戶密碼 用所述發卡行對應的銀行加密密鑰進行加密或者帳戶密碼 用第三方提供的銀行加密密鑰進行加密,第三加密器226 用於將交易金額用預先設定的第一加密密鑰加密。 加密器也可以將帳戶密碼用第三方提供的銀行加密密 鑰進行加密,並且第三方還將對應的銀行解密密鑰發送至 簽約的合作銀行,各個合作銀行的銀行解密密鑰可以是不 相同的,也可以是相同的,但是各個合作銀行採用接收到 的銀行解密密鑰都能解密出帳戶密碼。 加密器通常採用後兩種方式進行加密,第一加密密鑰 是中間平台與各家商戶約定的,用於中間平台與各家商戶 之間的安全通信。所述中間平台爲受理機具與各家銀行之 間通信的一平台。受理機具不直接與各家銀行建立連接, 它是通過中間平台進行與各家銀行的通信。每一第一加密 密鎗在中間平台上設置有對應的解密密鑰。若第一加密密 鑰採用是私鑰,則第一加密密鑰可以用來標識受理機具, 即每一第一加密密鑰對應一受理機具’當中間平台接收到 由受理機具發送的加密資訊時’通常加密的第一加密密鑰 找到對應的解密密鑰,並且保存該第一加密密鑰解密出來 -14- 200929032 的資訊,是後續中間平台能夠和各家受理機具、發卡行結 算的參考。 第一加密器224作爲一軟體模組整合在所述控制器上 ,第二加密器225和第三加密器226作爲軟體模組整合在處 理器上(圖3 a所示)。此時,中間平台給出的第一加密密鑰 分別預先設置在控制器和處理器上,則銀行加密密鑰只需 要設置在處理器上。第一加密器將用戶身分資訊用第一加 密密鑰加密後傳送至處理器,處理器的第二加密密鑰加密 帳戶密鑰,第三加密密鑰用第一加密密鑰加密消費金額後 ’再將所述資訊通過預先設定的格式通過通信單元進行發 送。 或者,第一加密器224和第三加密器226作爲軟體模組 整合在控制器上,所述第二加密器225作爲軟體模組整合 在處理器上(圖3 b所示)。此時,中間平台給出的第一加密 密鑰只需要預無設置在控制器上,銀行加密密鑰設置在處 理器上。當處理器接收到商戶輸入的金額後,將之傳送至 控制器,通過控制器上的第三加密器進行加密。控制器上 將加密後的用戶身分資訊和消費金額傳送至處理器,以便 處理器將經第二加密器加密的帳戶密碼和控制器上傳送的 加密資訊按預先設定的格式通過通信單元進行發送。 或者,所述第一加密器224、第二加密器225和第三加 密器226作爲軟體模組整合在所述控制器上(圖3c所示)。 此時,第一加密密鑰和銀行加密密鑰都可預先設定在控制 器上,當處理器接收到用戶輸入的帳戶密碼、商戶輸入的 -15- 200929032 交易金額等都輸入至控制器上,以便其加密,加密後的資 訊返回至處理器,由處理器通過通信單元進行發送。 輸入單元23,用於接收外部輸入的資訊··接收商戶輸 入的交易金額、接收用戶輸入的帳戶密碼或者接收用戶輸 入的帳戶密碼及用戶選定的發卡行資訊。輸入單元23可以 爲鍵盤、觸摸屏等。通常情況下,輸入單元23需要接收用 戶輸入的帳戶密碼、發卡行資訊和商戶輸入的交易金額。 用戶輸入的帳戶密碼用用戶選定發卡行對應的銀行加密密 鑰進行加密。 輸出單元24,用於將本次交易結果進行輸出。輸出單 元24包括顯示幕、印表機等。用於將本次交易結果輸出, 以便商戶和用戶能夠從扣款是否成功來確定本次交易是否 成功,並且若不成功,是由於何種原因帶來交易不成功等 。另外,輸出單元24可以將交易結果列印出來,做爲本次 交易的憑證。 處理器21,分別連接輸入單元23、輸出單元24和控制 器223,用於控制交易過程中商戶的各項操作,包括將所 述輸入單元23發送的資訊傳入至加密器224,將加密器224 加密後的資料傳送至通信單元25,以及將通信單元25回饋 的處理結果傳送至輸出單元24。處理器21可以採用現有的 可編程邏輯器件。比如,處理器採用單片機,如89S 52、 80C52、8752等51系列的單片機或其他型號的單片機或微 處理器。 處理器21可以接收身分證讀卡器22發送的用戶身分證 -16- 200929032 號和用戶姓名等,並通過輸出單元25將該些資訊進行顯示 。 當身分證讀卡器22讀取身分證時,無任何機讀資訊顯 示或機讀圖片資訊無法顯示,則表明該身分證爲假卡,可 拒絕此次交易。另外’商戶的工作人員在用身分證讀卡器 22讀取身分資訊時,可以將身分證讀卡器22內顯示的人像 與消費者的真人進行對比’若機讀資訊與視讀資訊不相符 合的,即此身分證明顯不同于消費者本人的,也可以拒絕 此次交易。 處理器21可以接收外部輸入的指令來完成對應的工作 ’比如’將身分證讀卡器21讀出的內容輸出至其他外部設 備’接收到更新發卡行的銀行加密密鑰時更新本地儲存的 銀行加密密鑰。 所述處理器21還包括API介面,用於建立受理機具與 中間平台的銜接,包括從受理機具上獲得包括用戶身分證 號的用戶身分資訊、輸入訂單金額,受理機具上的API介 面還可以進行其他的設置,主要是能夠通常API介面實現 與中間平台的無縫銜接,當然,也可以通常該API介面實 現受理機具與其他外部設備的連接。本發明通過在其上設 置API介面來實現受理機具良好的擴展性和相容性。 通信單元25’用於建立與中間平台的交互:將加密後 的資訊傳送至中間平台以及將中間平台傳送的處理結果返 回至處理器。通信單元25爲支援固定電話、各種網路撥號 方式的數據機或直接通過區域網路與對端連接的專用埠。 該通信單元25主要是建立受理機具與中間平台的連接,也 -17- 200929032 . 就是說,受理機具上的通信單元25與中間平台上的介面單 元是對應的。它們可以是支援固定電話、GPRS、CDMA 網路等多種撥號方式的數據機或者是其他特定埠通訊。 本發明的加密器也可以不整合在身分證讀卡器的控制 器或控制器上,即加密器採用獨立的單片機,比如採用 MCS型號的單片機。這樣的話,控制器連接加密器,加 密器連接處理器。 _ 請參閱圖4,其爲本發明受理機具的一實例結構示意 圖。該受理機具類似一盒形,它包括一外殻和內部結構。 外殼正面的最上方設置一顯示幕31,用於顯示資訊,比如 當第二代身分證被讀取時,第二代身分證上的資訊將顯示 在顯示幕上。顯示幕的正下方爲用於用戶或商戶輸入資訊 的鍵盤區33。鍵盤區33下方設置有身分證讀卡器22,當第 二代身分證位於放卡區域34時,第二代身分證資訊會被身 分證讀卡器22讀出。即,第二代身分證與身分證讀卡器22 ❹ 之間無需直接接觸的情況下就能完成對第二代身分證進行 讀取操作。身分證讀卡器22不斷通過其內部線圈發出一個 固定頻率的電磁場激發信號,當某一身分證放在讀卡器的 放卡區域34內’則身分證上的線圈在該電磁場激發信號的 感應產生出微弱的電流,作爲身分證上晶片的電源,而該 晶片內貯存有用戶身分資訊,身分證上的晶片在該電磁場 激發信號的作用下,能將該晶片內貯存的用戶身分資訊回 饋至身分證讀卡器,進而完成讀卡操作。 身分證讀卡器22將讀出的用戶身分資訊回饋至設置在 - 18 - 200929032 內部結構上的處理器21,處理器21將所述資訊回饋至顯示 幕31進行顯示。並且,處理器21將要求用戶輸入帳戶密碼 和要求商戶輸入消費金額的資訊分別回饋至顯示幕上進行 顯示,以便提示用戶輸入帳戶密碼和提示商戶輸入消費金 額。 處理器21會通過鍵盤區分別接收用戶輸入的帳戶密碼 和商戶輸入的消費金額,並將用戶身分資訊一起通過加密 器進行加密處理後,再傳送至通信單元25。在本實例中, 通信單元可以採用直接通過區域網路與對端連接的專用埠 32 ° 本發明提供的受理機具,能夠利用包含1C卡的身分 證(如第二代身分證)進行消費交易,並結合銀行卡一起使 用,安全性非常高。本受理機具利用現有第二代身分證加 密效果佳、普及等特點進行消費交易,降低成本投入且安 全係數高。本受理機具的身分證讀卡器可以是由專門廠家 提供的’用戶身分資訊、交易金額和帳戶密碼都是經過加 密後傳輸的,能夠保證資料的安全性,最重要的是,當加 密器整合在控制器上時,商戶無法修改控制器上的資訊, 因此也能保證該些資訊加密後的安全性。 請參閱圖5,其爲本發明的第二種受理機具的結構示 意圖。它包括一身分證讀卡器41和一電腦終端42,其中, 所述身分證讀卡器41,包括天線411、RF模組412、 控制器4 1 3和介面單元4 1 4,RF模組4 1 2分別連接天線4 1 1 和控制器413’控制器413連接介面單元414,用於讀取用 -19- 200929032 戶身分證上至少包含用戶身分證號的用戶身分資訊; 加密器,所述加密器包括第一加密器415、第二加密 器416和第三加密器417,所述第一加密器用於將用戶身分 資訊用預先設定的第一加密密鑰加密,所述第二加密器用 於將帳戶密碼用所述發卡行對應的銀行加密密鑰進行加密 或者帳戶密碼用第三方提供的銀行加密密鑰進行加密,第 三加密器用於將交易金額用預先設定的第一加密密鑰加密 » 第一加密器作爲一軟體模組整合在所述控制器上,第 二加密器和第三加密器作爲軟體模組整合在處理器上(圖 5 a所示),或者 第一加密器和第三加密器作爲軟體模組整合在控制器 上,所述第一加密器作爲軟體模組整合在處理器上(圖5b 所示),或者 所述第一加密器、第二加密器和第三加密器作爲軟體 模組整合在所述控制器上(圖5c所示)。 電腦終端42’連接身分證讀卡器41,其包括輸入單元 421、輸出單元422、處理器423和至少兩個通信單元424、 425,一個通信單元4 24連接身分證讀卡器41,另—個通信 單元425連接中間平台。 輸入單兀421 ’用於接收外部輸入的資訊:接收商戶 輸入的交易金額、接收用戶輸入的帳戶密碼或者 接收用 戶輸入的帳戶密碼及用戶選定的發卡行資訊; 輸出單元422’用於將交易結果進行輸出·, -20- 200929032 . 處理器423,分別連接輸入單元421、輸出單元42 2和 .通信單元424、425,用於將所述輸入單元發送的資訊傳送 至身分證讀卡器上進行加密,將加密後的資訊傳送至一通 信單元,以及將通信單元回饋的處理結果傳送至輸出單元 > 通信單元,連接處理器,用於建立與外部設備的交互 〇 0 連接身分證讀卡器的通信單元4 24可以採用與身分證 讀卡器上的介面單元對應的介面,如USB介面 與中間平台對接的所述通信單元425可以爲支援固定 電話、各種網路撥號方式的數據機或直接通過區域網路與 對端連接的專用璋。 本發明的受理機具中,身分證讀卡器可以和電腦終端 分離’它可以和其他滿足條件的電腦終端完成交易的請求 支付工作。 ❹ 請參閱圖6,其爲本發明的第三種受理機具的結構原 理示意圖。它包括一身分證讀卡器51、加密器52和一電腦 終端5 3,其中, 所述身分證讀卡器5 1,包括天線5 1 1、RF模組5 1 2、 控制器5 1 3和介面單元5 1 4,RF模組5 1 2分別連接天線5 1 1 和控制器5 1 3 ’控制器5 1 3連接介面單元5 1 4,用於讀取用 戶身分證上至少包含用戶身分證號的用戶身分資訊; 加密器52 ’包括一單片機521和至少包括兩介面522、 523中’所述單片機521分別連接每一介面522、523,所述 -21 - 200929032 單片機521用於將交易金額和用戶身分資訊用預先設定的 第一加密密鑰加密,以及帳戶密碼用所述發卡行對應的銀 行加密密鑰進行加密或者帳戶密碼用第三方提供的銀行加 密密鑰進行加密,所述兩介面522、5 23分別連接電腦終端 5 3和身分證讀卡器5 1 ; 電腦終端53,其包括輸入單元531、輸出單元532、處 理器53 3和若干通信單元5 34、53 5, 輸入單元531,用於接收外部輸入的資訊:接收商戶 輸入的交易金額、接收用戶輸入的帳戶密碼或者 接收用 戶輸入的帳戶密碼及用戶選定的發卡行資訊; 輸出單元532,用於將交易結果進行輸出; 處理器533,分別連接輸入單元531、輸出單元532和 通信單元5 3 4、5 3 5,用於將所述輸入單元531發送的資訊 傳送至身分證讀卡器5 1上進行加密,將加密後的資訊傳送 至一與中間平台建立交互的通信單元535,以及將通信單 元535回饋的處理結果傳送至輸出單元532 ; 通信單元534、535,用於建立與外部設備的交互,一 個通信單元534用於建立與加密器的連接,另—個通信單 元535用於建立與中間平台的連接。 當然,電腦終端也可以設置一通信單元,建立與身分 證讀卡器的交互。 與中間平台交互的所述通信單元爲支援固定電話、各 種網路撥號方式的數據機或直接通過區域網路與對端連接 的專用埠。 -22- 200929032200929032 IX. INSTRUCTIONS OF THE INVENTION [Technical Field] The present invention relates to the field of data processing, and more particularly to a payment system and method for conducting transactions using an identity card including an IC card. [Prior Art] Due to the inconvenience of cash transactions and low security, bank cards are widely used in various trading situations. Therefore, more and more people are accustomed to using bank cards for consumption. Please refer to Figure 1, which is a block diagram of a system for trading with a bank card. It includes a terminal 13 for reading bank card information, a merchant subsystem 12 and an acquiring subsystem 11. - The merchant subsystem 11 comprises a server and a number of clients, the client is connected to the terminal. • The server of the merchant subsystem 12 is connected to the acquiring subsystem 11 of the acquiring bank via a dedicated line. When the acquiring bank is not the issuing bank, it is also necessary to connect the issuing subsystem of the issuing bank through UnionPay's inter-bank transaction subsystem. 0 When the user uses the bank card for consumption, the terminal (such as a cash register, etc.) first recognizes the authenticity of the bank card by reading the bank card, and then the user input the identity information and the bank card that characterize the user identity. The card number information and the transaction information of the transaction are transmitted to the server of the merchant subsystem 12; then the server of the merchant subsystem 12 transmits the information to the acquiring subsystem 11; if the acquiring bank is the issuing bank, the acquiring subsystem directly This transaction is processed, otherwise it is sent to the issuing bank for processing through the inter-line parent-friendly subsystem. The card issuer system uses the bank card number information and the identity information to verify the identity of the user. If the identity verification is passed, the account corresponding to the card number is debited, and the result of the deduction of the -4 - 200929032 is returned, otherwise the return is returned. Identity verification does not pass the information. After the user subsystem 12 receives the message that the deduction process is successful, the merchant can sign and confirm on the purchase order. The above disclosure is the most common transaction process in the prior art. In this process, the following drawbacks exist: Throughout the transaction process, the "account name + password" and the bank complete the identity authentication of the entire transaction process. The prior art usually recognizes the risk of bank cards by reading a bank card such as a POS machine or an ATM machine. The existing bank card is made of magnetic stripe card technology. The imitation is