CN118154196A - Payment verification method and device based on blockchain - Google Patents

Abstract

The application discloses a payment verification method and device based on a blockchain, wherein the method comprises the following steps: responding to a received payment request of a target user, and acquiring a first payment credential corresponding to the payment request; the first payment credential is generated by asymmetric encryption using a user private key stored at a user of the target user; acquiring a user public key of a target user from the blockchain, and performing user identity verification on the first payment certificate through the user public key; when the user identity verification passes, obtaining a second payment credential of the target user; acquiring a bank public key corresponding to the associated payment account of the target user from the blockchain, and verifying a bank signature in the second payment certificate through the bank public key; when the bank signature passes the verification, a third payment certificate of the target user is obtained; based on the third payment credential, the associated payment account is used for completing payment for the payment request, so that the fund security of the associated payment account of the target user is improved when the payment credential is used for carrying out quick payment.

Description

Payment verification method and device based on blockchain

Technical Field

The application relates to the field of data processing, in particular to a payment verification method and device based on a blockchain.

Background

With the development of internet and financial technology, electronic payment is becoming one of the mainstream payment methods. Electronic payment refers to the act of using electronic means to securely transmit payment information between users, merchants, financial institutions to banks or corresponding processing institutions via an information network for effecting monetary payments or funds transfer.

In the related art, a user needs to bind a bank card for payment in an electronic payment platform before using the electronic payment, and takes a protocol number or a transaction token obtained after binding the card as a certificate for payment by using the bank card, but the certificates are managed by the payment platform, so that the fund security of the user is lower.

Disclosure of Invention

In view of this, the first aspect of the present application provides a blockchain-based payment verification method, the method comprising:

Responding to a received payment request of a target user, and acquiring a first payment credential corresponding to the payment request; the first payment certificate is generated by asymmetric encryption by using a user private key stored in a user of the target user;

Acquiring a user public key of the target user from a blockchain, and performing user identity verification on the first payment certificate through the user public key; when the user identity verification is passed, obtaining a second payment credential of the target user;

Acquiring a bank public key corresponding to the associated payment account of the target user from the blockchain, and verifying a bank signature in the second payment certificate through the bank public key; when the bank signature passes the verification, a third payment certificate of the target user is obtained;

based on the third payment credentials, completing a payment for the payment request using the associated payment account.

Optionally, before the first payment credential corresponding to the payment request is acquired in response to receiving the payment request of the target user, the method further includes:

Generating the user private key and the digital identity document of the target user in response to receiving identity information submitted by the target user; the digital identity document comprises a user identifier of the target user and the user public key, the user private key is stored at the user end of the target user, and the digital identity document is stored in the blockchain;

Determining the associated payment account of the target user, and generating the third payment credential of the target user according to the identity information of the target user and the account information of the associated payment account;

encrypting the third payment certificate through a bank private key corresponding to the associated payment account to obtain the second payment certificate;

and encrypting the second payment certificate through the user public key, and returning the encrypted second payment certificate to the user side of the target user.

Optionally, the determining the associated payment account of the target user, and generating the third payment credential of the target user according to the identity information of the target user and the account information of the associated payment account includes:

determining whether the target user has the associated payment account, and if so, generating a third payment credential of the target user according to the associated payment account;

if not, the associated payment account is created for the target user according to the identity information of the target user, and a third payment credential of the target user is generated according to the associated payment account.

Optionally, the first payment credential is obtained by asymmetrically encrypting the second payment credential with the user private key.

Optionally, the obtaining the user public key of the target user from the blockchain, and performing user identity verification on the first payment credential through the user public key includes:

Inquiring the digital identity document of the target user from the blockchain according to the user identification of the target user, and acquiring the user public key of the target user from the digital identity document;

and decrypting the first payment certificate through the user public key, and if the decryption is successful, determining that the first payment certificate passes the user authentication.

Optionally, the payment request of the target user further includes a payment amount;

the completing payment for the payment request using the associated payment account based on the third payment credential includes:

And analyzing the account balance of the associated payment account from the third payment certificate, and if the account balance is greater than or equal to the payment amount, completing payment for the payment request by using the associated payment account.

