本說明書一個或多個實施例提供一種基於區塊鏈的取證方法及裝置,用以解決現有技術中的取證耗時長,取證效率低,且取證的人力成本高,以及無法保障取證資料的可信度的問題。
為了使本技術領域的人員更好地理解本說明書一個或多個實施例中的技術方案,下面將結合本說明書一個或多個實施例中的圖式,對本說明書一個或多個實施例中的技術方案進行清楚、完整地描述,顯然,所描述的實施例僅僅是本說明書一部分實施例,而不是全部的實施例。基於本說明書一個或多個實施例,本領域普通技術人員在沒有作出創造性勞動前提下所獲得的所有其他實施例,都應當屬於本說明書一個或多個實施例保護的範圍。
圖1為本說明書一個或多個實施例提供的基於區塊鏈的取證方法的應用場景示意圖一,如圖1所示,該系統可以包括:用戶的終端和區塊鏈,其中用戶的終端例如可以為手機、電腦等,本示例性實施例對此不作特殊限定。區塊鏈中包括多個區塊鏈節點,且在區塊鏈上部署有智慧合約,其中智慧合約中包括取證操作。具體的,取證過程可以包括:
在對網路行為進行取證時,用戶的終端產生原始網路取證請求,並將該原始網路取證請求發送至區塊鏈;區塊鏈對該原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊,以及調用其上部署的智慧合約,控制其中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料,最後,對取證資料簽章之後發送至用戶的終端,以完成整個取證過程。
圖2為本說明書一個或多個實施例提供的基於區塊鏈的取證方法的應用場景示意圖二,如圖2所示,該系統可以包括:用戶的終端、代理伺服器和區塊鏈,其中用戶的終端例如可以為手機、電腦等,本示例性實施例對此不作特殊限定。區塊鏈中包括多個區塊鏈節點,且在區塊鏈上部署有智慧合約,其中智慧合約中包括取證操作。具體的,取證過程可以包括:
在對網路行為進行取證時,用戶的終端產生原始網路取證請求,並將該原始網路取證請求發送至代理伺服器;代理伺服器將原始網路取證請求轉化為用戶的網路取證請求,並將用戶的網路取證請求發送至區塊鏈;區塊連結收用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊,以及調用其上部署的智慧合約,控制其中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料;最後,對取證資料進行簽章的方式可以包括以下兩種,其中,第一種,區塊鏈對取證資料進行簽章後發送至代理伺服器,代理伺服器接收簽章後的取證資料,並將其發送至用戶的終端,以完成整個取證過程;第二種,區塊鏈將取證資料發送至代理伺服器;代理伺服器接收取證資料,並對取證資料進行簽章,並將簽章後的取證資料發送至用戶的終端,以完成整個取證過程。
圖3為本說明書一個或多個實施例提供的基於區塊鏈的取證方法的流程示意圖,圖3中的方法能夠由圖1或者圖2中的區塊鏈執行,如圖3所示,該方法至少包括以下步驟:
步驟S320,獲取用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊。
在本申請實施例中,若發現網路上存在侵權行為,例如,未經同意在網頁中公開其他人的文章、視頻等行為,則用戶可以透過對侵權行為進行取證以得到取證資料,進而根據取證資料對侵權行為進行打擊。具體的,獲取用戶的網路取證請求可以包括以下兩種方式,其中:
第一種、接收用戶的終端發送的原始網路取證請求,對原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求。具體的,若網路上存在侵權行為,則用戶可以透過在終端中輸入侵權資訊,並在終端中執行取證操作,終端回應該取證操作,獲取侵權資訊,並根據侵權資訊產生原始網路取證請求,以及將原始網路取證請求發送至區塊鏈中;區塊連結收該原始網路取證請求,由於原始網路取證請求的類型可以包括HTTP(超文字傳輸協定)、SMTP(簡單郵件傳送協議)、FTP(檔案傳輸通訊協定)等,因此,為了便於區塊鏈進行計算,首先將不同類型的原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求,即將不同類型的原始網路取證請求轉化為統一格式。上述預設格式可為原始網路取證請求的類型中的任意一種,例如,若預設格式為HTTP,則將接收到的任何類型的原始網路取證請求均轉化為HTTP格式,即用戶的網路取證請求均為HTTP格式。
上述侵權資訊可以為公佈侵權客體的網頁的連結,例如,若侵權客體為文章,則侵權資訊為公佈該文章的網頁的連結,再例如,若侵權客體為視頻,則侵權資訊為公佈該視頻的網頁的連結,再例如,若侵權客體為圖片,則侵權資訊為公佈該圖片的網頁的連結。上述侵權資訊還可以為公佈侵權客體的網頁所屬的網站的連結和客體的基本資訊,其中客體的基本資訊包括客體的標題、作者等,本示例性實施例對此不做特殊限定,例如,若侵權客體為文章,則侵權資訊為公佈該文章的網頁所屬的網站的連結以及該文章的標題、作者等(即客體的基本資訊),再例如,若侵權客體為視頻,則侵權資訊為公佈該視頻的網頁所屬的網站的連結以及該視頻的標題、作者等(即客體的基本資訊),再例如,若侵權客體為圖片,則侵權資訊為公佈該圖片的網頁所屬站的連結以及該圖片的標題、作者等(即客體的基本資訊)。需要說明的是,上述侵權資訊僅為示例性的,其還可以為其他形式,但不論侵權資訊是那種形式,均要確保根據侵權資訊能夠查找到侵權客體。此外,上述第一種方式對應圖1中的應用場景。
第二種、接收代理伺服器發送的用戶的網路取證請求,用戶的網路取證請求由代理伺服器根據用戶的終端發送的原始網路取證請求轉化得到。具體的,若網路上存在侵權行為,則用戶可以透過在終端中輸入侵權資訊,並在終端中執行取證操作,終端回應該取證操作,獲取侵權資訊,並根據侵權資訊產生原始網路取證請求,以及將原始網路取證請求發送至代理伺服器中;代理伺服器接收用戶的終端發送的原始網路取證請求,由於原始網路取證請求的類型可以包括HTTP(超文字傳輸協定)、SMTP(簡單郵件傳送協議)、FTP(檔案傳輸通訊協定)等,因此,為了便於區塊鏈進行計算,代理伺服器將不同類型的原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求,即將不同類型的原始網路取證請求轉化為統一格式。需要說明的是,代理伺服器將原始網路取證請求轉化為用戶的網路取證請求的過程與第一種方式中的轉化原理相同,因此此處不在贅述。由於侵權資訊已經在上文中進行了說明,因此此處不再贅述。在代理伺服器將原始網路取證請求轉化為用戶的網路取證請求時,將該用戶的網路取證請求發送至區塊鏈,以使區塊連結收用戶的網路取證請求。需要說明的是,上述第二種方式對應圖2中的應用場景。
需要說明的是,上述兩種方式中的取證操作例如可以包括作用於用戶的終端的顯示介面上的取證控制項上的點擊操作、按兩下操作等,本示例性實施例對此不做特殊限定。
若區塊鏈獲取到用戶的網路取證請求,則對用戶的網路取證請求進行解析,以從網路取證請求中獲取取證標識資訊。其中,取證標識資訊與上述侵權資訊的定義相同,因此此處不再贅述。
為了避免網路劫持,以保證取證過程的可信度,獲取用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊可以包括:獲取加密後的用戶的網路取證請求,對加密後的用戶的網路取證請求進行解密,以得到解密後的用戶的網路取證請求;根據解密後的用戶的網路取證請求獲取取證標識資訊。
在本申請實施例中,若取證方法的應用場景如圖1所示,則用戶的終端在產生原始網路取證請求後,對原始網路取證請求進行加密,並將加密後的原始網路取證請求發送至區塊鏈中,區塊鏈對該加密後的原始網路取證請求按照預設格式進行轉化,以得到加密後的用戶的網路取證請求。區塊鏈透過對加密後的用戶的網路取證請求進行解密,並對解密後的用戶的網路取證請求進行解析,以得到取證標識資訊。下面舉例對上述加密和解密的過程進行說明。首先用戶的終端透過公鑰對原始網路取證請求進行加密,並將加密後的原始網路取證請求發送至區塊鏈,區塊連結收該加密後的原始網路取證請求,並將該加密後的原始網路取證請求按照預設格式進行轉化,以得到加密後的用戶的網路取證請求,以及根據公鑰對應的私鑰對加密後的用戶的網路取證請求進行解密,以得到解密後的用戶的網路取證請求,對解密後的用戶的網路取證請求進行解析以得到取證標識資訊。
