WO2016192777A1 - Generating digital evidence - Google Patents

Generating digital evidence Download PDF

Info

Publication number
WO2016192777A1
WO2016192777A1 PCT/EP2015/062257 EP2015062257W WO2016192777A1 WO 2016192777 A1 WO2016192777 A1 WO 2016192777A1 EP 2015062257 W EP2015062257 W EP 2015062257W WO 2016192777 A1 WO2016192777 A1 WO 2016192777A1
Authority
WO
WIPO (PCT)
Prior art keywords
conversation
data
computer program
messaging system
participants
Prior art date
Application number
PCT/EP2015/062257
Other languages
French (fr)
Inventor
Yago Jesús MOLINA BERENGUER
Original Assignee
Egarante, S.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Egarante, S.L. filed Critical Egarante, S.L.
Priority to PCT/EP2015/062257 priority Critical patent/WO2016192777A1/en
Publication of WO2016192777A1 publication Critical patent/WO2016192777A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • H04L51/046Interoperability with other network applications or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/216Handling conversation history, e.g. grouping of messages in sessions or threads
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/52User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail for supporting social networking services

Definitions

  • the present disclosure relates to a method of generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants.
  • the present disclosure further relates to a computer program, a system and a computing system suitable for carrying out such a method.
  • a messaging system may be defined as a system that permits communication between two or more people based on text and/or any type of multimedia data such as e.g. images, sound, video, etc.
  • the text and/or multimedia data may be sent through networked devices in a communications network such as e.g. the Internet.
  • a communications network such as e.g. the Internet.
  • Two main groups of messaging systems may be distinguished: Instant Messaging systems and Social Network Messaging systems.
  • Instant Messaging systems were initially designed for interactions between two parties, although they have evolved to allow the creation of conversations between groups of people. Originally, these systems were conceived as flexible systems for exchanging information individually and asynchronously. Simultaneous presence and exclusive attention are not required, but fast response speed is expected in these systems. Examples of Instant Messaging Systems are GtalkTM, HangoutsTM, SkypeTM, SnapChatTM, WhatsappTM or TelegramTM.
  • Social networks were initially designed as an environment for "one to several" communications, although messaging systems for private communication between members of the Social Network have been incorporated thereto. Some of said messaging systems are of the "mailbox" type under an approach similar to the email concept (fully asynchronous). Some other of said messaging systems may be more similar to the abovementioned instant messaging systems.
  • An example of Social Network Messaging system is Facebook MessengerTM. It is an object of the present disclosure to improve the existing messaging systems.
  • the messaging system may be either an instant messaging system or a social network system.
  • the method comprises obtaining, by the computer program, authorization to access data of the conversation including data of the at least part of the conversation, and accessing, by the computer program, the data of the conversation.
  • the method further comprises cryptographically certifying, by the computer program, the data of the at least part of the conversation, and generating, by the computer program, the digital evidence of the at least part of the conversation from the cryptographically certified data of the at least part of the conversation.
  • the conversation data may be accessed in such a way that a deliverable format is given to the conversation data. For instance, a PDF file may be generated containing the conversation data.
  • cryptographically certifying the conversation data may comprise cryptographically certifying said deliverable format (e.g.
  • generating the digital evidence may comprise outputting the cryptographically certified PDF file.
  • the conversation data may not be in a deliverable format.
  • cryptographically certifying the conversation data may comprise cryptographically certifying said non-deliverable format
  • generating the digital evidence may comprise generating a PDF file including the cryptographically certified conversation data.
  • deliveryable format attributed to the conversation data is used herein to refer to a format that can be delivered to somebody in such a way that any manipulation of the conversation data can be detected.
  • a PDF file or Word file or any other well-known type of format that can be cryptographically signed may be used for suitably delivering the conversation data.
  • the "deliverable format" may thus be either a read-only or a modifiable format whenever it can be signed such that any alteration after signature can be clearly identified.
  • Cryptographically certifying conversation data may be understood herein as registering (or keeping track of) said data and applying one or more cryptographic mechanisms thereto, so that authenticity and integrity of the data may be ensured. This way, the conversation data may be subsequently verified by a party that was not necessarily present at the conversation.
  • the proposed method may be used with an existing messaging system for obtaining a digital evidence of a conversation or part of a conversation between users of the messaging system.
  • Current messaging systems may permit a user to delete or falsify evidence of a message relatively easily. For example, a private message sent by a user through TwitterTM may be deleted by the user in an easy way by using corresponding deletion functionality. The prior existence of this deleted message cannot be subsequently proved unless exceptional technical actions are undertaken.
  • the suggested method of generating digital evidence may represent a valuable technical improvement of the current messaging systems in the mentioned sense.
  • the proposed method may securely register a conversation (or part of it) and generate digital evidence by using suitable cryptographic mechanisms such as e.g. digital signatures and timestamps.
  • the proposed method may thus be seen as a technical extension of a messaging system that can be re-used for other purposes that are not currently considered by companies, people, etc.
  • the capacity to serve multiple clients asynchronously by only one person may imply a remarkable flexibility and cost saving in customer services.
  • Companies seem to be increasingly moving to messaging systems but they do not move the traditional call centre to messaging systems because they are legally insecure.
  • the proposed method may permit implementing customer services through messaging systems in a secure way, by keeping track of the conversations between company and clients.
  • Another advantage of the suggested method may be that at least some cybercrimes may be digitally tracked and reported to competent authorities. For example, cyberbullying, sexting, grooming, etc. may be digitally tracked and digital evidence may be reported to the police with the method disclosed herein. In this sense, parents may e.g. activate a mode of generating digital evidence of conversations participated by their children in a given messaging system. This way, digital evidence of a conversation may be reported to authorities if a suspicious behaviour by a third-party is detected in the conversation.
  • the method may be performed by iteratively processing consecutive data portions of the at least part of the conversation.
  • a first data portion may be accessed (or read) and digitally certified by the computer program.
  • further data portions may be accessed and digitally certified by the computer program until processing of the whole conversation or part of the conversation has been completed.
  • the method may be continuously repeated in such a way that digital evidence of different complete or partial conversations may be generated.
  • the data of the at least part of the conversation may comprise data representing any event occurred in the at least part of the conversation.
  • the data of the at least part of the conversation may comprise data of inclusion of a participant to the group of participants, and/or data of exclusion of a participant from the group of participants, and/or data of a message exchanged between participants of the group of participants.
  • the message may comprise e.g. text and/or multimedia data.
  • the method may further comprise storing, by the computer program, the data of the at least part of the conversation in a repository of conversation data.
  • Said repository may comprise e.g. a relational database, and/or a non-relational database, and/or a text file, and/or a Log file, etc.
  • the data may be stored in a document that supports digital signature and time stamping or in a SQL database.
  • the cryptographic data may be stored in the SQL database in fields specifically defined for that aim.
  • consecutive data portions of the conversation may be individually processed and therefore stored in the repository.
  • the method may further comprise deleting, by the computer program, the stored data of the at least part of the conversation from the repository of conversation data once the digital evidence (of the at least part of the conversation) has been generated.
  • a user or participant that has requested digital tracking of the conversation may choose the option of deleting the conversation data once digital evidence has been generated.
  • An aspect of this option may be that storage space is optimized.
  • Another aspect may be that rights of the user are ensured in the sense that personal data is completely eliminated.
  • storing the data of the at least part of the conversation may comprise storing, by the computer program, the cryptographically certified data of the at least part of the conversation in the repository of conversation data.
  • cryptographically certifying the data of the at least part of the conversation may comprise cryptographically certifying, by the computer program, the stored data of the at least part of the conversation. That is to say, the data may be cryptographically certified first and stored secondly or, alternatively, the data may be stored first and cryptographically certified secondly.
  • data portions may be stored without cryptographic certification in such a way that the (synchronous) process may be executed more efficiently.
  • an asynchronous batch process of cryptographic certification may be performed on the stored data e.g. at the end of the day.
  • This synchronous and asynchronous approach may require less computing resources in comparison with a "fully synchronous" approach in which cryptographic certification is also performed synchronously.
  • generating the digital evidence of the at least part of the conversation may comprise generating, by the computer program, a file containing the cryptographically certified data of the at least part of the conversation.
  • This file may be sent, by the computer program, to a participant that has requested the digital evidence or to all the participants.
  • this file may be stored in a server and an email containing a link to the file may be sent to the participant that has requested the digital evidence or to all the participants.
  • the file containing the digital evidence may be generated by the computer program under a synchronous approach or an asynchronous approach.
  • consecutive data portions of the conversation may be accessed, cryptographically certified and added to the file as part of the same synchronous process.
  • an asynchronous process may retrieve digitally certified data portions from the repository which have been previously stored in the repository by a synchronous process.
  • cryptographically certifying the data of the at least part of the conversation may comprise obtaining, by the computer program, one or more cryptographic fingerprints of the data of the at least part of the conversation.
  • One or more portions of the data to be certified may be considered for its cryptographic fingerprinting.
  • the cryptographic fingerprint of a data portion may be obtained by e.g. applying a suitable hash function to the data portion.
  • cryptographically certifying the data of the at least part of the conversation may comprise cryptographically signing, by the computer program, the data of the at least part of the conversation or the aforementioned fingerprint(s) of said data.
  • One or more portions of the data to be certified, or corresponding fingerprint(s) may be considered for its cryptographic signing.
  • the cryptographic signing may be performed by using a cryptographic system that may be asymmetric, i.e. based on public and private key.
  • the cryptographic system may be applied to the data (or data portion) to be cryptographically signed or to the fingerprint of the data (or data portion) to be cryptographically signed.
  • cryptographically certifying the data of the at least part of the conversation may comprise cryptographically time stamping, by the computer program, the data of the at least part of the conversation, or the aforementioned fingerprint(s) or signature(s) of said data.
  • One or more timestamps may be obtained for securely keeping track of the time at which the data (or fingerprint or signature) to be certified has been generated.
  • One or more portions of the data (or fingerprints or signatures of said data) to be certified may be considered for its time stamping.