A second aspect of the present application provides a blockchain-based payment verification device, the device comprising:

an acquisition unit configured to: responding to a received payment request of a target user, and acquiring a first payment credential corresponding to the payment request; the first payment certificate is generated by asymmetric encryption by using a user private key stored in a user of the target user;

A first verification unit configured to: acquiring a user public key of the target user from a blockchain, and performing user identity verification on the first payment certificate through the user public key; when the user identity verification is passed, obtaining a second payment credential of the target user;

a second verification unit configured to: acquiring a bank public key corresponding to the associated payment account of the target user from the blockchain, and verifying a bank signature in the second payment certificate through the bank public key; when the bank signature passes the verification, a third payment certificate of the target user is obtained;

a payment unit for: based on the third payment credentials, completing a payment for the payment request using the associated payment account.

Optionally, the apparatus further comprises a credential generation unit; the credential generation unit is configured to:

Generating the user private key and the digital identity document of the target user in response to receiving identity information submitted by the target user; the digital identity document comprises a user identifier of the target user and the user public key, the user private key is stored at the user end of the target user, and the digital identity document is stored in the blockchain;

Determining the associated payment account of the target user, and generating the third payment credential of the target user according to the identity information of the target user and the account information of the associated payment account;

encrypting the third payment certificate through a bank private key corresponding to the associated payment account to obtain the second payment certificate;

and encrypting the second payment certificate through the user public key, and returning the encrypted second payment certificate to the user side of the target user.

Optionally, the credential generating unit is further configured to:

determining whether the target user has the associated payment account, and if so, generating a third payment credential of the target user according to the associated payment account;

if not, the associated payment account is created for the target user according to the identity information of the target user, and a third payment credential of the target user is generated according to the associated payment account.

Optionally, the first payment credential is obtained by asymmetrically encrypting the second payment credential with the user private key.

From the above technical scheme, the application has the following advantages:

The application provides a payment verification method and a payment verification device based on a blockchain, which are used for acquiring a first payment certificate corresponding to a payment request after the payment request of a target user is received, acquiring a user public key of the target user from the blockchain, carrying out user identity verification on the first payment certificate through the user public key, and determining that the initiation of the payment request is initiated after the authentication of the target user; the first payment credential is generated by asymmetric encryption by using a user private key stored at a user side of the target user, so that the first payment credential can only be decrypted and verified by using a user public key; when the first payment certificate passes the verification, obtaining a second payment certificate of the target user; performing bank signature verification on the second payment certificate through a bank public key corresponding to the associated payment account of the target user stored in the blockchain to determine that the associated payment account of the target user is an account which is established after bank authentication and can execute payment service; and after the second payment credential passes the bank signature verification, obtaining a third payment credential of the target user, and based on the third payment credential, completing payment for the payment request by using the associated payment account. Therefore, in the embodiment of the application, after the payment request is received, the obtained first payment certificate is subjected to user identity verification and bank signature verification for two times, so that the validity of the payment request and the validity of the associated payment account are respectively verified, other institutions are prevented from falsely using the payment certificate to execute payment, and the payment safety of the target user is further improved; when the associated payment account of the target user is used for payment, the corresponding payment request initiated by the user can be determined, and the used associated payment account is verified by the bank, so that the fund security in the associated payment account of the target user is improved.

Drawings

FIG. 1 is a method flow diagram of a blockchain-based payment verification method provided by an embodiment of the present application;

FIG. 2 is a schematic diagram of a user identity registration process according to an embodiment of the present application;

FIG. 3 is a schematic diagram of a verifiable credential system architecture according to an embodiment of the present application;

Fig. 4 is a flow chart of a target user initiated verification flow provided in an embodiment of the present application;

FIG. 5 is a system frame diagram of a blockchain-based payment verification system provided by an embodiment of the present application;

fig. 6 is a schematic structural diagram of a payment verification device based on blockchain according to an embodiment of the present application.