若取證方法的應用場景如圖2所示,則用戶的終端產生原始網路取證請求後,對原始網路取證請求進行第一次加密,並將第一次加密後的原始網路取證請求發送至代理伺服器;代理伺服器將第一次加密後的原始網路取證請求按照預設格式轉化為用戶的網路取證請求,並對用戶的網路取證請求進行第二次加密,將第二次加密後的用戶的網路取證請求發送至區塊鏈;區塊鏈在接收到第二次加密後的用戶的網路取證請求後,對該第二次加密後的用戶的網路取證請求進行兩次解密以得到解密後的用戶的網路取證請求,以及對解密後的用戶的網路取證請求進行解析以得到取證標識資訊。下面舉例對上述加密和解密的過程進行說明。首先用戶的終端透過第一公鑰對原始網路取證請求進行第一次加密,並將第一次加密後的原始網路取證請求發送至代理伺服器,代理伺服器對第一次加密後的原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求;代理伺服器透過第二公鑰對用戶的網路取證請求進行第二次加密,並將第二次加密後的用戶的網路取證請求發送至區塊鏈;區塊連結收該第二次加密後的用戶的網路取證請求,並依次透過與第二公鑰對應的第二私鑰和與第一公鑰對應第一公鑰對第二次加密後的用戶的網路取證請求進行兩次解密,以得到解密後的用戶的網路取證請求,以及對解密後的用戶的網路取證請求進行解析以得到取證標識資訊。
由上可知,透過加密的方式在用戶的終點和區塊鏈之間、用戶的終端和代理伺服器之間、代理伺服器與區塊鏈之間傳輸請求,避免了網路劫持,保證了請求傳輸的安全性和可靠性。
需要說明的是,上述透過公鑰進行加密以及透過公鑰對應的私鑰進行解密的方式僅為示例性的,並不用於限定本發明。
步驟S340,調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料。
在本申請實施例中,在獲取到取證標識資訊時,區塊鏈調用其上部署的智慧合約,該智慧合約包括取證操作,並控制其中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料。由於區塊鏈中包括多個區塊鏈節點,因此,上述得到取證資料的過程可以包括:調用智慧合約,控制區塊鏈中的各節點根據取證標識資訊執行取證操作,以得到各節點的執行資料,以及對各節點的執行資料進行共識處理,並將得到共識的執行資料作為取證資料,即區塊鏈調用其上部署的智慧合約,並控制其中的每個節點均根據取證標識資訊執行智慧合約中的取證操作,以得到每個節點的執行資料,並根據每個節點的執行資料判斷多個節點中的大部分節點或者全部節點的執行資料是否一致,若多個節點中的大部分節點或者全部節點的執行資料一致,則完成對每個節點的執行資料的共識處理,並將得到共識的執行資料判定為取證資料。
下面,舉例對上述過程進行說明。例如,若取證標識資訊為公佈侵權客體的網頁的連結,則智慧合約包括的取證操作為根據公佈侵權客體的網頁的連結獲取侵權資料。具體的過程為,區塊鏈調用智慧合約,並控制其中的每個節點根據公佈侵權客體的網頁的連結獲取侵權資料,並將每個節點獲取的侵權資料判定為對應的每個節點的執行資料;根據每個節點的執行資料判斷大部分節點或者全部節點的執行資料是否一致,即判斷大部分節點的侵權資料或者全部節點的侵權資料是否一致,若大部分節點的執行資料或者全部節點的執行資料一致,則完成對執行資料的共識,並將得到共識的執行資料判定為取證資料。需要說明的是,侵權客體不同,取證資料也不同,若侵權客體為文章,則取證資料可以包括文章的標題、內容、作者、文章發表在侵權網頁中的時間、文章的瀏覽量等,本示例性實施例對此不做特殊限定。若侵權客體為視頻,則取證資料可以包括視頻的內容、視頻的標題、視頻的作者、視頻發佈在侵權網頁上的時間、視頻的瀏覽量等,本示例性實施例對此不做特殊限定。
再例如,若取證標識資訊為公佈侵權客體的網頁所屬的網站的連結和客體的基本資訊,客體的基本資訊可以包括客體的名稱、作者等,具體的,若客體為文章,則客體的基本資訊包括文章的名稱、作者等;若客體為圖片,則客體的基本資訊可以包括圖片的名稱、作者等。基於上述取證標識資訊,智慧合約中包括的取證操作包括:根據公佈侵權客體的網頁所屬的網站的連結獲取公佈侵權客體的網頁所屬的網站,並遍歷公佈侵權客體的網頁所屬的網站中的每一個連結的網頁資料,並將每一個連結的網頁資料分別與客體的基本資訊進行匹配,並將與客體的基本資訊匹配的網頁資料判定為侵權資料。基於此,獲取取證資料的過程可以包括:區塊鏈調用智慧合約,並控制其中的每個節點根據公佈侵權客體的網頁所屬的網站的連結獲取公佈侵權客體的網頁所屬的網站,並遍歷公佈侵權客體的網頁所屬的網站中的每一個連結的網頁資料,將每個節點獲取的公佈侵權客體的網頁所屬的網站中的每一個連結的網頁資料分別與客體的基本資訊進行匹配,並將每個節點獲取的公佈侵權客體的網頁所屬的網站中的與客體的基本資訊匹配的網頁資料判定為對應的每個節點的侵權資料,以及將每個節點的侵權資料判定為對應的每個節點的執行資料。根據每個節點的執行資料判斷大部分節點或者全部節點的執行資料是否一致,若大部分節點或者全部節點的執行資料一致,則完成對執行資料的共識,並將得到共識的執行資料判定為取證資料。需要說明的是,取證資料已經在上文中進行了說明,因此此處不在贅述。
步驟S360,對取證資料進行簽章,並將簽章後的取證資料發送至用戶的終端。
在本申請實施例中,在獲取到取證資料後,為了避免網路劫持,進一步保證取證資料的可信度。需對取證資料進行簽章,具體的簽章方式可以為:透過對取證資料加蓋區塊鏈憑證時間戳記的方式對取證資料進行簽章;還可以為透過對取證資料加蓋一認證標識的方式對取證資料進行簽章,其中,認證標識的具體表現形式可以由開發人員自行設置,例如,認證標識可以為一個二維碼圖片、還可以為一個由多個字元組成的字串等,本示例性實施例對此不做特殊限定。需要說明的是,簽章的執行主體可以為區塊鏈中的一個節點,或者區塊鏈中的所有節點等,本示例性實施例對此不做特殊限定。需要說明的是,在本公開的其他實施例中,若取證方法的應用場景如圖2所示,簽章的執行主體除了為區塊鏈中的一個節點或者多有節點等,還可以為代理伺服器,本示例性實施例對此不做特殊限定。
為了避免網路劫持,保證簽章後的取證資料的安全性,將簽章後的取證資料發送至用戶的終端可以包括:對簽章後的取證資料進行加密處理,以得到加密後的取證資料,並將加密後的取證資料發送至用戶的終端。
在本申請實施例中,若取證方法的應用場景如圖1所示,則區塊鏈可以透過公鑰對簽章後的取證資料進行加密處理,以得到加密後的取證資料,並將加密後的取證資料發送至用戶的終端,以使用戶的終端透過與公鑰對應的私鑰對加密後的取證資料進行解密處理,以得到解密後的取證資料。
若取證方法的應用場景如圖2所示,則區塊鏈可以透過第一公鑰對簽章後的取證資料進行第一次加密處理,以得到第一次加密後的取證資料,並將第一次加密後的取證資料發送至代理伺服器,代理伺服器透過第二公鑰對第一次加密後的取證資料進行加密處理以得到第二次加密後的取證資料,並將第二次加密後的取證資料發送至用戶的終端,用戶終端可以依次根據與第二公鑰對應的第二私鑰和與第一公鑰對應的第一私鑰對第二次加密後的取證資料進行解密以得到解密後的取證資料。
由上可知,透過對簽章後的取證資料進行加密,可以避免網路劫持,保證取證資料的安全性。
綜上所述,透過調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料,相比於現有技術,由於未採用公正人員執行網路操作的方式獲取取證資料,即未採用人工方式,實現了取證資料的自動獲取,大大的縮短了取證時間,提高了取證效率,同時也降低了取證的人力成本;另外,由於調用智慧合約控制區塊鏈中的節點根據取證標識資訊執行取證操作以得到相應的取證資料,即在智慧合約中設置取證操作,並在區塊鏈中運行,避免了人為因素的影響,保證了網路環境的可信度,即必避免了偽造網路連結、偽造網站資訊等行為的發生,進而保證了取證資料的可信度;此外,透過對取證資料進行簽章,可以避免網路劫持,進一步的保證了取證資料的可信度。
對應上述基於區塊鏈的取證方法,基於相同的思路,本申請實施例還提供了一種基於區塊鏈的取證裝置,圖4為本說明書一個或多個實施例提供的基於區塊鏈的取證裝置的結構方塊圖,如圖4所示,基於區塊鏈的取證裝置400可以包括:獲取模組401、執行模組402以及簽章模組403,其中:
獲取模組401,可以用於獲取用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊;
執行模組402,可以用於調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料;
簽章模組403,可以用於對取證資料進行簽章,並將簽章後的取證資料發送至用戶的終端。
可選的,執行模組402可以包括:
調用單元,用於調用智慧合約,控制區塊鏈中的各節點根據取證標識資訊執行取證操作,以得到各節點的執行資料;以及
共識單元,用於對各節點的執行資料進行共識處理,並將得到共識的執行資料作為取證資料。