low and it is easy to be copied. To this end, a bank smart card has been proposed to replace the magnetic stripe card. For example, smart cards are made using EMV technology. EMV is a smart card technology standard jointly initiated by Europa, MasterCard Master, Visa and other three international bank card organizations. This standard requires bank card CPU chips to have operational computing, encryption and decryption and storage capabilities. The higher security is that the cost of converting a bank card from a magnetic stripe card to a smart card is very costly for a few dozen smart cards, and it takes a lot of cost for the POS machine and the ATM machine to modify the smart card. . Even if the manpower and material resources are spent to complete the conversion of the bank card from the magnetic stripe card to the smart card, the criminals can forge a smart card because of the huge interest. That is to say, it is only possible to determine whether the bank card is a fake card through a terminal such as an ATM machine or a POS machine. It is impossible to say whether the bank card is the user's own use of silver issued by a financial institution. If the criminal gains user information (such as a password), 'because there is no business to let it go, in the card to the winter end (authentic, card by the Visa I 1C has a unique. But high: read a lot but should If you confirm that the card can be used to verify the identity of the user, it is still easy to cause financial loss to the user or the merchant. From another perspective, the conversion of the bank card from the magnetic stripe card to the smart card is not overnight. In this process, it is more necessary to have other feasible means of verifying the user's identity to further ensure the security of the transaction. That is to say, in the prior art, when the ATM machine and the POS machine receive the account password input by the user and read the bank, After the bank account of the card, 'the account password is usually encrypted and transmitted, and the bank account and transaction amount are transmitted in clear text. After the criminals use the illegal means to obtain the account password, it is easy to obtain information such as the bank account. Loss of property to real users, greatly reducing the security of bank transactions. The purpose of the present invention is to provide a payment system and method for transaction using an ID card containing a 1C card, so as to solve the technical problem of low security of transaction using a bank card in the prior art. In order to achieve the above object, the present invention provides an application including The payment system for the transaction of the identity card of the 1C card includes a receiving device, an intermediate platform and a card issuing subsystem, and the receiving device includes an identity card reader, an input unit, an output unit, an encryptor, a processor, and a communication unit, wherein An identity card reader for reading user identity information including at least a user identification number; an input unit for receiving externally input information: receiving a transaction amount input by the merchant, receiving an account password input by the user, or receiving the user input - 6 - 200929032 account password and user selected card issuer information; output unit 'for outputting the result of the transaction; processor' for transmitting information sent by the input unit to the encryptor, and the communication unit The feedback processing result is transmitted to the output unit; the encryptor, the first plus The second encryptor is configured to encrypt the user identity information with a preset first encryption key, and the second encryptor is configured to correspond the account password with the card issuer The bank encryption key is encrypted or the account password is encrypted with a bank encryption key provided by a third party, and the third encryptor is used to encrypt the consumption amount with a preset first encryption key: a communication unit for establishing Intermediate platform interaction: transferring the encrypted information to the intermediate platform and returning the processing result transmitted by the intermediate platform to the processor; the intermediate platform includes a second processor and a communication interface including the decryption unit, and the decryption unit is used for Decrypting the encrypted information by a first decryption key corresponding to the encrypted secret gun; the second processor is configured to save the decrypted information, and send the transaction information including the decrypted information and the encrypted bank account to The card issuing subsystem 'and the processing result returned by the card issuing subsystem are saved and returned; the communication interface is respectively established and Communication between the equipment and the card issuance subsystem; If the transaction information does not include the bank account number, look up the bank account number corresponding to the user ID number of 200929032, check the decrypted account password to process the transaction and The transaction processing result is returned. The identity card reader includes a controller, and the first encryptor is integrated as a software module on the controller, and the second encryptor and the third encryptor are integrated as a software module on the processor, or An encryptor and a third encryptor are integrated as a software module on the controller 0. The second encryptor is integrated as a software module on the processor, or the first encryptor, the second encryptor, and the third The encryptor is integrated as a software module on the controller. The input unit, the output unit, the processor, and the communication unit are disposed at a computer terminal, and the identity card reader and the computer terminal are respectively interconnected through an interface disposed at the local end. The encryptor is a separate device, and the encryptor and the computer terminal are interconnected through an interface provided at the local end. The encryptor and the identity card reader are interconnected through an interface disposed at the local end of the Q. The second processor further includes a bank account obtaining unit and a database storage unit, wherein the database storage unit stores a correspondence between the user's identity card number and a bank account, and the bank account obtaining unit is configured to find the decrypted The bank account corresponding to the identity card number and transmits the bank account as an integral part of the transaction information to the card issuing subsystem. A third encryption/decryption unit and a fourth encryption/decryption unit are respectively disposed on the intermediate platform and the card issuance subsystem, and the third encryption/decryption unit is configured to use the pre-stored and the issuing bank before sending the information to the card-issuing subsystem. The agreed secret -8- 200929032 • The key is encrypted, and after receiving the information sent by the card issuing subsystem, the key is decrypted with the key agreed with the issuing bank, the fourth port/decryption unit, Used to encrypt the information before sending the information to the intermediate platform, and use the corresponding key to decrypt the information after receiving the information. The processor also includes an API interface for establishing the connection between the merchant and the intermediate platform: The user's body information including the user ID number is obtained on the machine and/or the order amount is input. The communication unit and the communication interface are dedicated to supporting a fixed telephone, various network dialing data machines, or a dedicated connection directly to the opposite end through the local area network. The invention also provides a payment method for using a ID card containing a 1C card for the transaction, comprising: (1) the identity card reader