Detailed Description

Embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While the application is susceptible of embodiment in the drawings, it is to be understood that the application may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided to provide a more thorough and complete understanding of the application. It should be understood that the drawings and embodiments of the application are for illustration purposes only and are not intended to limit the scope of the present application.

In the card binding mode corresponding to the quick payment service, the protocol number returned after the user successfully binds the card is taken as the certificate for interacting with the bank number, but the certificates are generally stored in the payment platform corresponding to the quick payment service, and in this case, the payment platform can directly execute payment through the interaction certificate without user authentication, thereby bringing great risks to the fund security of the user.

The embodiment of the application provides a payment verification method based on a blockchain, which comprises the steps of after a payment request of a target user is received, acquiring a first payment certificate corresponding to the payment request, acquiring a user public key of the target user from the blockchain, carrying out user identity verification on the first payment certificate through the user public key, and determining that the initiation of the payment request is initiated after the authentication of the target user; the first payment credential is generated by asymmetric encryption by using a user private key stored at a user side of the target user, so that the first payment credential can only be decrypted and verified by using a user public key; when the first payment certificate passes the verification, obtaining a second payment certificate of the target user; performing bank signature verification on the second payment certificate through a bank public key corresponding to the associated payment account of the target user stored in the blockchain to determine that the associated payment account of the target user is an account which is established after bank authentication and can execute payment service; and after the second payment credential passes the bank signature verification, obtaining a third payment credential of the target user, and based on the third payment credential, completing payment for the payment request by using the associated payment account. Therefore, in the embodiment of the application, after the payment request is received, the obtained first payment certificate is subjected to user identity verification and bank signature verification for two times, so that the validity of the payment request and the validity of the associated payment account are respectively verified, and the payment safety of the target user is further improved; when the associated payment account of the target user is used for payment, the corresponding payment request initiated by the user can be determined, and the used associated payment account is verified by the bank, so that the fund security in the associated payment account of the target user is improved.

Referring to fig. 1, fig. 1 is a flowchart of a method for verifying payment based on a blockchain according to an embodiment of the present application, where the method specifically includes the following steps:

Step 101: and responding to the received payment request of the target user, and acquiring a first payment credential corresponding to the payment request.

The payment request of the target user is a payment request initiated for the target user, and in the embodiment of the application, after the payment request of the target user is received, the corresponding amount of money needs to be paid to the service provider corresponding to the payment request by using funds in the associated payment account of the target user. Then, in response to receiving the payment request, first obtaining a first payment credential corresponding to the payment request, where the first payment credential is generated by asymmetric encryption using a user private key stored at a user end of the target user, and only the first payment credential can be decrypted using a user public key of the target user, and similarly, the same payment credential as the first payment credential cannot be obtained through the user public key and related information of a payment account associated with the target user, and further, the payment credential cannot be decrypted through the user public key. In addition, because the user private key used for generating the first payment credential in the embodiment of the application is stored in the user side of the target user, only the target user can use the user private key to generate the first payment credential.

Step 102: acquiring a user public key of a target user from the blockchain, and performing user identity verification on the first payment certificate through the user public key; and when the user identity verification is passed, obtaining second payment credentials of the target user.

The user public key of the target user is obtained from the blockchain, and the user identity verification is performed on the first payment credential through the user public key.

In the embodiment of the application, since the user private key for generating the first payment credential is stored at the user side of the target user, only the target user can use the user private key to generate the first payment credential; and because of the characteristics of disclosure, non-falsification and the like of the blockchain, after the first payment credential passes the user authentication, the user public key in the blockchain corresponds to the user private key for generating the first payment credential, so that the first payment credential can be determined to be provided after the target user authentication, and the payment request corresponding to the first payment credential is initiated after the target user authentication. Therefore, the user identity verification is carried out on the first payment certificate through the user public key, and the payment safety of the target user is improved.

