CN112134864B - Evidence chain platform based on double-block chain structure and implementation method thereof - Google Patents
Evidence chain platform based on double-block chain structure and implementation method thereof Download PDFInfo
- Publication number
- CN112134864B CN112134864B CN202010958899.3A CN202010958899A CN112134864B CN 112134864 B CN112134864 B CN 112134864B CN 202010958899 A CN202010958899 A CN 202010958899A CN 112134864 B CN112134864 B CN 112134864B
- Authority
- CN
- China
- Prior art keywords
- evidence
- block chain
- information
- participant
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Abstract
The invention discloses an evidence chain platform based on a double-block chain structure and an implementation method thereof, wherein the method comprises the following steps: initiating evidence request information through an evidence block chain, and sending the evidence request information to a monitoring area block chain; according to the evidence request information, identity authentication is carried out on identity information of a participant through the monitoring area block chain; and after passing the identity authentication, sending the evidence content corresponding to the evidence request information to the evidence block chain through the trusted storage system. The invention ensures the identity information of the participants to be concealed, simultaneously ensures the legality and traceability of the identities of the participants, and can be widely applied to the technical field of block chains.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to an evidence chain platform based on a double-block chain structure and an implementation method thereof.
Background
With the rapid development of network technology, network attack events occur frequently, and trojan horse, worm and lasso software on the internet appears endlessly, which poses serious threats to network security and even national security. The evidence of the network attacks is non-physical electronic evidence existing in the terminal equipment or the network in the form of logs, pictures, malicious traffic, malicious codes and the like. Due to the characteristics of easy loss, easy tampering and difficult traceability of the electronic evidence, the electronic evidence can be stolen, replaced or tampered in the processes of transmission and management of the electronic evidence. "credibility" becomes the focus of evidence platform attention. Currently, research on credible evidence platforms mainly focuses on how to guarantee credibility of electronic evidence to ensure that the evidence is legally acceptable and approved. With the advent and popularization of the block chain technology, the block chain is an application mode of computer technologies such as a distributed book, an asymmetric encryption algorithm, a consensus mechanism, an intelligent contract and the like, has the advantages of tamper resistance, non-repudiation and the like, and gradually becomes a key technology for constructing a trusted evidence platform.
The method for applying the block chain technology to the construction of the credible evidence platform can be divided into two types: (1) the blockchain is used directly for accessing the evidence. (2) The method is different from the method that a block chain is directly used for storing the evidence, the evidence and the evidence information are separated by combining a database under the chain and the block chain, the database is used for storing the evidence, and the block chain records the evidence information and the ownership conversion condition of the evidence in the judicial litigation process, so that the safety services of integrity, identity verification, non-repudiation and the like are met.
The shortcomings of the existing block chain-based trusted evidence platform mainly consist of the following three aspects:
(1) The credibility of evidence platform participants cannot be ensured;
the blockchain applies a cryptography technology, and the identity information of the participant is anonymous in the blockchain while the data transmission and access security is ensured, so that other people can know the bill information of the participant but cannot know the corresponding real identity of the participant. The true identities of the evidence submitter and the evidence requester cannot be verified, so that the evidence of the submission blockchain is not trusted or the evidence request is not trusted.
(2) The evidence platform is uncontrollable;
the block chain is a key supporting technology of a credible evidence platform, but the block chain uses distributed storage and computing power, so that the rights and obligations of the whole network nodes are the same, and all nodes in the block chain adopt a consensus mechanism based on a cryptographic algorithm to jointly maintain data in bills, so that the block chain can realize distributed storage and recording of the data without depending on a central processing node. Thus, the blockchain does not require a central and trust authority endorsement. The identity legitimacy of the nodes is verified and the behaviors of the nodes are controlled due to the lack of a central and trust organization, so that an effective supervision mechanism is lacked in a block chain, and the uncontrollable of a trusted evidence platform is easily caused.