reads the user identity information including the user identification number; Q (2) the user identity information and The transaction amount entered by the merchant and the account password input by the user are encrypted and transmitted to the intermediate platform; (3) The intermediate platform decrypts the received information, and transmits the transaction information including the identity card information, the account password, and the transaction amount to the corresponding information. Card issuing subsystem; (4) If the transaction information does not include a bank account number, the card issuing subsystem searches for the bank account corresponding to the user identity card number, checks the decrypted account password, processes the transaction, and returns the transaction processing result. Before step (1), the method further comprises: pre-registering the user's Ο ❹ 200929032 identity card with the bank account on the intermediate platform; the platform decrypts the user identity card number, if the bank account can be found, the The bank account bamboo portion is transferred to the card issuing subsystem. The encryption in the step (2) is further performed by encrypting the bank encryption key corresponding to the public card row with the first encryption key set in advance or by the dance key. Step (3) The intermediate platform decrypts the received intermediate platform to use the bench encryption information corresponding to the first encryption key, and saves the decrypted information; and the user password, the encrypted account password is used as the f transaction information. Step (4) further includes: the card issuing subsystem checks the corresponding bank account number, and if the same bank account number in the issuing bank, the payment fails and prompts to the middle bank account applied to the payment. Compared with the prior art, the present invention utilizes the second generation identity card to carry out the consumer transaction, avoids the cost of the card making, and utilizes the existing second, popular and other characteristics for the consumer transaction, reducing the domain, the invention can pass The following security: Step (3) also includes: intermediate [J decrypted identity card number for the transaction information of a composition of the amount of money and user identity (and account password with the bank of the third party provided by the encrypted information further To: the decryption key is decrypted, the decryption information is not included in the decryption information, and the identity card number of the identity card sent to the card issuing subsystem corresponds to multiple platforms, and the user is required to set a card with a 1C card. Identity card (if using a bank card, not only the reduction: the encryption effect of the proxy card is good, the S input is high and the safety factor is high. The L segment is used to improve the payment process. -10- 200929032 - Firstly, the invention is directly verified by the identity card at the beginning of payment. The identity of the payer. When the identity card is clearly inconsistent with the consumer, the consumer's payment can be directly rejected, thereby improving the security of the payment process. In the payment process, the consumer does not need to provide the bank account of the bank card, even if the criminal can intercept the transaction data of the merchant to the intermediate platform in the payment process, but since it cannot obtain the bank account number, the bank card cannot be forged, and it is not easy to give The customer causes losses. U Then, in the payment process, the bank password can be encrypted and decrypted by means of a digital certificate with a high security coefficient, thereby ensuring the security of the bank password during the entire transaction process, thereby ensuring the payment process. Security. Finally, the user identity information of the present invention is decrypted and read in the identity card reader, and can be directly encrypted with the first encryption key agreed with the intermediate platform to avoid tampering with the identity information of the merchant. The account password entered by the user is encrypted by the corresponding third party or bank-provided bank encryption key Q, so that only the bank can decrypt the corresponding account password. In this way, the user identity information and account password can be guaranteed. Important information is not leaked, thus ensuring the payment [Embodiment] The present invention is specifically described below with reference to the accompanying drawings. The core of the present invention is that the present invention utilizes an ID card including a 1C card (such as a first-generation identity card) for consumption of the parent, and combines with the bank. The card can be used together to 'use the existing second-generation identity card to encrypt and popularize the features -11 - 200929032 - to conduct consumer transactions' and use the key to further enhance the security during communication throughout the transaction, and Utilize the existing second-generation identity card encryption effect, popularization and other characteristics for consumer transactions, reduce cost investment and high safety factor. Compared with the first generation of identity card, the second generation of identity card security anti-counterfeiting performance. The identity card is made up of 9 layers. The outermost two layers record the personal identity information and print it on. There is also a layer called U-level layer 'anti-static'. You can see the Great Wall beacon on this floor. The pattern and the "China CHINA" anti-counterfeiting film, with orange and green anti-counterfeiting marks, is a relatively advanced technology. This layer has a 1C chip, 8 mm long, 5 mm wide and 0.4 mm thick. There are two antennas, one coil is a coil, mainly to avoid leakage of personal information, but can read personal information through a special card reader. . Therefore, in terms of security performance, the new generation of identity cards is mainly anti-counterfeiting measures in two aspects. One is that the digital anti-counterfeiting measures are to write personal information into the chip and adopt digital encryption. Q—A region—a password, and each citizen has a password. Anti-counterfeiting technology is self-made by our country and is very safe. The other is the printing anti-counterfeiting technology' printed layer pattern on both sides. Printed anti-counterfeiting technology has taken many measures. As a result of the use of digital anti-counterfeiting measures and printing anti-counterfeiting measures, security has been greatly improved. Moreover, with the advent of the existing second-generation identity card, the reader for reading the second-generation identity card has also appeared accordingly. In order to improve security, existing card readers are separately controlled by the state public security department and provided to third parties contracted with them. Please refer to FIG. 2, which is a structural schematic diagram of a payment system for conducting transactions using an ID--12-200929032 certificate containing a 1C card. It includes several receiving machines • 1, an intermediate platform 2 and several card issuing subsystems 3 . Each acceptance machine 1 represents a merchant. The receiving machine of the present invention will be described below. Please refer to FIG. 3' which is a schematic structural diagram of the first type of receiving implement of the present invention. The receiving device includes an identity card reader 22, an input unit 23, an output unit 24, a processor 21, and a communication unit 25, wherein the & identity card reader 22 is configured to read at least a user on the user identity card. User identity information for the identity card number. The identity card reader 22 is a reading device for using the aforementioned second generation identity card information for reading the content on the 1C card