And after the first payment credential passes the user authentication, obtaining a second payment credential of the target user corresponding to the first payment credential. In one possible implementation, the first payment credential is obtained by asymmetrically encrypting the second payment credential with the user private key. Correspondingly, after the first payment certificate is decrypted through the user public key, the obtained decryption result is the second payment certificate. Therefore, in the payment verification process, the user identity verification can be ensured to obtain the second payment certificate for the next verification after passing, the verification sequence in the payment verification process is ensured to be correct, the next verification can be performed only after the last verification passes, and the safety of the payment verification process is further improved.

Step 103: acquiring a bank public key corresponding to the associated payment account of the target user from the blockchain, and verifying a bank signature in the second payment certificate through the bank public key; and after the bank signature passes the verification, obtaining a third payment credential of the target user.

After the second payment credential is obtained, related information of the associated payment account of the target user, such as an account opening bank associated with the payment account, is obtained from the blockchain, and the bank public key of the account opening bank is the bank public key corresponding to the associated payment account. And carrying out bank signature verification on the second payment certificate through the bank public key, wherein the second payment certificate is obtained by carrying out asymmetric encryption by using a bank private key, and the bank private key is stored in a client of an account opening bank associated with the payment account. The second payment credential is also generated only by an account opening bank associated with the payment account, and the process of performing bank signature verification on the second payment credential using the bank public key is a process of decrypting the second payment credential using the bank public key; if the second payment certificate is successfully decrypted through the bank public key, the second payment certificate can be determined to pass the bank signature verification, and the associated payment account can be determined to be an account which is established after the bank authentication of the account opening and can execute payment.

In the embodiment of the application, since the bank private key for generating the second payment credential is stored at the client of the bank for opening the account of the associated payment account, only the bank for opening the account can use the bank private key to generate the second payment credential; and because of the characteristics of disclosure, non-falsification and the like of the blockchain, when the second payment certificate passes the bank signature verification, the bank public key in the blockchain corresponds to the bank private key for generating the second payment certificate, so that the second payment certificate can be determined to be provided after the account opening bank signature is authenticated. Therefore, the second payment certificate is subjected to bank signature verification through the bank public key, and the payment safety of the target user is also improved.

Step 104: based on the third payment credentials, the payment is completed for the payment request using the associated payment account.

When the user identity verification and the bank signature verification are both passed, it can be determined that the payment request is initiated after the confirmation of the target user, the first payment credential is provided after the authentication of the target user, and the associated payment account for payment is passed by the authentication of the bank where the user opened an account, so that after the third payment credential is obtained, the payment can be completed for the payment request by using the associated account directly according to the third payment credential.

According to the payment verification method based on the blockchain, after a payment request of a target user is received, a first payment certificate corresponding to the payment request is obtained, a user public key of the target user is obtained from the blockchain, user identity verification is carried out on the first payment certificate through the user public key, and it is determined that the initiation of the payment request is initiated after the target user is authenticated; the first payment credential is generated by asymmetric encryption by using a user private key stored at a user side of the target user, so that the first payment credential can only be decrypted and verified by using a user public key; when the first payment certificate passes the verification, obtaining a second payment certificate of the target user; performing bank signature verification on the second payment certificate through a bank public key corresponding to the associated payment account of the target user stored in the blockchain to determine that the associated payment account of the target user is an account which is established after bank authentication and can execute payment service; and after the second payment credential passes the bank signature verification, obtaining a third payment credential of the target user, and based on the third payment credential, completing payment for the payment request by using the associated payment account. Therefore, in the embodiment of the application, after the payment request is received, the obtained first payment certificate is subjected to user identity verification and bank signature verification for two times, so that the validity of the payment request and the validity of the associated payment account are respectively verified, and the payment safety of the target user is further improved; when the associated payment account of the target user is used for payment, the corresponding payment request initiated by the user can be determined, and the used associated payment account is verified by the bank, so that the fund security in the associated payment account of the target user is improved.