可選的,簽章模組403,具體用於透過對取證資料加蓋區塊鏈憑證時間戳記的方式對取證資料進行簽章。
可選的,獲取模組401,具體用於接收用戶的終端發送的原始網路取證請求,對原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求;或者接收代理伺服器發送的用戶的網路取證請求,用戶的網路取證請求由代理伺服器根據用戶的終端發送的原始網路取證請求轉化得到。
可選的,獲取模組401,具體用於獲取加密後的用戶的網路取證請求,對加密後的用戶的網路取證請求進行解密,以得到解密後的用戶的網路取證請求,以及根據解密後的用戶的網路取證請求獲取取證標識資訊。
可選的,簽章模組403,具體用於對簽章後的取證資料進行加密處理,以得到加密後的取證資料,並將加密後的取證資料發送至用戶的終端。
本申請實施例提供的基於區塊鏈的取證裝置,透過調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料,相比於現有技術,由於未採用公正人員執行網路操作的方式獲取取證資料,即未採用人工方式,實現了取證資料的自動獲取,大大的縮短了取證時間,提高了取證效率,同時也降低了取證的人力成本;另外,由於調用智慧合約控制區塊鏈中的節點根據取證標識資訊執行取證操作以得到相應的取證資料,即在智慧合約中設置取證操作,並在區塊鏈中運行,避免了人為因素的影響,保證了網路環境的可信度,即必避免了偽造網路連結、偽造網站資訊等行為的發生,進而保證了取證資料的可信度;此外,透過對取證資料進行簽章,可以避免網路劫持,進一步的保證了取證資料的可信度。
進一步地,基於上述圖3所示的方法,本申請實施例還提供了一種基於區塊鏈的取證設備,如圖5所示。
基於區塊鏈的取證設備可因配置或性能不同而產生比較大的差異,可以包括一個或一個以上的處理器501和記憶體502,記憶體502中可以儲存有一個或一個以上儲存應用程式或資料。其中,記憶體502可以是短暫儲存或持久儲存。儲存在記憶體502的應用程式可以包括一個或一個以上模組(圖示未示出),每個模組可以包括對基於區塊鏈的取證設備中的一系列電腦可執行指令。更進一步地,處理器501可以設置為與記憶體502通訊,在基於區塊鏈的取證設備上執行記憶體502中的一系列電腦可執行指令。基於區塊鏈的取證設備還可以包括一個或一個以上電源503,一個或一個以上有線或無線網路介面504,一個或一個以上輸入輸出介面505,一個或一個以上鍵盤506等。
在一個具體的實施例中,基於區塊鏈的取證設備包括有記憶體,以及一個或一個以上的程式,其中一個或者一個以上程式儲存於記憶體中,且一個或者一個以上程式可以包括一個或一個以上模組,且每個模組可以包括對基於區塊鏈的取證設備中的一系列電腦可執行指令,且經配置以由一個或者一個以上處理器執行該一個或者一個以上套裝程式含用於進行以下電腦可執行指令:
獲取用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊;
調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料;
對取證資料進行簽章,並將簽章後的取證資料發送至用戶的終端。
可選的,電腦可執行指令在被執行時,調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料包括:
調用智慧合約,控制區塊鏈中的各節點根據取證標識資訊執行取證操作,以得到各節點的執行資料;以及
對各節點的執行資料進行共識處理,並將得到共識的執行資料作為取證資料。
可選的,電腦可執行指令在被執行時,對取證資料進行簽章包括:
透過對取證資料加蓋區塊鏈憑證時間戳記的方式對取證資料進行簽章。
可選的,電腦可執行指令在被執行時,獲取用戶的網路取證請求,包括:
接收用戶的終端發送的原始網路取證請求,對原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求;或者
接收代理伺服器發送的用戶的網路取證請求,用戶的網路取證請求由代理伺服器根據用戶的終端發送的原始網路取證請求轉化得到。
可選的,電腦可執行指令在被執行時,獲取用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊包括:
獲取加密後的用戶的網路取證請求,對加密後的用戶的網路取證請求進行解密,以得到解密後的用戶的網路取證請求;
根據解密後的用戶的網路取證請求獲取取證標識資訊。
可選的,電腦可執行指令在被執行時,將簽章後的取證資料發送至用戶的終端包括:
對簽章後的取證資料進行加密處理,以得到加密後的取證資料,並將加密後的取證資料發送至用戶的終端。
本申請實施例提供的基於區塊鏈的取證設備,透過調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料,相比於現有技術,由於未採用公正人員執行網路操作的方式獲取取證資料,即未採用人工方式,實現了取證資料的自動獲取,大大的縮短了取證時間,提高了取證效率,同時也降低了取證的人力成本;另外,由於調用智慧合約控制區塊鏈中的節點根據取證標識資訊執行取證操作以得到相應的取證資料,即在智慧合約中設置取證操作,並在區塊鏈中運行,避免了人為因素的影響,保證了網路環境的可信度,即必避免了偽造網路連結、偽造網站資訊等行為的發生,進而保證了取證資料的可信度;此外,透過對取證資料進行簽章,可以避免網路劫持,進一步的保證了取證資料的可信度。
進一步的,本申請實施例還提供了一種儲存媒體,用於儲存電腦可執行指令,一種具體的實施例中,該儲存媒體可以為USB、光碟、硬碟等,該儲存媒體儲存的電腦可執行指令在被處理器執行時,能實現以下流程:
獲取用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊;
調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料;
對取證資料進行簽章,並將簽章後的取證資料發送至用戶的終端。
可選的,該儲存媒體儲存的電腦可執行指令在被處理器執行時,調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料包括:
調用智慧合約,控制區塊鏈中的各節點根據取證標識資訊執行取證操作,以得到各節點的執行資料;以及
對各節點的執行資料進行共識處理,並將得到共識的執行資料作為取證資料。
可選的,該儲存媒體儲存的電腦可執行指令在被處理器執行時,對取證資料進行簽章包括:
透過對取證資料加蓋區塊鏈憑證時間戳記的方式對取證資料進行簽章。
可選的,該儲存媒體儲存的電腦可執行指令在被處理器執行時,獲取用戶的網路取證請求,包括:
接收用戶的終端發送的原始網路取證請求,對原始網路取證請求按照預設格式進行轉化,以得到用戶的網路取證請求;或者
接收代理伺服器發送的用戶的網路取證請求,用戶的網路取證請求由代理伺服器根據用戶的終端發送的原始網路取證請求轉化得到。
可選的,該儲存媒體儲存的電腦可執行指令在被處理器執行時,獲取用戶的網路取證請求,並根據網路取證請求獲取取證標識資訊包括:
獲取加密後的用戶的網路取證請求,對加密後的用戶的網路取證請求進行解密,以得到解密後的用戶的網路取證請求;
根據解密後的用戶的網路取證請求獲取取證標識資訊。
可選的,該儲存媒體儲存的電腦可執行指令在被處理器執行時,將簽章後的取證資料發送至用戶的終端包括:
對簽章後的取證資料進行加密處理,以得到加密後的取證資料,並將加密後的取證資料發送至用戶的終端。
本申請實施例中的儲存媒體儲存的電腦可執行指令在被處理器執行時,透過調用區塊鏈上部署的智慧合約,控制區塊鏈中的節點根據取證標識資訊執行取證操作,以得到相應的取證資料,相比於現有技術,由於未採用公正人員執行網路操作的方式獲取取證資料,即未採用人工方式,實現了取證資料的自動獲取,大大的縮短了取證時間,提高了取證效率,同時也降低了取證的人力成本;另外,由於調用智慧合約控制區塊鏈中的節點根據取證標識資訊執行取證操作以得到相應的取證資料,即在智慧合約中設置取證操作,並在區塊鏈中運行,避免了人為因素的影響,保證了網路環境的可信度,即必避免了偽造網路連結、偽造網站資訊等行為的發生,進而保證了取證資料的可信度;此外,透過對取證資料進行簽章,可以避免網路劫持,進一步的保證了取證資料的可信度。