(3) The use scene is simple, and the consideration of evidence collaborative analysis is lacked;
because the existing block chain evidence platform scheme is mostly applied to justice, justice and the like, the existing block chain evidence platform scheme is mostly used for solving the access requirements of independent evidence, the scene is relatively simple, and the consideration of evidence collaborative analysis is lacked. Due to the fact that a network attack scene is complex, stage persistence, cross-domain attack and multipoint (network) concurrency exist, massive evidences in an evidence platform belong to different evidence obtaining mechanisms, different devices or networks and different attack stages, correlation analysis of multisource cross-domain evidences needs to be considered for network threat detection and attack tracing, the complex scene with participation of multiple parties also has the problems of credible access and tracing, and credibility of evidence access identities and behaviors between an evidence user and an evidence provider needs to be ensured. The credible evidence platform based on independent evidence storage is not suitable for the electronic evidence credible evidence platform facing network attacks.
(4) Evidence sources and participant behaviors cannot be traced;
because the existing blockchain platform solves the access requirement of independent evidence, and identity information and behaviors of participants are anonymous, the sources and use conditions of the evidence can not be effectively tracked.
The main reasons for the above disadvantages include the following four aspects: (1) In order to ensure the privacy of the participants, the block chain technology adopts random asymmetric encryption to protect the information of the participants, so that the identity of the real world of the participants is difficult to verify, and the credibility of providing and acquiring evidence cannot be ensured; (2) The block chain uses distributed storage and technology, each node is independent and equal, each node manages and maintains a block chain bill based on a consensus mechanism, and an effective access control and supervision management mechanism is lacked, so that an evidence platform is uncontrollable; (3) The existing scheme is based on the requirement of solving independent evidence storage, and does not consider the requirement of relevance analysis of multi-source cross-domain evidence, so that the credibility of the multi-source cross-domain evidence cannot be ensured; (4) Due to the anonymity of the participant identity and the independence of the block chain nodes and the characteristic of no management center, the behavior and evidence of the participant cannot be supervised and traced.
Disclosure of Invention
In view of this, embodiments of the present invention provide an evidence chain platform based on a dual-block chain structure and an implementation method thereof, so as to ensure that the identity information of a participant is concealed and at the same time, the validity and traceability of the identity of the participant are also ensured.
The invention provides an evidence chain platform based on a double-block chain structure, which comprises a supervision block chain, an evidence block chain and a trusted storage system, wherein the evidence chain comprises the following components in parts by weight:
the monitoring area block chain is used for determining the validity of the visit evidence of the participant according to the evidence request information sent by the evidence block chain and recording the behavior information of the participant;
the evidence block chain is used for acquiring evidence request information and sending identity information corresponding to the evidence request information to the monitoring area block chain for identity verification; the system is used for storing the evidence information into the trusted storage system or taking the evidence information out of the trusted storage system and feeding the evidence information back to the participant;
and the trusted storage system is used for storing the evidence information.
In some embodiments, the chain of custody blocks includes a chain of participant blocks, a chain of shared blocks, and a chain of evidence creation information blocks;
the participant block chain is used for recording the real identity information of a participant;
the shared block chain is used for recording the information of the use evidence of the participants;
and the evidence creation information block chain is used for recording the evidence information submitted by the participants.
In some embodiments, the chain of custody blocks is a private chain and the chain of evidence blocks is a federation chain.
A second aspect of the present invention provides a method for implementing an evidence chain platform based on a dual block chain structure,
the method comprises the following steps:
initiating evidence request information through an evidence block chain, and sending the evidence request information to a monitoring area block chain;
according to the evidence request information, identity authentication is carried out on the identity information of the participant through the monitoring area block chain;
and after passing the identity authentication, sending the evidence content corresponding to the evidence request information to the evidence block chain through the trusted storage system.