In a possible implementation, before step 101, the method further includes:

Step 11: generating a user private key and a digital identity document of the target user in response to receiving identity information submitted by the target user; the digital identity document comprises a user identifier of a target user and a user public key, wherein the user private key is stored in a user end of the target user, and the digital identity document is stored in a blockchain;

Step 12: determining an associated payment account of the target user, and generating a third payment credential of the target user according to the identity information of the target user and the account information of the associated payment account;

Step 13: encrypting the third payment certificate through a bank private key corresponding to the associated payment account to obtain a second payment certificate;

step 14: and encrypting the second payment certificate through the user public key, and returning the encrypted second payment certificate to the user side of the target user.

When the target user opens related payment services such as quick payment, user identity registration is completed according to the identity information of the target user. In the process of user identity registration, as shown in fig. 2, first, a target user submits self identity information, after receiving the identity information submitted by the target user, the identity information is audited, and after the audit is correct, a user identifier and a key pair corresponding to the target user are generated. The user identification of the target user is a decentralised identity (Decentralized Identifier, DID), the uniqueness is achieved, and the user identifications corresponding to different users are different; the key pair comprises a user private key and a user public key corresponding to the target user, the user private key is returned to the target user and is stored in a user end of the target user, the user public key and the user identification DID are written into a digital identity document of the target user, and the digital identity document of the target user is stored in a blockchain.

In the digital identity document, account status of each authorized management account of the target user can also be saved. And determining an associated payment account for executing payment from each authorization management account of the target user, and generating a third payment credential of the target user according to the identity information of the target user stored in the associated payment account and the account information of the associated payment account. In the embodiment of the application, the third payment credential is a payment credential that can be directly used for executing the payment service, but for each level of nodes in the payment process, such as a target user, an account opening bank, etc., in order to ensure the security of the payment credential and the payment process, the saved payment credential is obtained by performing encryption processing on the basis of the third payment credential. Specifically, the second payment certificate is obtained after the third payment certificate is asymmetrically encrypted through a bank private key corresponding to the associated payment account; and on the basis of the second payment certificate, asymmetrically encrypting the second payment certificate by using a user public key to obtain an encrypted second payment certificate, and returning the encrypted second payment certificate to the user side of the target user. After the user terminal of the target user receives the encrypted second payment certificate, the second payment certificate is decrypted by using the user private key of the target user, and the second payment certificate is obtained and stored. When the target user needs to pay by using the target associated account, the second payment credential is encrypted by using the user private key to generate the first payment credential.

And encrypting the third payment certificate to obtain a second payment certificate and a first payment certificate, so that decryption verification can be directly performed through a user public key or a bank public key stored in the blockchain when the first payment certificate and the second payment certificate are verified, and decryption verification efficiency is improved.

In particular, in an embodiment of the application, the second payment credential may be a verifiable credential (Verifiable Credential, VC) and the first payment credential may be a verifiable expression (Verifiable Presentations, VP). The verifiable credential VC is used for describing the identity attribute of a holder of a certain digital identity in the real world, and information such as an issuer, a validity period, a proven attribute and the like is recorded in the verifiable credential VC, and corresponds to the information such as an account opening bank, the validity period, an associated payment account and the like in the embodiment of the application; the verifiable expression VP is data that the VC holder indicates itself to the verifier that the user needs to sign when using the VC, the signed VC being referred to as VP. That is, the second payment credential is stored at the user end of the target user, and after the target user initiates the payment request, the second payment credential is signed to generate the first payment credential.

Referring to fig. 3, fig. 3 is a schematic diagram of a verifiable credential system architecture according to an embodiment of the present application. In the verifiable credential system, firstly, an identity identification DID and a key pair of a user are generated, and the identity identification of the user and a public key of the user are uploaded to a blockchain for storage; the user then applies for the verifiable credential VC to an identity provider (Identity Provider, IDP), which issues the verifiable credential VC to the user; after the user obtains the VC, the VC is stored locally, when the user needs to execute payment according to the user's associated payment account, a verifiable expression VP is generated according to the locally stored VC, and is sent to a Server Provider (SP) for verification, after the VP is received and verified, the Service Provider receives the funds paid by the user associated payment account, and authorizes the user to provide the Service corresponding to the payment.