在20世紀90年代,對於一個技術的改進可以很明顯地區分是硬體上的改進(例如,對二極體、電晶體、開關等電路結構的改進)還是軟體上的改進(對於方法流程的改進)。然而,隨著技術的發展,當今的很多方法流程的改進已經可以視為硬體電路結構的直接改進。設計人員幾乎都透過將改進的方法流程程式設計到硬體電路中來得到相應的硬體電路結構。因此,不能說一個方法流程的改進就不能用硬體實體模組來實現。例如,可程式設計邏輯裝置(Programmable Logic Device,PLD)(例如現場可程式設計閘陣列(Field Programmable Gate Array,FPGA))就是這樣一種積體電路,其邏輯功能由用戶對裝置程式設計來判定。由設計人員自行程式設計來把一個數位系統“集成”在一片PLD上,而不需要請晶片製造廠商來設計和製作專用的積體電路晶片。而且,如今,取代手工地製作積體電路晶片,這種程式設計也多半改用“邏輯編譯器(logic
compiler)”軟體來實現,它與程式開發撰寫時所用的軟體編譯器相類似,而要編譯之前的原始代碼也得用特定的程式設計語言來撰寫,此稱之為硬體描述語言(Hardware Description Language,HDL),而HDL也並非僅有一種,而是有許多種,如ABEL(Advanced Boolean Expression
Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming
Language)、HDCal、JHDL(Java Hardware Description
Language)、Lava、Lola、MyHDL、PALASM、RHDL (Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)與Verilog。本領域技術人員也應該清楚,只需要將方法流程用上述幾種硬體描述語言稍作邏輯程式設計並程式設計到積體電路中,就可以很容易得到實現該邏輯方法流程的硬體電路。
控制器可以按任何適當的方式實現,例如,控制器可以採取例如微處理器或處理器以及儲存可由該(微)處理器執行的電腦可讀程式碼(例如軟體或韌體)的電腦可讀媒體、邏輯閘、開關、專用積體電路(Application Specific
Integrated Circuit,ASIC)、可程式設計邏輯控制器和嵌入微控制器的形式,控制器的例子包括但不限於以下微控制器:ARC 625D、Atmel AT91SAM、Microchip
PIC18F26K20以及Silicone Labs C8051F320,記憶體控制器還可以被實現為記憶體的控制邏輯的一部分。本領域技術人員也知道,除了以純電腦可讀程式碼方式實現控制器以外,完全可以透過將方法步驟進行邏輯程式設計來使得控制器以邏輯閘、開關、專用積體電路、可程式設計邏輯控制器和嵌入微控制器等的形式來實現相同功能。因此這種控制器可以被認為是一種硬體部件,而對其內包括的用於實現各種功能的裝置也可以視為硬體部件內的結構。或者甚至,可以將用於實現各種功能的裝置視為既可以是實現方法的軟體模組又可以是硬體部件內的結構。
上述實施例闡明的系統、裝置、模組或單元,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦。具體的,電腦例如可以為個人電腦、膝上型電腦、蜂窩電話、相機電話、智慧型電話、個人數位助理、媒體播放機、導航設備、電子郵件設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任何設備的組合。
為了描述的方便,描述以上裝置時以功能分為各種單元分別描述。當然,在實施本說明書一個或多個實施例時可以把各單元的功能在同一個或多個軟體和/或硬體中實現。
本領域內的技術人員應明白,本說明書一個或多個實施例可提供為方法、系統、或電腦程式產品。因此,本說明書一個或多個實施例可採用完全硬體實施例、完全軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本說明書一個或多個實施例可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟記憶體、CD-ROM、光學記憶體等)上實施的電腦程式產品的形式。
本說明書一個或多個實施例是參照根據本申請實施例的方法、設備(系統)、和電腦程式產品的流程圖和/或方塊圖來描述的。應理解可由電腦程式指令實現流程圖和/或方塊圖中的每一流程和/或方塊、以及流程圖和/或方塊圖中的流程和/或方塊的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可程式設計資料處理設備的處理器以產生一個機器,使得透過電腦或其他可程式設計資料處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能的裝置。
這些電腦程式指令也可儲存在能引導電腦或其他可程式設計資料處理設備以特定方式工作的電腦可讀記憶體中,使得儲存在該電腦可讀記憶體中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能。
這些電腦程式指令也可裝載到電腦或其他可程式設計資料處理設備上,使得在電腦或其他可程式設計設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可程式設計設備上執行的指令提供用於實現在流程圖一個流程或多個流程和/或方塊圖一個方塊或多個方塊中指定的功能的步驟。
在一個典型的配置中,計算設備包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。
記憶體可能包括電腦可讀媒體中的非永久性記憶體,隨機存取記憶體(RAM)和/或非揮發性記憶體等形式,如唯讀記憶體(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀媒體的示例。
電腦可讀媒體包括永久性和非永久性、可移動和非可移動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存媒體的例子包括,但不限於相變記憶體(PRAM)、靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、其他類型的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、電可擦除可程式設計唯讀記憶體(EEPROM)、快閃記憶體或其他記憶體技術、唯讀光碟唯讀記憶體(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁盒式磁帶,磁帶磁磁片儲存或其他磁性儲存設備或任何其他非傳輸媒體,可用於儲存可以被計算設備訪問的資訊。按照本文中的界定,電腦可讀媒體不包括暫存電腦可讀媒體(transitory media),如調製的資料信號和載波。
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個……”限定的要素,並不排除在包括要素的過程、方法、商品或者設備中還存在另外的相同要素。
本說明書一個或多個實施例可以在由電腦執行的電腦可執行指令的一般上下文中描述,例如程式模組。一般地,程式模組包括執行特定任務或實現特定抽象資料類型的常式、程式、物件、元件、資料結構等等。也可以在分散式運算環境中實踐本申請,在這些分散式運算環境中,由透過通訊網路而被連接的遠端處理設備來執行任務。在分散式運算環境中,程式模組可以位於包括儲存設備在內的本地和遠端電腦儲存媒體中。
本說明書中的各個實施例均採用遞進的方式描述,各個實施例之間相同相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。尤其,對於系統實施例而言,由於其基本相似於方法實施例,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。
以上僅為本說明書一個或多個實施例而已,並不用於限制本說明書。對於本領域技術人員來說,本說明書一個或多個實施例可以有各種更改和變化。凡在本說明書一個或多個實施例的精神和原理之內所作的任何修改、等同替換、改進等,均應包含在本說明書一個或多個實施例的申請專利範圍的範圍之內。One or more embodiments of this specification provide a blockchain-based forensic method and device to solve the problem of long time-consuming forensic, low forensic efficiency, high labor cost of forensic, and inability to guarantee the availability of forensic data in the prior art. The question of reliability.