  • the timestamp of a data portion (or fingerprint or signature) may be obtained by sending the data portion (or fingerprint or signature of said data portion) to a Time Stamping Authority (TSA) and receiving adequate response from said TSA.
  • TSA Time Stamping Authority
  • obtaining authorization to access the data of the conversation may comprise logging in the messaging system, by the computer program, by using user credentials (e.g. username and password) assigned to the computer program, and accepting, by the computer program, an invitation of inclusion to the group of participants as a further participant.
  • the computer program may therefore act as a witness of what is occurring in the conversation since it is seen by the messaging system as one of its users that is participating in the conversation.
  • the user credentials may comprise e.g. an ID or username or telephone number, etc. and corresponding password identifying the computer program as a user of the messaging system.
  • the computer program may be invited to be in the group of participants and, hence, in the conversation by e.g. a participant that has requested the generation of the digital evidence.
  • a participant of the group of participants may be a user of the messaging system having user credentials (e.g. username and password) for logging in the messaging system.
  • obtaining authorization to access the data of the conversation may comprise receiving, by the computer program, the user credentials of the user, and logging in the messaging system, by the computer program, by using the user credentials in representation of the user.
  • User credentials of the user may therefore be delivered by the user to the computer program, and the computer program may log in the messaging system as if it were the user. This way, the computer program may access and capture any data provided/obtained by the user to/from the messaging system in order to generate the digital evidence.
  • a participant of the group of participants may be a user of the messaging system having user credentials (e.g. username and password) for logging in the messaging system in such a way that a session identifier is generated by the messaging system.
  • obtaining authorization to access the data of the conversation may comprise receiving, by the computer program, the session identifier generated by the messaging system, and obtaining, by the computer program, authorization to access the data of the conversation by using the session identifier.
  • the computer program may obtain the session identifier by accessing one or more cookies or tokens of the session. This access to the cookies or tokens may have been previously granted by the user.
  • the obtained session identifier may permit the computer program accessing and capturing any data provided/obtained by the user to/from the messaging system in order to generate the digital evidence.
  • the computer program may have own credentials for logging in the messaging system, said credentials having privilege to access data of a participant of the group of participants. Said privilege may have been previously granted by said participant to the computer program (through e.g. an Oauth procedure or similar).
  • obtaining authorization to access the data of the conversation may comprise logging in the messaging system, by the computer program, by using its own credentials having privilege to access the data of the participant. This way, the computer program may access data of any event (e.g. exchanged messages) occurred within the conversation in which the participant takes part.
  • the computer program may be configured to intermediate between a user of the messaging system (e.g. the petitioner of the digital evidence) and the messaging system.
  • the computer program may obtain authorization to access the data of the conversation by receiving a request from the user of logging in the messaging system and logging in the messaging system according to the received request from the user.
  • the computer program may therefore comprise an intermediary application that may act either as a user application between the user and the messaging system or as a proxy application between a third-party user application and the messaging system.
  • a user environment may be provided by the intermediary application to the user.
  • This user environment may provide necessary functionalities for using the messaging system such that no direct interaction between the user and the messaging system occurs. That is, the user interacts with the intermediary application, and the intermediary application interacts with the messaging system.
  • a "non-official" application is provided to the user for using the messaging system in an indirect manner.
  • the intermediary application may be e.g. a computer program that is executed on an operating system or a mobile device, or a web application that resides in a URL.
  • said proxy application may intermediate between a third-party user application and the messaging system.
  • This third-party user application may be a "non-official" application through which the user uses the messaging system in an indirect manner. The user may therefore use the messaging system by interacting only with the third-party user application.
  • the proxy application may be configured to act as a bridge between the third-party application and the messaging system. Hence, any data sent by the third-party application to the messaging system and any data sent by the messaging system to the third- party application may pass through the proxy application. This way, the proxy application may access and capture any data provided/obtained by the user to/from the messaging system in order to generate the digital evidence.
  • the method may further comprise generating, by the computer program, a message in the conversation indicating that digital evidence of the at least part of the conversation will be generated. This option may be selected by the participant for whom the digital evidence is to be generated when completing the request of generating the digital evidence.
  • the at least part of the conversation may be a part of the conversation between a beginning and an end.
  • accessing the data of the conversation may comprise identifying, by the computer program, data indicating the beginning of the part of the conversation and data indicating the end of the part of the conversation.
  • the data of the part of the conversation may thus be identified, by the computer program, as the data comprised between the data indicating the beginning and the data indicating the end of the part of the conversation.
  • At least some of the steps (or actions) of any of the described methods (of generating digital evidence) may be performed in any order that is practicable. Even, in some cases, at least some of the method steps may be performed simultaneously, i.e. as if they were a single step.
  • a system for generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants.
  • This system comprises means for obtaining, by the computer program, authorization to access data of the conversation including data of the at least part of the conversation, and means for accessing, by the computer program, the data of the conversation.
  • This system further comprises means for cryptographically certifying, by the computer program, the data of the at least part of the conversation, and means for generating, by the computer program, the digital evidence of the at least part of the conversation from the cryptographically certified data of the at least part of the conversation.
  • a computing system for generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants.
  • This computing system may comprise a memory and a processor.
  • the memory may store computer program instructions executable by the processor. Said instructions may comprise functionality to execute a method of generating a digital evidence of at least part of a conversation according to any of the examples disclosed herein.
  • a computer program product comprising program instructions to provoke that a computing system (such as e.g. the above mentioned computing system) performs a method of generating a digital evidence of at least part of a conversation according to any of the examples disclosed herein.
  • a computing system such as e.g. the above mentioned computing system
  • the computer program product may be embodied on a storage medium (for example, a CD-ROM, a DVD, a USB drive, on a computer memory or on a read-only memory) or carried on a carrier signal (for example, on an electrical or optical carrier signal).
  • a storage medium for example, a CD-ROM, a DVD, a USB drive, on a computer memory or on a read-only memory
  • a carrier signal for example, on an electrical or optical carrier signal
  • the computer program product may be in the form of source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other form suitable for use in the implementation of the processes.
  • the carrier may be any entity or device capable of carrying the computer program.
  • the carrier may comprise a storage medium, such as a ROM, for example a CD ROM or a semiconductor ROM, or a magnetic recording medium, for example a hard disk.
  • the carrier may be a transmissible carrier such as an electrical or optical signal, which may be conveyed via electrical or optical cable or by radio or other means.
  • the carrier may be constituted by such cable or other device or means.
  • the carrier may be an integrated circuit in which the computer program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant methods.
  • Figure 1 is a flow diagram schematically illustrating a method of generating digital evidence according to an example.
  • Figure 2 is a flow diagram schematically illustrating a method of generating digital evidence according to a further example.
  • Figure 3 is a flow diagram schematically illustrating a method of generating digital evidence according to a still further example.
  • Figure 1 is a flow diagram schematically illustrating a method of generating, by a computer program, digital evidence of a conversation, according to an example.
  • the computer program may be an executable code whose initiation may cause the triggering of initial block 10. Then, the method may continue to block 1 1 , at which authorization to access data of the conversation may be obtained by the computer program. After that, the computer program may start to access the data of the conversation at block 12, which may be continuously executed until an ending condition is satisfied, for example.
  • cryptographic certification of the conversation data may be performed by using cryptographic mechanisms of e.g. fingerprinting, time stamping, signing, etc.
  • the cryptographically certified data may be stored in a repository of conversation data.
  • the computer program may generate the digital evidence from the stored data.
  • the method may be ended due to e.g. satisfaction of an ending condition.
  • the data of the conversation may be processed by individually processing consecutive data portions. A data portion may therefore be accessed, cryptographically certified, stored, etc. by the computer program. This individual processing may be iterated until all the data portions of the conversation have been processed.
  • conversation data may be stored in the repository once said data has been cryptographically certified.
  • conversation data may be stored in the repository without being cryptographically certified, in which case a later batch process (of the computer program) may cryptographically certify the stored data.
  • the computer program may gain authorization to access data of the conversation according to different approaches.
  • the computer program may log in the messaging system by using "own" user credentials (e.g. username and password), such that the computer program is seen by the messaging system as a further user.
  • the computer program may be included as a participant of the conversation by a "real" participant that may correspond to the petitioner of the digital evidence.
  • the computer program may have access to any event occurred in the conversation, such as e.g. messages between participants, inclusion/exclusion of participants, etc. This approach may be referred to as "witness" approach.
  • the computer program may log in the messaging system by using user credentials (e.g.
  • the computer program may interact with the messaging system in representation of the real user in such a way that data generated within the messaging system may be accessed by the computer program.
  • a "real" user may provide the computer program with an identifier of the session created by the messaging system when the user has logged in the messaging system. This provision of the session identifier may be performed by the "real" user by permitting the computer program to access the cookies or tokens of the session which may be present at the computing device from which the user has logged in the messaging system. Then, the computer program may have access to data of the conversation by using the obtained session identifier.
  • the computer program may log in the message system by using "own" credentials having privilege/permission to access data of a "real" user of the messaging system.
  • This real user may correspond to the petitioner of the digital evidence and, therefore, participant of the conversation.
  • Attribution of this privilege/permission to the computer program may have been authorized by the real user by using a procedure implemented in the message system aimed at that purpose. This procedure may be equal or similar to what is known as an Oauth procedure.
  • This approach may be referred to as "assignment of permissions" approach.
  • the computer program may comprise an intermediary application configured to intermediate between the user (petitioner of the digital evidence) and the messaging system.