In the system shown in fig. 3, the user can manage his own identity in the blockchain, which improves the security of user information storage and management compared to relying on a single centralized management platform to manage all credentials of the user.

In one possible implementation, step 12 may be specifically implemented by:

Step 21: determining whether the target user has an associated payment account, and if so, generating a third payment credential of the target user according to the associated payment account;

Step 22: if not, creating an associated payment account for the target user according to the identity information of the target user, and generating a third payment credential of the target user according to the associated payment account.

After the target user finishes user identity registration, when determining the associated payment account for the target user, firstly determining whether the existing associated payment account exists in the digital identity document of the target user, and if so, generating a third payment credential directly according to the account information of the associated payment account and the identity information of the target user. However, when the existing associated payment account does not exist in the digital identity document of the target user, a new account needs to be transacted according to the identity information of the target user, and the new account and the target user are bound to be used as the associated payment account of the target user.

For example, determining whether the target user has bound a bank card number for payment, and if so, generating a third payment credential for the target user from account information corresponding to the bank card number; if not, a new card is established according to the identity information of the target user, and the bank card number of the new card is bound with the target user to be used as an associated payment account of the target user.

In one possible implementation, step 102 may be specifically implemented as follows:

Step 31: inquiring a digital identity document of the target user from the blockchain according to the user identification of the target user, and acquiring a user public key of the target user from the digital identity document;

Step 32: and decrypting the first payment certificate through the user public key, and if the decryption is successful, determining that the first payment certificate passes the user identity verification.

After the first payment certificate is obtained, inquiring a digital identity document of the target user from the blockchain according to the user identification of the target user, and obtaining a user public key of the target user from the digital identity document. And decrypting the first payment credential by using the user public key, and if the decryption is successful, explaining that the user private key used for generating the first payment credential corresponds to the user public key, wherein the user public key is stored in the blockchain and is not tamperable, so that the first payment credential can be determined to be provided by the target user authentication according to the result of the correspondence between the user private key and the user public key, and further, the first payment credential is determined to pass the user identity verification.

Referring to fig. 4, fig. 4 is a flow chart of a target user initiated verification flow provided in an embodiment of the present application. Wherein, take VC as second payment voucher, take VP as first payment voucher. After the transaction order is generated, the target user inputs a local password to obtain the VC stored in the user side, wherein the local password comprises but is not limited to a transaction password and biological identification information such as a human face, a fingerprint and the like. And generating a VP according to the VC stored in the user side of the target user, and sending the VP and the payment request to an account opening bank associated with the payment account. After receiving the payment request and the VP, the bank firstly uses the public key of the target user to carry out user identity verification on the VP, and determines that the payment request is initiated by the target user; and then, carrying out bank signature verification on the VC in the VP through a bank public key to determine whether the VC is correct. After all the verifications are completed, the account opening bank uses the associated payment account of the target user to complete payment for the payment request.

Further, the payment request of the target user further comprises a payment amount; at this time, step 104 may be specifically implemented as follows:

And resolving the account balance of the associated payment account from the third payment credential, and if the account balance is greater than or equal to the payment amount, completing payment for the payment request by using the associated payment account.

After the third payment credential is obtained, the third payment credential is parsed to obtain an account status of the associated payment account of the target user, wherein the account status at least comprises account balances of the associated payment account. Judging whether the account balance is greater than or equal to the payment amount, if so, directly using funds in the associated payment account to finish payment for the payment request; otherwise, the prompt message of insufficient balance can be sent to the user side of the target user.

Referring to fig. 5, fig. 5 is a system frame diagram of a payment verification system based on blockchain according to an embodiment of the present application. The system mainly comprises a user wallet module, a distributed digital identity module, a certificate verification module, a service processing module and a blockchain storage module.

The user wallet module mainly provides an operation entrance for a user and provides functions of local credential management, VP generation and the like.

The distributed digital identity module is mainly used for auditing user identity data, issuing digital identity identification DID and issuing VC, and in practical application, the module is also responsible for managing the DID and the VC in the validity period in order to ensure the integrity of the user identity function.