In some embodiments, the method of implementing further comprises the step of submitting evidence, the step comprising:
initiating an identity record request to the supervision block chain;
verifying the identity record request by the monitoring area block chain, and storing the identity information passing the verification into the participant block chain;
sending evidence content to an evidence blockchain;
and the evidence block chain sends an identity authentication request to the monitoring area block chain, and stores the evidence content into the evidence block chain after passing the identity authentication.
In some embodiments of the present invention, the,
the initiating an identity record request to the chain of the supervision block comprises:
the method comprises the steps that an evidence provider sends an identity record request to an evidence supervisor, wherein the identity record request comprises an authenticated private key signature, an identity identifier, a random public key set, role information, role authority and a message signature;
the storing the evidence content into an evidence block chain after the identity authentication is passed comprises:
the evidence supervisor stores the information returned by the evidence manager, the public key of the evidence provider, the message signature and the evidence name in the evidence creation information block chain of the supervision block chain.
In some embodiments, the implementation method further includes a step of tracing the source of the participant, where the step includes:
the evidence supervisor sends the evidence name and the account hash value of the evidence in the evidence block chain to the evidence manager;
the evidence manager queries the evidence block chain to obtain a random public key corresponding to the evidence;
the evidence manager returns the queried random public key to the evidence supervisor;
the evidence manager queries a participant block chain in the monitoring block chain through the random public key to obtain a participant authentication public key, and finds out real information of the participant through the authentication public key;
the evidence supervisor inquires an evidence creating information block chain in the supervision block chain through the random public key to obtain related information submitted by the evidence;
the evidence supervisor inquires an evidence sharing block chain through the random public key to obtain the related information of the evidence user; and inquiring the participant block chain through the participant authentication public key to acquire the real information of the participant.
In some embodiments, the implementation method further comprises a step of searching all evidence of the participant, wherein the step comprises the following steps:
acquiring a random public key of a participant, and inquiring a participant block chain in a monitoring block chain according to the random public key of the participant;
acquiring real identity information of a participant and a group of random public key values;
inquiring evidence creating information block chains in the monitoring block chains according to the returned group of random public key values;
the evidence supervisor acquires evidence creating information of the participant, wherein the evidence creating information comprises all created evidence names and evidence content information, and the evidence content information comprises an account book hash value and evidence submission time in an evidence block chain;
the evidence supervisor sends the acquired evidence creating information to an evidence manager;
an evidence manager queries the evidence block chain and acquires all evidence information about participants;
the evidence manager sends all the inquired information related to the participant evidence to the evidence supervisor;
and the evidence supervisor inquires a shared block chain in the supervision block chain by using the random public key of the participant to acquire the personnel information of the participant.
The embodiment of the invention initiates evidence request information through an evidence block chain and sends the evidence request information to a monitoring area block chain; according to the evidence request information, identity authentication is carried out on identity information of a participant through the monitoring area block chain; and after the identity authentication is passed, sending the evidence content corresponding to the evidence request information to the evidence block chain through the trusted storage system. The invention ensures the legality and traceability of the identity of the participant while ensuring the identity information of the participant to be concealed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic diagram of an architecture of an evidence chain platform according to an embodiment of the present invention.
Detailed Description
The invention is further explained and illustrated in the following description with reference to the figures and the specific embodiments thereof. The step numbers in the embodiments of the present invention are set for convenience of illustration only, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adaptively adjusted according to the understanding of those skilled in the art.
For solving the problems in the prior art, an embodiment of the present invention provides an evidence chain platform based on a dual-block chain structure, as shown in fig. 1, the platform mainly includes a supervision block chain, an evidence block chain, and a trusted storage system.
The monitoring block chain consists of a participant block chain, a shared block chain and an evidence creation information block chain. The participant blockchain user records the real identity information of the participant, the shared blockchain is used for recording the information of evidence used by the participant, the evidence creating information blockchain is used for recording the related evidence information submitted by the participant, and the three blockchains are used for monitoring the validity of the participant for accessing the evidence and recording the behavior of the participant. The chain of custody blocks is managed by an evidence supervisor.