  • the intermediary application (of the computer program) may act as a user application between the user (petitioner) and the messaging system or as a proxy application between a third-party user application and the messaging system.
  • the user only sees the intermediary (or user) application which directly interacts with the messaging system transparently to the user.
  • the intermediary (or proxy) application transparently to the user.
  • the intermediary application acts as either user or proxy application.
  • said data may be captured and suitably processed by the intermediary application for generating the digital evidence. Therefore, any event occurred in the conversation, such as e.g. messages between participants, inclusion/exclusion of a participant, etc. may be accessed by the intermediary application (of the computer program).
  • the digital evidence may be delivered to the petitioner of the digital evidence at the moment the digital evidence is generated.
  • the stored data from which the digital evidence has been generated may be deleted for reasons of protection of personal data, for example. This deletion may permit optimizing the storage space used to store data for generating digital evidences.
  • the digital evidence may be generated a posteriori as many times as requested by the petitioner.
  • the data may be stored cryptographically certified in the repository of conversation data by using suitable security mechanisms to avoid malicious manipulations and other inconveniences.
  • Digital evidence may be retrieved from the repository by date, and/or participant identifier, and/or any other identifier included in the conversation (e.g. national identity card), etc. The digital evidence may be further delivered to other participants indicated by the petitioner, for example.
  • the digital evidence may comprise the content of the at least part of the conversation as well as the identifiers of the participants. Said identifiers may comprise e.g. IDs, usernames, telephone numbers, etc. depending on the messaging system through which the conversation has occurred.
  • the digital evidence may comprise the complete conversation between the moment at which the petitioner has been invited to the conversation until the end of the conversation or until the moment at which the petitioner has been excluded from the conversation.
  • the digital evidence may comprise a part of the conversation. Details of how the digital evidence may be generated comprising a part of the conversation will be provided with reference to Figure 3.
  • Figure 2 is a flow diagram schematically illustrating a method of generating, by a computer program, digital evidence of a conversation, according to a further example.
  • This method may be initiated at initial block 20.
  • the computer program may obtain authorization for accessing data of the conversation.
  • the computer program may start to access the data of the conversation.
  • the computer program may store the conversation data in a repository.
  • the stored data may be cryptographically certified by the computer program.
  • the computer program may generate the digital evidence from the cryptographically certified data.
  • the execution of the method is ended.
  • the method of Figure 2 is similar to the method of Figure 1 .
  • the conversation data is stored firstly and cryptographically certified secondly
  • the conversation data is cryptographically certified firstly and stored secondly.
  • obtaining access authorization, accessing the conversation data and storing the conversation data may be comprised in a synchronous process.
  • a later asynchronous (batch) process may be configured to cryptographically certify the conversation data stored by the synchronous process.
  • less computing resources may be required by the method of Figure 2 in comparison with the method of Figure 1 .
  • the same or similar principles to those commented with respect to the method of Figure 1 may be applied to the method of Figure 2.
  • Figure 3 is a flow diagram schematically illustrating a method of generating, by a computer program, digital evidence of a conversation, according to a still further example.
  • the method may be initiated at initial block 30.
  • the computer program may gain authorization to access the conversation data. Block 31 may be similar to the block 1 1 ( Figure 1 ) and block 21 ( Figure 2).
  • the computer program may access a data portion of the conversation.
  • the computer program may verify if the data portion indicates the beginning of the conversation data to be included in the digital evidence. In case of negative result of said verification, the method may return to block 32 for obtaining a next consecutive data portion. In case of positive result of said verification, the method may continue to block 34.
  • the indication of the beginning of the conversation data (to be registered) may comprise e.g. a predefined message sent by the petitioner of the digital evidence.
  • This predefined message may comprise "begin” or "begin digital evidence", for example.
  • the indication of the beginning of the conversation data (to be registered) may comprise the inclusion of the petitioner in the group of participants.
  • the computer program may obtain a next consecutive data portion to be included in the digital evidence.
  • a verification of whether the data portion (obtained at block 34) indicates the end of the conversation data to be included in the digital evidence is performed. In case of positive result of said verification, the method may continue to block 37. In case of negative result of said verification, the method may proceed to block 36 at which the data portion (obtained at block 34) may be processed for its inclusion in the digital evidence.
  • the indication of the end of the conversation data (to be registered) may comprise e.g. a predefined message sent by the petitioner of the digital evidence. This predefined message may comprise "end" or "end digital evidence", for example.
  • the indication of the end of the conversation data (to be registered) may comprise the exclusion of the petitioner from the group of participants, or the dissolution of the group of participants, or the exclusion of the computer program from the group of participants.
  • the computer program may simply store the data portion with control data indicating that the data portion has to be included in the digital evidence.
  • the cryptographic certification of the data portion may be performed at block 36 before its storage in the repository of conversation data.
  • the data portion may not be cryptographically certified at block 36.
  • a further block (not shown) may comprise an asynchronous process configured to cryptographically certify all the stored data that is pending of cryptographic certification.
  • the method may loop back to block 34 for obtaining a next consecutive data portion to be included in the digital evidence.
  • the digital evidence may be generated from the data portions stored in the repository of conversation data. Once the digital evidence has been generated, the method may continue to final block 38 at which the method ends its execution.
  • digital evidence of various complete or partial conversations participated by a particular participant (i.e. user of the messaging system) during a particular period of time may be generated in a single file.
  • a daily file may be generated containing digital evidence of various complete or partial conversations performed during that day.
  • Google GtalkTM at least some of the previously described methods could be implemented at least partially through a bot (or software robot).
  • This messaging system is supported on a protocol called Jabber/XMPP which has support for multiple programming languages.
  • the Gtalk bot may be developed and defined in such a way that it may perform the same functions as a conventional user of the messaging system. For example, it is possible to construct and define the Gtalk bot with the capability of sending messages, being included in a conversation, adding or blocking other users, etc.
  • the Gtalk bot may be developed having own user credentials for logging in the messaging system according to the "witness" approach, for example.
  • the user credentials of the bot may comprise a username of the type gtalkbot@gmail.com, for example.
  • any other user of the messaging system participating in a conversation may generate a request of inclusion of the bot in the conversation. Taking this into account, the bot may be programmed for auto-accepting any invitation of inclusion in a conversation.
  • the bot may adopt a "listening" mode, such that data of the conversation is registered from that moment. Additionally, the bot may be configured to generate a message in the conversation notifying its presence and that digital evidence of the conversation will be generated.
  • the bot may be configured to perform all the steps of the method or may be limited to merely obtain data of the conversation and store said data in a repository of conversations. In the latter case, the computer program (in charge of performing the method) may thus comprise the bot and a further piece of software configured to perform the remaining steps of the method, such as e.g. cryptographically certifying the conversation data, generating the digital evidence, etc.
  • TwitterTM In particular examples for the messaging system of TwitterTM, at least some of the previously described methods could be implemented at least partially through a Twitter application.
  • This Twitter application may be developed and defined in such a way that a "real" user may give permission to said application for accessing data of the user (e.g. data of conversations participated by the user) according to e.g. the "assignment of permissions" approach.
  • the Twitter application may be positioned in Twitter as an independent witness according to e.g. the "witness" approach.
  • the Twitter application may be configured to perform all the steps of the method or may be limited to merely obtain data of the conversation and store said data in a repository of conversations.
  • the computer program in charge of performing the method may thus comprise the Twitter application and a further piece of software configured to perform the remaining steps of the method, such as e.g. cryptographically certifying the conversation data, generating the digital evidence, etc.
  • any of the methods of generating digital evidence described in the context of the previous examples may be performed in a system having electronic/computing means configured for that aim.
  • Said electronic/computing means may be used interchangeably; that is, a part of said means may be electronic means and the other part may be computing means, or all said means may be electronic means or all said means may be computing means.
  • the electronic means may comprise e.g. a programmable electronic device such as a CPLD (Complex Programmable Logic Device), an FPGA (Field Programmable Gate Array) or an ASIC (Application-Specific Integrated Circuit).
  • a programmable electronic device such as a CPLD (Complex Programmable Logic Device), an FPGA (Field Programmable Gate Array) or an ASIC (Application-Specific Integrated Circuit).
  • the computing means may comprise a computing device that may comprise a memory and a processor.
  • the memory may be configured to store a series of computer program instructions constituting any of the computer programs described in the context of the previous examples.
  • the processor may be configured to execute these instructions stored in the memory in order to generate the various events and actions for which the system has been programmed.
  • the computer program (which may be stored in the memory of the system) may comprise program instructions for causing the system to perform any of the methods (of generating digital evidence) described in the context of the previous examples.
  • the computer program may be embodied on a storage medium (for example, a CD-ROM, a DVD, a USB drive, on a computer memory or on a read-only memory) or carried on a carrier signal (for example, on an electrical or optical carrier signal).
  • the computer program may be in the form of source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other form suitable for use in the implementation of the method.
  • the carrier may be any entity or device capable of carrying the computer program.
  • the carrier may comprise a storage medium, such as a ROM, for example a CD ROM or a semiconductor ROM, or a magnetic recording medium, for example a hard disk.
  • the carrier may be a transmissible carrier such as an electrical or optical signal, which may be conveyed via electrical or optical cable or by radio or other means.
  • the carrier may be constituted by such cable or other device or means.
  • the carrier may be an integrated circuit in which the computer program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant methods.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present disclosure relates to a method of generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants. The method comprises obtaining, by the computer program, authorization to access data of the conversation including data of the at least part of the conversation, and accessing, by the computer program, the data of the conversation. The method further comprises cryptographically certifying, by the computer program, the data of the at least part of the conversation, and generating, by the computer program, the digital evidence of the at least part of the conversation from the cryptographically certified data of the at least part of the conversation. The present disclosure further relates to a computer program,a system and a computing system suitable for carrying out such a method.