The credential verification module is mainly used for carrying out bank signature verification on the VC, when receiving the VP submitted by the user, the credential verification module can acquire a user digital identity document, namely a DID document, from the blockchain according to the user identification DID, acquire a user public key from the DID document, and carry out user identity verification on the VP by using the user public key; in addition, the module may also be used to perform bank signature verification on the VC in the VP using the bank public key.

The business processing module is mainly used for processing all links in the whole payment verification flow, including links such as generation of transaction messages and payment requests, binding of bank cards and the like.

The blockchain storage module realizes the storage of user identification and DID documents by constructing a bottom layer blockchain, and simultaneously, the whole payment verification process has higher safety and reliability based on the characteristics of disclosure, non-falsification, decentralization and the like of the blockchain.

Although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous.

It should be understood that the various steps recited in the method embodiments of the present application may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the application is not limited in this respect.

Referring to fig. 6, fig. 6 is a schematic structural diagram of a payment verification device based on blockchain according to an embodiment of the present application, where the device includes:

An acquisition unit 601 for: responding to a received payment request of a target user, and acquiring a first payment credential corresponding to the payment request; the first payment certificate is generated by asymmetric encryption by using a user private key stored in a user of the target user;

a first verification unit 602, configured to: acquiring a user public key of the target user from a blockchain, and performing user identity verification on the first payment certificate through the user public key; when the user identity verification is passed, obtaining a second payment credential of the target user;

a second verification unit 603 for: acquiring a bank public key corresponding to the associated payment account of the target user from the blockchain, and verifying a bank signature in the second payment certificate through the bank public key; when the bank signature passes the verification, a third payment certificate of the target user is obtained;

A payment unit 604 for: based on the third payment credentials, completing a payment for the payment request using the associated payment account.

Optionally, the apparatus further comprises a credential generation unit; the credential generation unit is configured to:

Generating the user private key and the digital identity document of the target user in response to receiving identity information submitted by the target user; the digital identity document comprises a user identifier of the target user and the user public key, the user private key is stored at the user end of the target user, and the digital identity document is stored in the blockchain;

Determining the associated payment account of the target user, and generating the third payment credential of the target user according to the identity information of the target user and the account information of the associated payment account;

encrypting the third payment certificate through a bank private key corresponding to the associated payment account to obtain the second payment certificate;

and encrypting the second payment certificate through the user public key, and returning the encrypted second payment certificate to the user side of the target user.

Optionally, the credential generating unit is further configured to:

determining whether the target user has the associated payment account, and if so, generating a third payment credential of the target user according to the associated payment account;

if not, the associated payment account is created for the target user according to the identity information of the target user, and a third payment credential of the target user is generated according to the associated payment account.

Optionally, the first payment credential is obtained by asymmetrically encrypting the second payment credential with the user private key.

Optionally, the first verification unit 602 is specifically configured to:

Inquiring the digital identity document of the target user from the blockchain according to the user identification of the target user, and acquiring the user public key of the target user from the digital identity document;

and decrypting the first payment certificate through the user public key, and if the decryption is successful, determining that the first payment certificate passes the user authentication.

Optionally, the payment request of the target user further includes a payment amount;

the payment unit 604 is specifically configured to:

And analyzing the account balance of the associated payment account from the third payment certificate, and if the account balance is greater than or equal to the payment amount, completing payment for the payment request by using the associated payment account.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

The names of messages or information interacted between the devices in the embodiments of the present application are for illustrative purposes only and are not intended to limit the scope of such messages or information.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media in which a computer program can be stored.

The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A blockchain-based payment verification method, the method comprising:

Responding to a received payment request of a target user, and acquiring a first payment credential corresponding to the payment request; the first payment certificate is generated by asymmetric encryption by using a user private key stored in a user of the target user;

Acquiring a user public key of the target user from a blockchain, and performing user identity verification on the first payment certificate through the user public key; when the user identity verification is passed, obtaining a second payment credential of the target user;

Acquiring a bank public key corresponding to the associated payment account of the target user from the blockchain, and verifying a bank signature in the second payment certificate through the bank public key; when the bank signature passes the verification, a third payment certificate of the target user is obtained;

based on the third payment credentials, completing a payment for the payment request using the associated payment account.

