Summary of the invention
The purpose of this specification one or more embodiment is to provide a kind of evidence collecting method and device based on block chain, uses
To solve evidence obtaining in the prior art, time-consuming, low efficiency of collecting evidence, and the human cost collected evidence is high, and can not ensure evidence obtaining number
According to confidence level the problem of.
In order to solve the above technical problems, this specification one or more embodiment is achieved in that
On the one hand, this specification one or more embodiment provides a kind of evidence collecting method based on block chain, comprising:
The network forensics request of user is obtained, and according to network forensics request evidence obtaining identification information;
The intelligent contract disposed on block chain is called, controls the node in the block chain according to the evidence obtaining identification information
Evidence obtaining operation is executed, to obtain corresponding forensic data;
Stamped signature is carried out to the forensic data, and the forensic data after stamped signature is sent to the terminal of the user.
Optionally, described to call the intelligent contract disposed on block chain, the node in the block chain is controlled according to
Identification information of collecting evidence executes evidence obtaining operation, includes: to obtain corresponding forensic data
The intelligent contract is called, controls each node in the block chain according to evidence obtaining identification information execution
Evidence obtaining operation, to obtain the execution data of each node;And
Common recognition processing is carried out to the execution data of each node, and using the execution data known together as the evidence obtaining
Data.
Optionally, described to include: to forensic data progress stamped signature
Stamped signature is carried out to the forensic data by way of covering block chain certificate timestamp to the forensic data.
Optionally, the network forensics request for obtaining user, comprising:
The primitive network evidence obtaining request that the terminal of the user is sent is received, to primitive network evidence obtaining request according to pre-
If format is converted, to obtain the network forensics request of the user;Or
The network forensics request for the user that Receiving Agent server is sent, the network forensics of the user are requested by institute
The primitive network evidence obtaining request conversion that proxy server is sent according to the terminal of the user is stated to obtain.
Optionally, the network forensics request for obtaining user, and collected evidence and identified according to the network forensics request
Information includes:
The network forensics request for obtaining encrypted user solves the network forensics request of the encrypted user
It is close, with the network forensics request of the user after being decrypted;
According to the network forensics request of the user after decryption evidence obtaining identification information.
Optionally, the terminal that the forensic data by after stamped signature is sent to the user includes:
The forensic data after stamped signature is encrypted, to obtain encrypted forensic data, and described will be added
Forensic data after close is sent to the terminal of the user.
On the other hand, this specification one or more embodiment provides a kind of apparatus for obtaining evidence based on block chain, comprising:
Module is obtained, the network forensics for obtaining user are requested, and are collected evidence and marked according to the network forensics request
Know information;
Execution module controls the node in the block chain according to institute for calling the intelligent contract disposed on block chain
It states evidence obtaining identification information and executes evidence obtaining operation, to obtain corresponding forensic data;
The forensic data after stamped signature for carrying out stamped signature to the forensic data, and is sent to institute by stamped signature module
State the terminal of user.
In another aspect, this specification one or more embodiment provides a kind of evidence taking equipment based on block chain, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
Manage device:
The network forensics request of user is obtained, and according to network forensics request evidence obtaining identification information;
The intelligent contract disposed on block chain is called, controls the node in the block chain according to the evidence obtaining identification information
Evidence obtaining operation is executed, to obtain corresponding forensic data;
Stamped signature is carried out to the forensic data, and the forensic data after stamped signature is sent to the terminal of the user.
In another aspect, this specification one or more embodiment provides a kind of storage medium, can be held for storing computer
Row instruction, the executable instruction realize following below scheme when executed:
The network forensics request of user is obtained, and according to network forensics request evidence obtaining identification information;
The intelligent contract disposed on block chain is called, controls the node in the block chain according to the evidence obtaining identification information
Evidence obtaining operation is executed, to obtain corresponding forensic data;
Stamped signature is carried out to the forensic data, and the forensic data after stamped signature is sent to the terminal of the user.
Using the technical solution of this specification one or more embodiment, is collected evidence according to network forensics request and identify letter
Breath, and the intelligent contract disposed on block chain is called, the node controlled in block chain executes evidence obtaining behaviour according to evidence obtaining identification information
Make to obtain corresponding forensic data, and stamped signature is carried out to forensic data, and the forensic data after stamped signature is sent to user
Terminal.On the one hand, by calling the intelligent contract disposed on block chain, the node in block chain is controlled according to evidence obtaining identification information
Evidence obtaining operation is executed, to obtain corresponding forensic data, compared with the prior art, due to not executing network behaviour using just personnel
The mode of work obtains forensic data, i.e., does not use manual type, realize the automatic acquisition of forensic data, greatly shorten and take
The time is demonstrate,proved, improves evidence obtaining efficiency, while also reducing the human cost of evidence obtaining;On the other hand, due to calling intelligent contract control
Node in block chain processed executes evidence obtaining operation to obtain corresponding forensic data, i.e., in intelligent contract according to evidence obtaining identification information
Middle setting evidence obtaining operation, and run in block chain, the influence of human factor is avoided, ensure that the confidence level of network environment,
It must avoid and forge network linking, forge the generation of the behaviors such as site information, and then ensure that the confidence level of forensic data;Separately
On the one hand, by carrying out stamped signature to forensic data, it can be kidnapped to avoid network, further ensure that the credible of forensic data
Degree.