on the user identity card. The identity card reader 22 mainly includes an antenna 221, an RF module 222, and a controller 223. The antenna 221 is connected to the RF module 222, and the RF module 222 is connected to the controller 223'. The antenna 221 and the RF module 222 are mainly used for receiving identity information on the identity card. That is, the RF module 222 continuously emits a fixed frequency electromagnetic field 0 excitation signal 'When an identity card is close to the identity card reader, the coil on the identity card generates a weak current in the induction of the electromagnetic field excitation signal, as an identity card. The power of the 1C chip is stored, and the 1C chip on the identity card stores the encrypted user identity information, and the wafer on the identity card can store the encrypted user identity information stored in the chip under the action of the electromagnetic field excitation signal. After being sent to the identity card reader 22, the antenna 22 1 and the RF module 222 of the identity card reader 22 receive the encrypted user identity information, and after decryption by the controller 223, the user identity information on the user identity card can be obtained. The controller 223 is currently produced by ten manufacturers designated by the Ministry of Public Security. The -13-200929032 controller 2 2 3 is provided with a security control module S A Μ for decrypting the received encrypted user identity information. The present invention can provide an encryptor on the controller 223, the encryptor including a first encryptor 224, a second encryptor 225 and a third encryptor 226 for using the user identity information. Pre-set the first encryption key encryption, the second encryptor 225 is configured to encrypt the account password with the bank encryption key corresponding to the issuer line or the account password is encrypted by the bank encryption key provided by the third party. The third encryptor 226 is configured to encrypt the transaction amount with a preset first encryption key. The encryptor may also encrypt the account password with a bank encryption key provided by a third party, and the third party also sends the corresponding bank decryption key to the contracted cooperative bank, and the bank decryption keys of the cooperative banks may be different. , can also be the same, but each cooperative bank can decrypt the account password by using the received bank decryption key. The encryptor is usually encrypted in the latter two ways. The first encryption key is agreed by the intermediate platform and each merchant for secure communication between the intermediate platform and each merchant. The intermediate platform is a platform for receiving communication between the machine and each bank. Receiving equipment does not directly establish connections with banks. It communicates with banks through an intermediate platform. Each first encrypted squirrel is provided with a corresponding decryption key on the intermediate platform. If the first encryption key is a private key, the first encryption key may be used to identify the receiving device, that is, each first encryption key corresponds to a receiving device' when the intermediate platform receives the encrypted information sent by the receiving device. 'The usually encrypted first encryption key finds the corresponding decryption key, and saves the information of the first encryption key decrypted -14-200929032, which is a reference for the subsequent intermediate platform to be settled with each receiving machine and issuing bank. The first encryptor 224 is integrated as a software module on the controller, and the second encryptor 225 and the third encryptor 226 are integrated as a software module on the processor (shown in Fig. 3a). At this time, the first encryption key given by the intermediate platform is preset on the controller and the processor, respectively, and the bank encryption key only needs to be set on the processor. The first encryptor encrypts the user identity information with the first encryption key and transmits it to the processor, the second encryption key of the processor encrypts the account key, and the third encryption key encrypts the consumption amount with the first encryption key. The information is then transmitted through the communication unit in a predetermined format. Alternatively, the first encryptor 224 and the third encryptor 226 are integrated as a software module on the controller, and the second encryptor 225 is integrated as a software module on the processor (shown in Fig. 3b). At this time, the first encryption key given by the intermediate platform only needs to be pre-set on the controller, and the bank encryption key is set on the processor. When the processor receives the amount entered by the merchant, it transmits it to the controller and encrypts it through the third encryptor on the controller. The encrypted user identity information and the consumption amount are transmitted to the processor, so that the processor transmits the account password encrypted by the second encryptor and the encrypted information transmitted on the controller in a preset format through the communication unit. Alternatively, the first encryptor 224, the second encryptor 225, and the third encryptor 226 are integrated as a software module on the controller (shown in Figure 3c). At this time, the first encryption key and the bank encryption key may be preset on the controller, and when the processor receives the account password input by the user, the transaction amount input by the merchant, etc., is input to the controller. In order to encrypt it, the encrypted information is returned to the processor and sent by the processor through the communication unit. The input unit 23 is configured to receive externally input information, receive the transaction amount input by the merchant, receive the account password input by the user, or receive the account password input by the user and the card issuer information selected by the user. The input unit 23 can be a keyboard, a touch screen or the like. Normally, the input unit 23 needs to receive the account password entered by the user, the issuer information, and the transaction amount entered by the merchant. The account password entered by the user is encrypted with the bank encryption key corresponding to the card issuer selected by the user. The output unit 24 is configured to output the result of the transaction. The output unit 24 includes a display screen, a printer, and the like. It is used to output the results of this transaction, so that the merchant and the user can determine whether the transaction is successful from the success of the deduction, and if it is unsuccessful, the reason is that the transaction is unsuccessful. Alternatively, output unit 24 may print the transaction results as a voucher for the transaction. The processor 21 is connected to the input unit 23, the output unit 24 and the controller 223, respectively, for controlling various operations of the merchant during the transaction, including transmitting the information sent by the input unit 23 to the encryptor 224, and the encryptor 224 The encrypted data is transmitted to the communication unit 25, and the processing result fed back by the communication unit 25 is transmitted to the output unit 24. Processor 21 can utilize existing programmable logic devices. For example, the processor uses a single-chip microcomputer, such as 89S 52, 80C52, 8752, etc. 51 series of single-chip microcomputers or other types of single-chip microcomputers or microprocessors. The processor 21 can receive the user identity card -16-200929032 and the user name sent by the identity card reader 22, and display the information through the output unit 25. When the identity card reader 22 reads the identity card, if no machine-readable information display or machine-readable image information cannot be displayed, it indicates that the identity card is a fake card and the transaction can be rejected. In addition, when the merchant's staff member reads the identity information by using the identity card reader 22, the portrait displayed in the identity card reader 22 can be compared with the real person of the consumer. 