2. The method of claim 1, wherein prior to obtaining the first payment credential corresponding to the payment request in response to receiving the payment request of the target user, the method further comprises:

Generating the user private key and the digital identity document of the target user in response to receiving identity information submitted by the target user; the digital identity document comprises a user identifier of the target user and the user public key, the user private key is stored at the user end of the target user, and the digital identity document is stored in the blockchain;

Determining the associated payment account of the target user, and generating the third payment credential of the target user according to the identity information of the target user and the account information of the associated payment account;

encrypting the third payment certificate through a bank private key corresponding to the associated payment account to obtain the second payment certificate;

and encrypting the second payment certificate through the user public key, and returning the encrypted second payment certificate to the user side of the target user.

3. The method of claim 2, wherein the determining the associated payment account of the target user and generating the third payment credential of the target user based on the identity information of the target user and the account information of the associated payment account comprises:

determining whether the target user has the associated payment account, and if so, generating a third payment credential of the target user according to the associated payment account;

if not, the associated payment account is created for the target user according to the identity information of the target user, and a third payment credential of the target user is generated according to the associated payment account.

4. The method of claim 2, wherein the first payment credential is obtained by asymmetrically encrypting the second payment credential with the user private key.

5. The method of claim 4, wherein the obtaining the user public key of the target user from the blockchain and authenticating the first payment credential with the user public key comprises:

Inquiring the digital identity document of the target user from the blockchain according to the user identification of the target user, and acquiring the user public key of the target user from the digital identity document;

and decrypting the first payment certificate through the user public key, and if the decryption is successful, determining that the first payment certificate passes the user authentication.

6. The method of claim 1, wherein the payment request of the target user further comprises a payment amount;

the completing payment for the payment request using the associated payment account based on the third payment credential includes:

And analyzing the account balance of the associated payment account from the third payment certificate, and if the account balance is greater than or equal to the payment amount, completing payment for the payment request by using the associated payment account.

7. A blockchain-based payment verification device, the device comprising:

an acquisition unit configured to: responding to a received payment request of a target user, and acquiring a first payment credential corresponding to the payment request; the first payment certificate is generated by asymmetric encryption by using a user private key stored in a user of the target user;

A first verification unit configured to: acquiring a user public key of the target user from a blockchain, and performing user identity verification on the first payment certificate through the user public key; when the user identity verification is passed, obtaining a second payment credential of the target user;

a second verification unit configured to: acquiring a bank public key corresponding to the associated payment account of the target user from the blockchain, and verifying a bank signature in the second payment certificate through the bank public key; when the bank signature passes the verification, a third payment certificate of the target user is obtained;

a payment unit for: based on the third payment credentials, completing a payment for the payment request using the associated payment account.

8. The apparatus of claim 7, wherein the apparatus further comprises a credential generation unit; the credential generation unit is configured to:

Generating the user private key and the digital identity document of the target user in response to receiving identity information submitted by the target user; the digital identity document comprises a user identifier of the target user and the user public key, the user private key is stored at the user end of the target user, and the digital identity document is stored in the blockchain;

Determining the associated payment account of the target user, and generating the third payment credential of the target user according to the identity information of the target user and the account information of the associated payment account;

encrypting the third payment certificate through a bank private key corresponding to the associated payment account to obtain the second payment certificate;

and encrypting the second payment certificate through the user public key, and returning the encrypted second payment certificate to the user side of the target user.

9. The apparatus of claim 8, wherein the credential generation unit is further to:

determining whether the target user has the associated payment account, and if so, generating a third payment credential of the target user according to the associated payment account;

if not, the associated payment account is created for the target user according to the identity information of the target user, and a third payment credential of the target user is generated according to the associated payment account.

10. The apparatus of claim 8, wherein the first payment credential is obtained by asymmetrically encrypting the second payment credential with the user private key.