In order to enable those skilled in the art to better understand the technical solutions in one or more embodiments of this specification, the following will combine the drawings in one or more embodiments of this specification to compare The technical solution is described clearly and completely. Obviously, the described embodiments are only a part of the embodiments in this specification, rather than all the embodiments. Based on one or more embodiments of this specification, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of one or more embodiments of this specification.
Figure 1 is a schematic diagram 1 of the application scenario of the blockchain-based forensics method provided by one or more embodiments of this specification. As shown in Figure 1, the system may include: a user's terminal and a blockchain, where the user's terminal, for example, It may be a mobile phone, a computer, etc., which is not particularly limited in this exemplary embodiment. The blockchain includes multiple blockchain nodes, and smart contracts are deployed on the blockchain, and the smart contracts include forensics operations. Specifically, the evidence collection process may include:
When collecting evidence of network behavior, the user’s terminal generates the original network forensic request and sends the original network forensic request to the blockchain; the blockchain transforms the original network forensic request according to the preset format, In order to obtain the user’s network forensic request, obtain forensic identification information according to the network forensic request, and call the smart contract deployed on it, and control the nodes in it to perform forensic operations based on the forensic identification information to obtain the corresponding forensic data. Finally, After signing the forensic data, it is sent to the user's terminal to complete the entire forensic process.
Figure 2 is a schematic diagram of the second application scenario of the blockchain-based forensics method provided by one or more embodiments of this specification. As shown in Figure 2, the system may include: a user's terminal, a proxy server, and a blockchain. The user's terminal may be, for example, a mobile phone, a computer, etc., which is not particularly limited in this exemplary embodiment. The blockchain includes multiple blockchain nodes, and smart contracts are deployed on the blockchain, and the smart contracts include forensics operations. Specifically, the evidence collection process may include:
When collecting evidence of network behavior, the user's terminal generates the original network forensic request and sends the original network forensic request to the proxy server; the proxy server converts the original network forensic request into the user's network forensic request , And send the user's network forensic request to the blockchain; the block link receives the user's network forensic request, and obtains forensic identification information according to the network forensic request, and calls the smart contract deployed on it to control the nodes in it Perform the forensic operation according to the forensic identification information to obtain the corresponding forensic data; finally, there are two ways to sign the forensic data. Among them, the first is that the blockchain signs the forensic data and sends it to the agent Server, the proxy server receives the forensic data after the signature and sends it to the user's terminal to complete the entire forensic process; the second type, the blockchain sends the forensic data to the proxy server; the proxy server receives the forensic The forensic materials are signed and sealed, and the signed forensic materials are sent to the user’s terminal to complete the entire forensic process.
Figure 3 is a schematic flowchart of a blockchain-based forensics method provided by one or more embodiments of this specification. The method in Figure 3 can be executed by the blockchain in Figure 1 or Figure 2, as shown in Figure 3, The method includes at least the following steps:
Step S320: Obtain the user's network forensic request, and obtain forensic identification information according to the network forensic request.
In the embodiment of this application, if it is found that there is infringement on the Internet, for example, publishing other people’s articles, videos, etc. on the webpage without consent, the user can obtain evidence for the infringement to obtain evidence based on the evidence collection. Information to combat infringements. Specifically, obtaining a user's network forensics request can include the following two methods, among which:
The first type is to receive the original network forensics request sent by the user's terminal, and convert the original network forensics request according to a preset format to obtain the user's network forensics request. Specifically, if there is infringement on the Internet, the user can enter the infringement information in the terminal and perform the forensic operation in the terminal. The terminal responds to the forensic operation, obtains the infringing information, and generates the original network forensic request based on the infringing information. And send the original network forensic request to the blockchain; the block link receives the original network forensic request, because the type of the original network forensic request can include HTTP (hypertext transfer protocol), SMTP (simple mail transfer protocol) , FTP (File Transfer Protocol), etc. Therefore, in order to facilitate the calculation of the blockchain, the original network forensic requests of different types are first converted according to the preset format to obtain the user's network forensic requests, namely, different types of The original network forensics request is transformed into a unified format. The above-mentioned default format can be any of the types of original network forensic requests. For example, if the default format is HTTP, any type of original network forensic request received will be converted into HTTP format, that is, the user's network All road forensic requests are in HTTP format.
The above-mentioned infringement information can be a link to the webpage where the infringing object is published. For example, if the infringing object is an article, the infringing information is the link to the webpage where the article is published. For another example, if the infringing object is a video, the infringing information is the link to the video that published the video. The link to the webpage. For another example, if the infringing object is a picture, the infringement information is the link to the webpage where the picture is published. The above-mentioned infringement information may also be the link to the website to which the webpage of the infringing object belongs and the basic information of the object. The basic information of the object includes the title, author, etc. of the object. This exemplary embodiment does not specifically limit this, for example, if If the infringing object is an article, the infringing information is the link to the website where the article is published, the title, author, etc. of the article (that is, the basic information of the object). For another example, if the infringing object is a video, the infringing information is the publication of the The link to the website to which the webpage of the video belongs and the title, author, etc. of the video (that is, the basic information of the object). For another example, if the infringing object is a picture, the infringing information is the link to the site where the picture is published and the link to the picture Title, author, etc. (that is, basic information about the object). It should be noted that the above-mentioned infringement information is only exemplary, and it can also be in other forms, but regardless of the form of the infringement information, it is necessary to ensure that the infringing object can be found based on the infringement information. In addition, the above-mentioned first method corresponds to the application scenario in FIG. 1.
The second type is to receive the user's network forensics request sent by the proxy server. The user's network forensics request is transformed by the proxy server according to the original network forensics request sent by the user's terminal. Specifically, if there is infringement on the Internet, the user can enter the infringement information in the terminal and perform the forensic operation in the terminal. The terminal responds to the forensic operation, obtains the infringing information, and generates the original network forensic request based on the infringing information. And send the original network forensic request to the proxy server; the proxy server receives the original network forensic request sent by the user’s terminal, because the type of the original network forensic request can include HTTP (hypertext transfer protocol), SMTP (simple Mail Transfer Protocol), FTP (File Transfer Protocol), etc. Therefore, in order to facilitate the calculation of the blockchain, the proxy server converts different types of original network forensic requests according to the default format to obtain the user's network forensics Request, that is, transforming different types of original network forensic requests into a unified format. It should be noted that the process by which the proxy server converts the original network forensic request into the user's network forensic request is the same as the conversion principle in the first method, so I will not repeat it here. Since the infringement information has been explained above, it will not be repeated here. When the proxy server transforms the original network forensic request into the user's network forensic request, it sends the user's network forensic request to the blockchain so that the block can receive the user's network forensic request. It should be noted that the above-mentioned second method corresponds to the application scenario in FIG. 2.