The evidence block chain is used for receiving the evidence submitted and requested by the participants and sending the relevant information to the evidence supervisor for verification. And after the identity of the participant is successfully verified, storing the evidence into the trusted storage system or taking the evidence out of the trusted storage system and returning the evidence to the participant. The evidence block chain is managed by an evidence manager.
The trusted storage system consists of a trusted cloud platform or a local data center, and the storage form can exist in a knowledge graph or other forms and is used for storing relevant information of the evidence.
Specifically, the trusted evidence chain platform of the embodiment of the invention is dominated by an authority with supervision capability, and legal users such as joint enterprises, research groups, public individuals and the like participate in the collection, storage, use and supervision of evidence. The participants may assume one or several of these roles. Wherein, evidence providers (such as personal users, ISP providers, national access management departments) collect and submit evidence from different levels of terminals, networks and the like; the evidence manager verifies the validity of the submitted or used evidence; an evidence user acquires shared evidence according to the requirements of attack detection, source tracing and the like; the evidence supervisor supervises the use of the evidence. The invention decouples the functions of supervision, access and storage, and corresponds to a supervision area block chain, an evidence block chain and a trusted storage system respectively.
Wherein:
(1) Chain of evidence blocks
The evidence blockchain is a federation chain constructed by an evidence blockchain manager and used for recording evidence related information, and the evidence manager verifies the validity of the evidence submitted by an evidence provider or used by an evidence user and verifies the integrity and validity of the evidence.
(2) Monitoring area block chain
The supervision block chain is a private chain constructed by an evidence supervisor, and consists of a participant block chain, a shared block chain and an evidence creation information block chain, wherein participant block chain users record participant identity information, the shared block chain records user use information, the evidence creation information block chain is used for recording information of the evidence submitted by the participants, and the three block chains are used for supervising the validity of evidence access and recording participant behaviors, so that the controllability and traceability of the platform are ensured. Under the scene, mass evidences are issued to the platform from different providers in different areas, different evidence users acquire multi-source cross-domain block chain information based on a trust and supervision mechanism, and the problem of network security is solved through collaborative analysis.
(3) Trusted storage system
The evidence can be directly stored in a trusted cloud platform or a local data center, and the storage form can exist in a knowledge graph or other forms so as to support attack detection and source tracing. Evidence-related information is stored to the blockchain to ensure that the evidence is trustworthy.
Based on the evidence chain platform with the double-block chain structure provided by the invention, the embodiment of the invention provides a corresponding implementation method, which comprises the following steps:
initiating evidence request information through an evidence block chain, and sending the evidence request information to a monitoring area block chain;
according to the evidence request information, identity authentication is carried out on identity information of a participant through the monitoring area block chain;
and after the identity authentication is passed, sending the evidence content corresponding to the evidence request information to the evidence block chain through the trusted storage system.
Specifically, the embodiment of the present invention provides a step of submitting evidence by an evidence provider, including:
step 1: the public key PKpx signed by the evidence provider with the private key authenticated by the supervisor, the identity ID, a randomly generated set of public keys { PK rx1 ,PK rx2 ,PK rx3 ,…PK rxn And registrant information such as the information of the roles, the role authority, the message signatures and the like is sent to an evidence supervisor.
Step 2, verifying and storing the registrant information into a participant block chain by an evidence supervisor;
step 3, the evidence supervisor returns the information of successful verification to the evidence provider;
step 4, the evidence content and the evidence name e-name which are signed by the evidence provider by using the random private key, the hash of the evidence content, the message signature and other relevant information and the random public key PK of the unsigned provider rxi Sending to an evidence manager;
step 5, the evidence manager forwards the received content to an evidence supervisor;
step 6, the evidence supervisor obtains the random public key PK of the provider rxi Based on a random public key PK rxi Finding out a corresponding account book in a provider block chain, and verifying the identity information of the account book;
7, the evidence supervisor returns the identity verification result to the evidence supervisor;
step 8, the evidence manager uses the random public key PK sent by the provider rxi Decrypting the content provided by the evidence provider and providing the random public key PK of the provider rxi And storing the content into a chain of evidence blocks
And step 9, the evidence manager returns the ledger hash value h (e-tr) of the evidence provided by the evidence in the evidence, the evidence submission time t and the like to the evidence supervisor
Step 10, the information returned by the evidence supervisor, the evidence provider public key PK rxi The message signature and the evidence name e-name are stored in the evidence creation information block chain.