Description

Generating digital evidence
The present disclosure relates to a method of generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants. The present disclosure further relates to a computer program, a system and a computing system suitable for carrying out such a method.
BACKGROUND ART
A messaging system may be defined as a system that permits communication between two or more people based on text and/or any type of multimedia data such as e.g. images, sound, video, etc. The text and/or multimedia data may be sent through networked devices in a communications network such as e.g. the Internet. Two main groups of messaging systems may be distinguished: Instant Messaging systems and Social Network Messaging systems.
Instant Messaging systems were initially designed for interactions between two parties, although they have evolved to allow the creation of conversations between groups of people. Originally, these systems were conceived as flexible systems for exchanging information individually and asynchronously. Simultaneous presence and exclusive attention are not required, but fast response speed is expected in these systems. Examples of Instant Messaging Systems are Gtalk™, Hangouts™, Skype™, SnapChat™, Whatsapp™ or Telegram™.
Social networks were initially designed as an environment for "one to several" communications, although messaging systems for private communication between members of the Social Network have been incorporated thereto. Some of said messaging systems are of the "mailbox" type under an approach similar to the email concept (fully asynchronous). Some other of said messaging systems may be more similar to the abovementioned instant messaging systems. An example of Social Network Messaging system is Facebook Messenger™. It is an object of the present disclosure to improve the existing messaging systems.
SUMMARY
In an aspect, it is provided a method of generating, by a computer program, a trustworthy digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants. The messaging system may be either an instant messaging system or a social network system.
The method comprises obtaining, by the computer program, authorization to access data of the conversation including data of the at least part of the conversation, and accessing, by the computer program, the data of the conversation. The method further comprises cryptographically certifying, by the computer program, the data of the at least part of the conversation, and generating, by the computer program, the digital evidence of the at least part of the conversation from the cryptographically certified data of the at least part of the conversation. The conversation data may be accessed in such a way that a deliverable format is given to the conversation data. For instance, a PDF file may be generated containing the conversation data. In this case, cryptographically certifying the conversation data may comprise cryptographically certifying said deliverable format (e.g. PDF file), and generating the digital evidence may comprise outputting the cryptographically certified PDF file. In alternative implementations, the conversation data may not be in a deliverable format. In this case, cryptographically certifying the conversation data may comprise cryptographically certifying said non-deliverable format, and generating the digital evidence may comprise generating a PDF file including the cryptographically certified conversation data. The expression "deliverable format" attributed to the conversation data is used herein to refer to a format that can be delivered to somebody in such a way that any manipulation of the conversation data can be detected. For example, a PDF file or Word file or any other well-known type of format that can be cryptographically signed may be used for suitably delivering the conversation data. The "deliverable format" may thus be either a read-only or a modifiable format whenever it can be signed such that any alteration after signature can be clearly identified.
Cryptographically certifying conversation data may be understood herein as registering (or keeping track of) said data and applying one or more cryptographic mechanisms thereto, so that authenticity and integrity of the data may be ensured. This way, the conversation data may be subsequently verified by a party that was not necessarily present at the conversation. The proposed method may be used with an existing messaging system for obtaining a digital evidence of a conversation or part of a conversation between users of the messaging system. Current messaging systems may permit a user to delete or falsify evidence of a message relatively easily. For example, a private message sent by a user through Twitter™ may be deleted by the user in an easy way by using corresponding deletion functionality. The prior existence of this deleted message cannot be subsequently proved unless exceptional technical actions are undertaken. For instance, a possible resolution could be implemented by accessing the logs or log files of the messaging system, but this may be cumbersome and technically and operatively inefficient. Hence, the suggested method of generating digital evidence may represent a valuable technical improvement of the current messaging systems in the mentioned sense. In the same way that phone calls are recorded in some customer services to ensure legal security and/or quality control, the proposed method may securely register a conversation (or part of it) and generate digital evidence by using suitable cryptographic mechanisms such as e.g. digital signatures and timestamps. The proposed method may thus be seen as a technical extension of a messaging system that can be re-used for other purposes that are not currently considered by companies, people, etc. For example, the capacity to serve multiple clients asynchronously by only one person may imply a remarkable flexibility and cost saving in customer services. Companies seem to be increasingly moving to messaging systems but they do not move the traditional call centre to messaging systems because they are legally insecure. The proposed method may permit implementing customer services through messaging systems in a secure way, by keeping track of the conversations between company and clients.
Another advantage of the suggested method may be that at least some cybercrimes may be digitally tracked and reported to competent authorities. For example, cyberbullying, sexting, grooming, etc. may be digitally tracked and digital evidence may be reported to the police with the method disclosed herein. In this sense, parents may e.g. activate a mode of generating digital evidence of conversations participated by their children in a given messaging system. This way, digital evidence of a conversation may be reported to authorities if a suspicious behaviour by a third-party is detected in the conversation.
The method may be performed by iteratively processing consecutive data portions of the at least part of the conversation. In a first iteration, a first data portion may be accessed (or read) and digitally certified by the computer program. In further iterations, further data portions may be accessed and digitally certified by the computer program until processing of the whole conversation or part of the conversation has been completed.
The method may be continuously repeated in such a way that digital evidence of different complete or partial conversations may be generated.
In some examples, the data of the at least part of the conversation may comprise data representing any event occurred in the at least part of the conversation. For example, the data of the at least part of the conversation may comprise data of inclusion of a participant to the group of participants, and/or data of exclusion of a participant from the group of participants, and/or data of a message exchanged between participants of the group of participants. The message may comprise e.g. text and/or multimedia data.
According to some examples, the method may further comprise storing, by the computer program, the data of the at least part of the conversation in a repository of conversation data. Said repository may comprise e.g. a relational database, and/or a non-relational database, and/or a text file, and/or a Log file, etc. For example, the data may be stored in a document that supports digital signature and time stamping or in a SQL database. In the latter case, the cryptographic data may be stored in the SQL database in fields specifically defined for that aim. As commented above, consecutive data portions of the conversation may be individually processed and therefore stored in the repository. In some implementations, the method may further comprise deleting, by the computer program, the stored data of the at least part of the conversation from the repository of conversation data once the digital evidence (of the at least part of the conversation) has been generated. A user or participant that has requested digital tracking of the conversation may choose the option of deleting the conversation data once digital evidence has been generated. An aspect of this option may be that storage space is optimized. Another aspect may be that rights of the user are ensured in the sense that personal data is completely eliminated.
According to examples, storing the data of the at least part of the conversation may comprise storing, by the computer program, the cryptographically certified data of the at least part of the conversation in the repository of conversation data. Alternatively, cryptographically certifying the data of the at least part of the conversation may comprise cryptographically certifying, by the computer program, the stored data of the at least part of the conversation. That is to say, the data may be cryptographically certified first and stored secondly or, alternatively, the data may be stored first and cryptographically certified secondly.
For example, data portions may be stored without cryptographic certification in such a way that the (synchronous) process may be executed more efficiently. In this case, an asynchronous batch process of cryptographic certification may be performed on the stored data e.g. at the end of the day. This synchronous and asynchronous approach may require less computing resources in comparison with a "fully synchronous" approach in which cryptographic certification is also performed synchronously.
In some implementations, generating the digital evidence of the at least part of the conversation may comprise generating, by the computer program, a file containing the cryptographically certified data of the at least part of the conversation. This file may be sent, by the computer program, to a participant that has requested the digital evidence or to all the participants. Alternatively, this file may be stored in a server and an email containing a link to the file may be sent to the participant that has requested the digital evidence or to all the participants.
The file containing the digital evidence may be generated by the computer program under a synchronous approach or an asynchronous approach. In the former case, consecutive data portions of the conversation may be accessed, cryptographically certified and added to the file as part of the same synchronous process. In the latter case, an asynchronous process may retrieve digitally certified data portions from the repository which have been previously stored in the repository by a synchronous process.
In some examples, cryptographically certifying the data of the at least part of the conversation may comprise obtaining, by the computer program, one or more cryptographic fingerprints of the data of the at least part of the conversation. One or more portions of the data to be certified may be considered for its cryptographic fingerprinting. The cryptographic fingerprint of a data portion may be obtained by e.g. applying a suitable hash function to the data portion. According to examples, cryptographically certifying the data of the at least part of the conversation may comprise cryptographically signing, by the computer program, the data of the at least part of the conversation or the aforementioned fingerprint(s) of said data. One or more portions of the data to be certified, or corresponding fingerprint(s), may be considered for its cryptographic signing. The cryptographic signing may be performed by using a cryptographic system that may be asymmetric, i.e. based on public and private key. The cryptographic system may be applied to the data (or data portion) to be cryptographically signed or to the fingerprint of the data (or data portion) to be cryptographically signed.
In examples of the method, cryptographically certifying the data of the at least part of the conversation may comprise cryptographically time stamping, by the computer program, the data of the at least part of the conversation, or the aforementioned fingerprint(s) or signature(s) of said data. One or more timestamps may be obtained for securely keeping track of the time at which the data (or fingerprint or signature) to be certified has been generated. One or more portions of the data (or fingerprints or signatures of said data) to be certified may be considered for its time stamping. The timestamp of a data portion (or fingerprint or signature) may be obtained by sending the data portion (or fingerprint or signature of said data portion) to a Time Stamping Authority (TSA) and receiving adequate response from said TSA.
In some examples, obtaining authorization to access the data of the conversation may comprise logging in the messaging system, by the computer program, by using user credentials (e.g. username and password) assigned to the computer program, and accepting, by the computer program, an invitation of inclusion to the group of participants as a further participant. The computer program may therefore act as a witness of what is occurring in the conversation since it is seen by the messaging system as one of its users that is participating in the conversation. The user credentials may comprise e.g. an ID or username or telephone number, etc. and corresponding password identifying the computer program as a user of the messaging system. The computer program may be invited to be in the group of participants and, hence, in the conversation by e.g. a participant that has requested the generation of the digital evidence. In alternative implementations, a participant of the group of participants may be a user of the messaging system having user credentials (e.g. username and password) for logging in the messaging system. In this case, obtaining authorization to access the data of the conversation may comprise receiving, by the computer program, the user credentials of the user, and logging in the messaging system, by the computer program, by using the user credentials in representation of the user. User credentials of the user may therefore be delivered by the user to the computer program, and the computer program may log in the messaging system as if it were the user. This way, the computer program may access and capture any data provided/obtained by the user to/from the messaging system in order to generate the digital evidence.
In further alternative examples, a participant of the group of participants may be a user of the messaging system having user credentials (e.g. username and password) for logging in the messaging system in such a way that a session identifier is generated by the messaging system. In this case, obtaining authorization to access the data of the conversation may comprise receiving, by the computer program, the session identifier generated by the messaging system, and obtaining, by the computer program, authorization to access the data of the conversation by using the session identifier. The computer program may obtain the session identifier by accessing one or more cookies or tokens of the session. This access to the cookies or tokens may have been previously granted by the user. The obtained session identifier may permit the computer program accessing and capturing any data provided/obtained by the user to/from the messaging system in order to generate the digital evidence. In still further alternative examples, the computer program may have own credentials for logging in the messaging system, said credentials having privilege to access data of a participant of the group of participants. Said privilege may have been previously granted by said participant to the computer program (through e.g. an Oauth procedure or similar). In this case, obtaining authorization to access the data of the conversation may comprise logging in the messaging system, by the computer program, by using its own credentials having privilege to access the data of the participant. This way, the computer program may access data of any event (e.g. exchanged messages) occurred within the conversation in which the participant takes part.
In yet further alternative examples, the computer program may be configured to intermediate between a user of the messaging system (e.g. the petitioner of the digital evidence) and the messaging system. The computer program may obtain authorization to access the data of the conversation by receiving a request from the user of logging in the messaging system and logging in the messaging system according to the received request from the user. The computer program may therefore comprise an intermediary application that may act either as a user application between the user and the messaging system or as a proxy application between a third-party user application and the messaging system. Once the login has been performed, the computer program (intermediary application) may see and capture any data sent/received by the user to/from the messaging system, since the computer program (intermediary application) is intermediating between the user and the messaging system.
In the case that the intermediary application acts as a user application, a user environment may be provided by the intermediary application to the user. This user environment may provide necessary functionalities for using the messaging system such that no direct interaction between the user and the messaging system occurs. That is, the user interacts with the intermediary application, and the intermediary application interacts with the messaging system. In other words, a "non-official" application is provided to the user for using the messaging system in an indirect manner. The intermediary application may be e.g. a computer program that is executed on an operating system or a mobile device, or a web application that resides in a URL. In the case that the intermediary application acts as a proxy application, said proxy application may intermediate between a third-party user application and the messaging system. This third-party user application may be a "non-official" application through which the user uses the messaging system in an indirect manner. The user may therefore use the messaging system by interacting only with the third-party user application. The proxy application may be configured to act as a bridge between the third-party application and the messaging system. Hence, any data sent by the third-party application to the messaging system and any data sent by the messaging system to the third- party application may pass through the proxy application. This way, the proxy application may access and capture any data provided/obtained by the user to/from the messaging system in order to generate the digital evidence. In some examples, the method may further comprise generating, by the computer program, a message in the conversation indicating that digital evidence of the at least part of the conversation will be generated. This option may be selected by the participant for whom the digital evidence is to be generated when completing the request of generating the digital evidence.
In some configurations, the at least part of the conversation may be a part of the conversation between a beginning and an end. In this case, accessing the data of the conversation may comprise identifying, by the computer program, data indicating the beginning of the part of the conversation and data indicating the end of the part of the conversation. The data of the part of the conversation may thus be identified, by the computer program, as the data comprised between the data indicating the beginning and the data indicating the end of the part of the conversation.
At least some of the steps (or actions) of any of the described methods (of generating digital evidence) may be performed in any order that is practicable. Even, in some cases, at least some of the method steps may be performed simultaneously, i.e. as if they were a single step.
In another aspect, a system is disclosed for generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants. This system comprises means for obtaining, by the computer program, authorization to access data of the conversation including data of the at least part of the conversation, and means for accessing, by the computer program, the data of the conversation. This system further comprises means for cryptographically certifying, by the computer program, the data of the at least part of the conversation, and means for generating, by the computer program, the digital evidence of the at least part of the conversation from the cryptographically certified data of the at least part of the conversation. In yet another aspect, a computing system is disclosed for generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants. This computing system may comprise a memory and a processor. The memory may store computer program instructions executable by the processor. Said instructions may comprise functionality to execute a method of generating a digital evidence of at least part of a conversation according to any of the examples disclosed herein.
In a further aspect, a computer program product is disclosed comprising program instructions to provoke that a computing system (such as e.g. the above mentioned computing system) performs a method of generating a digital evidence of at least part of a conversation according to any of the examples disclosed herein.
The computer program product may be embodied on a storage medium (for example, a CD-ROM, a DVD, a USB drive, on a computer memory or on a read-only memory) or carried on a carrier signal (for example, on an electrical or optical carrier signal).
The computer program product may be in the form of source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other form suitable for use in the implementation of the processes. The carrier may be any entity or device capable of carrying the computer program.
For example, the carrier may comprise a storage medium, such as a ROM, for example a CD ROM or a semiconductor ROM, or a magnetic recording medium, for example a hard disk. Further, the carrier may be a transmissible carrier such as an electrical or optical signal, which may be conveyed via electrical or optical cable or by radio or other means. When the computer program is embodied in a signal that may be conveyed directly by a cable or other device or means, the carrier may be constituted by such cable or other device or means.
Alternatively, the carrier may be an integrated circuit in which the computer program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant methods.
BRIEF DESCRIPTION OF THE DRAWINGS
Non-limiting examples of the present disclosure will be described in the following, with reference to the appended drawings, in which: Figure 1 is a flow diagram schematically illustrating a method of generating digital evidence according to an example.
Figure 2 is a flow diagram schematically illustrating a method of generating digital evidence according to a further example.
Figure 3 is a flow diagram schematically illustrating a method of generating digital evidence according to a still further example.
DETAILED DESCRIPTION OF EXAMPLES
Figure 1 is a flow diagram schematically illustrating a method of generating, by a computer program, digital evidence of a conversation, according to an example. The computer program may be an executable code whose initiation may cause the triggering of initial block 10. Then, the method may continue to block 1 1 , at which authorization to access data of the conversation may be obtained by the computer program. After that, the computer program may start to access the data of the conversation at block 12, which may be continuously executed until an ending condition is satisfied, for example.
At block 13, cryptographic certification of the conversation data may be performed by using cryptographic mechanisms of e.g. fingerprinting, time stamping, signing, etc. At block 14, the cryptographically certified data may be stored in a repository of conversation data. At block 15, the computer program may generate the digital evidence from the stored data. At block 16, the method may be ended due to e.g. satisfaction of an ending condition. In some examples, the data of the conversation may be processed by individually processing consecutive data portions. A data portion may therefore be accessed, cryptographically certified, stored, etc. by the computer program. This individual processing may be iterated until all the data portions of the conversation have been processed.
As shown in Figure 1 , conversation data may be stored in the repository once said data has been cryptographically certified. However, in alternative implementations, conversation data may be stored in the repository without being cryptographically certified, in which case a later batch process (of the computer program) may cryptographically certify the stored data.
As commented in other parts of the description, the computer program may gain authorization to access data of the conversation according to different approaches.
In a first approach, the computer program may log in the messaging system by using "own" user credentials (e.g. username and password), such that the computer program is seen by the messaging system as a further user. Once logged in the messaging system, the computer program may be included as a participant of the conversation by a "real" participant that may correspond to the petitioner of the digital evidence. Once the computer program is a participant of the conversation, the computer program may have access to any event occurred in the conversation, such as e.g. messages between participants, inclusion/exclusion of participants, etc. This approach may be referred to as "witness" approach. In a second approach, the computer program may log in the messaging system by using user credentials (e.g. username and password) of a "real" user of the messaging system that may correspond to the person who has requested (i.e. the petitioner of) the digital evidence. Thus, the computer program may interact with the messaging system in representation of the real user in such a way that data generated within the messaging system may be accessed by the computer program.
In a third approach, a "real" user may provide the computer program with an identifier of the session created by the messaging system when the user has logged in the messaging system. This provision of the session identifier may be performed by the "real" user by permitting the computer program to access the cookies or tokens of the session which may be present at the computing device from which the user has logged in the messaging system. Then, the computer program may have access to data of the conversation by using the obtained session identifier.
In a fourth approach, the computer program may log in the message system by using "own" credentials having privilege/permission to access data of a "real" user of the messaging system. This real user may correspond to the petitioner of the digital evidence and, therefore, participant of the conversation. Attribution of this privilege/permission to the computer program may have been authorized by the real user by using a procedure implemented in the message system aimed at that purpose. This procedure may be equal or similar to what is known as an Oauth procedure. This approach may be referred to as "assignment of permissions" approach.
In a fifth approach, the computer program may comprise an intermediary application configured to intermediate between the user (petitioner of the digital evidence) and the messaging system. The intermediary application (of the computer program) may act as a user application between the user (petitioner) and the messaging system or as a proxy application between a third-party user application and the messaging system. In the former case, the user only sees the intermediary (or user) application which directly interacts with the messaging system transparently to the user. In the latter case, the user only sees the third-party user application which indirectly interacts with the messaging system through the intermediary (or proxy) application transparently to the user.
In the fifth approach, all the data sent and received by the "real" user (petitioner of the digital evidence) passes through the intermediary application (acting as either user or proxy application). Hence, said data may be captured and suitably processed by the intermediary application for generating the digital evidence. Therefore, any event occurred in the conversation, such as e.g. messages between participants, inclusion/exclusion of a participant, etc. may be accessed by the intermediary application (of the computer program). The digital evidence may be delivered to the petitioner of the digital evidence at the moment the digital evidence is generated. In this case, the stored data from which the digital evidence has been generated may be deleted for reasons of protection of personal data, for example. This deletion may permit optimizing the storage space used to store data for generating digital evidences. If the petitioner has not selected the option of deleting the data, the digital evidence may be generated a posteriori as many times as requested by the petitioner. In this case the data may be stored cryptographically certified in the repository of conversation data by using suitable security mechanisms to avoid malicious manipulations and other inconveniences. Digital evidence may be retrieved from the repository by date, and/or participant identifier, and/or any other identifier included in the conversation (e.g. national identity card), etc. The digital evidence may be further delivered to other participants indicated by the petitioner, for example.
The digital evidence may comprise the content of the at least part of the conversation as well as the identifiers of the participants. Said identifiers may comprise e.g. IDs, usernames, telephone numbers, etc. depending on the messaging system through which the conversation has occurred. The digital evidence may comprise the complete conversation between the moment at which the petitioner has been invited to the conversation until the end of the conversation or until the moment at which the petitioner has been excluded from the conversation. Alternatively, the digital evidence may comprise a part of the conversation. Details of how the digital evidence may be generated comprising a part of the conversation will be provided with reference to Figure 3. Figure 2 is a flow diagram schematically illustrating a method of generating, by a computer program, digital evidence of a conversation, according to a further example. This method may be initiated at initial block 20. At block 21 , the computer program may obtain authorization for accessing data of the conversation. At block 22, the computer program may start to access the data of the conversation. At block 23, the computer program may store the conversation data in a repository. At block 24, the stored data may be cryptographically certified by the computer program. At block 25, the computer program may generate the digital evidence from the cryptographically certified data. At block 26, the execution of the method is ended.
The method of Figure 2 is similar to the method of Figure 1 . One difference is that in the method of Figure 2, the conversation data is stored firstly and cryptographically certified secondly, whereas in the method of Figure 1 , the conversation data is cryptographically certified firstly and stored secondly. In the method of Figure 2, obtaining access authorization, accessing the conversation data and storing the conversation data may be comprised in a synchronous process. A later asynchronous (batch) process may be configured to cryptographically certify the conversation data stored by the synchronous process. Hence, less computing resources may be required by the method of Figure 2 in comparison with the method of Figure 1 . In relation to other features, the same or similar principles to those commented with respect to the method of Figure 1 may be applied to the method of Figure 2.
Figure 3 is a flow diagram schematically illustrating a method of generating, by a computer program, digital evidence of a conversation, according to a still further example. The method may be initiated at initial block 30. At block 31 , the computer program may gain authorization to access the conversation data. Block 31 may be similar to the block 1 1 (Figure 1 ) and block 21 (Figure 2). At block 32, the computer program may access a data portion of the conversation. At block 33, the computer program may verify if the data portion indicates the beginning of the conversation data to be included in the digital evidence. In case of negative result of said verification, the method may return to block 32 for obtaining a next consecutive data portion. In case of positive result of said verification, the method may continue to block 34.
The indication of the beginning of the conversation data (to be registered) may comprise e.g. a predefined message sent by the petitioner of the digital evidence. This predefined message may comprise "begin" or "begin digital evidence", for example. Alternatively, the indication of the beginning of the conversation data (to be registered) may comprise the inclusion of the petitioner in the group of participants.
At block 34, the computer program may obtain a next consecutive data portion to be included in the digital evidence. At block 35, a verification of whether the data portion (obtained at block 34) indicates the end of the conversation data to be included in the digital evidence is performed. In case of positive result of said verification, the method may continue to block 37. In case of negative result of said verification, the method may proceed to block 36 at which the data portion (obtained at block 34) may be processed for its inclusion in the digital evidence. The indication of the end of the conversation data (to be registered) may comprise e.g. a predefined message sent by the petitioner of the digital evidence. This predefined message may comprise "end" or "end digital evidence", for example. Alternatively, the indication of the end of the conversation data (to be registered) may comprise the exclusion of the petitioner from the group of participants, or the dissolution of the group of participants, or the exclusion of the computer program from the group of participants.
At block 36, the computer program may simply store the data portion with control data indicating that the data portion has to be included in the digital evidence. The cryptographic certification of the data portion may be performed at block 36 before its storage in the repository of conversation data. Alternatively, the data portion may not be cryptographically certified at block 36. In this case, a further block (not shown) may comprise an asynchronous process configured to cryptographically certify all the stored data that is pending of cryptographic certification. Upon completion of block 36, the method may loop back to block 34 for obtaining a next consecutive data portion to be included in the digital evidence. At block 37, the digital evidence may be generated from the data portions stored in the repository of conversation data. Once the digital evidence has been generated, the method may continue to final block 38 at which the method ends its execution. In relation to other features, the same or similar principles to those commented with respect to the methods of Figures 1 and 2 may be applied to the method of Figure 3. Any of the methods described with reference to Figures 1 - 3 may be continuously repeated until an ending condition is satisfied. This way, different digital evidences of different complete or partial conversations of at least some of the participants may be generated in the same execution of the method. Also, different executions of the method may be performed concurrently in such a way that different digital evidences of different complete or partial conversations of other groups of participants may be generated. In general, access to data and corresponding cryptographic certification may be performed in such a way that digital evidence of e.g. different conversations performed by e.g. different participants at e.g. different times may be generated according to e.g. different grouping criteria.
For example, digital evidence of various complete or partial conversations participated by a particular participant (i.e. user of the messaging system) during a particular period of time may be generated in a single file. For instance, a daily file may be generated containing digital evidence of various complete or partial conversations performed during that day. In particular examples for the messaging system Google Gtalk™, at least some of the previously described methods could be implemented at least partially through a bot (or software robot). This messaging system is supported on a protocol called Jabber/XMPP which has support for multiple programming languages.
The Gtalk bot may be developed and defined in such a way that it may perform the same functions as a conventional user of the messaging system. For example, it is possible to construct and define the Gtalk bot with the capability of sending messages, being included in a conversation, adding or blocking other users, etc. The Gtalk bot may be developed having own user credentials for logging in the messaging system according to the "witness" approach, for example. The user credentials of the bot may comprise a username of the type gtalkbot@gmail.com, for example. Moreover, any other user of the messaging system participating in a conversation may generate a request of inclusion of the bot in the conversation. Taking this into account, the bot may be programmed for auto-accepting any invitation of inclusion in a conversation.
Once the bot has been included in the conversation, the bot may adopt a "listening" mode, such that data of the conversation is registered from that moment. Additionally, the bot may be configured to generate a message in the conversation notifying its presence and that digital evidence of the conversation will be generated. The bot may be configured to perform all the steps of the method or may be limited to merely obtain data of the conversation and store said data in a repository of conversations. In the latter case, the computer program (in charge of performing the method) may thus comprise the bot and a further piece of software configured to perform the remaining steps of the method, such as e.g. cryptographically certifying the conversation data, generating the digital evidence, etc.
In particular examples for the messaging system of Twitter™, at least some of the previously described methods could be implemented at least partially through a Twitter application. This Twitter application may be developed and defined in such a way that a "real" user may give permission to said application for accessing data of the user (e.g. data of conversations participated by the user) according to e.g. the "assignment of permissions" approach. However, once the Twitter application has obtained the permission(s), it may be positioned in Twitter as an independent witness according to e.g. the "witness" approach.
The Twitter application may be configured to perform all the steps of the method or may be limited to merely obtain data of the conversation and store said data in a repository of conversations. In the latter case, the computer program (in charge of performing the method) may thus comprise the Twitter application and a further piece of software configured to perform the remaining steps of the method, such as e.g. cryptographically certifying the conversation data, generating the digital evidence, etc.
Any of the methods of generating digital evidence described in the context of the previous examples may be performed in a system having electronic/computing means configured for that aim. Said electronic/computing means may be used interchangeably; that is, a part of said means may be electronic means and the other part may be computing means, or all said means may be electronic means or all said means may be computing means.
The electronic means may comprise e.g. a programmable electronic device such as a CPLD (Complex Programmable Logic Device), an FPGA (Field Programmable Gate Array) or an ASIC (Application-Specific Integrated Circuit).
The computing means may comprise a computing device that may comprise a memory and a processor. The memory may be configured to store a series of computer program instructions constituting any of the computer programs described in the context of the previous examples. The processor may be configured to execute these instructions stored in the memory in order to generate the various events and actions for which the system has been programmed.
The computer program (which may be stored in the memory of the system) may comprise program instructions for causing the system to perform any of the methods (of generating digital evidence) described in the context of the previous examples. The computer program may be embodied on a storage medium (for example, a CD-ROM, a DVD, a USB drive, on a computer memory or on a read-only memory) or carried on a carrier signal (for example, on an electrical or optical carrier signal).
The computer program may be in the form of source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other form suitable for use in the implementation of the method. The carrier may be any entity or device capable of carrying the computer program.
For example, the carrier may comprise a storage medium, such as a ROM, for example a CD ROM or a semiconductor ROM, or a magnetic recording medium, for example a hard disk. Further, the carrier may be a transmissible carrier such as an electrical or optical signal, which may be conveyed via electrical or optical cable or by radio or other means. When the computer program is embodied in a signal that may be conveyed directly by a cable or other device or means, the carrier may be constituted by such cable or other device or means.
Alternatively, the carrier may be an integrated circuit in which the computer program is embedded, the integrated circuit being adapted for performing, or for use in the performance of, the relevant methods.
Although only a number of particular examples have been disclosed herein, it will be understood by those skilled in the art that other alternative examples and/or uses and obvious modifications and equivalents thereof are possible. Furthermore, the disclosure covers all possible combinations of the particular examples described. Thus, the scope of the disclosure should not be limited by particular examples. Further, although the examples described with reference to the drawings comprise computing apparatus/systems and processes performed in computing apparatus/systems, the disclosure also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the system into practice.

Claims

1 . A method of generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants, the method comprising
obtaining, by the computer program, authorization to access data of the conversation including data of the at least part of the conversation;
accessing, by the computer program, the data of the conversation;
cryptographically certifying, by the computer program, the data of the at least part of the conversation;
generating, by the computer program, the digital evidence of the at least part of the conversation from the cryptographically certified data of the at least part of the conversation.
2. A method according to claim 1 , wherein the data of the at least part of the conversation comprises data of inclusion of a participant into the group of participants.
3. A method according to any of claims 1 or 2, wherein the data of the at least part of the conversation comprises data of exclusion of a participant from the group of participants.
4. A method according to any of claims 1 to 3, wherein the data of the at least part of the conversation comprises data of a message exchanged between participants of the group of participants.
5. A method according to any of claims 1 to 4, further comprising storing, by the computer program, the data of the at least part of the conversation in a repository of conversation data.
6. A method according to claim 5, wherein the repository of conversation data comprises a relational database.
7. A method according to any of claims 5 or 6, wherein the repository of conversation data comprises a non-relational database.
8. A method according to any of claims 5 to 7, wherein the repository of conversation data comprises a text file.
9. A method according to any of claims 5 to 8, further comprising deleting, by the computer program, the stored data of the at least part of the conversation from the repository of conversation data once the digital evidence of the at least part of the conversation has been generated.
10. A method according to any of claims 5 to 9, wherein storing the data of the at least part of the conversation comprises storing, by the computer program, the cryptographically certified data of the at least part of the conversation in the repository of conversation data.
1 1 . A method according to any of claims 5 to 9, wherein cryptographically certifying the data of the at least part of the conversation comprises cryptographically certifying, by the computer program, the stored data of the at least part of the conversation.
12. A method according to any of claims 1 to 1 1 , wherein generating the digital evidence of the at least part of the conversation comprises generating, by the computer program, a file containing the cryptographically certified data of the at least part of the conversation.
13. A method according to claim 12, wherein generating the digital evidence of the at least part of the conversation further comprises sending, by the computer program, the file containing the cryptographically certified data of the at least part of the conversation to a participant of the group of participants.
14. A method according to any of claims 1 to 13, wherein cryptographically certifying the data of the at least part of the conversation comprises obtaining, by the computer program, a cryptographic fingerprint of the data of the at least part of the conversation.
15. A method according to any of claims 1 to 14, wherein cryptographically certifying the data of the at least part of the conversation comprises cryptographically signing, by the computer program, the data of the at least part of the conversation, or a cryptographic fingerprint of the data of the at least part of the conversation.
16. A method according to any of claims 1 to 14, wherein cryptographically certifying the data of the at least part of the conversation comprises cryptographically time stamping, by the computer program, the data of the at least part of the conversation, or a cryptographic fingerprint of the data of the at least part of the conversation, or a cryptographic signature of the data of the at least part of the conversation, or a cryptographic signature of a cryptographic fingerprint of the data of the at least part of the conversation.
17. A method according to any of claims 1 to 16, wherein the computer program has user credentials for logging in the messaging system; and wherein obtaining authorization to access the data of the conversation comprises
logging in the messaging system, by the computer program, by using the user credentials of the computer program;
accepting, by the computer program, an invitation of inclusion to the group of participants as a further participant.
18. A method according to any of claims 1 to 16, wherein a participant of the group of participants is a user of the messaging system having user credentials for logging in the messaging system; and wherein obtaining authorization to access the data of the conversation comprises
receiving, by the computer program, the user credentials of the user; logging in the messaging system, by the computer program, by using the user credentials in representation of the user.
19. A method according to any of claims 1 to 16, wherein a participant of the group of participants is a user of the messaging system having user credentials for logging in the messaging system; wherein
logging in the messaging system by the user by using the user credentials causes generation of a session identifier by the messaging system; and wherein obtaining authorization to access the data of the conversation comprises
receiving, by the computer program, the session identifier generated by the messaging system;
obtaining, by the computer program, authorization to access the data of the conversation by using the session identifier.
20. A method according to any of claims 1 to 16, wherein the computer program has application credentials for logging in the messaging system, said application credentials having privilege to access data of a participant of the group of participants, said privilege having been previously granted by said participant; and wherein obtaining authorization to access the data of the conversation comprises
logging in the messaging system, by the computer program, by using the application credentials that have privilege to access the data of the participant of the conversation.
21 . A method according to any of claims 1 to 16, wherein the computer program is configured to intermediate between a user of the messaging system and the messaging system; and wherein obtaining authorization to access the data of the conversation comprises
receiving, by the computer program, a request from the user of logging in the messaging system;
logging in the messaging system, by the computer program, according to the received request from the user.
22. A method according to any of claims 1 to 21 , further comprising generating, by the computer program, a message in the conversation indicating that digital evidence of the at least part of the conversation will be generated.
23. A method according to any of claims 1 to 22, wherein the message system is an instant messaging system.
24. A method according to any of claims 1 to 22, wherein the message system is a messaging system of a social network system.
25. A method according to any of claims 1 to 24, wherein the at least part of the conversation is a part of the conversation between a beginning and an end; and wherein accessing the data of the conversation comprises
identifying, by the computer program, data of the conversation indicating the beginning of the part of the conversation;
identifying, by the computer program, data of the conversation indicating the end of the part of the conversation; and
identifying, by the computer program, the data of the part of the conversation between the data of the conversation indicating the beginning and the end of the part of the conversation.
26. A computer program product comprising program instructions for causing a computer to perform a method of generating a digital evidence of at least part of a conversation according to any of claims 1 to 25.
27. A computer program product according to claim 26, embodied on a storage medium.
28. A computer program product according to claim 26, carried on a carrier signal.
29. A system for generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants, the system comprising
means for obtaining, by the computer program, authorization to access data of the conversation including data of the at least part of the conversation; means for accessing, by the computer program, the data of the conversation;
means for cryptographically certifying, by the computer program, the data of the at least part of the conversation;
means for generating, by the computer program, the digital evidence of the at least part of the conversation from the cryptographically certified data of the at least part of the conversation.
30. A computing system for generating, by a computer program, a digital evidence of at least part of a conversation performed through a messaging system in a communication network between participants of a group of participants, the computing system comprising a processor and a memory; wherein
the memory stores computer executable instructions that, when executed, cause the processor to perform a method of generating a digital evidence of at least part of a conversation according to any of claims 1 to 25.
PCT/EP2015/062257 2015-06-02 2015-06-02 Generating digital evidence WO2016192777A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/062257 WO2016192777A1 (en) 2015-06-02 2015-06-02 Generating digital evidence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/062257 WO2016192777A1 (en) 2015-06-02 2015-06-02 Generating digital evidence

Publications (1)

Publication Number Publication Date
WO2016192777A1 true WO2016192777A1 (en) 2016-12-08

Family

ID=53373432

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/062257 WO2016192777A1 (en) 2015-06-02 2015-06-02 Generating digital evidence

Country Status (1)

Country Link
WO (1) WO2016192777A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9899636B2 (en) 2014-08-01 2018-02-20 Orthogonal, Inc. Photolithographic patterning of organic electronic devices

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015043668A1 (en) * 2013-09-27 2015-04-02 Gardeñes Liñan Manuel A method for certifying data relating to an occurrence

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015043668A1 (en) * 2013-09-27 2015-04-02 Gardeñes Liñan Manuel A method for certifying data relating to an occurrence

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9899636B2 (en) 2014-08-01 2018-02-20 Orthogonal, Inc. Photolithographic patterning of organic electronic devices

Similar Documents

Publication Publication Date Title
Anglano et al. Forensic analysis of the ChatSecure instant messaging application on android smartphones
US20190280861A1 (en) Methods and apparatus for providing attestation of information using a centralized or distributed ledger
US9413735B1 (en) Managing distribution and retrieval of security key fragments among proxy storage devices
US20170149819A1 (en) Resisting replay attacks efficiently in a permissioned and privacy- preserving blockchain network
US8379857B1 (en) Secure key distribution for private communication in an unsecured communication channel
US11343098B2 (en) Systems and methods of securing digital conversations for its life cycle at source, during transit and at destination
CN111130770B (en) Information certification method and system based on blockchain, user terminal, electronic equipment and storage medium
US11159674B2 (en) Multi-factor authentication of caller identification (ID) identifiers
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11658963B2 (en) Cooperative communication validation
CN110651463A (en) Encryption of cloud-based data
JP2019503533A5 (en)
CN106464496A (en) Method and system for creating a certificate to authenticate a user identity
WO2018149004A1 (en) Authentication method and system
CN111211911B (en) Collaborative signature method, device, equipment and system
CN104883367A (en) Method for auxiliary verification login, system, and application client
Reisinger et al. Security and privacy in unified communication
CN112784311A (en) Deposit certificate system and block chain network
US20140237239A1 (en) Techniques for validating cryptographic applications
Vukadinovic Whatsapp forensics: Locating artifacts in web and desktop clients
Rottermanner et al. Privacy and data protection in smartphone messengers
CN114205084A (en) Quantum key-based electronic mail multi-operation encryption method and device
CN105515959A (en) Implementation method of CMS technology-based instant messenger security system
Setiawan et al. Design of secure electronic disposition applications by applying blowfish, SHA-512, and RSA digital signature algorithms to government institution
US11777745B2 (en) Cloud-side collaborative multi-mode private data circulation method based on smart contract

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15727941

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15727941

Country of ref document: EP

Kind code of ref document: A1