It should be noted that the forensic operations in the above two methods may include, for example, a click operation on the forensic control item on the display interface of the user's terminal, a double-click operation, etc., which is not special in this exemplary embodiment. limited.
If the blockchain obtains the user's network forensic request, it will analyze the user's network forensic request to obtain forensic identification information from the network forensic request. Among them, the forensic identification information has the same definition as the above-mentioned infringing information, so I will not repeat it here.
In order to avoid network hijacking and ensure the credibility of the forensic process, obtain the user’s network forensic request, and obtain the forensic identification information according to the network forensic request, which may include: obtaining the encrypted user’s network forensic request, The user’s network forensic request is decrypted to obtain the decrypted user’s network forensic request; the forensic identification information is obtained according to the decrypted user’s network forensic request.
In the embodiment of this application, if the application scenario of the forensic method is shown in Figure 1, the user's terminal encrypts the original network forensic request after generating the original network forensic request, and obtains the encrypted original network forensic The request is sent to the blockchain, and the blockchain transforms the encrypted original network forensic request according to the preset format to obtain the encrypted user's network forensic request. The blockchain decrypts the encrypted user's network forensic request and analyzes the decrypted user's network forensic request to obtain forensic identification information. The following examples illustrate the above encryption and decryption process. First, the user’s terminal encrypts the original network forensic request with the public key, and sends the encrypted original network forensic request to the blockchain, and the block link receives the encrypted original network forensic request and encrypts it The original network forensic request is transformed according to the preset format to obtain the encrypted user's network forensic request, and the encrypted user's network forensic request is decrypted according to the private key corresponding to the public key to obtain the decryption After the user’s network forensic request, the decrypted user’s network forensic request is analyzed to obtain forensic identification information.
If the application scenario of the forensic method is shown in Figure 2, after the user's terminal generates the original network forensic request, the original network forensic request is encrypted for the first time, and the original network forensic request after the first encryption is sent To the proxy server; the proxy server converts the original network forensic request encrypted for the first time into the user’s network forensic request according to the default format, and encrypts the user’s network forensic request a second time, The user’s network forensic request after the second encryption is sent to the blockchain; after the blockchain receives the second encrypted user’s network forensic request, the second encrypted user’s network forensics request Perform two decryptions to obtain the decrypted user's network forensic request, and analyze the decrypted user's network forensic request to obtain forensic identification information. The following examples illustrate the above encryption and decryption process. First, the user’s terminal uses the first public key to encrypt the original network forensic request for the first time, and sends the original network forensic request after the first encryption to the proxy server, and the proxy server encrypts the The original network forensic request is transformed according to the default format to obtain the user's network forensic request; the proxy server encrypts the user's network forensic request for the second time through the second public key, and encrypts the second encrypted The user's network forensic request is sent to the blockchain; the block link receives the user's network forensic request after the second encryption, and sequentially transmits the second private key corresponding to the second public key and the first public key Corresponding to the first public key, decrypt the user's network forensic request after the second encryption twice to obtain the decrypted user's network forensic request, and analyze the decrypted user's network forensic request to obtain Forensic identification information.
It can be seen from the above that the request is transmitted between the user's end point and the blockchain, between the user's terminal and the proxy server, and between the proxy server and the blockchain through encryption, avoiding network hijacking and ensuring the request Security and reliability of transmission.
It should be noted that the foregoing methods of encrypting through the public key and decrypting through the private key corresponding to the public key are only exemplary, and are not intended to limit the present invention.
In step S340, the smart contract deployed on the blockchain is called to control the nodes in the blockchain to perform forensic operations according to the forensic identification information to obtain corresponding forensic data.
In the embodiment of this application, when obtaining the forensic identification information, the blockchain invokes the smart contract deployed on it, and the smart contract includes the forensic operation, and controls the nodes in it to perform the forensic operation according to the forensic identification information to obtain the corresponding Forensic information. Since the blockchain includes multiple blockchain nodes, the above process of obtaining forensic data may include: invoking a smart contract, controlling each node in the blockchain to perform a forensic operation based on the forensic identification information to obtain the execution of each node Data, and the execution data of each node are processed by consensus, and the consensus execution data is used as forensic data, that is, the blockchain calls the smart contract deployed on it, and controls each node to execute wisdom based on the forensic identification information The forensic operation in the contract is to obtain the execution data of each node, and according to the execution data of each node, it is judged whether the execution data of most or all nodes in multiple nodes are consistent. If most nodes in multiple nodes Or the execution data of all nodes are consistent, then the consensus processing of the execution data of each node is completed, and the consensus execution data is judged as forensic data.
Hereinafter, the above process will be explained with an example. For example, if the forensic identification information is a link to the webpage where the infringing object is published, the forensic operation included in the smart contract is to obtain the infringing information based on the link to the webpage where the infringing object is published. The specific process is that the blockchain calls the smart contract and controls each node in it to obtain infringing data according to the link of the webpage where the infringing object is published, and determine the infringing data obtained by each node as the execution data of each corresponding node ; Judging whether the execution data of most or all nodes are consistent according to the execution data of each node, that is, whether the infringement data of most nodes or all nodes are consistent, if the execution data of most nodes or the execution of all nodes If the data is consistent, the consensus on the implementation data will be completed, and the consensus implementation data will be judged as forensic data. It should be noted that the infringing object is different, and the forensic data is also different. If the infringing object is an article, the forensic data can include the title, content, author, time when the article was published on the infringing webpage, and the number of page views of the article. This example The sexual embodiment does not specifically limit this. If the infringing object is a video, the forensic data may include the content of the video, the title of the video, the author of the video, the time when the video was posted on the infringing webpage, the number of views of the video, etc. This exemplary embodiment does not specifically limit this.
For another example, if the forensic identification information is the link to the website to which the infringing object belongs and the basic information of the object, the basic information of the object can include the name, author, etc. of the object. Specifically, if the object is an article, the basic information of the object Including the name and author of the article; if the object is a picture, the basic information of the object can include the name and author of the picture. Based on the above forensic identification information, the forensic operations included in the smart contract include: obtaining the website to which the infringing object is published according to the link of the website where the infringing object is published, and traversing each of the websites to which the infringing object is published. Linked web page data, and match each linked web page data with the basic information of the object, and judge the web page data matching the basic information of the object as infringing data. Based on this, the process of obtaining evidence data can include: the blockchain calls the smart contract and controls each node in it to obtain the website of the website that published the infringing object according to the link of the website that published the infringing object, and traverse to announce the infringement The webpage data of each link in the website to which the webpage of the object belongs, and the webpage data of each link in the website to which the webpage that publishes the infringing object obtained by each node belongs are matched with the basic information of the object, and each The webpage data that matches the basic information of the object in the website to which the webpage that publishes the infringing object obtained by the node belongs is determined as the infringement data of each corresponding node, and the infringement data of each node is determined as the execution of each corresponding node data. According to the execution data of each node, judge whether the execution data of most or all nodes are consistent. If the execution data of most or all nodes are consistent, the consensus on the execution data will be completed, and the consensus execution data will be judged as forensics data. It should be noted that the forensic information has been explained above, so I will not repeat it here.
Step S360: Sign the forensic data, and send the signed forensic data to the user's terminal.
In the embodiment of this application, after obtaining the forensic data, in order to avoid network hijacking, the credibility of the forensic data is further ensured. The forensic data needs to be signed. The specific signing method can be: to stamp the forensic data with the blockchain certificate timestamp; it can also be used to stamp the forensic data with a certification mark The forensic data is signed and sealed by the method, where the specific manifestation of the certification mark can be set by the developer. For example, the certification mark can be a QR code picture or a string of multiple characters. This exemplary embodiment does not specifically limit this. It should be noted that the execution subject of the signature may be a node in the blockchain, or all nodes in the blockchain, etc. This exemplary embodiment does not specifically limit this. It should be noted that in other embodiments of the present disclosure, if the application scenario of the forensic method is shown in Figure 2, the execution subject of the signature is not only a node or multiple nodes in the blockchain, but also an agent. For the server, this exemplary embodiment does not specifically limit this.