Specifically, the embodiment of the present invention further provides a step of obtaining the evidence by the evidence user, including:
step 1: evidence provider signs its own supervision with authenticated private keyPublic key PKpu for person authentication, identity ID, randomly generated set of public keys { PK ru1 ,PK ru2 ,PK ru3 ,…PK run Register information such as the information of the register, role information, authority, message signature and the like is sent to an evidence supervisor;
step 2, verifying and storing user information into a participant block chain by an evidence supervisor;
step 3, the evidence supervisor returns the information of successful verification to the evidence user;
step 4, the evidence user signs with the random private key, the evidence name e-name which needs to be obtained, the account hash value h (e-tr) of the evidence in the evidence block chain, the message signature and other related information and the random public key PK of the unsigned participant ruj Sending to an evidence manager;
step 5, the evidence manager forwards the received content to the evidence supervisor;
step 6, the evidence supervisor obtains the random public key PK of the user ruj Based on a random public key PK ruj Finding a corresponding account book in the participant block chain, verifying identity information and authority information of the account book, and finding related evidence creation information in the evidence creation information block chain;
7, the evidence supervisor returns the identity verification result to the evidence supervisor;
step 8, the evidence manager decrypts the content by the public key provided by the evidence user and searches an evidence block chain;
9, after the inquiry is successful, returning success information to an evidence supervisor;
step 10, the evidence supervisor uses the public key PK of the evidence provider rpi Proof user public key PK ruj Sharing authority information and the like are stored in the sharing block chain;
step 11, after the shared block chain is successfully stored, returning success information to an evidence manager;
and step 12, the evidence manager sends the inquired evidence information to an evidence user, and after the evidence user obtains the evidence, the evidence user can obtain information such as a public key of an evidence provider, content hash and the like from the account book of the corresponding block so as to verify the validity and the integrity of the evidence.
The storage method and the query method are based on an evidence supervisor block chain, a participant separates an authenticated key pair and a randomly generated key pair, the authenticated key pair is only used for the supervision block chain, the random key pair is used for the evidence block chain, and the authenticated key pair and the random key pair are associated through an account book in the supervision block chain. Because the supervision block chain is a private chain, only the supervisor can acquire the information of the supervision block chain, namely the identity and the sharing authority of the participant are verified, and the real identity information of the participant is protected from being leaked to other participants.
Specifically, the embodiment of the present invention further provides a step of querying the traceability information of the participant, and once the evidence has a problem or the behavior of the participant is abnormal, the traceability can be performed through the following process, including:
step 1: the evidence supervisor sends a problem evidence name e-name and an account book hash value h (e-tr) of the evidence in the evidence block chain to the evidence manager;
step 2: the evidence manager inquires the evidence block chain to obtain a random public key PKru of the evidence;
and 3, step 3: the evidence manager returns the inquired random public key PKru to the evidence supervisor;
and 4, step 4: the evidence manager queries the participant block chain through the random public key PKru to obtain a participant authentication public key PK rx Passing authentication public key PK rx Finding real information of a participant;
and 5, step 5: an evidence supervisor inquires an evidence creation information block chain through a random public key PKru to acquire related information submitted by the evidence;
and 6, a step of: the evidence supervisor inquires the evidence sharing block chain through the random public key PKru to obtain the related information of the evidence user; and passes evidence of the user's public key PK ruj The participant blockchain is queried to obtain the user's true information.
