WO2021135641A1 - Blockchain-based digital content evidence collection method, apparatus and device - Google Patents

Blockchain-based digital content evidence collection method, apparatus and device Download PDF

Info

Publication number
WO2021135641A1
WO2021135641A1 PCT/CN2020/126973 CN2020126973W WO2021135641A1 WO 2021135641 A1 WO2021135641 A1 WO 2021135641A1 CN 2020126973 W CN2020126973 W CN 2020126973W WO 2021135641 A1 WO2021135641 A1 WO 2021135641A1
Authority
WO
WIPO (PCT)
Prior art keywords
forensic
node
result
nodes
results
Prior art date
Application number
PCT/CN2020/126973
Other languages
French (fr)
Chinese (zh)
Inventor
韩喆
王春霈
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021135641A1 publication Critical patent/WO2021135641A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor

Definitions

  • One or more embodiments of this specification relate to the field of computer technology, and in particular to a blockchain-based digital content forensics method, device, and equipment.
  • the forensics of digital content is usually realized based on the architecture of client and server. Taking digital content as a screenshot of a webpage as an example, the forensic process is: whenever a client needs to take a screenshot of a webpage, it will send a request to the server that contains the address of the webpage to be screenshotted, and then the server will take a screenshot and take the webpage The screenshot is saved on the server.
  • the request sent by the client to the server and the screenshot of the webpage saved on the server may be tampered with. Therefore, it is necessary to provide a more reliable method for obtaining evidence of digital content.
  • One or more embodiments of this specification describe a blockchain-based digital content forensics method, device, and equipment, which can improve the credibility of acquired digital content.
  • a blockchain-based digital content forensics method which includes: receiving digital content forensic tasks; selecting a number of second nodes from the plurality of nodes, and sending them to one of the plurality of second nodes.
  • Each second node sends an execution instruction for the forensic task; receives multiple forensic results returned by each second node after completing the corresponding forensic task; judges whether the multiple forensic results match; Select any first forensic result from the plurality of forensic results as the result of the forensic evidence; store the result of the forensic evidence locally, and broadcast the result of the forensic evidence to nodes other than the first node among the plurality of nodes, In this way, other nodes store the result after consensus verification of the deposit certificate.
  • a blockchain-based digital content forensics method which includes: receiving an execution instruction of a forensic task sent by any first node among the plurality of first nodes; and in response to the execution instruction, executing all the forensics tasks.
  • the forensic task to obtain the forensic result; return the forensic result to the first node; receive the forensic result determined by the first node at least based on the forensic result; and based on the forensic result received from other first nodes , Adopting a consensus algorithm to perform consensus verification on the deposit certificate result received from the first node; if the consensus verification is passed, store the deposit certificate result received from the first node.
  • a digital content forensics device based on blockchain, including: a receiving unit for receiving digital content forensic tasks; and a selecting unit for selecting a number of second nodes from the plurality of nodes;
  • the sending unit is configured to send an execution instruction of the forensics task to each of the plurality of second nodes selected by the selection unit;
  • the receiving unit is also configured to receive the corresponding execution of each second node
  • the judging unit is used to determine whether the multiple forensic results received by the receiving unit match;
  • the selection unit is also used to obtain evidence from the multiple forensics if they match Select any first forensic result as the result of the evidence;
  • the storage unit is used to locally store the result of the evidence selected by the selection unit;
  • the sending unit is also used to remove the evidence from the multiple nodes Nodes other than the first node broadcast the deposit result, so that other nodes store the deposit result after consensus verification.
  • a digital content forensics device based on blockchain including: a receiving unit, configured to receive an execution instruction of a forensic task sent by any first node among the plurality of first nodes; an execution unit, using In response to the execution instruction received by the receiving unit, execute the forensic task to obtain a forensic result; a sending unit is configured to return the forensic result to the first node; and the receiving unit is further configured to Receive the evidence result determined by the first node at least based on the forensic result; the consensus unit is used for adopting a consensus algorithm based on the evidence result received by the receiving unit from other first nodes to compare the evidence from the first node Consensus verification is performed on the received deposit certificate result; a storage unit is used to store the deposit certificate result received from the first node if the consensus unit verification is passed by the consensus unit.
  • a blockchain-based digital content forensics device including: a memory; one or more processors; and one or more programs, wherein the one or more programs are stored in the memory And is configured to be executed by the one or more processors, and when the program is executed by the processor, the following steps are implemented:
  • Receive the forensic task of digital content select a number of second nodes from a plurality of nodes in the blockchain, and send an execution instruction of the forensic task to each of the plurality of second nodes; receive each of the second nodes Multiple forensic results returned after the execution of the corresponding forensic task; determine whether the multiple forensic results match; if they match, select any first forensic result from the multiple forensic results as the evidence; Store the attestation result locally, and broadcast the attestation result to other nodes of the plurality of nodes except the first node, so that other nodes store the attestation result after consensus verification of the attestation result.
  • a blockchain-based digital content forensics device including: a memory; one or more processors; and one or more programs, wherein the one or more programs are stored in the memory , And is configured to be executed by the one or more processors, and when the program is executed by the processor, the following steps are implemented: receiving the forensic task sent by any one of the several first nodes of the blockchain Execution instruction; in response to the execution instruction, execute the forensic task to obtain the forensic result; return the forensic result to the first node; receive the forensic result determined by the first node at least based on the forensic result ; Based on the deposit certificate results received from other first nodes, the consensus algorithm is adopted to perform consensus verification on the deposit certificate results received from the first node; if the consensus verification is passed, the deposit certificate received from the first node The results are stored.
  • the first node in the blockchain is responsible for receiving the forensic task, and after receiving the forensic task, from the block Several second nodes are selected in the chain to perform corresponding forensics tasks. After that, the first node, after receiving multiple forensic results returned by each second node, determines whether the multiple forensic results match, and in the case of a match, determines the corresponding evidence from the multiple forensic results As a result, the deposit result will be published on the blockchain. That is to say, the solution provided in this manual can obtain digital content based on the blockchain, thereby ensuring the safety and reliability of the forensic process. In addition, in this solution, setting the first node in the blockchain to be responsible for instructing the execution of the forensic task can greatly save computing resources.
  • Figure 1 is a schematic diagram of the application scenario of the blockchain-based digital content forensics method provided in this manual.
  • Figure 2 is a flowchart of a blockchain-based digital content forensics method provided by an embodiment of this specification.
  • Fig. 3 is a flowchart of a blockchain-based digital content forensics method provided by another embodiment of this specification.
  • Figure 4 is a schematic diagram of a blockchain-based digital content forensics device provided by an embodiment of this specification.
  • Figure 5 is a schematic diagram of a blockchain-based digital content forensics device provided by another embodiment of this specification.
  • Figure 6 is a schematic diagram of a blockchain-based digital content forensics device provided by an embodiment of this specification.
  • Blockchain technology is a kind of Internet database technology, which is characterized by decentralization, openness and transparency, immutability and trustworthiness. Therefore, this solution can introduce blockchain technology.
  • a part of the nodes can be selected to be responsible for the broadcast of forensic tasks and the sending of task execution instructions.
  • This part of the nodes can also be called a group of committee nodes (or a group of first node). It should be noted that the committee nodes of this group are replaced periodically, for example, it can be replaced every hour.
  • the task execution node (that is, the second node) in the blockchain, it executes the corresponding forensics task only when it receives a task execution instruction sent by a valid committee node.
  • a valid committee node As a result, it is possible to avoid the problem that when each node is not distinguished, any node may send a task execution instruction, which will greatly waste computing resources.
  • it can also be compatible with the existing blockchain architecture (that is, several core nodes of the blockchain have the right to keep accounts, and other nodes have only verification functions).
  • the committee node can select several nodes from the nodes of the blockchain to perform the corresponding forensic task.
  • each of the selected nodes may be referred to as the second node.
  • the final evidence deposit result is determined based on the forensic result returned by each of the several nodes (the determination method will be explained later).
  • the committee node After the committee node selects the above deposit result, it can broadcast the deposit result on the blockchain. It is understandable that, for ordinary nodes on the blockchain other than committee nodes, they can receive the evidence result sent by each committee node in a group of committee nodes. After that, it can use a consensus algorithm to determine the final deposit result from the multiple deposit results sent by each committee node and store it. It can be seen that, for the above-mentioned ordinary nodes, the final storage certificate results have been double-verified, that is, the committee node first verifies the first time, and then conducts the second verification through the consensus algorithm. Therefore, It can greatly improve the accuracy and validity of the deposit evidence.
  • FIG. 1 is a schematic diagram of the application scenario of the blockchain-based digital content forensics method provided in this manual.
  • the blockchain may include multiple nodes, and the multiple nodes may include a group of first nodes.
  • the user can publish the forensic task of digital content to a certain first node in the blockchain based on the corresponding client. After that, the first node may broadcast the forensic task on the blockchain, so that each first node in the group of first nodes can receive the forensic task.
  • first node Take a certain first node in the above group of first nodes as an example.
  • the first node After the first node receives the forensics task, it can select several second nodes from the multiple nodes of the blockchain, and send to the several second nodes. Each second node in the second node sends an execution instruction of the forensic task. After completing the corresponding forensics task, each second node may return the corresponding forensic result to the first node.
  • the first node judges whether multiple forensic results match. If they match, any first forensic result is selected from the multiple forensic results as the result of the forensic evidence. Store the certification result locally, and broadcast the certification result to other nodes among the multiple nodes except the first node, so that other nodes store the certification result after consensus verification.
  • FIG. 2 is a flowchart of a blockchain-based digital content forensics method provided by an embodiment of this specification.
  • the execution subject of the method may be the first node of the blockchain in FIG. 1.
  • the method may specifically include step 202-step 212.
  • Step 202 Receive the forensics task of the digital content.
  • the forensic task of the digital content here may be directly received by the first node from the client, or it may be received by the first node when the forensic task is broadcast by other first nodes on the blockchain.
  • the client can add the corresponding digital signature/certificate when sending the above forensic task.
  • other first nodes may add corresponding digital signatures/certificates when broadcasting the above forensic task. Therefore, the above-mentioned first node can verify the identity of the client or other first nodes based on the digital signature/certificate, thereby ensuring the credibility of the communication between the client and the first node and multiple first nodes.
  • the digital content may include, but is not limited to, screenshots of web pages, video files, audio files, and so on.
  • the corresponding forensic task can be a screenshot task or a grabbing task.
  • the corresponding forensic task may be a recording task.
  • the above forensic task may include the user's uid (user identity) and the URL address of the webpage to be screenshotted.
  • Step 204 Select a number of second nodes from a plurality of nodes in the blockchain, and send an execution instruction of the forensics task to each of the plurality of second nodes.
  • the above-mentioned several second nodes may be selected from all nodes of the blockchain based on predefined node selection rules, or selected from predetermined nodes of the blockchain.
  • the scheduled node here is only responsible for the execution of forensic tasks. It can be understood that, when the above-mentioned several second nodes are selected based on the first method, the several second nodes may include the first node itself. In other words, the first node in this specification can also be responsible for the execution of forensic tasks. In addition, when the second node is selected from the predetermined nodes, the efficiency of selecting the second node can be greatly improved.
  • the execution instruction of the forensic task may include the uid of the user and the URL address of the webpage to be screenshotted.
  • any second node can start the docker container based on the pre-downloaded docker image file. And run the pre-packaged browser in the docker container. In the running browser, load the web page to be screenshot based on the URL address, and take a screenshot of the web page to be screenshot to obtain a screenshot of the web page. It is understandable that, in this example, the obtained screenshot of the webpage is the forensic result obtained by any of the above-mentioned second nodes.
  • the first node is responsible for sending the execution instruction of the forensic task. Therefore, any second node can perform the forensic task execution instruction according to the predefined validity verification rules. The validity of the first node is verified. If the validity verification is passed, the forensics task will be executed.
  • Step 206 Receive multiple forensic results returned by each second node after completing the corresponding forensic task.
  • the first node can receive multiple screenshots of the webpage each sent by multiple second nodes selected by it.
  • Step 208 Determine whether the multiple forensic results match.
  • the judging process may specifically include: calculating the similarity between two forensic results of multiple forensic results. Based on the similarity between the two forensic results of the multiple forensic results, the multiple forensic results are divided into at least one group. Based on the number of forensic results in at least one group, it is determined whether multiple forensic results match. For example, when there is a first group with a number of forensic results greater than a first threshold in at least one group, it is determined that the multiple forensic results match.
  • the similarity between the above-mentioned pair of forensic results can be calculated based on image similarity algorithms such as perceptual hash algorithm, ORB algorithm, and histogram statistical algorithm.
  • the above judgment process may also have other steps. Taking the digital content as a screenshot of a webpage as an example, it can also include the following steps: judging whether the corresponding attribute information (such as size or height) of multiple webpage screenshots are equal, and/or judging that multiple forensic results correspond to each other Whether the sub-screenshots match, etc.
  • the sub-screenshots here can be taken based on predefined screenshot rules (for example, a square or rounded area with a white background color in a web page).
  • the judgment of whether the above sub-screenshots match can also be realized based on the image similarity algorithm and attribute information.
  • the specific judgment process is the same as that described above, and will not be repeated here.
  • the first node selects multiple second nodes to perform the forensic task, which can ensure the safety and reliability of the obtained evidence.
  • step 210 if they match, any first forensic result is selected from a plurality of forensic results as the result of the forensic evidence.
  • any webpage screenshot can be selected as the final certification result.
  • the first node can broadcast its forensic failure information on the blockchain. Of course, it is not necessary to broadcast any information, which is not limited in this specification.
  • the first node can also select an incorrect forensic result from a plurality of forensic results, and determine the second node that sends the incorrect forensic result. Count the number of times that the determined second node sends wrong forensic results. If the number of times is greater than the predetermined threshold, the determined second node is broadcast on the blockchain. In this way, the function of supervising the second node is realized.
  • Step 212 Store the attestation result locally, and broadcast the attestation result to other nodes among the multiple nodes except the first node, so that other nodes store the attestation result after consensus verification.