In order to avoid network hijacking and ensure the security of the forensic data after the signature, sending the forensic data after the signature to the user's terminal may include: encrypting the forensic data after the signature to obtain the encrypted forensic data , And send the encrypted forensic data to the user's terminal.
In the embodiment of this application, if the application scenario of the forensic method is shown in Figure 1, the blockchain can encrypt the signed forensic data through the public key to obtain the encrypted forensic data, and the encrypted forensic data The forensic data is sent to the user's terminal, so that the user's terminal decrypts the encrypted forensic data through the private key corresponding to the public key to obtain the decrypted forensic data.
If the application scenario of the forensic method is shown in Figure 2, the blockchain can use the first public key to encrypt the forensic data after signing for the first time to obtain the encrypted forensic data for the first time. The first encrypted forensic data is sent to the proxy server, and the proxy server encrypts the first encrypted forensic data through the second public key to obtain the second encrypted forensic data, and encrypts the second time The latter forensic data is sent to the user’s terminal, and the user terminal can sequentially decrypt the second encrypted forensic data according to the second private key corresponding to the second public key and the first private key corresponding to the first public key. Obtain the decrypted forensic information.
It can be seen from the above that by encrypting the forensic data after signature, network hijacking can be avoided and the security of forensic data can be guaranteed.
In summary, by invoking the smart contracts deployed on the blockchain, the nodes in the blockchain are controlled to perform forensic operations based on the forensic identification information to obtain corresponding forensic data. Compared with the prior art, due to the lack of impartial personnel for execution Obtain forensic data by means of network operation, that is, without manual methods, automatic acquisition of forensic data is realized, which greatly shortens the time of forensics, improves the efficiency of forensics, and also reduces the labor cost of forensics; in addition, due to the invocation of smart contracts Control the nodes in the blockchain to perform forensic operations according to the forensic identification information to obtain the corresponding forensic data, that is, to set up the forensic operations in the smart contract and run in the blockchain, avoiding the influence of human factors and ensuring the network environment The credibility of the forensic information must avoid the occurrence of forging network links and forging website information, thereby ensuring the credibility of the forensic data; in addition, by signing the forensic data, network hijacking can be avoided, and further Ensure the credibility of forensic information.
Corresponding to the aforementioned blockchain-based forensics method, based on the same idea, an embodiment of the application also provides a blockchain-based forensics device. Figure 4 is a blockchain-based forensics provided by one or more embodiments of this specification. The structure block diagram of the device, as shown in FIG. 4, the blockchain-based forensics device 400 may include: an acquisition module 401, an execution module 402, and a signature module 403, in which:
The obtaining module 401 can be used to obtain a user's network forensic request, and obtain forensic identification information according to the network forensic request;
The execution module 402 can be used to call smart contracts deployed on the blockchain, and control the nodes in the blockchain to perform forensic operations based on the forensic identification information to obtain corresponding forensic data;
The signing module 403 can be used to sign the forensic data and send the signed forensic data to the user's terminal.
Optionally, the execution module 402 may include:
The calling unit is used to call the smart contract and control each node in the blockchain to perform forensic operations based on the forensic identification information to obtain the execution data of each node; and
The consensus unit is used to perform consensus processing on the execution data of each node, and use the consensus execution data as evidence collection data.
Optionally, the signature module 403 is specifically used to sign the forensic data by stamping the forensic data with a blockchain certificate time stamp.
Optionally, the acquisition module 401 is specifically used to receive the original network forensics request sent by the user's terminal, and convert the original network forensics request according to a preset format to obtain the user's network forensics request; or to receive a proxy server The user’s network forensic request sent by the server, and the user’s network forensic request is transformed by the proxy server according to the original network forensic request sent by the user’s terminal.
Optionally, the obtaining module 401 is specifically used to obtain the encrypted user's network forensic request, decrypt the encrypted user's network forensic request, to obtain the decrypted user's network forensic request, and according to The decrypted user's network forensic request obtains forensic identification information.
Optionally, the signature module 403 is specifically used to encrypt the forensic data after the signature to obtain the encrypted forensic data, and send the encrypted forensic data to the user's terminal.
The blockchain-based forensic device provided by the embodiment of the application controls the nodes in the blockchain to perform forensic operations according to the forensic identification information by invoking the smart contract deployed on the blockchain to obtain corresponding forensic data, compared to In the prior art, because impartial personnel are not used to perform network operations to obtain forensic materials, that is, manual methods are not used, automatic acquisition of forensic materials is realized, which greatly shortens the time for forensics, improves the efficiency of forensics, and reduces the cost of forensics. Labor cost; in addition, because the nodes in the blockchain are called to control the smart contract to perform the forensic operation based on the forensic identification information to obtain the corresponding forensic data, that is, to set up the forensic operation in the smart contract and run it in the blockchain, avoiding human intervention The influence of factors guarantees the credibility of the network environment, that is, to avoid the occurrence of forging network links and forging website information, thereby ensuring the credibility of the forensic data; in addition, by signing the forensic data , Can avoid network hijacking, and further ensure the credibility of forensic data.
Furthermore, based on the method shown in FIG. 3 above, an embodiment of the present application also provides a blockchain-based forensics device, as shown in FIG. 5.
Blockchain-based forensics equipment can have relatively large differences due to different configurations or performances. It can include one or more processors 501 and memory 502. The memory 502 can store one or more storage applications or data. Among them, the memory 502 may be short-term storage or permanent storage. The application program stored in the memory 502 may include one or more modules (not shown in the figure), and each module may include a series of computer-executable instructions for a blockchain-based forensic device. Furthermore, the processor 501 may be configured to communicate with the memory 502, and execute a series of computer-executable instructions in the memory 502 on a blockchain-based forensic device. Blockchain-based forensics equipment may also include one or more power supplies 503, one or more wired or wireless network interfaces 504, one or more input and output interfaces 505, one or more keyboards 506, and so on.
In a specific embodiment, the blockchain-based forensics equipment includes memory and one or more programs, one or more programs are stored in the memory, and one or more programs may include one or more programs. More than one module, and each module can include a series of computer executable instructions for blockchain-based forensics equipment, and is configured to be executed by one or more processors to execute the one or more package programs. Perform the following computer executable commands:
Obtain the user's network forensic request, and obtain forensic identification information according to the network forensic request;
Call the smart contract deployed on the blockchain to control the nodes in the blockchain to perform forensic operations based on the forensic identification information to obtain corresponding forensic data;
Sign the forensic data and send the signed forensic data to the user's terminal.
Optionally, when the computer executable instructions are executed, the smart contract deployed on the blockchain is called to control the nodes in the blockchain to perform forensic operations based on the forensic identification information to obtain corresponding forensic data including:
Call the smart contract to control each node in the blockchain to perform forensic operations based on the forensic identification information to obtain the execution data of each node; and
Perform consensus processing on the execution data of each node, and use the consensus execution data as evidence collection data.
Optionally, when the computer executable instructions are executed, the signature of the forensic data includes:
The forensic data is signed and sealed by stamping the blockchain certificate timestamp on the forensic data.
Optionally, when the computer executable command is executed, it obtains the user's network forensics request, including:
Receive the original network forensic request sent by the user's terminal, and transform the original network forensic request according to the preset format to obtain the user's network forensic request; or
Receive the user's network forensic request sent by the proxy server. The user's network forensic request is transformed by the proxy server according to the original network forensic request sent by the user's terminal.
Optionally, when the computer executable command is executed, obtaining the user's network forensics request, and obtaining forensic identification information according to the network forensics request includes:
Obtain the encrypted user's network forensic request, and decrypt the encrypted user's network forensic request to obtain the decrypted user's network forensic request;
Obtain forensic identification information according to the decrypted user's network forensic request.
Optionally, when the computer executable instructions are executed, sending the signed forensic data to the user's terminal includes:
Encrypt the forensic data after the signature to obtain the encrypted forensic data, and send the encrypted forensic data to the user's terminal.