According to the method, when the evidence is in problem or the behavior of the participant is abnormal, the supervisor inquires the real information related to the participant, and the block chain of the supervisor is a private chain, so that the real identity information of the participant can be acquired under the condition of ensuring the information privacy of the participant, and the traceability of the behavior and the controllability of a platform are ensured.
Specifically, the embodiment of the invention also provides a step of searching all evidences of the participants based on the identities, if one participant evidence and behavior are abnormal, all behaviors and evidences of the participant can be quickly inquired, and whether other behaviors and evidences of the participant are abnormal or not can be conveniently judged, wherein the step comprises the following steps of:
step 1, after obtaining a random public key PKru of a participant, inquiring a block chain of the participant;
step 2, returning to obtain the true identity of the participant and a set of random public key values { PK rx1 ,PK rx2 ,PK rx3 ,…
PK rxn };
Step 3, use a returned set of random public key values PK rx1 ,PK rx2 ,PK rx3 ,…PK rxn Inquiring evidence to create an information block chain;
step 4, the supervisor acquires all evidence names created by the participant and an account hash value h (e-tr) of the evidence in an evidence block chain, evidence submission time and the like;
step 5, the supervisor sends the acquired evidence creating information to an evidence manager,
step 6, the evidence manager inquires the data block chain;
7, the evidence manager sends all the inquired information related to the evidence of the participants to the supervisor;
step 8, evidence supervisor utilizes participant random public key PK rx1 ,PK rx2 ,PK rx3 ,…PK rxn -shared block chains;
and 9, the evidence supervisor acquires all the related information of the personnel shared by the participants, so that abnormal evidence personnel can be found and used conveniently and timely.
The method can search and find all evidences and sharers under a participant in time under the condition of obtaining the abnormal behavior or evidence of the participant, can quickly screen whether other behaviors or evidences are abnormal, and can remind the sharers that the evidence used by the sharers is abnormal in time.
In summary, compared with the prior art, the present invention has the following differences:
the existing evidence platform based on the block chain can not solve the problems of mutual trust of participants, uncontrollable platform and incapability of carrying out multi-source cross-domain collaborative analysis on massive evidence when the evidence is shared in the block chain. The invention discloses an evidence platform based on a double-chain loose coupling structure credible evidence model, which decouples supervision, access and storage functions and designs a monitoring area block chain, an evidence block chain and a credible storage system. The method comprises the steps of designing a supervision area block chain and an evidence block chain to mutually support to form a double-block chain framework, decoupling the evidence and the evidence information, storing the evidence and the information separately, designing a participant multiple key authentication method, authenticating identity information and sharing information between a participant and a supervision area, and identifying and authenticating the identity of the participant by a supervisor under the condition of ensuring the anonymity of the participant information, thereby ensuring the requirements of validity, integrity, confidentiality and traceability of an evidence platform, and quickly searching and discovering all evidences and behaviors of the same participant.
Compared with the prior art, the invention has the following advantages:
1. the double-chain structure loose coupling credible evidence architecture based on the block chain is selected to naturally ensure the credibility of the evidence;
2. the participants generate two groups of keys, the authenticated public key is used for tracing the behavior of the participants, and the random public key is used for protecting the privacy of the participants, so that the legality and the behavior of the participants are ensured, the identity information of the participants is kept secret, the controllability, the confidentiality and the traceability of the platform are ensured, and the controllability of the platform is ensured.