  • the process of the first node locally storing the attestation result may specifically be: generating a target transaction based on the attestation result and content information related to the attestation result. Store the generated target transaction locally.
  • the first node may first record the target transaction in the transaction pool, and then connect to other transactions and write them into the transaction details of the corresponding block of the first node.
  • the foregoing content information may include any one or more of the following: Hash value corresponding to the evidence storage result, the initiator of the forensic task (for example, user id), the information of the first node, the information of the second node, and the time of obtaining the evidence.
  • the above-mentioned other nodes can be divided into two types, one of which is committee nodes (that is, other first nodes), and the other is nodes other than committee nodes (hereinafter referred to as ordinary nodes).
  • committee nodes that is, other first nodes
  • ordinary nodes For each other first node, if its forensic result is successfully obtained, that is, if the multiple forensic results obtained by corresponding several second nodes match, then after receiving the above-mentioned first node, it can Do nothing. And if the forensic result fails to obtain, that is, if the multiple forensic results obtained through the corresponding second nodes do not match, then it performs the same consensus verification operation as the ordinary node (described below).
  • the ordinary node For ordinary nodes, it performs the following consensus verification operations. Specifically, the ordinary node first receives multiple deposit results broadcast by each first node. Then, based on the deposit certificate results received from other first nodes, a consensus algorithm is adopted to perform consensus verification on the deposit certificate results received from the first node.
  • the consensus algorithm here can include but is not limited to Practical Byzantine Fault Tolerance (PBFT) algorithm, Proof of Work (POW) algorithm, Proof of Stake (POS) algorithm, and Delegated Proof of Stake (Delegated) Proof of Stake, DPOS) algorithm, etc.
  • PBFT Practical Byzantine Fault Tolerance
  • POW Proof of Work
  • POS Proof of Stake
  • Delegated Delegated Proof of Stake
  • DPOS Delegated Proof of Stake
  • the content information related to the deposit result may be sent by the first node together with the deposit result when the above deposit result is broadcast.
  • the blockchain has the characteristics of traceability and tamper resistance, it is inherently an excellent way to store evidence. Therefore, after the evidence is generated through a trusted processing link, it is stored in the same trusted On the blockchain, the value of evidence can be maximized.
  • the embodiments of this specification are suitable for obtaining evidence of various types of digital content, and only need to set different matching mechanisms for different types.
  • the foregoing embodiment describes the solution with the first node in the blockchain as the execution subject, and the following describes the solution with the second node as the execution subject.
  • Fig. 3 is a flowchart of a blockchain-based digital content forensics method provided by another embodiment of this specification.
  • the execution subject of the method may be the second node of the blockchain in FIG. 1.
  • the method may specifically include step 302 to step 312.
  • Step 302 Receive an execution instruction of the forensic task sent by any first node among the plurality of first nodes.
  • the forensic task sent by the client or other first nodes on the blockchain may be first received by the above-mentioned first node. After that, the first node selects the second node and sends the execution instruction of the forensic task to the second node.
  • Step 304 In response to the execution instruction, perform a forensic task to obtain a forensic result.
  • the second node may first verify the validity of the first node according to a predefined validity verification rule. If the validity verification is passed, the forensics task will be executed.
  • the execution instruction of the forensic task may include the uid of the user and the URL address of the webpage to be screenshotted.
  • the second node can start the docker container based on the pre-downloaded docker image file. And run the pre-packaged browser in the docker container. In the running browser, load the web page to be screenshot based on the URL address, and take a screenshot of the web page to be screenshot to obtain a screenshot of the web page. It is understandable that, in this example, the obtained screenshot of the webpage is the forensic result obtained by the second node.
  • Step 306 Return the forensic result to the first node.
  • Step 308 Receive an attestation result determined by the first node at least based on the forensic result.
  • the first node may receive forensic results returned by multiple second nodes. After that, the first node can determine whether the multiple forensic results match. For example, it is possible to judge whether multiple forensic results match based on the similarity between the two forensic results of multiple forensic results. In addition, it is also possible to judge whether the multiple forensic results match based on the respective attribute information (such as size or height) of the multiple webpage screenshots, and/or the sub-screenshots corresponding to the multiple forensic results.
  • the respective attribute information such as size or height
  • any first forensic result is selected from the multiple forensic results as the result of the forensic evidence.
  • Step 310 Based on the deposit result received from other first nodes, a consensus algorithm is used to perform consensus verification on the deposit result received from the first node.
  • each second node in the blockchain can receive the deposit certificate results broadcast by each first node in a group of first nodes on the blockchain. After receiving the deposit certificate results sent by each first node, consensus verification can be performed based on the consensus algorithm.
  • the aforementioned consensus algorithm may be a PBFT algorithm.
  • step 312 if the consensus verification is passed, the storage certificate result received from the first node is stored.
  • the second node may also receive content information related to the attestation result.
  • the content information here may be recorded when the first node executes the process of obtaining the evidence result. It may include, but is not limited to, the hash value corresponding to the evidence deposit result, the initiator of the forensic task (for example, user id), the information of the first node, the information of the second node, and the time of obtaining the evidence, etc.
  • the process for the second node to store the foregoing deposit result may specifically be: generating a target transaction based on the deposit result and content information related to the deposit result. Store the generated target transaction locally.
  • the deposit result stored by the second node is actually double-verified, that is, the first node performs the first verification, and then the consensus algorithm performs the second verification. As a result, the correctness and validity of the deposit evidence can be greatly improved.
  • the embodiments of this specification protect the safety and reliability of all processing processes by using multiple times of obtaining evidence, verification and consensus, and the evidence is traceable and easy to verify.
  • this scheme can also be applied to other scenarios. For example, when redundant data is required to be fault-tolerant and verified in an unreliable network, the redundant data is treated as the same piece of evidence through this scheme, and committee voting and consensus are used. The mechanism can also guarantee the correctness of the final result.
  • This solution will calculate the hash value through the result of the verification, and then upload it together with the key information in the processing process to store the evidence, which solves the risk in the preservation of evidence and makes the evidence verifiable and traceable.
  • an embodiment of this specification also provides a blockchain-based digital content forensics device.
  • the blockchain includes multiple nodes, and the multiple nodes include at least a first node.
  • the device is implemented by the first node. As shown in FIG. 4, the device may include a receiving unit 402, a selecting unit 404, a sending unit 406, a judging unit 408, and a storage source 410.
  • the receiving unit 402 is used to receive forensics tasks of digital content.
  • the digital content here includes any of the following: webpage screenshots, audio files, video files, etc.
  • Forensic tasks include any of the following: screenshot tasks, capture tasks, and recording tasks.
  • the selecting unit 404 is configured to select a number of second nodes from a plurality of nodes.
  • the sending unit 406 is configured to send an execution instruction of the forensic task to each of the plurality of second nodes selected by the selecting unit 404.
  • the receiving unit 402 is further configured to receive multiple forensic results returned by each second node after completing the corresponding forensic task.
  • the judging unit 408 is configured to judge whether the multiple forensic results received by the receiving unit 402 match.
  • the judging unit 408 may be specifically used to calculate the similarity between the pairwise forensic results of multiple forensic results.
  • the multiple forensic results are divided into at least one group.
  • the judging unit 408 may also be specifically configured to judge whether there is a first group whose number of forensic results is greater than a first threshold in the at least one group. If the first group exists, it is determined that multiple forensic results match.
  • the determining unit 408 may be specifically configured to: determine multiple forensic results based on the attribute information corresponding to each of the multiple forensic results and/or based on the matching results of the sub-screenshots corresponding to each of the multiple forensic results. Whether the forensic results match.
  • the selecting unit 404 is further configured to, if the determining unit 408 determines that they match, select any first forensic result from a plurality of forensic results as the result of the forensic evidence.
  • the storage unit 410 is configured to locally store the storage result selected by the selection unit 404.
  • the storage unit 410 may be specifically used to generate a target transaction based on the deposit certificate result and content information related to the deposit certificate result.
  • the foregoing content information includes any one or more of the following: Hash value corresponding to the evidence deposit result, the initiator of the forensic task, the information of the first node, the information of the second node, and the time of obtaining the evidence.
  • the sending unit 406 is also configured to broadcast the certification result to other nodes among the multiple nodes except the first node, so that other nodes store the certification result after consensus verification.
  • the device may further include: a statistical unit (not shown in the figure).
  • the selecting unit 404 is further configured to select an erroneous forensic result from the multiple forensic results if the multiple forensic results do not match, and determine the second node that sends the erroneous forensic result.
  • the statistical unit is used to count the number of times that the determined second node sends wrong forensic results.
  • the sending unit 406 is further configured to broadcast the determined second node on the blockchain if the number of times counted by the statistical unit is greater than a predetermined threshold.
  • the receiving unit 402 receives the forensics task of the digital content.
  • the selecting unit 404 selects a number of second nodes from a plurality of nodes.
  • the sending unit 406 sends an execution instruction of the forensic task to each of the selected second nodes.
  • the receiving unit 402 receives multiple forensic results returned by each second node after completing the corresponding forensic task.
  • the judging unit 408 judges whether the multiple forensic results match. If they match, the selecting unit 404 selects any first forensic result from the multiple forensic results as the evidence storage result.
  • the storage unit 410 locally stores the attestation result.
  • the sending unit 406 broadcasts the certification result to nodes other than the first node among the multiple nodes, so that other nodes store the certification result after consensus verification. As a result, the credibility of the acquired digital content can be improved.
  • an embodiment of this specification also provides a blockchain-based digital content forensics device.
  • the blockchain includes a plurality of nodes, and the plurality of nodes includes a plurality of One node and second node.
  • the device is implemented by the second node. As shown in FIG. 5, the device may include a receiving unit 502, an executing unit 504, a sending compound 506, a consensus unit 508, and a storage unit 510.
  • the receiving unit 502 is configured to receive an execution instruction of a forensic task sent by any first node among several first nodes.
  • the execution unit 504 is configured to execute the forensic task in response to the execution instruction received by the receiving unit 502 to obtain the forensic result.
  • the execution unit 504 may be specifically configured to verify the validity of the first node according to a predefined validity verification rule.
  • the sending unit 506 is configured to return the forensic result to the first node.
  • the receiving unit 502 is further configured to receive the evidence deposit result determined by the first node at least based on the forensic result.
  • the consensus unit 508 is configured to use a consensus algorithm to perform consensus verification on the deposit result received from the first node based on the deposit result received by the receiving unit 502 from other first nodes.
  • the consensus algorithm here can be a practical Byzantine fault-tolerant PBFT algorithm.
  • the storage unit 510 is configured to store the certificate deposit result received from the first node if the consensus verification by the consensus unit 508 is passed.
  • the block chain-based digital content forensics device provided in an embodiment of this specification can improve the credibility of the acquired digital content.
  • an embodiment of this specification also provides a forensics device, which may include a memory 602, one or more processors 604, and one or more programs. Wherein, the one or more programs are stored in the memory 602 and are configured to be executed by one or more processors 604.
  • the following steps are implemented: receiving digital content forensic tasks; A number of second nodes are selected from the nodes, and the execution instructions of the forensics task are sent to each of the plurality of second nodes; the multiple forensics results returned by each second node after the completion of the corresponding forensics task are received; multiple forensic results are judged Whether the forensic results match; if they match, select any first forensic result from the multiple forensic results as the attestation result; store the attestation result locally and send it to the nodes other than the first node among the multiple forensic results Broadcast the deposit result so that other nodes will store the deposit result after consensus verification.
  • the forensic device provided in an embodiment of this specification can improve the credibility of acquired digital content.
  • another forensic device provided in another embodiment of this specification may also be as shown in FIG.
  • One or more programs are stored in the memory 602, and are configured to be executed by one or more processors 604. The difference is that when the program is executed by the processor 604, the following steps are implemented: receiving the execution instruction of the forensic task sent by any first node among the first nodes; in response to the execution instruction, execute the forensic task to obtain the forensic result ; Return the forensic result to the first node.
  • the receiving first node at least determines the evidence deposit result based on the forensic result; based on the evidence result received from other first nodes, the consensus algorithm is adopted to perform consensus verification on the evidence result received from the first node; if the consensus verification is passed, Then the deposit result received from the first node is stored.
  • the forensic device provided in an embodiment of this specification can improve the credibility of acquired digital content.
  • the steps of the method or algorithm described in conjunction with the disclosure of this specification can be implemented in a hardware manner, or can be implemented in a manner in which a processor executes software instructions.
  • Software instructions can be composed of corresponding software modules, which can be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, mobile hard disk, CD-ROM or any other form of storage known in the art Medium.
  • An exemplary storage medium is coupled to the processor, so that the processor can read information from the storage medium and write information to the storage medium.
  • the storage medium may also be an integral part of the processor.
  • the processor and the storage medium may be located in the ASIC.
  • the ASIC may be located in the server.
  • the processor and the storage medium may also exist as discrete components in the server.
  • the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof.
  • these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium.
  • the computer-readable medium includes a computer storage medium and a communication medium, where the communication medium includes any medium that facilitates the transfer of a computer program from one place to another.
  • the storage medium may be any available medium that can be accessed by a general-purpose or special-purpose computer.

Abstract

A blockchain-based digital content evidence collection method, apparatus and device. The blockchain-based digital content evidence collection method comprises: receiving an evidence collection task of digital content (202); selecting a plurality of second nodes from a plurality of nodes of the blockchain, and sending an execution instruction of the evidence collection task to each second node in the plurality of second nodes (204); receiving a plurality of evidence collection results returned by the second nodes after the second nodes execute the corresponding evidence collection tasks (206); determining whether the plurality of evidence collection results are matched or not (208); if the plurality of evidence collection results are matched, selecting any first evidence collection result from the plurality of evidence collection results as an evidence storage result (210); and storing the evidence storage result locally, and broadcasting the evidence storage result to other nodes except the first node in the plurality of nodes, so that the other nodes perform consensus verification on the evidence storage result and then store the evidence storage result (212).

Description

基于区块链的数字内容取证方法、装置及设备Digital content forensics method, device and equipment based on blockchain 技术领域Technical field
本说明书一个或多个实施例涉及计算机技术领域,尤其涉及一种基于区块链的数字内容取证方法、装置及设备。One or more embodiments of this specification relate to the field of computer technology, and in particular to a blockchain-based digital content forensics method, device, and equipment.
背景技术Background technique
在目前的数字版权保护领域,经常会出现图片、视频等数字内容被盗用的现象。主要原因有如下两方面:第一,可以为数字内容进行版权保护的保全机构极少,且处理步骤繁琐,取证手段单一,无法为社会各界提供广泛而又便利的版权保护服务。第二,用户自行取证存在着诸多不规范、不标准、不安全的因素,容易导致原本正当的权利得不到申诉。因此,如何对数字内容进行有效地取证就成为要解决的问题。In the current field of digital copyright protection, digital content such as pictures and videos are often stolen. The main reasons are the following two aspects: First, there are very few security agencies that can protect digital content, and the processing steps are cumbersome, and the method of obtaining evidence is single. It is unable to provide extensive and convenient copyright protection services for all sectors of society. Second, there are many irregular, non-standard, and insecure factors in users' self-collecting evidence, which can easily lead to the failure to obtain appeals for their legitimate rights. Therefore, how to effectively obtain evidence for digital content has become a problem to be solved.
传统技术中,通常是基于客户端和服务器的架构来实现数字内容的取证。以数字内容为网页截图为例来说,其取证过程为:客户端每当需要对某网页进行截图时,会向服务器发送含有待截图网页的地址的请求,然后由服务器进行截图,并将网页截图保存在服务器上。然而,在上述过程中,客户端向服务器发送的请求以及保存在服务器上的网页截图会存在被篡改的风险。因此,需要提供一种更可靠的数字内容的取证方法。In traditional technology, the forensics of digital content is usually realized based on the architecture of client and server. Taking digital content as a screenshot of a webpage as an example, the forensic process is: whenever a client needs to take a screenshot of a webpage, it will send a request to the server that contains the address of the webpage to be screenshotted, and then the server will take a screenshot and take the webpage The screenshot is saved on the server. However, in the above process, the request sent by the client to the server and the screenshot of the webpage saved on the server may be tampered with. Therefore, it is necessary to provide a more reliable method for obtaining evidence of digital content.
发明内容Summary of the invention
本说明书一个或多个实施例描述了一种基于区块链的数字内容取证方法、装置及设备,可以提高获取的数字内容的可信度。One or more embodiments of this specification describe a blockchain-based digital content forensics method, device, and equipment, which can improve the credibility of acquired digital content.
第一方面,提供了一种基于区块链的数字内容取证方法,包括:接收数字内容的取证任务;从所述多个节点中选取若干第二节点,并向所述若干第二节点中的各第二节点发送取证任务的执行指示;接收所述各第二节点在执行完成相应的取证任务之后返回的多个取证结果;判断多个取证结果是否相匹配;若相匹配,则从所述多个取证结果中选取任意的第一取证结果作为存证结果;在本地存储所述存证结果,并向所述多个节点中除所述第一节点外的其它节点广播该存证结果,以使其它节点在对所述存证结果进行共识验证后存储。In a first aspect, a blockchain-based digital content forensics method is provided, which includes: receiving digital content forensic tasks; selecting a number of second nodes from the plurality of nodes, and sending them to one of the plurality of second nodes. Each second node sends an execution instruction for the forensic task; receives multiple forensic results returned by each second node after completing the corresponding forensic task; judges whether the multiple forensic results match; Select any first forensic result from the plurality of forensic results as the result of the forensic evidence; store the result of the forensic evidence locally, and broadcast the result of the forensic evidence to nodes other than the first node among the plurality of nodes, In this way, other nodes store the result after consensus verification of the deposit certificate.
第二方面,提供了一种基于区块链的数字内容取证方法,包括:接收所述若干第 一节点中任意的第一节点发送的取证任务的执行指示;响应于所述执行指示,执行所述取证任务,以获得取证结果;向所述第一节点返回所述取证结果;接收所述第一节点至少基于所述取证结果确定的存证结果;基于从其它第一节点接收的存证结果,采用共识算法,对从所述第一节点接收的存证结果进行共识验证;若共识验证通过,则对从所述第一节点接收的存证结果进行存储。In a second aspect, a blockchain-based digital content forensics method is provided, which includes: receiving an execution instruction of a forensic task sent by any first node among the plurality of first nodes; and in response to the execution instruction, executing all the forensics tasks. The forensic task to obtain the forensic result; return the forensic result to the first node; receive the forensic result determined by the first node at least based on the forensic result; and based on the forensic result received from other first nodes , Adopting a consensus algorithm to perform consensus verification on the deposit certificate result received from the first node; if the consensus verification is passed, store the deposit certificate result received from the first node.
第三方面,提供了一种基于区块链的数字内容取证装置,包括:接收单元,用于接收数字内容的取证任务;选取单元,用于从所述多个节点中选取若干第二节点;发送单元,用于向所述选取单元选取的所述若干第二节点中的各第二节点发送取证任务的执行指示;所述接收单元,还用于接收所述各第二节点在执行完成相应的取证任务之后返回的多个取证结果;判断单元,用于判断所述接收单元接收的多个取证结果是否相匹配;所述选取单元,还用于若相匹配,则从所述多个取证结果中选取任意的第一取证结果作为存证结果;存储单元,用于在本地存储所述选取单元选取的所述存证结果;所述发送单元,还用于向所述多个节点中除所述第一节点外的其它节点广播该存证结果,以使其它节点在对所述存证结果进行共识验证后存储。In a third aspect, a digital content forensics device based on blockchain is provided, including: a receiving unit for receiving digital content forensic tasks; and a selecting unit for selecting a number of second nodes from the plurality of nodes; The sending unit is configured to send an execution instruction of the forensics task to each of the plurality of second nodes selected by the selection unit; the receiving unit is also configured to receive the corresponding execution of each second node The multiple forensic results returned after the forensic task of the forensics; the judging unit is used to determine whether the multiple forensic results received by the receiving unit match; the selection unit is also used to obtain evidence from the multiple forensics if they match Select any first forensic result as the result of the evidence; the storage unit is used to locally store the result of the evidence selected by the selection unit; the sending unit is also used to remove the evidence from the multiple nodes Nodes other than the first node broadcast the deposit result, so that other nodes store the deposit result after consensus verification.
第四方面,提供了一种基于区块链的数字内容取证装置,包括:接收单元,用于接收所述若干第一节点中任意的第一节点发送的取证任务的执行指示;执行单元,用于响应于所述接收单元接收的所述执行指示,执行所述取证任务,以获得取证结果;发送单元,用于向所述第一节点返回所述取证结果;所述接收单元,还用于接收所述第一节点至少基于所述取证结果确定的存证结果;共识单元,用于基于所述接收单元从其它第一节点接收的存证结果,采用共识算法,对从所述第一节点接收的存证结果进行共识验证;存储单元,用于若所述共识单元共识验证通过,则对从所述第一节点接收的存证结果进行存储。In a fourth aspect, a digital content forensics device based on blockchain is provided, including: a receiving unit, configured to receive an execution instruction of a forensic task sent by any first node among the plurality of first nodes; an execution unit, using In response to the execution instruction received by the receiving unit, execute the forensic task to obtain a forensic result; a sending unit is configured to return the forensic result to the first node; and the receiving unit is further configured to Receive the evidence result determined by the first node at least based on the forensic result; the consensus unit is used for adopting a consensus algorithm based on the evidence result received by the receiving unit from other first nodes to compare the evidence from the first node Consensus verification is performed on the received deposit certificate result; a storage unit is used to store the deposit certificate result received from the first node if the consensus unit verification is passed by the consensus unit.
第五方面,提供了一种基于区块链的数字内容取证设备,包括:存储器;一个或多个处理器;以及一个或多个程序,其中所述一个或多个程序存储在所述存储器中,并且被配置成由所述一个或多个处理器执行,所述程序被所述处理器执行时实现以下步骤:In a fifth aspect, a blockchain-based digital content forensics device is provided, including: a memory; one or more processors; and one or more programs, wherein the one or more programs are stored in the memory And is configured to be executed by the one or more processors, and when the program is executed by the processor, the following steps are implemented:
接收数字内容的取证任务;从区块链的多个节点中选取若干第二节点,并向所述若干第二节点中的各第二节点发送取证任务的执行指示;接收所述各第二节点在执行完成相应的取证任务之后返回的多个取证结果;判断多个取证结果是否相匹配;若相匹配,则从所述多个取证结果中选取任意的第一取证结果作为存证结果;在本地存储所述存证结果,并向所述多个节点中除所述第一节点外的其它节点广播该存证结果,以使其它节 点在对所述存证结果进行共识验证后存储。Receive the forensic task of digital content; select a number of second nodes from a plurality of nodes in the blockchain, and send an execution instruction of the forensic task to each of the plurality of second nodes; receive each of the second nodes Multiple forensic results returned after the execution of the corresponding forensic task; determine whether the multiple forensic results match; if they match, select any first forensic result from the multiple forensic results as the evidence; Store the attestation result locally, and broadcast the attestation result to other nodes of the plurality of nodes except the first node, so that other nodes store the attestation result after consensus verification of the attestation result.
第六方面,提供了一种基于区块链的数字内容取证设备,包括:存储器;一个或多个处理器;以及一个或多个程序,其中所述一个或多个程序存储在所述存储器中,并且被配置成由所述一个或多个处理器执行,所述程序被所述处理器执行时实现以下步骤:接收区块链的若干第一节点中任意的第一节点发送的取证任务的执行指示;响应于所述执行指示,执行所述取证任务,以获得取证结果;向所述第一节点返回所述取证结果;接收所述第一节点至少基于所述取证结果确定的存证结果;基于从其它第一节点接收的存证结果,采用共识算法,对从所述第一节点接收的存证结果进行共识验证;若共识验证通过,则对从所述第一节点接收的存证结果进行存储。In a sixth aspect, a blockchain-based digital content forensics device is provided, including: a memory; one or more processors; and one or more programs, wherein the one or more programs are stored in the memory , And is configured to be executed by the one or more processors, and when the program is executed by the processor, the following steps are implemented: receiving the forensic task sent by any one of the several first nodes of the blockchain Execution instruction; in response to the execution instruction, execute the forensic task to obtain the forensic result; return the forensic result to the first node; receive the forensic result determined by the first node at least based on the forensic result ; Based on the deposit certificate results received from other first nodes, the consensus algorithm is adopted to perform consensus verification on the deposit certificate results received from the first node; if the consensus verification is passed, the deposit certificate received from the first node The results are stored.
本说明书一个或多个实施例提供的基于区块链的数字内容取证方法、装置及设备,由区块链中的第一节点负责接收取证任务,并在接收到该取证任务之后,从区块链中选取出若干第二节点来执行相应的取证任务。之后,第一节点在接收到各第二节点返回的多个取证结果后,判断该多个取证结果是否相匹配,并在相匹配的情况下,从多个取证结果中确定出相应的存证结果,并将该存证结果发布在区块链上。也即本说明书提供的方案,可以基于区块链来获取数字内容,由此可以保证取证过程的安全可靠。此外,本方案中,设定由区块链中的第一节点来负责指示取证任务执行的方式,可以大大节约计算资源。In the blockchain-based digital content forensics method, device, and equipment provided by one or more embodiments of this specification, the first node in the blockchain is responsible for receiving the forensic task, and after receiving the forensic task, from the block Several second nodes are selected in the chain to perform corresponding forensics tasks. After that, the first node, after receiving multiple forensic results returned by each second node, determines whether the multiple forensic results match, and in the case of a match, determines the corresponding evidence from the multiple forensic results As a result, the deposit result will be published on the blockchain. That is to say, the solution provided in this manual can obtain digital content based on the blockchain, thereby ensuring the safety and reliability of the forensic process. In addition, in this solution, setting the first node in the blockchain to be responsible for instructing the execution of the forensic task can greatly save computing resources.
附图说明Description of the drawings
为了更清楚地说明本说明书实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to explain the technical solutions of the embodiments of this specification more clearly, the following will briefly introduce the drawings needed in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the specification. A person of ordinary skill in the art can obtain other drawings based on these drawings without creative work.
图1为本说明书提供的基于区块链的数字内容取证方法应用场景示意图。Figure 1 is a schematic diagram of the application scenario of the blockchain-based digital content forensics method provided in this manual.
图2为本说明书一个实施例提供的基于区块链的数字内容取证方法流程图。Figure 2 is a flowchart of a blockchain-based digital content forensics method provided by an embodiment of this specification.
图3为本说明书另一个实施例提供的基于区块链的数字内容取证方法流程图。Fig. 3 is a flowchart of a blockchain-based digital content forensics method provided by another embodiment of this specification.
图4为本说明书一个实施例提供的基于区块链的数字内容取证装置示意图。Figure 4 is a schematic diagram of a blockchain-based digital content forensics device provided by an embodiment of this specification.
图5为本说明书另一个实施例提供的基于区块链的数字内容取证装置示意图。Figure 5 is a schematic diagram of a blockchain-based digital content forensics device provided by another embodiment of this specification.
图6为本说明书一个实施例提供的基于区块链的数字内容取证设备示意图。Figure 6 is a schematic diagram of a blockchain-based digital content forensics device provided by an embodiment of this specification.
具体实施方式Detailed ways
下面结合附图,对本说明书提供的方案进行描述。The following describes the solutions provided in this specification with reference to the accompanying drawings.
在描述本说明书提供的方案之前,先对本方案的发明构思作以下说明。Before describing the solution provided in this specification, the following description of the inventive concept of this solution is provided.
区块链技术是一种互联网数据库技术,其特点是去中心化、公开透明、不可篡改以及可信任。因此,本方案可以引入区块链技术。Blockchain technology is a kind of Internet database technology, which is characterized by decentralization, openness and transparency, immutability and trustworthiness. Therefore, this solution can introduce blockchain technology.
在引入区块链技术后,对于区块链中的节点,可以从中选取一部分节点负责取证任务的广播以及任务执行指示的发送,该一部分节点也可以称为一组委员会节点(或者一组第一节点)。需要说明的是,该组委员会节点是周期性更换的,如,可以是每小时更换一次。After the introduction of blockchain technology, for the nodes in the blockchain, a part of the nodes can be selected to be responsible for the broadcast of forensic tasks and the sending of task execution instructions. This part of the nodes can also be called a group of committee nodes (or a group of first node). It should be noted that the committee nodes of this group are replaced periodically, for example, it can be replaced every hour.
对于区块链中的任务执行节点(即第二节点),其只有在接收到有效的委员会节点发送的任务执行指示时,才执行相应的取证任务。由此,可以避免不对各节点进行区分时,任一节点都有可能发送任务执行指示时,会极大地浪费计算资源的问题。此外,还可以兼容现有的区块链架构(即区块链的若干核心节点拥有记账权,其它节点只有验证功能)。For the task execution node (that is, the second node) in the blockchain, it executes the corresponding forensics task only when it receives a task execution instruction sent by a valid committee node. As a result, it is possible to avoid the problem that when each node is not distinguished, any node may send a task execution instruction, which will greatly waste computing resources. In addition, it can also be compatible with the existing blockchain architecture (that is, several core nodes of the blockchain have the right to keep accounts, and other nodes have only verification functions).
此外,为了进一步确保取证内容的可靠性,委员会节点可以从区块链的节点中选取若干节点,来执行对应的取证任务。这里,选取的若干节点中的每个节点可以称为第二节点。之后,基于该若干节点各自返回的取证结果,来确定最终的存证结果(确定方式后续说明)。In addition, in order to further ensure the reliability of the forensic content, the committee node can select several nodes from the nodes of the blockchain to perform the corresponding forensic task. Here, each of the selected nodes may be referred to as the second node. After that, the final evidence deposit result is determined based on the forensic result returned by each of the several nodes (the determination method will be explained later).
委员会节点在选取出上述存证结果之后,可以在区块链上广播该存证结果。可以理解的是,对于区块链上除委员会节点之外的普通节点来说,其可以接收到一组委员会节点中每个委员会节点发送的存证结果。之后,其可以采用共识算法,从各委员会节点发送的多个存证结果中确定出最终的存证结果并进行存储。由此可以看出,对于上述普通节点,其最终存储的存证结果经过了双重验证,即首先是委员会节点进行了第一次验证,之后再经过共识算法进行了第二次验证,由此,可以大大提升存证结果的正确性和有效性。After the committee node selects the above deposit result, it can broadcast the deposit result on the blockchain. It is understandable that, for ordinary nodes on the blockchain other than committee nodes, they can receive the evidence result sent by each committee node in a group of committee nodes. After that, it can use a consensus algorithm to determine the final deposit result from the multiple deposit results sent by each committee node and store it. It can be seen that, for the above-mentioned ordinary nodes, the final storage certificate results have been double-verified, that is, the committee node first verifies the first time, and then conducts the second verification through the consensus algorithm. Therefore, It can greatly improve the accuracy and validity of the deposit evidence.
以上就是本说明书提供的发明构思,基于该发明构思就可以得到本方案,以下对本方案进行详细阐述。The above is the inventive concept provided in this specification, and the solution can be obtained based on the inventive concept. The solution will be described in detail below.
图1为本说明书提供的基于区块链的数字内容取证方法应用场景示意图。图1中, 区块链可以包括多个节点,该多个节点可以包括一组第一节点。具体地,用户可以基于对应的客户端向区块链中的某个第一节点发布数字内容的取证任务。之后,该第一节点可以在区块链上广播该取证任务,以使得上述一组第一节点中的各第一节点均可以接收到上述取证任务。Figure 1 is a schematic diagram of the application scenario of the blockchain-based digital content forensics method provided in this manual. In FIG. 1, the blockchain may include multiple nodes, and the multiple nodes may include a group of first nodes. Specifically, the user can publish the forensic task of digital content to a certain first node in the blockchain based on the corresponding client. After that, the first node may broadcast the forensic task on the blockchain, so that each first node in the group of first nodes can receive the forensic task.
以上述一组第一节点中的某个第一节点为例来说,该第一节点在接收到取证任务之后,可以从区块链的多个节点中选取若干第二节点,并向该若干第二节点中的各第二节点发送该取证任务的执行指示。各第二节点在执行完成相应的取证任务之后,可以向第一节点返回对应的取证结果。第一节点判断多个取证结果是否相匹配。若相匹配,则从多个取证结果中选取任意的第一取证结果作为存证结果。在本地存储该存证结果,并向多个节点中除第一节点外的其它节点广播该存证结果,以使其它节点在对存证结果进行共识验证后存储。Take a certain first node in the above group of first nodes as an example. After the first node receives the forensics task, it can select several second nodes from the multiple nodes of the blockchain, and send to the several second nodes. Each second node in the second node sends an execution instruction of the forensic task. After completing the corresponding forensics task, each second node may return the corresponding forensic result to the first node. The first node judges whether multiple forensic results match. If they match, any first forensic result is selected from the multiple forensic results as the result of the forensic evidence. Store the certification result locally, and broadcast the certification result to other nodes among the multiple nodes except the first node, so that other nodes store the certification result after consensus verification.
图2为本说明书一个实施例提供的基于区块链的数字内容取证方法流程图。所述方法的执行主体可以为图1中的区块链的第一节点。如图2所示,所述方法具体可以包括步骤202-步骤212。Figure 2 is a flowchart of a blockchain-based digital content forensics method provided by an embodiment of this specification. The execution subject of the method may be the first node of the blockchain in FIG. 1. As shown in FIG. 2, the method may specifically include step 202-step 212.
步骤202,接收数字内容的取证任务。Step 202: Receive the forensics task of the digital content.
这里的数字内容的取证任务可以是由上述第一节点直接从客户端接收的,也可以是由其它第一节点在区块链上广播上述取证任务时,由上述第一节点接收的。The forensic task of the digital content here may be directly received by the first node from the client, or it may be received by the first node when the forensic task is broadcast by other first nodes on the blockchain.
需要说明的是,客户端在发送上述取证任务时,可以添加相应的数字签名/证书。或者,其它第一节点在广播上述取证任务时,可以添加相应的数字签名/证书。从而上述第一节点可以基于数字签名/证书,对客户端或者其它第一节点的身份进行验证,由此,可以确保客户端与第一节点以及多个第一节点之间通信的可信。It should be noted that the client can add the corresponding digital signature/certificate when sending the above forensic task. Alternatively, other first nodes may add corresponding digital signatures/certificates when broadcasting the above forensic task. Therefore, the above-mentioned first node can verify the identity of the client or other first nodes based on the digital signature/certificate, thereby ensuring the credibility of the communication between the client and the first node and multiple first nodes.
在步骤202中,数字内容可以包括但不限于网页截图、视频文件以及音频文件等。以网页截图为例来说,对应的取证任务可以为截图任务或者抓取任务。以视频文件或者音频文件为例来说,对应的取证任务可以为录制任务等。In step 202, the digital content may include, but is not limited to, screenshots of web pages, video files, audio files, and so on. Taking a screenshot of a web page as an example, the corresponding forensic task can be a screenshot task or a grabbing task. Taking a video file or an audio file as an example, the corresponding forensic task may be a recording task.
以数字内容为网页截图为例来说,上述取证任务可以包括用户的uid(用户身份)以及待截图网页的URL地址。Taking the digital content as a screenshot of a webpage as an example, the above forensic task may include the user's uid (user identity) and the URL address of the webpage to be screenshotted.
步骤204,从区块链的多个节点中选取若干第二节点,并向该若干第二节点中的各第二节点发送取证任务的执行指示。Step 204: Select a number of second nodes from a plurality of nodes in the blockchain, and send an execution instruction of the forensics task to each of the plurality of second nodes.
上述若干第二节点可以是基于预定义的节点选取规则,从区块链的所有节点中选 取的,也可以是从区块链的预定节点中选取的。这里的预定节点仅负责取证任务的执行。可以理解的是,当基于第一种方式选取上述若干第二节点时,该若干第二节点可以包括第一节点本身。也就是说,本说明书中的第一节点也可以负责取证任务的执行。此外,当从预定节点中选取第二节点时,可以大大提升第二节点的选取效率。The above-mentioned several second nodes may be selected from all nodes of the blockchain based on predefined node selection rules, or selected from predetermined nodes of the blockchain. The scheduled node here is only responsible for the execution of forensic tasks. It can be understood that, when the above-mentioned several second nodes are selected based on the first method, the several second nodes may include the first node itself. In other words, the first node in this specification can also be responsible for the execution of forensic tasks. In addition, when the second node is selected from the predetermined nodes, the efficiency of selecting the second node can be greatly improved.
还以数字内容为网页截图为例来说,上述取证任务的执行指示可以包括用户的uid以及待截图网页的URL地址。任一第二节点在接收到该执行指示之后,可以基于其预先下载的docker镜像文件,启动docker容器。并在该docker容器中运行预先封装的浏览器。在运行后的浏览器中,基于URL地址加载待截图网页,并对待截图网页进行截图,以得到网页截图。可以理解的是,在该例子中,所得到的网页截图即为上述任一第二节点获得的取证结果。Taking the digital content as a screenshot of a webpage as an example, the execution instruction of the forensic task may include the uid of the user and the URL address of the webpage to be screenshotted. After receiving the execution instruction, any second node can start the docker container based on the pre-downloaded docker image file. And run the pre-packaged browser in the docker container. In the running browser, load the web page to be screenshot based on the URL address, and take a screenshot of the web page to be screenshot to obtain a screenshot of the web page. It is understandable that, in this example, the obtained screenshot of the webpage is the forensic result obtained by any of the above-mentioned second nodes.
需要说明的是,在本说明书中,由第一节点负责发送取证任务的执行指示,因此,任一第二节点在接收到取证任务的执行指示之后,可以根据预定义的有效性验证规则,对第一节点的有效性进行验证。若有效性验证通过,则执行取证任务。It should be noted that in this specification, the first node is responsible for sending the execution instruction of the forensic task. Therefore, any second node can perform the forensic task execution instruction according to the predefined validity verification rules. The validity of the first node is verified. If the validity verification is passed, the forensics task will be executed.
应理解,当第一节点需要周期性更换时,相应的有效性验证规则也可以周期性更新。举例来说,假设在t时,有效性验证规则为:节点id%t=0,那么在t+1时,有效性验证规则可以更新为:节点id%(t+1)=0。It should be understood that when the first node needs to be replaced periodically, the corresponding validity verification rule may also be updated periodically. For example, suppose that at t, the validity verification rule is: node id%t=0, then at t+1, the validity verification rule can be updated to: node id%(t+1)=0.
步骤206,接收各第二节点在执行完成相应的取证任务之后返回的多个取证结果。Step 206: Receive multiple forensic results returned by each second node after completing the corresponding forensic task.
还以数字内容为网页截图为例来说,第一节点可以接收到其选取的多个第二节点各自发送的多张网页截图。Taking the digital content as a screenshot of a webpage as an example, the first node can receive multiple screenshots of the webpage each sent by multiple second nodes selected by it.
步骤208,判断多个取证结果是否相匹配。Step 208: Determine whether the multiple forensic results match.
在一个示例中,该判断过程具体可以包括:计算多个取证结果的两两取证结果间的相似度。基于多个取证结果的两两取证结果间的相似度,将多个取证结果划分为至少一个分组。基于至少一个分组中的取证结果的个数,判断多个取证结果是否相匹配。如,当至少一个分组中存在取证结果的个数大于第一阈值的第一分组时,确定多个取证结果相匹配。In an example, the judging process may specifically include: calculating the similarity between two forensic results of multiple forensic results. Based on the similarity between the two forensic results of the multiple forensic results, the multiple forensic results are divided into at least one group. Based on the number of forensic results in at least one group, it is determined whether multiple forensic results match. For example, when there is a first group with a number of forensic results greater than a first threshold in at least one group, it is determined that the multiple forensic results match.
以数字内容为网页截图为例来说,上述两两取证结果之间的相似度可以是基于感知哈希算法、ORB算法以及直方图统计算法等图像相似度算法计算得到。Taking the digital content as a screenshot of a web page as an example, the similarity between the above-mentioned pair of forensic results can be calculated based on image similarity algorithms such as perceptual hash algorithm, ORB algorithm, and histogram statistical algorithm.
此外,上述判断过程还可以其它步骤。还以数字内容为网页截图为例来说,还可以包括如下步骤:判断多个网页截图各自对应的属性信息(如,大小或者高度)是否相 等,和/或,判断多个取证结果各自对应的子截图是否匹配等。这里的子截图可以是基于预定义的截图规则(如,网页中背景颜色为白色的方形或者圆角区域)截取的。上述子截图是否匹配的判断也可以基于图片相似度算法以及属性信息等实现,具体判断过程同上所述,在此不复赘述。In addition, the above judgment process may also have other steps. Taking the digital content as a screenshot of a webpage as an example, it can also include the following steps: judging whether the corresponding attribute information (such as size or height) of multiple webpage screenshots are equal, and/or judging that multiple forensic results correspond to each other Whether the sub-screenshots match, etc. The sub-screenshots here can be taken based on predefined screenshot rules (for example, a square or rounded area with a white background color in a web page). The judgment of whether the above sub-screenshots match can also be realized based on the image similarity algorithm and attribute information. The specific judgment process is the same as that described above, and will not be repeated here.
当然,在实际应用中,多个取证结果是否相匹配的判断也可直接基于各自相应的子截图是否相匹配来实现,也即本方案无需要求每个取证结果完全一样,而只对关心核心内容(即子截图对应的内容),进而扩大了本方案的适用范围或者使用场景。Of course, in practical applications, the judgment of whether multiple forensic results match can also be realized directly based on whether the respective corresponding sub-screenshots match, that is, this solution does not require each forensic result to be exactly the same, but only cares about the core content (That is, the content corresponding to the sub-screenshot), which expands the scope of application or usage scenarios of this solution.
本说明书中,第一节点通过选取多个第二节点来执行取证任务的方式可以确保存证结果获取的安全与可靠。In this specification, the first node selects multiple second nodes to perform the forensic task, which can ensure the safety and reliability of the obtained evidence.
步骤210,若相匹配,则从多个取证结果中选取任意的第一取证结果作为存证结果。In step 210, if they match, any first forensic result is selected from a plurality of forensic results as the result of the forensic evidence.
还以数字内容为网页截图为例来说,若多张网页截图相匹配,那么可以从中选取任一张网页截图作为最终的存证结果。Taking the digital content as a screenshot of a webpage as an example, if multiple webpage screenshots match, then any webpage screenshot can be selected as the final certification result.
需要说明的是,若多个取证结果不相匹配,那么第一节点可以在区块链上广播其取证失败的信息。当然,也可以不广播任何信息,本说明书对此不作限定。此外,第一节点还可以从多个取证结果中选取出错误的取证结果,并确定发送错误的取证结果的第二节点。统计确定的第二节点发送错误的取证结果的次数。若次数大于预定阈值,则在区块链上广播确定的第二节点。由此,来实现对第二节点监督的功能。It should be noted that if multiple forensic results do not match, then the first node can broadcast its forensic failure information on the blockchain. Of course, it is not necessary to broadcast any information, which is not limited in this specification. In addition, the first node can also select an incorrect forensic result from a plurality of forensic results, and determine the second node that sends the incorrect forensic result. Count the number of times that the determined second node sends wrong forensic results. If the number of times is greater than the predetermined threshold, the determined second node is broadcast on the blockchain. In this way, the function of supervising the second node is realized.
步骤212,在本地存储存证结果,并向多个节点中除第一节点外的其它节点广播该存证结果,以使其它节点在对存证结果进行共识验证后存储。Step 212: Store the attestation result locally, and broadcast the attestation result to other nodes among the multiple nodes except the first node, so that other nodes store the attestation result after consensus verification.
这里,第一节点在本地存储存证结果的过程具体可以为:基于存证结果以及与存证结果相关的内容信息生成目标交易。在本地存储生成的目标交易。其中,在一种实现方式中,第一节点在生成上述目标交易之后,可以先将该目标交易记录在交易池中,之后再连通其它交易一起写入该第一节点对应区块的交易详情中。上述内容信息可以包括以下任一种或多种:存证结果对应的Hash值、取证任务的发起者(如,用户id)、第一节点的信息、第二节点的信息以及取证时间。Here, the process of the first node locally storing the attestation result may specifically be: generating a target transaction based on the attestation result and content information related to the attestation result. Store the generated target transaction locally. Among them, in one implementation, after the first node generates the above-mentioned target transaction, it may first record the target transaction in the transaction pool, and then connect to other transactions and write them into the transaction details of the corresponding block of the first node. . The foregoing content information may include any one or more of the following: Hash value corresponding to the evidence storage result, the initiator of the forensic task (for example, user id), the information of the first node, the information of the second node, and the time of obtaining the evidence.
此外,上述其它节点可以分为两类,其中,一类是委员会节点(即其它第一节点),另一类是除委员会节点外的节点(以下称为普通节点)。对于其它各第一节点,如果其取证结果获取成功,即如果其通过对应的若干第二节点获取的多个取证结果相匹配,那么在接收到上述第一节点发送的存证结果之后,其可以不执行任何操作。而如果其取证 结果获取失败,即如果其通过对应的若干第二节点获取的多个取证结果不相匹配,那么其执行与普通节点相同的共识验证操作(如下说明)。In addition, the above-mentioned other nodes can be divided into two types, one of which is committee nodes (that is, other first nodes), and the other is nodes other than committee nodes (hereinafter referred to as ordinary nodes). For each other first node, if its forensic result is successfully obtained, that is, if the multiple forensic results obtained by corresponding several second nodes match, then after receiving the above-mentioned first node, it can Do nothing. And if the forensic result fails to obtain, that is, if the multiple forensic results obtained through the corresponding second nodes do not match, then it performs the same consensus verification operation as the ordinary node (described below).
对于普通节点,其执行如下的共识验证操作。具体地,该普通节点先接收各第一节点广播的多个存证结果。之后基于从其它第一节点接收的存证结果,采用共识算法,对从第一节点接收的存证结果进行共识验证。这里的共识算法可以包括但不限于实用拜占庭容错(Practical Byzantine Fault Tolerance,PBFT)算法、工作量证明(Proof of Work,POW)算法、权益证明(Proof of Stake,POS)算法以及委托权益证明(Delegated Proof of Stake,DPOS)算法等。若共识验证通过,则将从上述第一节点接收的存证结果进行存储。其具体存储过程同第一节点的存储过程所述,在此不复赘述。For ordinary nodes, it performs the following consensus verification operations. Specifically, the ordinary node first receives multiple deposit results broadcast by each first node. Then, based on the deposit certificate results received from other first nodes, a consensus algorithm is adopted to perform consensus verification on the deposit certificate results received from the first node. The consensus algorithm here can include but is not limited to Practical Byzantine Fault Tolerance (PBFT) algorithm, Proof of Work (POW) algorithm, Proof of Stake (POS) algorithm, and Delegated Proof of Stake (Delegated) Proof of Stake, DPOS) algorithm, etc. If the consensus verification is passed, the deposit result received from the first node will be stored. The specific storage process is the same as the storage process of the first node, and will not be repeated here.
需要说明的是,对于其它节点,其在生成对应的目标交易时,与存证结果相关的内容信息可以是由第一节点在广播上述存证结果时,与该存证结果一起发送的。It should be noted that, for other nodes, when generating the corresponding target transaction, the content information related to the deposit result may be sent by the first node together with the deposit result when the above deposit result is broadcast.
还需要说明的是,对于存储到区块链上的存证结果,如果用户或司法机构需要提取或验证该存证结果,只需要基于该存证结果对应的Hash值,在区块链上查询或者获取该存证结果即可。It should also be noted that for the deposit result stored on the blockchain, if the user or judicial institution needs to extract or verify the deposit result, it only needs to query on the blockchain based on the hash value corresponding to the deposit result Or just get the deposit result.
总之,在本说明书实施例中,由于区块链具有可追溯、防篡改的特性,天生就是极佳的证据保存途径,因此在通过可信的处理链路产生证据后,保存在同样可信的区块链上,可以最大化证据的价值。此外,本说明书实施例适用于对各类数字内容的取证,只需要针对不同类型设定不同的匹配机制即可。In short, in the embodiments of this specification, because the blockchain has the characteristics of traceability and tamper resistance, it is inherently an excellent way to store evidence. Therefore, after the evidence is generated through a trusted processing link, it is stored in the same trusted On the blockchain, the value of evidence can be maximized. In addition, the embodiments of this specification are suitable for obtaining evidence of various types of digital content, and only need to set different matching mechanisms for different types.
上述实施例是以区块链中的第一节点为执行主体对本方案的说明,以下以第二节点为执行主体对本方案进行描述。The foregoing embodiment describes the solution with the first node in the blockchain as the execution subject, and the following describes the solution with the second node as the execution subject.
图3为本说明书另一个实施例提供的基于区块链的数字内容取证方法流程图。所述方法的执行主体可以为图1中的区块链的第二节点。如图3所示,所述方法具体可以包括步骤302-步骤312。Fig. 3 is a flowchart of a blockchain-based digital content forensics method provided by another embodiment of this specification. The execution subject of the method may be the second node of the blockchain in FIG. 1. As shown in FIG. 3, the method may specifically include step 302 to step 312.
步骤302,接收若干第一节点中任意的第一节点发送的取证任务的执行指示。Step 302: Receive an execution instruction of the forensic task sent by any first node among the plurality of first nodes.
这里,可以首先由上述第一节点接收由客户端或者区块链上的其它第一节点发送的取证任务。之后,第一节点选取出该第二节点,并向该第二节点发送取证任务的执行指示。Here, the forensic task sent by the client or other first nodes on the blockchain may be first received by the above-mentioned first node. After that, the first node selects the second node and sends the execution instruction of the forensic task to the second node.
步骤304,响应于执行指示,执行取证任务,以获得取证结果。Step 304: In response to the execution instruction, perform a forensic task to obtain a forensic result.
在一个示例中,第二节点在执行取证任务之前,可以先根据预定义的有效性验证规则,对第一节点的有效性进行验证。若有效性验证通过,则执行取证任务。In an example, before performing the forensics task, the second node may first verify the validity of the first node according to a predefined validity verification rule. If the validity verification is passed, the forensics task will be executed.
以数字内容为网页截图为例来说,上述取证任务的执行指示可以包括用户的uid以及待截图网页的URL地址。第二节点在接收到该执行指示之后,可以基于预先下载的docker镜像文件,启动docker容器。并在该docker容器中运行预先封装的浏览器。在运行后的浏览器中,基于URL地址加载待截图网页,并对待截图网页进行截图,以得到网页截图。可以理解的是,在该例子中,所得到的网页截图即为第二节点获得的取证结果。Taking the digital content as a screenshot of a webpage as an example, the execution instruction of the forensic task may include the uid of the user and the URL address of the webpage to be screenshotted. After receiving the execution instruction, the second node can start the docker container based on the pre-downloaded docker image file. And run the pre-packaged browser in the docker container. In the running browser, load the web page to be screenshot based on the URL address, and take a screenshot of the web page to be screenshot to obtain a screenshot of the web page. It is understandable that, in this example, the obtained screenshot of the webpage is the forensic result obtained by the second node.
步骤306,向第一节点返回取证结果。Step 306: Return the forensic result to the first node.
步骤308,接收第一节点至少基于该取证结果确定的存证结果。Step 308: Receive an attestation result determined by the first node at least based on the forensic result.
具体地,第一节点可以接收多个第二节点返回的取证结果。之后,第一节点可以判断多个取证结果是否相匹配。如,可以基于多个取证结果的两两取证结果间的相似度,来进行多个取证结果是否相匹配的判断。此外,还可以基于多个网页截图各自对应的属性信息(如,大小或者高度),和/或,多个取证结果各自对应的子截图,来进行多个取证结果是否相匹配的判断。Specifically, the first node may receive forensic results returned by multiple second nodes. After that, the first node can determine whether the multiple forensic results match. For example, it is possible to judge whether multiple forensic results match based on the similarity between the two forensic results of multiple forensic results. In addition, it is also possible to judge whether the multiple forensic results match based on the respective attribute information (such as size or height) of the multiple webpage screenshots, and/or the sub-screenshots corresponding to the multiple forensic results.
若相匹配,则从多个取证结果中选取任意的第一取证结果作为存证结果。If they match, any first forensic result is selected from the multiple forensic results as the result of the forensic evidence.
步骤310,基于从其它第一节点接收的存证结果,采用共识算法,对从上述第一节点接收的存证结果进行共识验证。Step 310: Based on the deposit result received from other first nodes, a consensus algorithm is used to perform consensus verification on the deposit result received from the first node.
可以理解的是,本说明书中,区块链中的每个第二节点都可以接收到一组第一节点中各第一节点在区块链上广播的存证结果。在接收到各第一节点发送的存证结果之后,就可以基于共识算法进行共识验证了。It is understandable that, in this specification, each second node in the blockchain can receive the deposit certificate results broadcast by each first node in a group of first nodes on the blockchain. After receiving the deposit certificate results sent by each first node, consensus verification can be performed based on the consensus algorithm.
上述共识算法可以为PBFT算法。The aforementioned consensus algorithm may be a PBFT algorithm.
步骤312,若共识验证通过,则对从第一节点接收的存证结果进行存储。In step 312, if the consensus verification is passed, the storage certificate result received from the first node is stored.
如前所述,第二节点除了可以接收第一节点广播的存证结果之外,还可以接收与该存证结果相关的内容信息。这里的内容信息可以是第一节点在执行获取该存证结果的流程时记录的。其可以包括但不限于存证结果对应的Hash值、取证任务的发起者(如,用户id)、第一节点的信息、第二节点的信息以及取证时间等。As mentioned above, in addition to receiving the attestation result broadcast by the first node, the second node may also receive content information related to the attestation result. The content information here may be recorded when the first node executes the process of obtaining the evidence result. It may include, but is not limited to, the hash value corresponding to the evidence deposit result, the initiator of the forensic task (for example, user id), the information of the first node, the information of the second node, and the time of obtaining the evidence, etc.
第二节点存储上述存证结果的过程具体可以为:基于存证结果以及与存证结果相 关的内容信息生成目标交易。在本地存储生成的目标交易。The process for the second node to store the foregoing deposit result may specifically be: generating a target transaction based on the deposit result and content information related to the deposit result. Store the generated target transaction locally.
需要说明的是,在本说明书中,第二节点存储的存证结果实际上经过了双重验证,即首先是第一节点进行了第一次验证,之后再经过共识算法进行了第二次验证,由此,可以大大提升存证结果的正确性和有效性。It should be noted that in this manual, the deposit result stored by the second node is actually double-verified, that is, the first node performs the first verification, and then the consensus algorithm performs the second verification. As a result, the correctness and validity of the deposit evidence can be greatly improved.
总之,本说明书实施例通过利用多次取证、校验和共识来保护所有处理过程安全可靠,以及证据可追溯、易验证。此外,本方案还可应用于其它场景,如,当在不可靠的网络中要求对冗余的数据容错和验证时,通过本方案将冗余的数据视为同一条证据,利用委员会投票和共识机制也可保证最后结果的正确性。In a word, the embodiments of this specification protect the safety and reliability of all processing processes by using multiple times of obtaining evidence, verification and consensus, and the evidence is traceable and easy to verify. In addition, this scheme can also be applied to other scenarios. For example, when redundant data is required to be fault-tolerant and verified in an unreliable network, the redundant data is treated as the same piece of evidence through this scheme, and committee voting and consensus are used. The mechanism can also guarantee the correctness of the final result.
综合以上两个实施例可以得出,本说明书提供的方案可以解决如下几个问题。Based on the above two embodiments, it can be concluded that the solution provided in this specification can solve the following problems.
第一,解决了取证流程中存在风险的问题。本方案通过保证处理链路形成可信的闭环,并且加入了多节点的校验,使整个过程拥有抵抗潜在威胁的能力,使得获取的证据具有很强的公信力。First, it solves the problem of risks in the forensics process. This solution ensures that the processing link forms a credible closed loop, and adds multi-node verification, so that the entire process has the ability to resist potential threats, and the obtained evidence has strong credibility.
第二,解决了证据保存存在风险的问题。本方案将通过验证的结果进行Hash值计算,然后与处理流程中的关键信息一同上链存证的方式,解决了保存证据中存在的风险,使得证据可验证、可追溯。Second, it solves the problem of the risk of evidence preservation. This solution will calculate the hash value through the result of the verification, and then upload it together with the key information in the processing process to store the evidence, which solves the risk in the preservation of evidence and makes the evidence verifiable and traceable.
第三,解决了证据验证不便的问题。本方案通过将证据上链保存的方式,使用户或司法机关在需要验证证据时,可以快速从链上提取Hash值进行验证,同时也可以核查证据的来源,极大提升处理效率。Third, the problem of inconvenient evidence verification is solved. By storing the evidence on the chain, this solution enables users or judicial organs to quickly extract the hash value from the chain for verification when they need to verify the evidence. At the same time, it can also verify the source of the evidence, which greatly improves the processing efficiency.
与上述基于区块链的数字内容取证方法对应地,本说明书一个实施例还提供的一种基于区块链的数字内容取证装置,该区块链包括多个节点,多个节点至少包括第一节点。所述装置由第一节点实施,如图4所示,该装置可以包括接收单元402、选取单元404、发送单元406、判断单元408以及存储原410。Corresponding to the above-mentioned blockchain-based digital content forensics method, an embodiment of this specification also provides a blockchain-based digital content forensics device. The blockchain includes multiple nodes, and the multiple nodes include at least a first node. The device is implemented by the first node. As shown in FIG. 4, the device may include a receiving unit 402, a selecting unit 404, a sending unit 406, a judging unit 408, and a storage source 410.
接收单元402,用于接收数字内容的取证任务。The receiving unit 402 is used to receive forensics tasks of digital content.
这里的数字内容包括以下任一项:网页截图、音频文件以及视频文件等。取证任务包括以下任一项:截图任务、抓取任务以及录制任务。The digital content here includes any of the following: webpage screenshots, audio files, video files, etc. Forensic tasks include any of the following: screenshot tasks, capture tasks, and recording tasks.
选取单元404,用于从多个节点中选取若干第二节点。The selecting unit 404 is configured to select a number of second nodes from a plurality of nodes.
发送单元406,用于向选取单元404选取的若干第二节点中的各第二节点发送取证任务的执行指示。The sending unit 406 is configured to send an execution instruction of the forensic task to each of the plurality of second nodes selected by the selecting unit 404.
接收单元402,还用于接收各第二节点在执行完成相应的取证任务之后返回的多个取证结果。The receiving unit 402 is further configured to receive multiple forensic results returned by each second node after completing the corresponding forensic task.
判断单元408,用于判断接收单元402接收的多个取证结果是否相匹配。The judging unit 408 is configured to judge whether the multiple forensic results received by the receiving unit 402 match.
判断单元408具体可以用于:计算多个取证结果的两两取证结果间的相似度。The judging unit 408 may be specifically used to calculate the similarity between the pairwise forensic results of multiple forensic results.
基于多个取证结果的两两取证结果间的相似度,将多个取证结果划分为至少一个分组。Based on the similarity between the two forensic results of the multiple forensic results, the multiple forensic results are divided into at least one group.
基于至少一个分组中的取证结果的个数,判断多个取证结果是否相匹配。Based on the number of forensic results in at least one group, it is determined whether multiple forensic results match.
判断单元408还具体可以用于:判断至少一个分组中是否存在取证结果的个数大于第一阈值的第一分组。若存在该第一分组,则确定多个取证结果相匹配。The judging unit 408 may also be specifically configured to judge whether there is a first group whose number of forensic results is greater than a first threshold in the at least one group. If the first group exists, it is determined that multiple forensic results match.
可选地,若取证结果为网页截图,判断单元408还具体可以用于:基于多个取证结果各自对应的属性信息和/或基于多个取证结果各自对应的子截图的匹配结果,判断多个取证结果是否相匹配。Optionally, if the forensic result is a screenshot of a webpage, the determining unit 408 may be specifically configured to: determine multiple forensic results based on the attribute information corresponding to each of the multiple forensic results and/or based on the matching results of the sub-screenshots corresponding to each of the multiple forensic results. Whether the forensic results match.
选取单元404,还用于若判断单元408判断相匹配,则从多个取证结果中选取任意的第一取证结果作为存证结果。The selecting unit 404 is further configured to, if the determining unit 408 determines that they match, select any first forensic result from a plurality of forensic results as the result of the forensic evidence.
存储单元410,用于在本地存储选取单元404选取的存证结果。The storage unit 410 is configured to locally store the storage result selected by the selection unit 404.
存储单元410具体可以用于:基于存证结果以及与存证结果相关的内容信息生成目标交易。The storage unit 410 may be specifically used to generate a target transaction based on the deposit certificate result and content information related to the deposit certificate result.
在本地存储目标交易。Store the target transaction locally.
上述内容信息包括以下任一种或多种:存证结果对应的Hash值、取证任务的发起者、第一节点的信息、第二节点的信息以及取证时间。The foregoing content information includes any one or more of the following: Hash value corresponding to the evidence deposit result, the initiator of the forensic task, the information of the first node, the information of the second node, and the time of obtaining the evidence.
发送单元406,还用于向多个节点中除第一节点外的其它节点广播该存证结果,以使其它节点在对存证结果进行共识验证后存储。The sending unit 406 is also configured to broadcast the certification result to other nodes among the multiple nodes except the first node, so that other nodes store the certification result after consensus verification.
可选地,该装置还可以包括:统计单元(图中未示出)。Optionally, the device may further include: a statistical unit (not shown in the figure).
选取单元404,还用于若多个取证结果不相匹配,则从多个取证结果中选取出错误的取证结果,并确定发送错误的取证结果的第二节点。The selecting unit 404 is further configured to select an erroneous forensic result from the multiple forensic results if the multiple forensic results do not match, and determine the second node that sends the erroneous forensic result.
统计单元,用于统计确定的第二节点发送错误的取证结果的次数。The statistical unit is used to count the number of times that the determined second node sends wrong forensic results.
发送单元406,还用于若统计单元统计的次数大于预定阈值,则在区块链上广播确 定的第二节点。The sending unit 406 is further configured to broadcast the determined second node on the blockchain if the number of times counted by the statistical unit is greater than a predetermined threshold.
本说明书上述实施例装置的各功能模块的功能,可以通过上述方法实施例的各步骤来实现,因此,本说明书一个实施例提供的装置的具体工作过程,在此不复赘述。The function of each functional module of the device in the above-mentioned embodiment of this specification can be realized by the steps of the above-mentioned method embodiment. Therefore, the specific working process of the device provided in an embodiment of this specification will not be repeated here.
本说明书一个实施例提供的基于区块链的数字内容取证装置,接收单元402接收数字内容的取证任务。选取单元404从多个节点中选取若干第二节点。发送单元406向选取的若干第二节点中的各第二节点发送取证任务的执行指示。接收单元402接收各第二节点在执行完成相应的取证任务之后返回的多个取证结果。判断单元408判断多个取证结果是否相匹配。若相匹配,则选取单元404从多个取证结果中选取任意的第一取证结果作为存证结果。存储单元410在本地存储存证结果。发送单元406向多个节点中除第一节点外的其它节点广播该存证结果,以使其它节点在对存证结果进行共识验证后存储。由此,可以提高获取的数字内容的可信度。In the digital content forensics device based on blockchain provided in an embodiment of this specification, the receiving unit 402 receives the forensics task of the digital content. The selecting unit 404 selects a number of second nodes from a plurality of nodes. The sending unit 406 sends an execution instruction of the forensic task to each of the selected second nodes. The receiving unit 402 receives multiple forensic results returned by each second node after completing the corresponding forensic task. The judging unit 408 judges whether the multiple forensic results match. If they match, the selecting unit 404 selects any first forensic result from the multiple forensic results as the evidence storage result. The storage unit 410 locally stores the attestation result. The sending unit 406 broadcasts the certification result to nodes other than the first node among the multiple nodes, so that other nodes store the certification result after consensus verification. As a result, the credibility of the acquired digital content can be improved.
与上述基于区块链的数字内容取证方法对应地,本说明书一个实施例还提供的一种基于区块链的数字内容取证装置,该区块链包括多个节点,该多个节点包括若干第一节点和第二节点。该装置由第二节点实施,如图5所示,该装置可以包括接收单元502、执行单元504、发送大院506、共识单元508以及存储单元510。Corresponding to the above-mentioned blockchain-based digital content forensics method, an embodiment of this specification also provides a blockchain-based digital content forensics device. The blockchain includes a plurality of nodes, and the plurality of nodes includes a plurality of One node and second node. The device is implemented by the second node. As shown in FIG. 5, the device may include a receiving unit 502, an executing unit 504, a sending compound 506, a consensus unit 508, and a storage unit 510.
接收单元502,用于接收若干第一节点中任意的第一节点发送的取证任务的执行指示。The receiving unit 502 is configured to receive an execution instruction of a forensic task sent by any first node among several first nodes.
执行单元504,用于响应于接收单元502接收的执行指示,执行取证任务,以获得取证结果。The execution unit 504 is configured to execute the forensic task in response to the execution instruction received by the receiving unit 502 to obtain the forensic result.
执行单元504具体可以用于:根据预定义的有效性验证规则,对第一节点的有效性进行验证。The execution unit 504 may be specifically configured to verify the validity of the first node according to a predefined validity verification rule.
若有效性验证通过,则执行取证任务。If the validity verification is passed, the forensics task will be executed.
发送单元506,用于向第一节点返回取证结果。The sending unit 506 is configured to return the forensic result to the first node.
接收单元502,还用于接收第一节点至少基于该取证结果确定的存证结果。The receiving unit 502 is further configured to receive the evidence deposit result determined by the first node at least based on the forensic result.
共识单元508,用于基于接收单元502从其它第一节点接收的存证结果,采用共识算法,对从第一节点接收的存证结果进行共识验证。The consensus unit 508 is configured to use a consensus algorithm to perform consensus verification on the deposit result received from the first node based on the deposit result received by the receiving unit 502 from other first nodes.
这里的共识算法可以为实用拜占庭容错PBFT算法。The consensus algorithm here can be a practical Byzantine fault-tolerant PBFT algorithm.
存储单元510,用于若共识单元508共识验证通过,则对从第一节点接收的存证结 果进行存储。The storage unit 510 is configured to store the certificate deposit result received from the first node if the consensus verification by the consensus unit 508 is passed.
本说明书上述实施例装置的各功能模块的功能,可以通过上述方法实施例的各步骤来实现,因此,本说明书一个实施例提供的装置的具体工作过程,在此不复赘述。The function of each functional module of the device in the above-mentioned embodiment of this specification can be realized by the steps of the above-mentioned method embodiment. Therefore, the specific working process of the device provided in an embodiment of this specification will not be repeated here.
本说明书一个实施例提供的基于区块链的数字内容取证装置,可以提高获取的数字内容的可信度。The block chain-based digital content forensics device provided in an embodiment of this specification can improve the credibility of the acquired digital content.
与上述基于区块链的数字内容取证方法对应地,本说明书一个实施例还提供的一种取证设备,该设备可以包括:存储器602、一个或多个处理器604以及一个或多个程序。其中,该一个或多个程序存储在存储器602中,并且被配置成由一个或多个处理器604执行,该程序被处理器604执行时实现以下步骤:接收数字内容的取证任务;从多个节点中选取若干第二节点,并向若干第二节点中的各第二节点发送取证任务的执行指示;接收各第二节点在执行完成相应的取证任务之后返回的多个取证结果;判断多个取证结果是否相匹配;若相匹配,则从多个取证结果中选取任意的第一取证结果作为存证结果;在本地存储存证结果,并向多个节点中除第一节点外的其它节点广播该存证结果,以使其它节点在对存证结果进行共识验证后存储。Corresponding to the foregoing blockchain-based digital content forensics method, an embodiment of this specification also provides a forensics device, which may include a memory 602, one or more processors 604, and one or more programs. Wherein, the one or more programs are stored in the memory 602 and are configured to be executed by one or more processors 604. When the programs are executed by the processor 604, the following steps are implemented: receiving digital content forensic tasks; A number of second nodes are selected from the nodes, and the execution instructions of the forensics task are sent to each of the plurality of second nodes; the multiple forensics results returned by each second node after the completion of the corresponding forensics task are received; multiple forensic results are judged Whether the forensic results match; if they match, select any first forensic result from the multiple forensic results as the attestation result; store the attestation result locally and send it to the nodes other than the first node among the multiple forensic results Broadcast the deposit result so that other nodes will store the deposit result after consensus verification.
本说明书一个实施例提供的取证设备,可以提高获取的数字内容的可信度。The forensic device provided in an embodiment of this specification can improve the credibility of acquired digital content.
与上述基于区块链的数字内容取证方法对应地,本说明书另一个实施例还提供的一种取证设备也可以如图6所示,即可以包括:存储器602、一个或多个处理器604以及一个或多个程序。其中,该一个或多个程序存储在存储器602中,并且被配置成由一个或多个处理器604执行。所不同的是,该程序被处理器604执行时实现以下步骤:接收若干第一节点中任意的第一节点发送的取证任务的执行指示;响应于该执行指示,执行取证任务,以获得取证结果;向第一节点返回取证结果。接收第一节点至少基于该取证结果确定的存证结果;基于从其它第一节点接收的存证结果,采用共识算法,对从第一节点接收的存证结果进行共识验证;若共识验证通过,则对从第一节点接收的存证结果进行存储。Corresponding to the foregoing blockchain-based digital content forensics method, another forensic device provided in another embodiment of this specification may also be as shown in FIG. One or more programs. Wherein, the one or more programs are stored in the memory 602, and are configured to be executed by one or more processors 604. The difference is that when the program is executed by the processor 604, the following steps are implemented: receiving the execution instruction of the forensic task sent by any first node among the first nodes; in response to the execution instruction, execute the forensic task to obtain the forensic result ; Return the forensic result to the first node. The receiving first node at least determines the evidence deposit result based on the forensic result; based on the evidence result received from other first nodes, the consensus algorithm is adopted to perform consensus verification on the evidence result received from the first node; if the consensus verification is passed, Then the deposit result received from the first node is stored.
本说明书一个实施例提供的取证设备,可以提高获取的数字内容的可信度。The forensic device provided in an embodiment of this specification can improve the credibility of acquired digital content.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于设备实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the difference from other embodiments. In particular, as for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
结合本说明书公开内容所描述的方法或者算法的步骤可以硬件的方式来实现,也可以是由处理器执行软件指令的方式来实现。软件指令可以由相应的软件模块组成,软件模块可以被存放于RAM存储器、闪存、ROM存储器、EPROM存储器、EEPROM存储器、寄存器、硬盘、移动硬盘、CD-ROM或者本领域熟知的任何其它形式的存储介质中。一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于ASIC中。另外,该ASIC可以位于服务器中。当然,处理器和存储介质也可以作为分立组件存在于服务器中。The steps of the method or algorithm described in conjunction with the disclosure of this specification can be implemented in a hardware manner, or can be implemented in a manner in which a processor executes software instructions. Software instructions can be composed of corresponding software modules, which can be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, mobile hard disk, CD-ROM or any other form of storage known in the art Medium. An exemplary storage medium is coupled to the processor, so that the processor can read information from the storage medium and write information to the storage medium. Of course, the storage medium may also be an integral part of the processor. The processor and the storage medium may be located in the ASIC. In addition, the ASIC may be located in the server. Of course, the processor and the storage medium may also exist as discrete components in the server.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art should be aware that, in one or more of the foregoing examples, the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof. When implemented by software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium. The computer-readable medium includes a computer storage medium and a communication medium, where the communication medium includes any medium that facilitates the transfer of a computer program from one place to another. The storage medium may be any available medium that can be accessed by a general-purpose or special-purpose computer.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
以上所述的具体实施方式,对本说明书的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本说明书的具体实施方式而已,并不用于限定本说明书的保护范围,凡在本说明书的技术方案的基础之上,所做的任何修改、等同替换、改进等,均应包括在本说明书的保护范围之内。The specific implementations described above further describe the purpose, technical solutions and beneficial effects of this specification. It should be understood that the above are only specific implementations of this specification and are not intended to limit the description of this specification. The scope of protection, any modification, equivalent replacement, improvement, etc. made on the basis of the technical solution of this specification shall be included in the scope of protection of this specification.

Claims (22)

  1. 一种基于区块链的数字内容取证方法,所述区块链包括多个节点,所述多个节点至少包括第一节点,所述方法由所述第一节点执行,包括:A digital content forensics method based on a blockchain, the blockchain including a plurality of nodes, the plurality of nodes includes at least a first node, and the method is executed by the first node and includes:
    接收数字内容的取证任务;Forensic tasks for receiving digital content;
    从所述多个节点中选取若干第二节点,并向所述若干第二节点中的各第二节点发送取证任务的执行指示;Selecting a number of second nodes from the plurality of nodes, and sending an execution instruction of the forensic task to each of the plurality of second nodes;
    接收所述各第二节点在执行完成相应的取证任务之后返回的多个取证结果;Receiving multiple forensic results returned by each of the second nodes after completing the corresponding forensic task;
    判断多个取证结果是否相匹配;若相匹配,则从所述多个取证结果中选取任意的第一取证结果作为存证结果;Judge whether the multiple forensic results match; if they match, select any first forensic result from the multiple forensic results as the evidence storage result;
    在本地存储所述存证结果,并向所述多个节点中除所述第一节点外的其它节点广播该存证结果,以使其它节点在对所述存证结果进行共识验证后存储。Store the attestation result locally, and broadcast the attestation result to other nodes among the multiple nodes except the first node, so that other nodes store the attestation result after consensus verification of the attestation result.
  2. 根据权利要求1所述的方法,判断所述多个取证结果是否相匹配,包括:The method according to claim 1, determining whether the multiple forensic results match, comprising:
    计算所述多个取证结果的两两取证结果间的相似度;Calculating the similarity between the two forensic results of the multiple forensic results;
    基于所述多个取证结果的两两取证结果间的相似度,将所述多个取证结果划分为至少一个分组;Dividing the multiple forensic results into at least one group based on the similarity between the pair of forensic results of the multiple forensic results;
    基于所述至少一个分组中的取证结果的个数,判断所述多个取证结果是否相匹配。Based on the number of forensic results in the at least one group, it is determined whether the multiple forensic results match.
  3. 根据权利要求2所述的方法,基于所述至少一个分组中的取证结果的个数,判断所述多个取证结果是否相匹配,包括:The method according to claim 2, based on the number of forensic results in the at least one group, judging whether the multiple forensic results match, comprising:
    判断所述至少一个分组中是否存在取证结果的个数大于第一阈值的第一分组;若存在所述第一分组,则确定所述多个取证结果相匹配。It is determined whether there is a first group with a number of forensic results greater than a first threshold in the at least one group; if the first group exists, it is determined that the multiple forensic results match.
  4. 根据权利要求2所述的方法,所述取证结果为网页截图;所述判断多个取证结果是否相匹配,还包括:The method according to claim 2, wherein the forensic result is a screenshot of a webpage; and the judging whether a plurality of forensic results match, further comprises:
    基于所述多个取证结果各自对应的属性信息和/或基于所述多个取证结果各自对应的子截图的匹配结果,判断所述多个取证结果是否相匹配。Based on the attribute information corresponding to each of the multiple forensic results and/or based on the matching results of the sub-screenshots corresponding to the multiple forensic results, it is determined whether the multiple forensic results match.
  5. 根据权利要求1所述的方法,所述在本地存储所述存证结果,包括:The method according to claim 1, wherein the storing the evidence result locally includes:
    基于所述存证结果以及与所述存证结果相关的内容信息生成目标交易;Generating a target transaction based on the deposit result and content information related to the deposit result;
    在本地存储所述目标交易;Store the target transaction locally;
    所述内容信息包括以下任一种或多种:存证结果对应的Hash值、取证任务的发起者、第一节点的信息、第二节点的信息以及取证时间。The content information includes any one or more of the following: the Hash value corresponding to the evidence deposit result, the initiator of the forensic task, the information of the first node, the information of the second node, and the time of obtaining the evidence.
  6. 根据权利要求1所述的方法,还包括:The method according to claim 1, further comprising:
    若所述多个取证结果不相匹配,则从所述多个取证结果中选取出错误的取证结果, 并确定发送所述错误的取证结果的第二节点;If the multiple forensic results do not match, select an erroneous forensic result from the multiple forensic results, and determine the second node that sends the erroneous forensic result;
    统计确定的第二节点发送错误的取证结果的次数;Count the number of times that the determined second node sends wrong forensic results;
    若所述次数大于预定阈值,则在所述区块链上广播所述确定的第二节点。If the number of times is greater than a predetermined threshold, broadcast the determined second node on the blockchain.
  7. 根据权利要求1-6中任一项所述的方法,所述数字内容包括以下任一项:网页截图、音频文件以及视频文件;所述取证任务包括以下任一项:截图任务、抓取任务以及录制任务。The method according to any one of claims 1 to 6, wherein the digital content includes any one of the following: a screenshot of a webpage, an audio file, and a video file; the forensic task includes any one of the following: a screenshot task, a capture task And recording tasks.
  8. 一种基于区块链的数字内容取证方法,所述区块链包括多个节点,所述多个节点包括若干第一节点和第二节点,所述方法由所述第二节点执行,包括:A digital content forensics method based on a blockchain, the blockchain including a plurality of nodes, the plurality of nodes including a plurality of first nodes and a second node, the method being executed by the second node, including:
    接收所述若干第一节点中任意的第一节点发送的取证任务的执行指示;Receiving an execution instruction of a forensic task sent by any first node among the plurality of first nodes;
    响应于所述执行指示,执行所述取证任务,以获得取证结果;In response to the execution instruction, execute the forensic task to obtain a forensic result;
    向所述第一节点返回所述取证结果;Return the forensic result to the first node;
    接收所述第一节点至少基于所述取证结果确定的存证结果;Receiving the evidence deposit result determined by the first node at least based on the forensic result;
    基于从其它第一节点接收的存证结果,采用共识算法,对从所述第一节点接收的存证结果进行共识验证;Based on the deposit certificate results received from other first nodes, adopting a consensus algorithm to perform consensus verification on the deposit certificate results received from the first node;
    若共识验证通过,则对从所述第一节点接收的存证结果进行存储。If the consensus verification is passed, the storage certificate result received from the first node is stored.
  9. 根据权利要求8所述的方法,所述执行所述取证任务,包括:The method according to claim 8, wherein said performing said forensic task comprises:
    根据预定义的有效性验证规则,对所述第一节点的有效性进行验证;Verify the validity of the first node according to a predefined validity verification rule;
    若有效性验证通过,则执行所述取证任务。If the validity verification is passed, the forensic task is executed.
  10. 根据权利要求8或9所述的方法,所述共识算法为实用拜占庭容错PBFT算法。According to the method of claim 8 or 9, the consensus algorithm is a practical Byzantine fault-tolerant PBFT algorithm.
  11. 一种基于区块链的数字内容取证装置,所述区块链包括多个节点,所述多个节点至少包括第一节点,所述装置由所述第一节点实施,包括:A digital content forensics device based on a blockchain, the blockchain including a plurality of nodes, the plurality of nodes includes at least a first node, and the device is implemented by the first node and includes:
    接收单元,用于接收数字内容的取证任务;The receiving unit is used to receive the forensic task of digital content;
    选取单元,用于从所述多个节点中选取若干第二节点;The selection unit is used to select a number of second nodes from the plurality of nodes;
    发送单元,用于向所述选取单元选取的所述若干第二节点中的各第二节点发送取证任务的执行指示;A sending unit, configured to send an execution instruction of a forensic task to each of the plurality of second nodes selected by the selection unit;
    所述接收单元,还用于接收所述各第二节点在执行完成相应的取证任务之后返回的多个取证结果;The receiving unit is further configured to receive multiple forensic results returned by each of the second nodes after completing the corresponding forensic task;
    判断单元,用于判断所述接收单元接收的多个取证结果是否相匹配;A judging unit, configured to judge whether the multiple forensic results received by the receiving unit match;
    所述选取单元,还用于若所述判断单元判断相匹配,则从所述多个取证结果中选取任意的第一取证结果作为存证结果;The selecting unit is further configured to select any first forensic result from the plurality of forensic results as the result of the evidence if the judgment unit judges that they match;
    存储单元,用于在本地存储所述选取单元选取的所述存证结果;A storage unit, configured to locally store the evidence storage result selected by the selection unit;
    所述发送单元,还用于向所述多个节点中除所述第一节点外的其它节点广播该存证结果,以使其它节点在对所述存证结果进行共识验证后存储。The sending unit is further configured to broadcast the certification result to other nodes among the multiple nodes except the first node, so that other nodes store the certification result after consensus verification.
  12. 根据权利要求11所述的装置,所述判断单元具体用于:According to the device according to claim 11, the judgment unit is specifically configured to:
    计算所述多个取证结果的两两取证结果间的相似度;Calculating the similarity between the two forensic results of the multiple forensic results;
    基于所述多个取证结果的两两取证结果间的相似度,将所述多个取证结果划分为至少一个分组;Dividing the multiple forensic results into at least one group based on the similarity between the pair of forensic results of the multiple forensic results;
    基于所述至少一个分组中的取证结果的个数,判断所述多个取证结果是否相匹配。Based on the number of forensic results in the at least one group, it is determined whether the multiple forensic results match.
  13. 根据权利要求12所述的装置,所述判断单元还用于:According to the device according to claim 12, the judging unit is further configured to:
    判断所述至少一个分组中是否存在取证结果的个数大于第一阈值的第一分组;若存在所述第一分组,则确定所述多个取证结果相匹配。It is determined whether there is a first group with a number of forensic results greater than a first threshold in the at least one group; if the first group exists, it is determined that the multiple forensic results match.
  14. 根据权利要求12所述的装置,所述取证结果为网页截图;所述判断单元还具体用于:The apparatus according to claim 12, wherein the forensic result is a screenshot of a webpage; the judgment unit is further specifically configured to:
    基于所述多个取证结果各自对应的属性信息和/或基于所述多个取证结果各自对应的子截图的匹配结果,判断所述多个取证结果是否相匹配。Based on the attribute information corresponding to each of the multiple forensic results and/or based on the matching results of the sub-screenshots corresponding to the multiple forensic results, it is determined whether the multiple forensic results match.
  15. 根据权利要求11所述的装置,所述存储单元用于:The device according to claim 11, the storage unit is configured to:
    基于所述存证结果以及与所述存证结果相关的内容信息生成目标交易;Generating a target transaction based on the deposit result and content information related to the deposit result;
    在本地存储所述目标交易;Store the target transaction locally;
    所述内容信息包括以下任一种或多种:存证结果对应的Hash值、取证任务的发起者、第一节点的信息、第二节点的信息以及取证时间。The content information includes any one or more of the following: the Hash value corresponding to the evidence deposit result, the initiator of the forensic task, the information of the first node, the information of the second node, and the time of obtaining the evidence.
  16. 根据权利要求11所述的装置,还包括:统计单元;The device according to claim 11, further comprising: a statistical unit;
    所述选取单元,还用于若所述多个取证结果不相匹配,则从所述多个取证结果中选取出错误的取证结果,并确定发送所述错误的取证结果的第二节点;The selecting unit is further configured to select an erroneous forensic result from the multiple forensic results if the multiple forensic results do not match, and determine the second node that sends the erroneous forensic result;
    所述统计单元,用于统计确定的第二节点发送错误的取证结果的次数;The statistical unit is configured to count the number of times that the determined second node sends wrong forensic results;
    所述发送单元,还用于若所述统计单元统计的所述次数大于预定阈值,则在所述区块链上广播所述确定的第二节点。The sending unit is further configured to broadcast the determined second node on the blockchain if the number of times counted by the statistics unit is greater than a predetermined threshold.
  17. 根据权利要求11-16中任一项所述的装置,其中The device according to any one of claims 11-16, wherein
    所述数字内容包括以下任一项:网页截图、音频文件以及视频文件;The digital content includes any one of the following: webpage screenshots, audio files, and video files;
    所述取证任务包括以下任一项:截图任务、抓取任务以及录制任务。The forensic task includes any one of the following: a screenshot task, a capture task, and a recording task.
  18. 一种基于区块链的数字内容取证装置,所述区块链包括多个节点,所述多个节点包括若干第一节点和第二节点,所述装置由所述第二节点实施,包括:A digital content forensics device based on a blockchain. The blockchain includes multiple nodes. The multiple nodes include a number of first nodes and second nodes. The device is implemented by the second node and includes:
    接收单元,用于接收所述若干第一节点中任意的第一节点发送的取证任务的执行指 示;A receiving unit, configured to receive an execution instruction of a forensic task sent by any first node among the plurality of first nodes;
    执行单元,用于响应于所述接收单元接收的所述执行指示,执行所述取证任务,以获得取证结果;An execution unit, configured to execute the forensic task in response to the execution instruction received by the receiving unit to obtain a forensic result;
    发送单元,用于向所述第一节点返回所述取证结果;A sending unit, configured to return the forensic result to the first node;
    所述接收单元,还用于接收所述第一节点至少基于所述取证结果确定的存证结果;The receiving unit is further configured to receive the evidence deposit result determined by the first node at least based on the forensic result;
    共识单元,用于基于所述接收单元从其它第一节点接收的存证结果,采用共识算法,对从所述第一节点接收的存证结果进行共识验证;The consensus unit is configured to use a consensus algorithm to perform consensus verification on the deposit result received from the first node based on the deposit result received by the receiving unit from the other first node;
    存储单元,用于若所述共识单元共识验证通过,则对从所述第一节点接收的存证结果进行存储。The storage unit is configured to store the certification result received from the first node if the consensus verification of the consensus unit is passed.
  19. 根据权利要求18所述的装置,所述执行单元具体用于:According to the device of claim 18, the execution unit is specifically configured to:
    根据预定义的有效性验证规则,对所述第一节点的有效性进行验证;Verify the validity of the first node according to a predefined validity verification rule;
    若有效性验证通过,则执行所述取证任务。If the validity verification is passed, the forensic task is executed.
  20. 根据权利要求18或19所述的装置,所述共识算法为实用拜占庭容错PBFT算法。The device according to claim 18 or 19, wherein the consensus algorithm is a practical Byzantine fault-tolerant PBFT algorithm.
  21. 一种取证设备,包括:A forensic device, including:
    存储器;Memory
    一个或多个处理器;以及One or more processors; and
    一个或多个程序,其中所述一个或多个程序存储在所述存储器中,并且被配置成由所述一个或多个处理器执行,所述程序被所述处理器执行时实现以下步骤:One or more programs, wherein the one or more programs are stored in the memory and are configured to be executed by the one or more processors, and the following steps are implemented when the programs are executed by the processor:
    接收数字内容的取证任务;Forensic tasks for receiving digital content;
    从区块链的多个节点中选取若干第二节点,并向所述若干第二节点中的各第二节点发送取证任务的执行指示;Selecting a number of second nodes from a plurality of nodes in the blockchain, and sending an execution instruction of the forensic task to each of the plurality of second nodes;
    接收所述各第二节点在执行完成相应的取证任务之后返回的多个取证结果;Receiving multiple forensic results returned by each of the second nodes after completing the corresponding forensic task;
    判断多个取证结果是否相匹配;若相匹配,则从所述多个取证结果中选取任意的第一取证结果作为存证结果;Judge whether the multiple forensic results match; if they match, select any first forensic result from the multiple forensic results as the evidence storage result;
    在本地存储所述存证结果,并向所述多个节点中除所述第一节点外的其它节点广播该存证结果,以使其它节点在对所述存证结果进行共识验证后存储。Store the attestation result locally, and broadcast the attestation result to other nodes among the multiple nodes except the first node, so that other nodes store the attestation result after consensus verification.
  22. 一种取证设备,包括:A forensic device, including:
    存储器;Memory
    一个或多个处理器;以及One or more processors; and
    一个或多个程序,其中所述一个或多个程序存储在所述存储器中,并且被配置成由 所述一个或多个处理器执行,所述程序被所述处理器执行时实现以下步骤:One or more programs, wherein the one or more programs are stored in the memory and are configured to be executed by the one or more processors, and when the programs are executed by the processor, the following steps are implemented:
    接收区块链的若干第一节点中任意的第一节点发送的取证任务的执行指示;Receiving the execution instruction of the forensic task sent by any first node among the several first nodes of the blockchain;
    响应于所述执行指示,执行所述取证任务,以获得取证结果;In response to the execution instruction, execute the forensic task to obtain a forensic result;
    向所述第一节点返回所述取证结果;Return the forensic result to the first node;
    接收所述第一节点至少基于所述取证结果确定的存证结果;Receiving the evidence deposit result determined by the first node at least based on the forensic result;
    基于从其它第一节点接收的存证结果,采用共识算法,对从所述第一节点接收的存证结果进行共识验证;Based on the deposit certificate results received from other first nodes, adopting a consensus algorithm to perform consensus verification on the deposit certificate results received from the first node;
    若共识验证通过,则对从所述第一节点接收的存证结果进行存储。If the consensus verification is passed, the storage certificate result received from the first node is stored.
PCT/CN2020/126973 2019-12-31 2020-11-06 Blockchain-based digital content evidence collection method, apparatus and device WO2021135641A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911415052.4 2019-12-31
CN201911415052.4A CN111143883B (en) 2019-12-31 2019-12-31 Digital content evidence obtaining method, device and equipment based on block chain

Publications (1)

Publication Number Publication Date
WO2021135641A1 true WO2021135641A1 (en) 2021-07-08

Family

ID=70522739

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/126973 WO2021135641A1 (en) 2019-12-31 2020-11-06 Blockchain-based digital content evidence collection method, apparatus and device

Country Status (2)

Country Link
CN (1) CN111143883B (en)
WO (1) WO2021135641A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11778167B1 (en) 2022-07-26 2023-10-03 Insight Direct Usa, Inc. Method and system for preprocessing optimization of streaming video data
US11849240B2 (en) 2021-12-29 2023-12-19 Insight Direct Usa, Inc. Dynamically configured processing of a region of interest dependent upon published video data selected by a runtime configuration file
US11961273B2 (en) 2021-12-29 2024-04-16 Insight Direct Usa, Inc. Dynamically configured extraction, preprocessing, and publishing of a region of interest that is a subset of streaming video data

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110806913A (en) * 2019-10-30 2020-02-18 支付宝(杭州)信息技术有限公司 Webpage screenshot method, device and equipment
CN111143883B (en) * 2019-12-31 2021-08-03 支付宝(杭州)信息技术有限公司 Digital content evidence obtaining method, device and equipment based on block chain
CN111612964B (en) * 2020-05-21 2021-01-26 广东乐佳印刷有限公司 Bill certificate anti-counterfeiting detection method and device based on block chain
CN111523092A (en) * 2020-07-03 2020-08-11 支付宝(杭州)信息技术有限公司 Picture generation method and device based on block chain and electronic equipment
CN112579960A (en) * 2020-12-24 2021-03-30 杭州趣链科技有限公司 Webpage evidence obtaining method, webpage evidence obtaining device and server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180227131A1 (en) * 2017-02-06 2018-08-09 ShoCard, Inc. Electronic identification verification methods and systems with storage of certification records to a side chain
CN110334484A (en) * 2019-06-27 2019-10-15 腾讯科技(深圳)有限公司 A kind of copyright authentication method, apparatus, computer equipment and storage medium
CN111143883A (en) * 2019-12-31 2020-05-12 支付宝(杭州)信息技术有限公司 Digital content evidence obtaining method, device and equipment based on block chain

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105573828B (en) * 2015-12-17 2019-04-12 布比(北京)网络技术有限公司 A kind of operation processing method and device
CN106354994B (en) * 2016-08-22 2019-01-18 布比(北京)网络技术有限公司 Handle the method and system of medical data
CN108959416B (en) * 2018-06-08 2020-01-10 浙江数秦科技有限公司 Webpage data automatic evidence obtaining and storing method based on block chain
CN108920966A (en) * 2018-06-25 2018-11-30 北京奇虎科技有限公司 A kind of block chain deposits card, evidence collecting method and device
CN109150550A (en) * 2018-10-31 2019-01-04 重庆爱思网安信息技术有限公司 A kind of electronic data dynamic hash chain common recognition storage system and method
CN110032880B (en) * 2018-12-13 2021-10-29 创新先进技术有限公司 Screen recording evidence obtaining method and system based on block chain and electronic equipment
CN110035105B (en) * 2018-12-13 2021-09-21 创新先进技术有限公司 Screen recording evidence obtaining method and system based on block chain and electronic equipment
CN110046994B (en) * 2018-12-28 2020-05-12 阿里巴巴集团控股有限公司 Method and system for accepting block link deposit certificate transaction
CN110245956B (en) * 2019-05-15 2022-07-05 众安信息技术服务有限公司 Asynchronous multi-chain based block chain transaction confirmation method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180227131A1 (en) * 2017-02-06 2018-08-09 ShoCard, Inc. Electronic identification verification methods and systems with storage of certification records to a side chain
CN110334484A (en) * 2019-06-27 2019-10-15 腾讯科技(深圳)有限公司 A kind of copyright authentication method, apparatus, computer equipment and storage medium
CN110598373A (en) * 2019-06-27 2019-12-20 腾讯科技(深圳)有限公司 Copyright verification method, system and storage medium
CN111143883A (en) * 2019-12-31 2020-05-12 支付宝(杭州)信息技术有限公司 Digital content evidence obtaining method, device and equipment based on block chain

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11849240B2 (en) 2021-12-29 2023-12-19 Insight Direct Usa, Inc. Dynamically configured processing of a region of interest dependent upon published video data selected by a runtime configuration file
US11849242B2 (en) 2021-12-29 2023-12-19 Insight Direct Usa, Inc. Dynamically configured processing of a region of interest dependent upon published video data selected by a runtime configuration file
US11849241B2 (en) 2021-12-29 2023-12-19 Insight Direct Usa, Inc. Dynamically configured processing of a region of interest dependent upon published video data selected by a runtime configuration file
US11961273B2 (en) 2021-12-29 2024-04-16 Insight Direct Usa, Inc. Dynamically configured extraction, preprocessing, and publishing of a region of interest that is a subset of streaming video data
US11778167B1 (en) 2022-07-26 2023-10-03 Insight Direct Usa, Inc. Method and system for preprocessing optimization of streaming video data

Also Published As

Publication number Publication date
CN111143883B (en) 2021-08-03
CN111143883A (en) 2020-05-12

Similar Documents

Publication Publication Date Title
WO2021135641A1 (en) Blockchain-based digital content evidence collection method, apparatus and device
US10958438B2 (en) Method, apparatus, and electronic device for blockchain-based recordkeeping
US11526487B2 (en) Database world state integrity validation
US10754989B2 (en) Runtime self-correction for blockchain ledgers
CN110495132B (en) System and method for generating, uploading and executing code blocks within distributed network nodes
US11539527B2 (en) Peer node recovery via approximate hash verification
US11570002B2 (en) Reduced-step blockchain verification of media file
US11711202B2 (en) Committing data to blockchain based on approximate hash verification
US11689356B2 (en) Approximate hash verification of unused blockchain output
US11387979B2 (en) Partially-ordered blockchain
TW202018571A (en) Data storage method and device based on block chain and electronic equipment
US11194555B2 (en) Optimization of execution of smart contracts
US11489662B2 (en) Special relationships in a blockchain
US11790368B2 (en) Auto-evolving database endorsement policies
US11354198B2 (en) Snapshot for world state recovery
CN110084600B (en) Processing and verifying method, device, equipment and medium for resolution transaction request
CN111418183A (en) Asynchronous processing of blockchain blocks
WO2017085159A1 (en) Method to verify the execution integrity of an application in a target device
KR20220088956A (en) Systems and methods for providing specialized proof of confidential knowledge
US11106811B2 (en) Object storage for guaranteed content for backup and retention
US20210126787A1 (en) Optimal endorser node determination based on state
WO2020055413A1 (en) Blockchain for audit
US20210075611A1 (en) Managing a third-party recipient digital resource vehicle via a distributed trust computing network
Lee et al. Consortium blockchain based forgery android APK discrimination DApp using hyperledger composer
CN112037062A (en) Transaction consensus method, device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20910287

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20910287

Country of ref document: EP

Kind code of ref document: A1