Specific embodiment
This specification one or more embodiment provides a kind of evidence collecting method and device based on block chain, existing to solve
Time-consuming for the evidence obtaining for having in technology, low efficiency of collecting evidence, and the human cost collected evidence is high, and can not ensure the credible of forensic data
The problem of spending.
In order to make those skilled in the art more fully understand the technical solution in this specification one or more embodiment,
Below in conjunction with the attached drawing in this specification one or more embodiment, to the technology in this specification one or more embodiment
Scheme is clearly and completely described, it is clear that and described embodiment is only this specification a part of the embodiment, rather than
Whole embodiments.Based on this specification one or more embodiment, those of ordinary skill in the art are not making creativeness
The model of this specification one or more embodiment protection all should belong in every other embodiment obtained under the premise of labour
It encloses.
Fig. 1 is the application scenarios signal for the evidence collecting method based on block chain that this specification one or more embodiment provides
Figure one, as shown in Figure 1, the system may include: the terminal and block chain of user, wherein the terminal of user for example can be hand
Mechanical, electrical brain etc., the present exemplary embodiment is not particularly limited this.It include multiple block chain nodes in block chain, and in block
Intelligent contract is deployed on chain, wherein including evidence obtaining operation in intelligent contract.Specifically, evidence obtaining process may include:
When collecting evidence to network behavior, the terminal of user generates primitive network evidence obtaining request, and by the primitive network
Evidence obtaining request is sent to block chain;Block chain converts primitive network evidence obtaining request according to preset format, to be used
The network forensics at family are requested, and according to network forensics request evidence obtaining identification information, and the intelligence disposed thereon is called to close
About, it controls node therein and evidence obtaining operation is executed according to evidence obtaining identification information, to obtain corresponding forensic data, finally, to taking
The terminal of user is sent to after card data stamped signature, to complete entire evidence obtaining process.
Fig. 2 is the application scenarios signal for the evidence collecting method based on block chain that this specification one or more embodiment provides
Figure two, as shown in Fig. 2, the system may include: terminal, proxy server and the block chain of user, the wherein terminal example of user
It such as can be mobile phone, computer, the present exemplary embodiment is not particularly limited this.It include multiple block chain links in block chain
Point, and intelligent contract is deployed on block chain, wherein including evidence obtaining operation in intelligent contract.Specifically, evidence obtaining process can be with
Include:
When collecting evidence to network behavior, the terminal of user generates primitive network evidence obtaining request, and by the primitive network
Evidence obtaining request is sent to proxy server;Proxy server asks the network forensics that primitive network evidence obtaining request is converted into user
It asks, and the request of the network forensics of user is sent to block chain;Block chain receives the network forensics request of user, and according to network
Request of collecting evidence evidence obtaining identification information, and the intelligent contract disposed thereon is called, it controls node therein and is marked according to evidence obtaining
Know information and execute evidence obtaining operation, to obtain corresponding forensic data;Finally, the mode for carrying out stamped signature to forensic data may include
Following two, wherein the first, block chain is sent to proxy server after carrying out stamped signature to forensic data, and proxy server connects
Forensic data after receiving stamped signature, and the terminal of user is sent it to, to complete entire evidence obtaining process;Second, block chain will
Forensic data is sent to proxy server;Proxy server receives forensic data, and carries out stamped signature to forensic data, and by stamped signature
Forensic data afterwards is sent to the terminal of user, to complete entire evidence obtaining process.
Fig. 3 is the flow diagram for the evidence collecting method based on block chain that this specification one or more embodiment provides,
Method in Fig. 3 can be executed by the block chain in Fig. 1 or Fig. 2, as shown in figure 3, this method at least includes the following steps:
Step S320 obtains the network forensics request of user, and according to network forensics request evidence obtaining identification information.
In the embodiment of the present application, if there are abuses on discovery network, for example, being intended to disclose it in webpage without same
The behaviors such as other people article, video, then user can be by collecting evidence to abuse to obtain forensic data, and then basis
Forensic data hits abuse.Specifically, the network forensics request for obtaining user may include following two mode,
Wherein:
The first, receive user terminal send primitive network collect evidence request, to primitive network evidence obtaining request according to pre-
If format is converted, to obtain the network forensics request of user.Specifically, if there are abuse on network, user can
With execution evidence obtaining operation, terminal respond the evidence obtaining and operate by inputting infringing information in the terminal, and in the terminal, obtains and encroach right
Information, and primitive network evidence obtaining request is generated according to infringing information, and primitive network evidence obtaining request is sent in block chain;
Block chain receives primitive network evidence obtaining request, since the type of primitive network evidence obtaining request may include that (hypertext passes HTTP
Defeated agreement), SMTP (simple message transfer protocol (SMTP)), FTP (File Transfer Protocol) etc., therefore, counted for the ease of block chain
It calculates, first converts the evidence obtaining request of different types of primitive network according to preset format, to obtain the network forensics of user
Request converts unified format for the evidence obtaining request of different types of primitive network.Above-mentioned preset format can take for primitive network
Any one in the type of request is demonstrate,proved, for example, if preset format is HTTP, any kind of primitive network that will be received
Evidence obtaining request is converted into HTTP format, i.e. the network forensics request of user is HTTP format.
Above-mentioned infringing information can be the link of the webpage of announcement infringement object, for example, invading if infringement object is article
Power information is to announce the link of the webpage of this article, for another example infringing information is to announce the video if infringement object is video
Webpage link, for another example if infringement object be picture, infringing information be announcement the picture webpage link.It is above-mentioned
Infringing information can also be to announce the link of website and the essential information of object belonging to the webpage of infringement object, wherein object
Essential information includes the title of object, author etc., and the present exemplary embodiment does not do particular determination to this, for example, if infringement object
For article, then infringing information be the link for announcing website belonging to the webpage of this article and the title, author of this article etc. (i.e.
The essential information of object), for another example infringing information is to announce net belonging to the webpage of the video if infringement object is video
The title of the link stood and the video, author etc. (i.e. the essential information of object), for another example if infringement object is picture,
Infringing information is to announce (the i.e. basic letters of object such as title, the author of link and the picture to stand belonging to the webpage of the picture
Breath).It should be noted that above-mentioned infringing information is exemplary only, it can also be other forms, however, infringing information is
That form is intended to ensure that infringement object can be found according to infringing information.In addition, in above-mentioned first way corresponding diagram 1
Application scenarios.
Second, the network forensics request for the user that Receiving Agent server is sent, the network forensics of user were requested by generation
The primitive network evidence obtaining request conversion that reason server is sent according to the terminal of user obtains.Specifically, if there is infringement on network
Behavior, then user can be by inputting infringing information in the terminal, and executes evidence obtaining operation in the terminal, and terminal responds the evidence obtaining
Operation, acquisition infringing information, and primitive network evidence obtaining request is generated according to infringing information, and primitive network is collected evidence and requests hair
It send into proxy server;The primitive network that the terminal that proxy server receives user is sent, which is collected evidence, requests, due to primitive network
The type of evidence obtaining request may include HTTP (hypertext transfer protocol), SMTP (simple message transfer protocol (SMTP)), (file passes FTP
Defeated agreement) etc., it therefore, is calculated for the ease of block chain, different types of primitive network is collected evidence and requested by proxy server
It is converted according to preset format, to obtain the network forensics request of user, i.e., different types of primitive network is collected evidence and requested
It is converted into unified format.It should be noted that proxy server converts primitive network evidence obtaining request to the network forensics of user
The process of request is identical as the transforming principle in first way, therefore is not repeating herein.Since infringing information is upper
It is illustrated in text, therefore details are not described herein again.Primitive network evidence obtaining request is converted in proxy server the net of user
When network evidence obtaining request, the network forensics request of the user is sent to block chain, so that block chain receives the network forensics of user
Request.It should be noted that the application scenarios in above-mentioned second way corresponding diagram 2.
It should be noted that the evidence obtaining operation in above two mode for example may include act on user terminal it is aobvious
Show clicking operation, the double click operation etc. on the evidence obtaining control on interface, the present exemplary embodiment does not do particular determination to this.
If block chain gets the network forensics request of user, the request of the network forensics of user is parsed, with from
Evidence obtaining identification information is obtained in network forensics request.Wherein, evidence obtaining identification information is identical as the definition of above-mentioned infringing information, therefore
Details are not described herein again.
In order to avoid network abduction, to guarantee the confidence level of evidence obtaining process, the network forensics for obtaining user are requested, and according to
Network forensics request evidence obtaining identification information may include: the network forensics request for obtaining encrypted user, after encryption
The network forensics request of user be decrypted, requested with the network forensics of the user after decrypt;According to the use after decryption
The network forensics request evidence obtaining identification information at family.
In the embodiment of the present application, if the application scenarios of evidence collecting method as shown in Figure 1, if user terminal generate it is original
After network forensics request, primitive network evidence obtaining request is encrypted, and the evidence obtaining request of encrypted primitive network is sent to
In block chain, block chain converts the encrypted primitive network evidence obtaining request according to preset format, after obtaining encryption
User network forensics request.Block chain is decrypted by the network forensics request to encrypted user, and to decryption
The network forensics request of user afterwards parses, to obtain evidence obtaining identification information.It is illustrated below to above-mentioned encryption and decryption
Process is illustrated.The terminal of user encrypts primitive network evidence obtaining request by public key first, and by encrypted original
The request of beginning network forensics is sent to block chain, and block chain receives the encrypted primitive network evidence obtaining request, and will be after the encryption
Primitive network evidence obtaining request converted according to preset format, with obtain encrypted user network evidence obtaining request, and
It is decrypted according to the request of the network forensics of the user after the corresponding private key pair encryption of public key, with the net of the user after being decrypted
Network evidence obtaining request parses to obtain evidence obtaining identification information the network forensics request of the user after decryption.
If evidence collecting method application scenarios as shown in Fig. 2, if user terminal generate primitive network evidence obtaining request after, to original
The request of beginning network forensics carries out first time encryption, and encrypted primitive network evidence obtaining request for the first time is sent to agency service
Device;Proxy server converts encrypted primitive network evidence obtaining request for the first time to according to preset format the network forensics of user
Request, and second is carried out to the request of the network forensics of user and is encrypted, the network forensics of second of encrypted user are requested
It is sent to block chain;Block chain encrypts this second after receiving the network forensics request of second of encrypted user
The network forensics request of user afterwards is decrypted twice is requested with the network forensics of the user after being decrypted, and to decryption
The network forensics request of user afterwards is parsed to obtain evidence obtaining identification information.The mistake illustrated below to above-mentioned encryption and decryption
Journey is illustrated.The terminal of user carries out first time encryption to primitive network request of collecting evidence by the first public key first, and by the
Primitive network evidence obtaining request after primary encryption is sent to proxy server, and proxy server is to encrypted original net for the first time
Network evidence obtaining request is converted according to preset format, to obtain the network forensics request of user;Proxy server is public by second
Key carries out second to the network forensics request of user and encrypts, and the network forensics of second of encrypted user are requested to send
To block chain;Block chain receives the network forensics request of second of encrypted user, and passes sequentially through and the second public key pair
The second private key and the first public key corresponding with the first public key answered carry out two to the network forensics request of second of encrypted user
Secondary decryption with the network forensics request of the user after being decrypted, and requests to carry out to the network forensics of the user after decryption
Parsing is to obtain evidence obtaining identification information.
From the foregoing, it will be observed that by way of encryption between the terminal of user and block chain, the terminal and agency service of user
Between device, between proxy server and block chain transmit request, avoid network abduction, ensure that request transmission safety and
Reliability.
It should be noted that carrying out encryption above by public key and in such a way that the corresponding private key of public key is decrypted
It is exemplary only, it is not intended to limit the present invention.
Step S340 calls the intelligent contract disposed on block chain, controls the node in block chain according to evidence obtaining mark letter
Breath executes evidence obtaining operation, to obtain corresponding forensic data.
In the embodiment of the present application, when getting evidence obtaining identification information, block chain calls the intelligent contract disposed thereon,
The intelligence contract includes evidence obtaining operation, and controls node therein and execute evidence obtaining operation according to evidence obtaining identification information, to obtain phase
The forensic data answered.Due to including multiple block chain nodes in block chain, the above-mentioned process for obtaining forensic data can wrap
It includes: calling intelligent contract, each node controlled in block chain executes evidence obtaining operation according to evidence obtaining identification information, to obtain each node
Execution data, and common recognition processing carried out to the execution data of each node, and using the execution data known together as evidence obtaining
Data, i.e. block chain call the intelligent contract disposed thereon, and control each node therein and hold all in accordance with evidence obtaining identification information
Evidence obtaining operation in row intelligence contract to obtain the execution data of each node, and judges according to the execution data of each node
Whether the execution data of most of node or whole nodes in multiple nodes are consistent, if most of node in multiple nodes
Or the execution data of whole nodes are consistent, then complete to handle the common recognition of the execution data of each node, and will be known together
Execution data be determined as forensic data.
In the following, citing is illustrated the above process.For example, if evidence obtaining identification information is the webpage for announcing infringement object
Link, then the evidence obtaining operation that intelligent contract includes is to obtain infringement data according to the link for the webpage for announcing infringement object.Specifically
Process be that block chain calls intelligent contract, and controls each node therein according to the link for the webpage for announcing infringement object
Infringement data are obtained, and the infringement data that each node obtains are determined as to the execution data of corresponding each node;According to every
The execution data of a node judge whether the execution data of most of node or whole nodes are consistent, that is, judge most of node
If infringement data perhaps the executions data of the whether consistent most of node of infringement data of whole nodes or whole node
Execution data are consistent, then complete the common recognition to execution data, and the execution data known together are determined as forensic data.It needs
Illustrate, infringement object is different, and forensic data is also different, if infringement object is article, forensic data may include article
Title, content, author, article be published in time, pageview of article in infringement webpage etc., the present exemplary embodiment is to this
Do not do particular determination.If infringement object is video, forensic data may include the content of video, the title of video, video
Time, the pageview of video etc. of author, video distribution on infringement webpage, the present exemplary embodiment does not do special limit to this
It is fixed.
For another example if evidence obtaining identification information be announce encroach right object webpage belonging to website link and object it is basic
Information, the essential information of object may include name of an object, author etc., specifically, if object is article, object it is basic
Information includes the title of article, author etc.;If object is picture, the essential information of object may include the title of picture, make
Person etc..Based on above-mentioned evidence obtaining identification information, the evidence obtaining operation for including in intelligent contract includes: according to the webpage for announcing infringement object
The link of affiliated website obtains website belonging to the webpage for announcing infringement object, and traverses belonging to the webpage for announcing infringement object
The link of each of website web data, and by the web data of each link respectively with the essential information of object into
Row matching, and data of encroaching right will be determined as with the matched web data of the essential information of object.Based on this, forensic data is obtained
Process may include: that block chain calls intelligent contract, and controls each node therein according to the webpage institute for announcing infringement object
The link of the website of category obtains website belonging to the webpage for announcing infringement object, and traverses belonging to the webpage for announcing infringement object
The web data of each of website link, the announcement that each node is obtained are encroached right in website belonging to the webpage of object
The web data of each link is matched with the essential information of object respectively, and the announcement infringement visitor that each node is obtained
It is determined as invading for corresponding each node with the matched web data of the essential information of object in website belonging to the webpage of body
Flexible strategy evidence, and the infringement data of each node are determined as to the execution data of corresponding each node.According to each node
If executing the whether consistent most of node of execution data or whole node that data judges most of node perhaps whole nodes
Execution data it is consistent, then complete and the execution data known together to be determined as forensic data to the common recognition for executing data.It needs
It is noted that forensic data has been explained above, therefore do not repeating herein.
Step S360 carries out stamped signature to forensic data, and the forensic data after stamped signature is sent to the terminal of user.
In the embodiment of the present application, after getting forensic data, in order to avoid network abduction, it is further ensured that evidence obtaining number
According to confidence level.Stamped signature need to be carried out to forensic data, specific visa mode can be with are as follows: by covering block chain to forensic data
The mode of certificate timestamp carries out stamped signature to forensic data;It can also be for by way of covering a certification mark to forensic data
Stamped signature is carried out to forensic data, wherein the specific manifestation form for authenticating mark can be by developer's self-setting, for example, recognizing
Card, which identifies, to be a two-dimension code image, can also be character string being made of multiple characters etc., this exemplary implementation
Example does not do particular determination to this.It should be noted that the executing subject of stamped signature can be a node in block chain, Huo Zhequ
All nodes in block chain etc., the present exemplary embodiment does not do particular determination to this.It should be noted that the disclosure other
In embodiment, if the application scenarios of evidence collecting method as shown in Fig. 2, the executing subject of stamped signature in addition to for a node in block chain
Or have node etc., it can also be proxy server, the present exemplary embodiment does not do particular determination to this. more.
In order to avoid network abduction, the safety of the forensic data after guaranteeing stamped signature sends the forensic data after stamped signature
Terminal to user may include: that the forensic data after stamped signature is encrypted, to obtain encrypted forensic data, and
Encrypted forensic data is sent to the terminal of user.
In the embodiment of the present application, if the application scenarios of evidence collecting method as shown in Figure 1, if block chain can pass through public key pair
Forensic data after stamped signature is encrypted, and to obtain encrypted forensic data, and encrypted forensic data is sent
To the terminal of user, so that place is decrypted by the forensic data after private key pair encryption corresponding with public key in the terminal of user
Reason, with the forensic data after being decrypted.
If evidence collecting method application scenarios as shown in Fig. 2, if block chain can be by the first public key to the evidence obtaining after stamped signature
Data carry out first time encryption, to obtain encrypted forensic data for the first time, and will first time encrypted evidence obtaining number
According to proxy server is sent to, proxy server is encrypted encrypted forensic data for the first time by the second public key
To obtain second encrypted forensic data, and second of encrypted forensic data is sent to the terminal of user, user
Terminal can successively add second according to and corresponding second private key of the second public key and the first private key corresponding with the first public key
Forensic data after close is decrypted with the forensic data after being decrypted.
From the foregoing, it will be observed that can kidnap by encrypting to the forensic data after stamped signature to avoid network, guarantee forensic data
Safety.
In conclusion the node controlled in block chain is marked according to evidence obtaining by calling the intelligent contract disposed on block chain
Know information and execute evidence obtaining operation, to obtain corresponding forensic data, compared with the prior art, due to not executed using just personnel
The mode of network operation obtains forensic data, i.e., does not use manual type, realize the automatic acquisition of forensic data, greatly contract
The short evidence obtaining time, evidence obtaining efficiency is improved, while also reducing the human cost of evidence obtaining;In addition, due to calling intelligent contract
The node controlled in block chain executes evidence obtaining operation to obtain corresponding forensic data, i.e., in intelligent conjunction according to evidence obtaining identification information
Setting evidence obtaining operation in about, and run in block chain, the influence of human factor is avoided, ensure that the credible of network environment
Degree must avoid and forge network linking, forge the generation of the behaviors such as site information, and then ensure that the credible of forensic data
Degree;In addition, can be kidnapped to avoid network by carrying out stamped signature to forensic data, further ensure that the credible of forensic data
Degree.
The corresponding above-mentioned evidence collecting method based on block chain, is based on identical thinking, the embodiment of the present application also provides one kind
Based on the apparatus for obtaining evidence of block chain, Fig. 4 is the apparatus for obtaining evidence based on block chain that this specification one or more embodiment provides
Structural block diagram, as shown in figure 4, the apparatus for obtaining evidence 400 based on block chain may include: obtain module 401, execution module 402
And stamped signature module 403, in which:
Module 401 is obtained, can be used for obtaining the network forensics request of user, and is collected evidence according to network forensics request
Identification information;
Execution module 402 can be used for calling the intelligent contract disposed on block chain, control node in block chain according to
Identification information of collecting evidence executes evidence obtaining operation, to obtain corresponding forensic data;
Stamped signature module 403 can be used for carrying out stamped signature to forensic data, and the forensic data after stamped signature be sent to user
Terminal.
Optionally, execution module 402 may include:
Call unit, for calling intelligent contract, each node controlled in block chain takes according to evidence obtaining identification information execution
Card operation, to obtain the execution data of each node;And
Common recognition unit carries out common recognition processing for the execution data to each node, and the execution data known together is made
For forensic data.
Optionally, stamped signature module 403, specifically for forensic data cover block chain certificate timestamp by way of pair
Forensic data carries out stamped signature.
Optionally, module 401 is obtained, the primitive network that the terminal specifically for receiving user is sent, which is collected evidence, requests, to original
The request of beginning network forensics is converted according to preset format, to obtain the network forensics request of user;Or Receiving Agent service
The network forensics request for the user that device is sent, what the network forensics request of user was sent by proxy server according to the terminal of user
Primitive network evidence obtaining request conversion obtains.
Optionally, module 401 is obtained, the network forensics specifically for obtaining encrypted user are requested, to encrypted
The network forensics request of user is decrypted, and is requested with the network forensics of the user after decrypt, and according to decryption after
The network forensics request evidence obtaining identification information of user.
Optionally, stamped signature module 403, specifically for the forensic data after stamped signature is encrypted, to be encrypted
Forensic data afterwards, and encrypted forensic data is sent to the terminal of user.
Apparatus for obtaining evidence provided by the embodiments of the present application based on block chain, by calling the intelligence disposed on block chain to close
About, the node controlled in block chain executes evidence obtaining operation according to evidence obtaining identification information, to obtain corresponding forensic data, compared to
The prior art does not use manual type, in fact due to not obtaining forensic data in such a way that just personnel execute network operation
The automatic acquisition for having showed forensic data greatly shortens the evidence obtaining time, improves evidence obtaining efficiency, while also reducing evidence obtaining
Human cost;In addition, due to calling the node in intelligent contract control block chain to execute evidence obtaining operation according to evidence obtaining identification information
To obtain corresponding forensic data, i.e., setting evidence obtaining operation, and runs in block chain in intelligent contract, avoid it is artificial because
The influence of element, ensure that the confidence level of network environment, i.e., the hair that must be avoided and forge network linking, forge the behaviors such as site information
It is raw, and then ensure that the confidence level of forensic data;In addition, can be kidnapped by carrying out stamped signature to forensic data to avoid network, into
The confidence level that ensure that forensic data of one step.
Further, it is based on above-mentioned method shown in Fig. 3, the embodiment of the present application also provides a kind of taking based on block chain
Equipment is demonstrate,proved, as shown in Figure 5.
Evidence taking equipment based on block chain can generate bigger difference because configuration or performance are different, may include one
Or more than one processor 501 and memory 502, it can store one or more storage applications in memory 502
Program or data.Wherein, memory 502 can be of short duration storage or persistent storage.The application program for being stored in memory 502 can
To include one or more modules (diagram is not shown), each module may include in the evidence taking equipment based on block chain
Series of computation machine executable instruction.Further, processor 501 can be set to communicate with memory 502, be based on
The series of computation machine executable instruction in memory 502 is executed on the evidence taking equipment of block chain.Evidence obtaining based on block chain is set
Standby can also include one or more power supplys 503, one or more wired or wireless network interfaces 504, one or
More than one input/output interface 505, one or more keyboards 506 etc..
In a specific embodiment, the evidence taking equipment based on block chain includes memory and one or one
Above program, perhaps more than one program is stored in memory and one or more than one program can be with for one of them
Including one or more modules, and each module may include to the series of computation in the evidence taking equipment based on block chain
Machine executable instruction, and be configured to execute this by one or more than one processor or more than one program includes
For carrying out following computer executable instructions:
The network forensics request of user is obtained, and according to network forensics request evidence obtaining identification information;
The intelligent contract disposed on block chain is called, the node controlled in block chain executes evidence obtaining according to evidence obtaining identification information
Operation, to obtain corresponding forensic data;
Stamped signature is carried out to forensic data, and the forensic data after stamped signature is sent to the terminal of user.
Optionally, computer executable instructions when executed, call the intelligent contract disposed on block chain, control block
Node in chain executes evidence obtaining operation according to evidence obtaining identification information, includes: to obtain corresponding forensic data
Intelligent contract is called, each node controlled in block chain executes evidence obtaining operation according to evidence obtaining identification information, to obtain
The execution data of each node;And
Common recognition processing is carried out to the execution data of each node, and using the execution data known together as forensic data.
Optionally, when executed, carry out stamped signature to forensic data includes: computer executable instructions
Stamped signature is carried out to forensic data by way of covering block chain certificate timestamp to forensic data.
Optionally, computer executable instructions when executed, obtain the network forensics request of user, comprising:
Receive user terminal send primitive network collect evidence request, to primitive network evidence obtaining request according to preset format into
Row conversion, to obtain the network forensics request of user;Or
The network forensics request for the user that Receiving Agent server is sent, the network forensics of user are requested by proxy server
The primitive network evidence obtaining request conversion sent according to the terminal of user obtains.
Optionally, computer executable instructions when executed, obtain the network forensics request of user, and are taken according to network
Demonstrate,proving request evidence obtaining identification information includes:
The network forensics request of encrypted user is decrypted in the network forensics request for obtaining encrypted user,
With the network forensics request of the user after being decrypted;
According to the network forensics request of the user after decryption evidence obtaining identification information.
Optionally, the forensic data after stamped signature when executed, is sent to the terminal of user by computer executable instructions
Include:
Forensic data after stamped signature is encrypted, to obtain encrypted forensic data, and is taken encrypted
Card data are sent to the terminal of user.
Evidence taking equipment provided by the embodiments of the present application based on block chain, by calling the intelligence disposed on block chain to close
About, the node controlled in block chain executes evidence obtaining operation according to evidence obtaining identification information, to obtain corresponding forensic data, compared to
The prior art does not use manual type, in fact due to not obtaining forensic data in such a way that just personnel execute network operation
The automatic acquisition for having showed forensic data greatly shortens the evidence obtaining time, improves evidence obtaining efficiency, while also reducing evidence obtaining
Human cost;In addition, due to calling the node in intelligent contract control block chain to execute evidence obtaining operation according to evidence obtaining identification information
To obtain corresponding forensic data, i.e., setting evidence obtaining operation, and runs in block chain in intelligent contract, avoid it is artificial because
The influence of element, ensure that the confidence level of network environment, i.e., the hair that must be avoided and forge network linking, forge the behaviors such as site information
It is raw, and then ensure that the confidence level of forensic data;In addition, can be kidnapped by carrying out stamped signature to forensic data to avoid network, into
The confidence level that ensure that forensic data of one step.
Further, the embodiment of the present application also provides a kind of storage medium, for storing computer executable instructions, one
In kind specific embodiment, which can be USB flash disk, CD, hard disk etc., and the computer of storage medium storage is executable
Instruction is able to achieve following below scheme when being executed by processor:
The network forensics request of user is obtained, and according to network forensics request evidence obtaining identification information;
The intelligent contract disposed on block chain is called, the node controlled in block chain executes evidence obtaining according to evidence obtaining identification information
Operation, to obtain corresponding forensic data;
Stamped signature is carried out to forensic data, and the forensic data after stamped signature is sent to the terminal of user.
Optionally, the computer executable instructions of storage medium storage call on block chain when being executed by processor
The intelligent contract of deployment, the node controlled in block chain executes evidence obtaining operation according to evidence obtaining identification information, to be taken accordingly
Demonstrate,proving data includes:
Intelligent contract is called, each node controlled in block chain executes evidence obtaining operation according to evidence obtaining identification information, to obtain
The execution data of each node;And
Common recognition processing is carried out to the execution data of each node, and using the execution data known together as forensic data.
Optionally, the storage medium storage computer executable instructions when being executed by processor, to forensic data into
Row stamped signature includes:
Stamped signature is carried out to forensic data by way of covering block chain certificate timestamp to forensic data.
Optionally, the computer executable instructions of storage medium storage obtain the net of user when being executed by processor
Network evidence obtaining request, comprising:
Receive user terminal send primitive network collect evidence request, to primitive network evidence obtaining request according to preset format into
Row conversion, to obtain the network forensics request of user;Or
The network forensics request for the user that Receiving Agent server is sent, the network forensics of user are requested by proxy server
The primitive network evidence obtaining request conversion sent according to the terminal of user obtains.
Optionally, the computer executable instructions of storage medium storage obtain the net of user when being executed by processor
Network evidence obtaining request, and include: according to network forensics request evidence obtaining identification information
The network forensics request of encrypted user is decrypted in the network forensics request for obtaining encrypted user,
With the network forensics request of the user after being decrypted;
According to the network forensics request of the user after decryption evidence obtaining identification information.
Optionally, the computer executable instructions of storage medium storage are when being executed by processor, by taking after stamped signature
Card data are sent to the terminal of user and include:
Forensic data after stamped signature is encrypted, to obtain encrypted forensic data, and is taken encrypted
Card data are sent to the terminal of user.
The computer executable instructions of storage medium storage in the embodiment of the present application pass through tune when being executed by processor
With the intelligent contract disposed on block chain, the node controlled in block chain executes evidence obtaining operation according to evidence obtaining identification information, with
To corresponding forensic data, compared with the prior art, due to not obtaining evidence obtaining in such a way that just personnel execute network operation
Data do not use manual type, realize the automatic acquisition of forensic data, greatly shorten the evidence obtaining time, improve and take
Efficiency is demonstrate,proved, while also reducing the human cost of evidence obtaining;In addition, due to call the node in intelligent contract control block chain according to
Identification information of collecting evidence executes evidence obtaining and operates to obtain corresponding forensic data, i.e., the setting evidence obtaining operation in intelligent contract, and
It is run in block chain, avoids the influence of human factor, ensure that the confidence level of network environment, i.e., must avoid forgery lattice chain
It connects, forge the generation of the behaviors such as site information, and then ensure that the confidence level of forensic data;In addition, by forensic data into
Row stamped signature can be kidnapped to avoid network, further ensure that the confidence level of forensic data.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example,
Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So
And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.
Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause
This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device
(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate
Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer
Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker
Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled
Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,
And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language
(Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL
(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description
Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL
(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby
Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present
Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer
This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages,
The hardware circuit for realizing the logical method process can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing
The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can
Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit,
ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller
Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited
Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to
Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic
Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc.
Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it
The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions
For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit can be realized in the same or multiple software and or hardware when specification one or more embodiment.
It should be understood by those skilled in the art that, this specification one or more embodiment can provide for method, system or
Computer program product.Therefore, complete hardware embodiment can be used in this specification one or more embodiment, complete software is implemented
The form of example or embodiment combining software and hardware aspects.Moreover, this specification one or more embodiment can be used one
It is a or it is multiple wherein include computer usable program code computer-usable storage medium (including but not limited to disk storage
Device, CD-ROM, optical memory etc.) on the form of computer program product implemented.
This specification one or more embodiment is referring to according to the method for the embodiment of the present application, equipment (system) and meter
The flowchart and/or the block diagram of calculation machine program product describes.It should be understood that can be realized by computer program instructions flow chart and/
Or the combination of the process and/or box in each flow and/or block and flowchart and/or the block diagram in block diagram.It can
These computer program instructions are provided at general purpose computer, special purpose computer, Embedded Processor or other programmable datas
The processor of equipment is managed to generate a machine, so that holding by the processor of computer or other programmable data processing devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including element
There is also other identical elements in process, method, commodity or equipment.
This specification one or more embodiment can computer executable instructions it is general on
It hereinafter describes, such as program module.Generally, program module includes executing particular task or realization particular abstract data type
Routine, programs, objects, component, data structure etc..The application can also be practiced in a distributed computing environment, at these
In distributed computing environment, by executing task by the connected remote processing devices of communication network.In distributed computing
In environment, program module can be located in the local and remote computer storage media including storage equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
The above is only this specification one or more embodiments, are not limited to this specification.For this field
For technical staff, this specification one or more embodiment can have various modifications and variations.It is all in this specification one or
Any modification, equivalent replacement, improvement and so within the spirit and principle of multiple embodiments, should be included in this specification one
Within the scope of the claims of a or multiple embodiments.