The blockchain-based forensic equipment provided by the embodiment of the application controls the nodes in the blockchain to perform forensic operations according to the forensic identification information by invoking the smart contract deployed on the blockchain to obtain corresponding forensic data, compared to In the prior art, because impartial personnel are not used to perform network operations to obtain forensic materials, that is, manual methods are not used, automatic acquisition of forensic materials is realized, which greatly shortens the time for forensics, improves the efficiency of forensics, and reduces the cost of forensics. Labor cost; in addition, because the nodes in the blockchain are called to control the smart contract to perform the forensic operation based on the forensic identification information to obtain the corresponding forensic data, that is, to set up the forensic operation in the smart contract and run it in the blockchain, avoiding human intervention The influence of factors guarantees the credibility of the network environment, that is, to avoid the occurrence of forging network links and forging website information, thereby ensuring the credibility of the forensic data; in addition, by signing the forensic data , Can avoid network hijacking, and further ensure the credibility of forensic data.
Further, the embodiments of the present application also provide a storage medium for storing computer executable instructions. In a specific embodiment, the storage medium may be a USB, an optical disk, a hard disk, etc., and the storage medium stored in the computer executable When the instruction is executed by the processor, the following process can be realized:
Obtain the user's network forensic request, and obtain forensic identification information according to the network forensic request;
Call the smart contract deployed on the blockchain to control the nodes in the blockchain to perform forensic operations based on the forensic identification information to obtain corresponding forensic data;
Sign the forensic data and send the signed forensic data to the user's terminal.
Optionally, when the computer executable instructions stored in the storage medium are executed by the processor, they call a smart contract deployed on the blockchain to control the nodes in the blockchain to perform forensic operations based on the forensic identification information to obtain corresponding forensics The information includes:
Call the smart contract to control each node in the blockchain to perform forensic operations based on the forensic identification information to obtain the execution data of each node; and
Perform consensus processing on the execution data of each node, and use the consensus execution data as evidence collection data.
Optionally, when the computer executable instructions stored in the storage medium are executed by the processor, signing the forensic data includes:
The forensic data is signed and sealed by stamping the blockchain certificate timestamp on the forensic data.
Optionally, when the computer executable instructions stored in the storage medium are executed by the processor, obtaining a user's network forensics request includes:
Receive the original network forensic request sent by the user's terminal, and transform the original network forensic request according to the preset format to obtain the user's network forensic request; or
Receive the user's network forensic request sent by the proxy server. The user's network forensic request is transformed by the proxy server according to the original network forensic request sent by the user's terminal.
Optionally, when the computer executable instructions stored in the storage medium are executed by the processor, obtaining the user's network forensics request, and obtaining forensic identification information according to the network forensics request includes:
Obtain the encrypted user's network forensic request, and decrypt the encrypted user's network forensic request to obtain the decrypted user's network forensic request;
Obtain forensic identification information according to the decrypted user's network forensic request.
Optionally, when the computer executable instructions stored in the storage medium are executed by the processor, sending the signed forensic data to the user's terminal includes:
Encrypt the forensic data after the signature to obtain the encrypted forensic data, and send the encrypted forensic data to the user's terminal.
When the computer-executable instructions stored in the storage medium in the embodiment of this application are executed by the processor, they control the nodes in the blockchain to perform forensic operations according to the forensic identification information by invoking the smart contract deployed on the blockchain to obtain the corresponding Compared with the existing technology, because impartial personnel are not used to obtain forensic data by means of network operations, that is, manual methods are not used, automatic acquisition of forensic data is realized, which greatly reduces the time for forensics and improves the efficiency of forensics. At the same time, it also reduces the labor cost of forensics; in addition, because the nodes in the blockchain are controlled by the smart contract to perform the forensic operation according to the forensic identification information to obtain the corresponding forensic data, that is, the forensic operation is set in the smart contract and the block The operation in the chain avoids the influence of human factors and ensures the credibility of the network environment, that is to say, it must avoid the occurrence of forging network links and forging website information, thereby ensuring the credibility of forensic data; in addition, By signing the forensic data, network hijacking can be avoided, and the credibility of the forensic data is further ensured.
In the 1990s, the improvement of a technology can be clearly distinguished from the improvement of hardware (for example, the improvement of the circuit structure of diodes, transistors, switches, etc.) or the improvement of software (for the process flow Improve). However, with the development of technology, the improvement of many methods and processes can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method and process cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD) (such as Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is designed by the designer to "integrate" a digital system on a PLD without having to ask the chip manufacturer to design and produce a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly switched to a logic compiler (logic compiler).
compiler)" software, which is similar to the software compiler used in program development and writing, and the original code before compilation has to be written in a specific programming language, which is called hardware description language (Hardware Description Language). Language, HDL), and HDL is not only one, but there are many, such as ABEL (Advanced Boolean Expression
Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming
Language), HDCal, JHDL (Java Hardware Description
Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc. The most commonly used at present are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also understand that it is easy to obtain the hardware circuit that implements the logic method flow by only slightly programming the method flow using the above hardware description languages and programming it into the integrated circuit.
The controller can be implemented in any suitable manner. For example, the controller can take the form of, for example, a microprocessor or a processor and a computer readable program code (such as software or firmware) that can be executed by the (micro) processor. Media, logic gates, switches, dedicated integrated circuits (Application Specific
Integrated Circuit, ASIC), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip
PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the memory control logic. Those skilled in the art also know that, in addition to implementing the controller in a purely computer-readable code, it is entirely possible to design the method steps by logic programming to enable the controller to be controlled by logic gates, switches, dedicated integrated circuits, and programmable logic. The same function can be realized in the form of an embedded microcontroller and a microcontroller. Therefore, such a controller can be regarded as a hardware component, and the device for implementing various functions included therein can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module of an implementation method and a structure within a hardware component.
The system, device, module or unit explained in the above embodiments may be implemented by a computer chip or entity, or by a product with a certain function. A typical implementation device is a computer. Specifically, the computer can be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, and a wearable device. Or any combination of these devices.
For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing one or more embodiments of this specification, the functions of each unit can be implemented in the same or multiple software and/or hardware.
Those skilled in the art should understand that one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification can be implemented on one or more computer-usable storage media (including but not limited to magnetic disk memory, CD-ROM, optical memory, etc.) containing computer-usable program codes. In the form of a computer program product.
One or more embodiments of this specification are described with reference to flowcharts and/or block diagrams of methods, equipment (systems), and computer program products according to the embodiments of this application. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to the processors of general-purpose computers, dedicated computers, embedded processors, or other programmable data processing equipment to generate a machine that can be executed by the processor of the computer or other programmable data processing equipment Produce means for realizing the functions specified in one or more processes in the flowchart and/or one block or more in the block diagram.
These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including the instruction device , The instruction device realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are performed on the computer or other programmable equipment to generate computer-implemented processing, so that the computer or other programmable equipment The instructions executed above provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
Memory may include non-permanent memory, random access memory (RAM) and/or non-volatile memory in computer-readable media, such as read-only memory (ROM) or flash memory (flash) RAM). Memory is an example of computer-readable media.
Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), and other types of random access memory (RAM) , Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only CD-ROM (CD-ROM), digital multi-function Optical discs (DVD) or other optical storage, magnetic cassettes, magnetic tape storage or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
It should also be noted that the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device that includes a series of elements not only includes those elements, but also includes Other elements not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity or equipment that includes the element.
One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as a program module. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. The application can also be implemented in a distributed computing environment. In these distributed computing environments, remote processing devices connected through a communication network perform tasks. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
The embodiments in this specification are described in a progressive manner. The same or similar parts between the embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method embodiment.
The above are only one or more embodiments of this specification, and are not used to limit this specification. For those skilled in the art, one or more embodiments of this specification can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of this specification should be included in the scope of the patent application of one or more embodiments of this specification.