3. Through a supervision mechanism, different evidence users acquire multi-source cross-domain block chain information based on trust, the mutual trust problem of participants during evidence sharing is solved, and the network security problem can be solved through cooperative analysis.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (4)
1. A method for realizing an evidence chain platform based on a double-block chain structure is characterized by comprising the following steps:
initiating evidence request information through an evidence block chain, and sending the evidence request information to a monitoring area block chain;
according to the evidence request information, identity authentication is carried out on identity information of a participant through the monitoring area block chain;
after passing the identity authentication, sending the evidence content corresponding to the evidence request information to the evidence block chain through a trusted storage system;
the implementation method further comprises a step of tracing the source of the participants, wherein the step comprises the following steps:
the evidence supervisor sends the evidence name and the account hash value of the evidence in the evidence block chain to the evidence manager;
the evidence manager queries the evidence block chain to obtain a random public key corresponding to the evidence;
the evidence manager returns the queried random public key to the evidence manager;
the evidence manager queries a participant block chain in the monitoring block chain through the random public key to obtain a participant authentication public key, and finds out real information of the participant through the authentication public key;
the evidence supervisor inquires an evidence creation information block chain in the supervision block chain through the random public key to acquire the related information submitted by the evidence;
the evidence supervisor inquires an evidence sharing block chain through the random public key to obtain the related information of the evidence user; and inquiring the participant block chain through the participant authentication public key to acquire the real information of the participant.
2. The method for implementing the evidence chain platform based on the dual-block chain structure as claimed in claim 1, wherein the implementing method further comprises a step of submitting evidence, which includes:
initiating an identity record request to the supervision block chain;
verifying the identity recording request by the monitoring area block chain, and storing the identity information passing the verification into the participant block chain;
sending evidence content to an evidence blockchain;
and the evidence block chain sends an identity authentication request to the monitoring area block chain, and stores the evidence content into the evidence block chain after passing the identity authentication.
3. The method for implementing a evidence chain platform based on a dual block chain structure according to claim 2,
the initiating an identity record request to the supervisor block chain comprises:
the method comprises the steps that an evidence provider sends an identity recording request to an evidence supervisor, wherein the identity recording request comprises an authenticated private key signature, an identity identifier, a random public key set, role information, role authority and a message signature;
storing the evidence content into an evidence block chain after passing identity authentication, including:
the evidence supervisor stores the information returned by the evidence manager, the public key of the evidence provider, the message signature and the evidence name in the evidence creation information block chain of the supervision block chain.
4. The method for implementing the evidence chain platform based on the dual block chain structure according to claim 1, further comprising a step of searching all evidence of participants, wherein the step comprises:
acquiring a random public key of a participant, and inquiring a participant block chain in a monitoring block chain according to the random public key of the participant;
acquiring real identity information of a participant and a group of random public key values;
inquiring evidence in the monitoring block chain according to the set of random public key values to create an information block chain;
the evidence supervisor acquires evidence creating information of the participant, wherein the evidence creating information comprises all created evidence names and evidence content information, and the evidence content information comprises an account book hash value and evidence submission time in an evidence block chain;
the evidence supervisor sends the obtained evidence creating information to an evidence manager;
an evidence manager queries the evidence block chain and acquires all evidence information about participants;
the evidence manager sends all the inquired information related to the participant evidence to the evidence supervisor;