'If the machine reading information is not related to the video reading information. If the identity is different from the consumer, the transaction can be rejected. The processor 21 can receive an externally input instruction to complete the corresponding work 'such as 'outputting the content read by the identity card reader 21 to another external device'. Updating the locally stored bank when receiving the bank encryption key of the updated issuing bank Encryption key. The processor 21 further includes an API interface, configured to establish a connection between the receiving device and the intermediate platform, including obtaining user identity information including the user identity card number from the receiving device, inputting the order amount, and the API interface on the receiving device can also be performed. Other settings are mainly to enable seamless connection between the API platform and the intermediate platform. Of course, the API interface can also be used to connect the receiving device with other external devices. The present invention achieves good scalability and compatibility of the receiving implement by setting an API interface thereon. The communication unit 25' is configured to establish an interaction with the intermediate platform: transmitting the encrypted information to the intermediate platform and returning the processing result transmitted by the intermediate platform to the processor. The communication unit 25 is a dedicated computer that supports a fixed telephone, various network dialing methods, or a dedicated connection directly to the opposite end through the local area network. The communication unit 25 mainly establishes the connection between the receiving device and the intermediate platform, and also -17-200929032. That is, the communication unit 25 on the receiving machine corresponds to the interface unit on the intermediate platform. They can be data machines that support a variety of dialing methods such as landline, GPRS, CDMA networks, or other specific communications. The cipher of the present invention may also not be integrated on the controller or controller of the ID card reader, that is, the cipher uses a separate MCU, such as a MCS model. In this case, the controller is connected to the encryptor and the encryptor is connected to the processor. _ Please refer to FIG. 4, which is a schematic structural diagram of an example of a receiving implement of the present invention. The receiving machine is similar to a box shape and includes a casing and an internal structure. A display screen 31 is disposed at the top of the front of the casing for displaying information. For example, when the second generation ID card is read, the information on the second generation identity card is displayed on the display screen. Directly below the display is a keyboard area 33 for user or merchant input information. An identity card reader 22 is disposed below the keyboard area 33. When the second generation identity card is located in the card loading area 34, the second generation identity card information is read by the identity card reader 22. That is, the second generation identity card and the identity card reader 22 完成 can complete the reading operation of the second generation identity card without direct contact. The identity card reader 22 continuously emits a fixed frequency electromagnetic field excitation signal through its internal coil, and when an identity card is placed in the card reading area 34 of the card reader, the coil on the identity card is induced in the electromagnetic field excitation signal. A weak current is used as the power source for the wafer on the identity card, and the user identity information is stored in the chip, and the wafer on the identity card can feedback the user identity information stored in the chip to the identity under the action of the electromagnetic field excitation signal. Card reader, and then complete the card reading operation. The identity card reader 22 feeds the read user identity information back to the processor 21 disposed on the internal structure of - 18 - 200929032, and the processor 21 feeds the information back to the display screen 31 for display. Moreover, the processor 21 returns the information for requesting the user to input the account password and the merchant to input the consumption amount to the display screen for display, so as to prompt the user to input the account password and prompt the merchant to input the consumption amount. The processor 21 receives the account password input by the user and the consumption amount input by the merchant through the keyboard area, and encrypts the user identity information together through the encryptor, and then transmits the data to the communication unit 25. In this example, the communication unit can adopt a dedicated device that is directly connected to the peer end through the local area network. The receiving device provided by the present invention can utilize a 1C card identity card (such as a second generation identity card) for consumer transactions. And combined with the bank card, the security is very high. This acceptance machine utilizes the characteristics of the existing second-generation identity card to enhance the encryption effect and popularization, and reduces the cost investment and high safety factor. The ID card reader of the receiving machine can be provided by a special manufacturer. The user identity information, transaction amount and account password are all encrypted and transmitted, which can ensure the security of the data. Most importantly, when the encryption device is integrated. On the controller, the merchant cannot modify the information on the controller, so it can also ensure the security of the information after encryption. Please refer to Fig. 5, which is a schematic view showing the structure of a second receiving apparatus of the present invention. The utility model comprises a card reader 41 and a computer terminal 42. The ID card reader 41 comprises an antenna 411, an RF module 412, a controller 4 1 3 and an interface unit 4 1 4, and an RF module. 4 1 2 respectively connected to the antenna 4 1 1 and the controller 413 ′ controller 413 is connected to the interface unit 414 for reading the user identity information including at least the user identification number on the -19-200929032 household identity card; The encryptor includes a first encryptor 415, a second encryptor 416, and a third encryptor 417, the first encryptor for encrypting user identity information with a preset first encryption key, and the second encryptor The account password is encrypted by the bank encryption key corresponding to the issuing bank or the account password is encrypted by a bank encryption key provided by a third party, and the third encryptor is used to encrypt the transaction amount with a preset first encryption key. » The first encryptor is integrated as a software module on the controller, and the second encryptor and the third encryptor are integrated as a software module on the processor (shown in FIG. 5a), or the first encryptor and Third plus The device is integrated as a software module on the controller, and the first encryptor is integrated as a software module on the processor (shown in FIG. 5b), or the first encryptor, the second encryptor, and the third encryptor. The software module is integrated on the controller (shown in Figure 5c). The computer terminal 42' is connected to the identity card reader 41, which includes an input unit 421, an output unit 422, a processor 423, and at least two communication units 424, 425. One communication unit 424 is connected to the identity card reader 41. The communication unit 425 is connected to the intermediate platform. The input unit 421 ′ is configured to receive externally input information: receive the transaction amount input by the merchant, receive the account password input by the user, or receive the account password input by the user and the card issuer information selected by the user; the output unit 422 ′ is used to send the transaction result Outputting, -20- 200929032. The processor 423 is connected to the input unit 421, the output unit 42 2 and the communication unit 424, 425, respectively, for transmitting the information sent by the input unit to the identity card reader. Encryption, transmitting the encrypted information to a communication unit, and transmitting the processing result of the communication unit feedback to the output unit > the communication unit, connecting the processor for establishing interaction with the external device 〇 0 connecting the identity card reader The communication unit 4 24 can adopt an interface corresponding to the interface unit on the identity card reader. The communication unit 425, such as the USB interface and the intermediate platform, can be a fixed-telephone, various network dialing data machines or directly A dedicated port that connects to the peer through the local area network. In the receiving apparatus of the present invention, the identity card reader can be separated from the computer terminal. It can perform payment work with other computer terminals that satisfy the condition. ❹ Please refer to FIG. 6, which is a schematic diagram of the structure of a third type of receiving apparatus according to the present invention. The utility model comprises a card reader 51, an encryptor 52 and a computer terminal 53. The identity card reader 51 comprises an antenna 5 1 1 , an RF module 5 1 2 and a controller 5 1 3 . And the interface unit 5 1 4, the RF module 5 1 2 is respectively connected to the antenna 5 1 1 and the controller 5 1 3 'the controller 5 1 3 is connected to the interface unit 5 1 4 for reading the user identity card and at least including the user identity The user identity information of the certificate number; the encryptor 52' includes a single-chip microcomputer 521 and at least two interfaces 522, 523, wherein the single-chip microcomputer 521 is respectively connected to each interface 522, 523, and the -21 - 200929032 single-chip microcomputer 521 is used for trading The amount and user identity information are encrypted with a preset first encryption key, and the account password is encrypted with the bank encryption key corresponding to the issuing bank or the account password is encrypted with a bank encryption key provided by a third party, the two The interfaces 522, 523 are respectively connected to the computer terminal 53 and the identity card reader 5 1 ; the computer terminal 53 includes an input unit 531, an output unit 532, a processor 53 3 and a plurality of communication units 5 34, 53 5 , the input unit 531, used to receive the outside Incoming information: receiving the transaction amount input by the merchant, receiving the account password input by the user or receiving the account password input by the user and the card issuer information selected by the user; the output unit 532 is configured to output the transaction result; the processor 533 is respectively connected The input unit 531, the output unit 532, and the communication unit 5 3 4, 5 3 5 are configured to transmit the information sent by the input unit 531 to the identity card reader 51 for encryption, and transmit the encrypted information to the first A communication unit 535 that establishes interaction with the intermediate platform, and a processing result fed back by the communication unit 535 to the output unit 532; communication units 534, 535 for establishing interaction with an external device, and a communication unit 534 for establishing and encrypting The other communication unit 535 is used to establish a connection with the intermediate platform. Of course, the computer terminal can also set up a communication unit to establish interaction with the identity card reader. The communication unit interacting with the intermediate platform is a dedicated computer that supports a fixed telephone, various network dialing methods, or a dedicated connection directly to the opposite end through the local area network. -22- 200929032
. 與加密器、身分證讀卡器交互的通信單元可以是USB _ 介面或其他能建立通信的其他介面。加密器的所述單片機 可以爲MCS51或其他類型的單片機。 以上公開的僅爲本發明受理機具的幾個實施例。受理 機具可以是將所有的單元設置在一個大容器中,如圖4所 示。另外,受理機具也可以是由兩個獨立的部件組成,比 如,輸入單元、輸出單元、處理器和通信單元整合在一電 ^ 腦終端,身分證讀卡器又是一個獨立的部件,身分證讀卡 〇 器和電腦終端分別通過設置在本端的介面進行互連,如圖 5所示。還有,受理機具可以是由三個獨立的部件組成, 比如,輸入單元、輸出單元、處理器和通信單元整合在電 腦終端上,加密器也是一個獨立的部件,身分證讀卡器也 是一個獨立的部件,加密器和電腦終端通過設置在本端的 介面進行互連,加密器和身分證讀卡器通過設置在本端的 介面進行互連,如圖6所示。 q 還有,所述處理器還可以包括API介面,用於建立商 戶與中間平台的銜接,包括從受理機具上獲得包括用戶身 分證號的用戶身分資訊、輸入訂單金額,受理機具上的 API介面還可以進行其他的設置,主要是能夠通常API介 面實現與中間平台的無縫銜接,當然,也可以通常該API 介面342實現受理機具與其他外部設備的連接。本發明通 過在其上設置API介面來實現受理機具良好的擴展性和相 容性。 基於上述公開的受理機具,本發明下述介紹中間平台 -23- 200929032 2和發卡子系統3 » 還請參閱圖2,中間平台2主要是用於建立商戶與發卡 行之間的交易。該中間平台2可以採用阿里巴巴公司的 支付寶平台。用戶可以預先在中間平台2上開通利用身分 證進行交易付費的方式。發卡子系統3的合作銀行可以預 先和中間平台2進行簽約,使用合作銀行的用戶在交易時 只需告知開戶銀行的名稱,就能直接輸入銀行帳戶口密碼 完成支付、信用卡預授權等操作。 中間平台2可以包括包含解密單元的第二處理器61和 通信介面6 2。 解密單元,用於使用第一加密密鑰對應的第一解密密 鑰解密所述加密資訊。 第二處理器61,用於保存所述解密後的資訊,並將包 含所述解密後資訊的交易資訊發送至發卡子系統3,以及 將發卡子系統3返回的處理結果進行保存後返回。 中間平台2上預先保存有與之簽約的各受理機具的第 一加密密鑰對應的第一解密密鑰,當中間平台2接收到經 加密後的加密資訊後,找到對應第一解密密鑰解密所述資 訊,所述資訊通常包括用戶身分資訊、訂單金額。中間平 台2保存第一加密密鑰、用戶身分資訊和訂單金額等。當 發卡子系統3返回本次扣款是否成功的處理結果時,將處 理結果也進行保存。這樣’中間平台2就可以據此和商戶 、發卡行進行後續的對賬工作。第一加密密鑰可以採用私 鑰,對應的第一解密密鑰爲公鑰。 -24- 200929032 所述第二處理器61還包括銀行帳戶獲取單元和資料庫 儲存單元,所述資料庫儲存單元儲存用戶的身分證號與銀 行帳戶的對應關係。在進行交易之前,用戶可以預先在中 間平台2上設置與該用戶身分證號對應的銀行帳號,特別 是當用戶選擇付款的發卡行上,該用戶身分證號對應的銀 行帳號爲多個時,用戶通常需要預先到中間平台2上進行 設定。因此,當第二處理器解密出由受理機具發送的加密 資訊後,利用解密後的用戶身分證號查找資料庫儲存單元 ,若能找到對應的銀行帳號,則將銀行帳戶作爲發送至發 卡子系統的交易資訊的一部分。事實上,中間平台和發卡 行預先進行約定兩者傳送時的資料結構,資料結構中包含 銀行帳號這一欄位,找到的銀行帳號可以放置在對應的欄 位上,以便發卡行能夠識別並讀取。 通信介面62,分別建立與受理機具1、發卡子系統3之 間的通信。 發卡子系統3,若交易資訊未包含銀行帳號,則查找 所述用戶身分證號對應的銀行帳號,核對解密後的帳戶密 碼,處理所述交易並將交易處理結果返回。 發卡子系統3通常包括第三處理器和資料庫。 資料庫上保存有銀行帳戶資訊,包含所述銀行帳戶的 開戶者資訊、銀行帳戶、帳戶密碼、金額等。 第三處理器包括資料解讀處理模組、解密模組、交易 處理模組’其中’解讀處理模組’用於讀取從中間平台發 送過來的交易請求’從中解讀出用戶身分資訊、加密的帳 -25- 200929032 戶密碼,銀行帳戶等。 解密模組,將加密的帳戶密碼進行解密後得到帳戶密 碼; 交易處理模組,當解讀的資訊中包含銀行帳戶時,將 解密後的帳戶密碼與資料庫上保存的帳戶密碼進行比對, 若相同,則通過,進行扣款處理,若不相同,則認證未通 過。當解讀的資訊中未包含銀行帳戶時,通過用戶身分證 號找到對應的銀行帳戶,若該發卡行中同一身分證號碼對 應多個銀行帳號,則支付失敗並提示到中間平台預設其銀 行帳號。當交易資訊中包含銀行帳號,則只需對該銀行帳 號進行扣款處理。 第二處理器和第三處理器上分別設置有第三加/解密 單元和第四加/解密單元,所述第三加/解密單元用於發送 資訊至發卡子系統之前運用預先保存的與該發卡行約定的 密鑰進行加密,以及在接收到發卡子系統發送的資訊後用 預先保存的與該發卡行約定的密鑰進行解密,所述第四加 /解密單元,用於發送資訊至中間平台之前運用預先保存 的密鎗進行加密’以及接收資訊後運用對應的密鑰進行解 密。 請參閱圖7’其爲一種利用包含ic卡的身分證進行交 易的支付方法的流程圖。它包括: S110:身分證讀卡器讀出包含用戶身分證號的用戶身 分資訊。 當用戶的身分證資訊被身分證讀卡器讀取時,身分證 -26- 200929032 讀卡器的控制器解密所述用戶身分證資訊 在某一些情況下’受理機具上也需要 訊,以便商戶能比對消費者和持卡人的資 戶身分資訊還需要發送至處理器,處理器 行顯示,用於商戶比對消費者和持卡人的 時,拒絕其消費。 S1 20:將包含商戶輸入的交易金額、 密碼和用戶身分資訊加密後,傳送至中間 解密後的用戶身分證資訊被與中間平 密密鑰進行加密》用戶在輸出單元的提示 和選定的刷卡銀行,商戶在輸出單元的提 額。當處理器接收到通過輸入單元輸入的 過加密器使用與發卡行約定的或由第三方 行加密密鑰進行加密。當處理器接收到通 的交易金額時’通過加密器使用第一加密 S 1 3 0 :中間平台解密接收到的資訊, 資訊、帳號密碼、交易金額的交易資訊傳 子系統。中間平台解密接收到的資訊進一 平台使用第一加密密鑰對應的第一解密密 資訊,並保存解密後的資訊;當解密資訊 碼’則將加密後的帳戶密碼作爲交易資訊 送至發卡子系統。 S140:若交易資訊未包含銀行帳號, 找所述用戶身分證號對應的銀行帳號,核 顯示用戶身分資 訊。此時,將用 通過輸出單元進 身分,當其不符 用戶輸入的帳號 平台。 台約定的第一加 下輸入帳戶密碼 示下輸入交易金 帳戶密碼時,通 提供的對應的銀 過輸入單元輸入 密鑰進行加密。 並將包括身分證 送至對應的發卡 步爲:所述中間 鑰解密所述加密 中未包含帳戶密 的一組成部分傳 則發卡子系統查 對解密後的帳戶 -27- 200929032 密碼,處理所述交易並將交易處理結果返回。該步驟還包 括’發卡子系統査找所述用戶身分證號對應的銀行帳號, 若該發卡行中同一身分證號碼對應多個銀行帳號,則支付 失敗並提示至中間平台要求用戶設定一對應用於支付的銀 行帳號。 在本方法中’步驟S110之前還包括:預先在中間平 台上儲存用戶的身分證號與銀行帳戶的對應關係;步驟 S 130還包括:中間平台解密出用戶身分證號,若能找到解 密後的身分證號對應的銀行帳戶,則將所述銀行帳戶作爲 交易資訊的一組成部分傳送至所述發卡子系統。 以下就以支付寶爲例,來說明本發明的一應用過程。 請參閱圖8,其爲本發明的一實例。它包括: S11 :身分證讀卡器接收消費者出示的二代身分證; S12:身分證讀卡器將讀取的資訊發送至處理器; S13:商戶利用輸入單元輸入本次交易的金額; S 1 4 :消費者利用輸入單元輸入本次交易所使用的付 款銀行及對應的銀行密碼; 處理器將銀行密碼用預先儲存在本地的本銀行對應的 銀行加密密鑰進行加密,並且利用預先儲存的第一加密密 鑰將用戶身分資訊、訂單金額進行加密; S15:處理器將資訊通過通訊單元發送至支付寶; S 1 6 :支付寶將所述資訊進行解密,若所述資訊中攜 帶有用戶選擇的發卡行資訊,則支付寶將用戶身分資訊, 訂單金額等發送至對應的發卡行進行處理。若所述資訊中 -28- 200929032 未攜帶有發卡行資訊,支付寶可以依次給合作銀行發送扣 款處理,直至找到某一合作銀行扣款成功爲止。若在所有 合作銀行中都不能實現扣款成功,則回饋回扣款失敗的處 理結果, S17:支付寶將處理結果回饋至對應的商戶的處理器 ,處理器根據扣款情況決定交易是否進行後續處理。 支付寶可以直接將扣款結果及扣款情況回饋至用戶, 也可以是發卡行將扣款結果和扣款情況回饋至用戶。 以上公開的僅爲本發明的幾個具體實施例,但本發明 並非局限於此,任何本領域的技術人員能思之的變化,都 應落在本發明的保護範圍內。 【圖式簡單說明】 圖1爲現有的一種利用銀行卡進行交易的系統的原理 框圖; 圖2爲本發明的利用銀行卡進行交易的系統的原理框 圖; 圖3a-圖3c爲本發明第一種受理機具的原理結構圖; 圖4爲本發明第一種受理機具的一實例結構圖; 圖5a-圖5c爲本發明第二種受理機具的原理結構圖; 圖6爲本發明第三種受理機具的原理結構示意圖; 圖7爲本發明一種利用包含1C卡的身分證進行交易的 支付方法的流程圖;以及 -29 - 200929032 圖8爲本發明的一實施流程圖。 【主要元件符號說.明】 1 :受理機具 2 :中間平台 3 :發卡子系統 1 1 :收單子系統 1 2 :商戶子系統 1 3 :終端 2 1 :處理器 22 :身分證讀卡器 23 :輸入單元 24 :輸出單元 2 5 :通信單元 3 1 :顯示幕 3 2 :專用埠 33 :鍵盤區 3 4 :放卡區域 4 1 :身分證讀卡器 42 :電腦終端 5 1 :身分證讀卡器 52 :加密器 53 :電腦端端 61 :第二處理器 -30- 200929032 Ο 通信介面 :天線 :RF模組 :控制器 :第一加密器 :第二加密器 :第三加密器 :天線 :RF模組 :控制器 :介面單元 :第一加密器 :第二加密器 :第三加密器 :輸入單元 :輸出單元 :處理器 :通信單元 :通信單元 :天線 :RF模組 :控制器 :介面單元 單片機 -31 - 200929032 5 2 2 :介面 523 :介面 5 3 1 :輸入單元 53 2 :輸出單元 5 3 3 :處理器 5 3 4 :通信單元 5 3 5 :通信單元The communication unit that interacts with the encryptor and the ID card reader can be a USB interface or other interface that can establish communication. The microcontroller of the encryptor can be an MCS51 or other type of microcontroller. What has been disclosed above is only a few embodiments of the receiving apparatus of the present invention. The acceptance tool can be to place all the units in one large container, as shown in Figure 4. In addition, the receiving machine can also be composed of two independent components, for example, the input unit, the output unit, the processor and the communication unit are integrated in a computer terminal, and the identity card reader is a separate component, the identity card. The card reader and the computer terminal are respectively interconnected through an interface disposed at the local end, as shown in FIG. 5. Moreover, the receiving implement can be composed of three separate components, for example, the input unit, the output unit, the processor and the communication unit are integrated on the computer terminal, the encryptor is also a separate component, and the identity card reader is also an independent component. The components, the encryptor and the computer terminal are interconnected through the interface provided at the local end, and the encryptor and the identity card reader are interconnected through the interface disposed at the local end, as shown in FIG. 6. q. The processor may further include an API interface, configured to establish a connection between the merchant and the intermediate platform, including obtaining user identity information including the user identity number from the receiving device, inputting the order amount, and accepting an API interface on the device. Other settings can be made, mainly to enable seamless connection with the intermediate platform by the usual API interface. Of course, the API interface 342 can also be used to connect the receiving device with other external devices. The present invention achieves good scalability and compatibility of the receiving implement by providing an API interface thereon. Based on the above-mentioned disclosed receiving machine, the present invention introduces the intermediate platform -23-200929032 2 and the card issuing subsystem 3 » Referring also to Fig. 2, the intermediate platform 2 is mainly used to establish a transaction between the merchant and the issuing bank. The intermediate platform 2 can use Alibaba's Alipay platform. The user can pre-empt the use of the identity card to pay for the transaction on the intermediate platform 2. The cooperative bank of the card issuing subsystem 3 can pre-sign with the intermediate platform 2, and the user using the cooperative bank can directly input the bank account port password to complete the payment, credit card pre-authorization, etc. by simply notifying the name of the bank where the bank is opened. The intermediate platform 2 may include a second processor 61 and a communication interface 62 including a decryption unit. And a decryption unit, configured to decrypt the encrypted information by using a first decryption key corresponding to the first encryption key. The second processor 61 is configured to save the decrypted information, and send the transaction information including the decrypted information to the card issuing subsystem 3, and save the processing result returned by the card issuing subsystem 3 and return. The first decryption key corresponding to the first encryption key of each of the acceptance devices contracted by the intermediate platform 2 is pre-stored, and after the intermediate platform 2 receives the encrypted encrypted information, the corresponding first decryption key is decrypted. The information generally includes user identity information and an order amount. The intermediate platform 2 stores the first encryption key, user identity information, and order amount. When the card issuing subsystem 3 returns the result of the successful processing of this deduction, the processing result is also saved. In this way, the intermediate platform 2 can carry out subsequent reconciliation work with the merchants and the issuing bank. The first encryption key may be a private key, and the corresponding first decryption key is a public key. The second processor 61 further includes a bank account obtaining unit and a database storage unit, and the database storage unit stores the correspondence between the user's identity card number and the bank account. Before the transaction is performed, the user can set the bank account corresponding to the user identity card number on the intermediate platform 2 in advance, especially when the bank account number corresponding to the user identity card number is multiple when the user selects the payment. The user usually needs to make settings on the intermediate platform 2 in advance. Therefore, after the second processor decrypts the encrypted information sent by the receiving device, the decrypted user identity card number is used to find the database storage unit, and if the corresponding bank account number can be found, the bank account is sent to the card issuing subsystem. Part of the trading information. In fact, the intermediate platform and the issuing bank pre-arrange the data structure when the two are transmitted. The data structure includes the bank account field, and the found bank account number can be placed in the corresponding field so that the issuing bank can recognize and read take. The communication interface 62 establishes communication with the receiving implement 1 and the issuance subsystem 3, respectively. The card issuing subsystem 3, if the transaction information does not include the bank account number, searches for the bank account corresponding to the user identity card number, checks the decrypted account password, processes the transaction, and returns the transaction processing result. The card issue subsystem 3 typically includes a third processor and database. The bank account information is stored in the database, including the account information of the bank account, the bank account, the account password, the amount, and the like. The third processor includes a data interpretation processing module, a decryption module, and a transaction processing module. The 'interpretation processing module' is used to read a transaction request sent from the intermediate platform to read the user identity information and the encrypted account. -25- 200929032 User password, bank account, etc. The decryption module decrypts the encrypted account password to obtain an account password; the transaction processing module compares the decrypted account password with the account password saved in the database when the interpreted information includes the bank account, if If they are the same, they will be processed by deduction. If they are not the same, the authentication will not pass. When the bank account is not included in the interpreted information, the corresponding bank account is found by the user identification number. If the same ID card number corresponds to multiple bank accounts in the issuing bank, the payment fails and the intermediate platform is preset to the bank account. . When the transaction information includes a bank account number, the bank account only needs to be debited. a second encryption/decryption unit and a fourth encryption/decryption unit are respectively disposed on the second processor and the third processor, and the third encryption/decryption unit is configured to use the pre-save and the pre-save before sending the information to the card-issuing subsystem The key agreed by the issuing bank is encrypted, and after receiving the information sent by the card issuing subsystem, the key is decrypted with a pre-saved key agreed with the issuing bank, and the fourth adding/decrypting unit is configured to send information to the middle. Before the platform uses the pre-stored secret gun to encrypt 'and receive the information and use the corresponding key to decrypt. Please refer to FIG. 7' which is a flow chart of a payment method for transaction using an identity card including an ic card. It includes: S110: The identity card reader reads out the user identity information including the user identification number. When the user's ID card information is read by the ID card reader, the ID card -26- 200929032 card reader controller decrypts the user identity card information. In some cases, the receiving device also needs to be notified, so that the merchant can Information about the identity of the consumer and cardholders needs to be sent to the processor, and the processor line displays that the merchant rejects the consumer when it compares to the consumer and the cardholder. S1 20: After encrypting the transaction amount, password and user identity information input by the merchant, the information of the user identity card transmitted to the intermediate decryption is encrypted with the intermediate flat key. The prompt of the user in the output unit and the selected credit card bank , the merchant's increase in the output unit. When the processor receives the cipher input through the input unit, it uses the agreement with the issuing bank or is encrypted by the third-party encryption key. When the processor receives the transaction amount, the first encryption S 1 3 0 is used by the encryptor: the intermediate platform decrypts the received information, the information, the account password, and the transaction amount of the transaction information transmission subsystem. The intermediate platform decrypts the received information into a platform, uses the first decryption secret information corresponding to the first encryption key, and saves the decrypted information; when decrypting the information code, sends the encrypted account password as transaction information to the card issuance subsystem. . S140: If the transaction information does not include a bank account number, look for the bank account corresponding to the user identity card number, and display the user identity information. At this point, it will be used to enter the account through the output unit, when it does not match the user input platform. The first agreement entered by the station is to enter the account password. When the account password is entered, the corresponding silver input unit is used to input the key for encryption. And sending the identity card to the corresponding card issuance step: the intermediate key decrypts a part of the encryption that does not include the account secret, and the card issuance subsystem checks the decrypted account -27-200929032 password, and processes the The transaction returns the transaction processing result. The step further includes: the card issuing subsystem searches for the bank account corresponding to the user identity card number. If the same identity card number in the card issuing bank corresponds to multiple bank account numbers, the payment fails and prompts the intermediate platform to require the user to set a pair to be applied. The bank account number paid. Before the step S110, the method further includes: pre-storing the correspondence between the user's identity card number and the bank account on the intermediate platform; step S130 further includes: the intermediate platform decrypting the user identity card number, if the decrypted The bank account corresponding to the identity card transmits the bank account as an integral part of the transaction information to the card issuing subsystem. Hereinafter, an application process of the present invention will be described by taking Alipay as an example. Please refer to FIG. 8, which is an example of the present invention. The method includes: S11: the identity card reader receives the second generation identity card presented by the consumer; S12: the identity card reader sends the read information to the processor; S13: the merchant inputs the amount of the transaction by using the input unit; S 1 4: The consumer inputs the payment bank and the corresponding bank password used in the transaction by using the input unit; the processor encrypts the bank password with the bank encryption key corresponding to the bank stored in advance, and uses the pre-storage The first encryption key encrypts the user identity information and the order amount; S15: the processor sends the information to the Alipay through the communication unit; S16: The Alipay decrypts the information, if the information carries the user selection The information of the issuing bank, Alipay sends the user identity information, the order amount, etc. to the corresponding issuing bank for processing. If the information in the information -28- 200929032 does not carry the card issuer information, Alipay can send the debit payment to the cooperative bank in turn until it finds that a cooperative bank has successfully debited. If the debit payment is not successful in all the cooperative banks, the processing result of the failure of the rebate payment is returned, S17: Alipay returns the processing result to the processor of the corresponding merchant, and the processor determines whether the transaction is subsequently processed according to the deduction. Alipay can directly return the deduction result and deduction status to the user, or the issuer can return the deduction result and deduction status to the user. The above disclosure is only a few specific embodiments of the present invention, but the present invention is not limited thereto, and any changes that can be made by those skilled in the art should fall within the protection scope of the present invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic block diagram of a conventional system for transaction using a bank card; FIG. 2 is a schematic block diagram of a system for conducting transactions using a bank card according to the present invention; FIG. 3a to FIG. FIG. 4 is a schematic structural view of an apparatus for accepting an apparatus according to the first embodiment of the present invention; FIG. 5a to FIG. 5c are schematic structural diagrams of a second type of receiving apparatus of the present invention; FIG. 7 is a flow chart of a payment method for performing transaction using an ID card including a 1C card; and -29 - 200929032 FIG. 8 is a flowchart of an embodiment of the present invention. [Main component symbol said. Ming] 1 : Acceptance equipment 2: Intermediate platform 3: Card issuing subsystem 1 1 : Receiving subsystem 1 2: Merchant subsystem 1 3: Terminal 2 1 : Processor 22: Identity card reader 23 : input unit 24 : output unit 2 5 : communication unit 3 1 : display screen 3 2 : dedicated 埠 33 : keyboard area 3 4 : card area 4 1 : identity card reader 42 : computer terminal 5 1 : identity card reading Card 52: Encryptor 53: Computer Terminal 61: Second Processor -30- 200929032 Ο Communication Interface: Antenna: RF Module: Controller: First Encryptor: Second Encryptor: Third Encryptor: Antenna : RF Module: Controller: Interface Unit: First Encryptor: Second Encryptor: Third Encryptor: Input Unit: Output Unit: Processor: Communication Unit: Communication Unit: Antenna: RF Module: Controller: Interface unit MCU-31 - 200929032 5 2 2 : Interface 523: Interface 5 3 1 : Input unit 53 2 : Output unit 5 3 3 : Processor 5 3 4 : Communication unit 5 3 5 : Communication unit
-32-32