the evidence supervisor utilizes the random public key of the participant to inquire the shared block chain in the monitoring block chain and acquire the personnel information of the participant.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010958899.3A CN112134864B (en) | 2020-09-14 | 2020-09-14 | Evidence chain platform based on double-block chain structure and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010958899.3A CN112134864B (en) | 2020-09-14 | 2020-09-14 | Evidence chain platform based on double-block chain structure and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112134864A CN112134864A (en) | 2020-12-25 |
| CN112134864B true CN112134864B (en) | 2023-02-03 |
Family
ID=73846730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010958899.3A Active CN112134864B (en) | 2020-09-14 | 2020-09-14 | Evidence chain platform based on double-block chain structure and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112134864B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113810359B (en) * | 2021-03-08 | 2023-06-23 | 京东科技信息技术有限公司 | Certificate storing method, device and equipment thereof |
| CN112926711A (en) * | 2021-03-31 | 2021-06-08 | 重庆风云际会智慧科技有限公司 | Material evidence tracing method based on block chain |
| CN113239399A (en) * | 2021-05-18 | 2021-08-10 | 中国信息通信研究院 | Supply chain data supervision method based on block chain, electronic equipment and storage medium |
| CN113411348B (en) * | 2021-07-02 | 2022-02-11 | 江西农业大学 | Data protection method and system for 1+ N multi-chain traceability system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108717431A (en) * | 2018-05-11 | 2018-10-30 | 中国科学院软件研究所 | A kind of electronic evidence based on block chain deposits card, verification method and system |
| CN109344635A (en) * | 2018-09-29 | 2019-02-15 | 华东师范大学 | A kind of electronic evidence acquisition, preservation and verification method based on block chain |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| CN110457913A (en) * | 2019-07-03 | 2019-11-15 | 韵盛发科技(北京)股份有限公司 | Data storage and access method and system |
| US10735205B1 (en) * | 2019-03-08 | 2020-08-04 | Ares Technologies, Inc. | Methods and systems for implementing an anonymized attestation chain |
-
2020
- 2020-09-14 CN CN202010958899.3A patent/CN112134864B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108717431A (en) * | 2018-05-11 | 2018-10-30 | 中国科学院软件研究所 | A kind of electronic evidence based on block chain deposits card, verification method and system |
| CN109344635A (en) * | 2018-09-29 | 2019-02-15 | 华东师范大学 | A kind of electronic evidence acquisition, preservation and verification method based on block chain |
| US10735205B1 (en) * | 2019-03-08 | 2020-08-04 | Ares Technologies, Inc. | Methods and systems for implementing an anonymized attestation chain |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| CN110457913A (en) * | 2019-07-03 | 2019-11-15 | 韵盛发科技(北京)股份有限公司 | Data storage and access method and system |
Non-Patent Citations (2)
| Title |
|---|
| Block-DEF: A secure digital evidence framework using blockchain;Zhihong Tian 等;《Information Sciences》;20190403;全文 * |
| 区块链技术在可信电子文件管理中的适用性研究;许海涛;《山西档案》;20191024(第06期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112134864A (en) | 2020-12-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112989415B (en) | Private data storage and access control method and system based on block chain | |
| CN112134864B (en) | Evidence chain platform based on double-block chain structure and implementation method thereof | |
| Kiyomoto et al. | On blockchain-based anonymized dataset distribution platform | |
| Miao et al. | Verifiable searchable encryption framework against insider keyword-guessing attack in cloud storage | |
| CN113489733B (en) | Content center network privacy protection method based on block chain | |
| US20170005788A1 (en) | Communication system and method | |
| Kamra et al. | Design and implementation of an intrusion response system for relational databases | |
| CN112261082B (en) | Passive DNS data sharing method and system based on block chain and safe multi-party computation | |
| CN114139203B (en) | Block chain-based heterogeneous identity alliance risk assessment system and method and terminal | |
| Miao et al. | Threshold multi-keyword search for cloud-based group data sharing | |
| CN113553615A (en) | Matching query method of private data sharing system | |
| CN111901432A (en) | Block chain-based safety data exchange method | |
| Tian et al. | Research on distributed blockchain‐based privacy‐preserving and data security framework in IoT | |
| Xu et al. | Trustworthy and transparent third-party authority | |
| Guo et al. | Using blockchain to control access to cloud data | |
| Loudet et al. | SEP2P: secure and efficient P2P personal data processing | |
| ElGayyar et al. | Blockchain-based federated identity and auditing | |
| CN112037870B (en) | Double-server light-weight searchable encryption method and system supporting data partitioning | |
| Zhang et al. | A blockchain-based anonymous attribute-based searchable encryption scheme for data sharing | |
| Azad et al. | Sharing is Caring: A collaborative framework for sharing security alerts | |
| EP4175225A1 (en) | System and method for providing access to secured content field | |
| WO2008065349A1 (en) | Worldwide voting system | |
| Li et al. | Anonymous, secure, traceable, and efficient decentralized digital forensics | |
| Jin et al. | A Blockchain-Based Scheme for Secure Storage and Sharing of Student Digital Profiles | |
| Tharani et al. | A blockchain-based database management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |