CN116684160A - Public service litigation data security sharing and privacy protecting method and system - Google Patents

Public service litigation data security sharing and privacy protecting method and system Download PDF

Info

Publication number
CN116684160A
CN116684160A CN202310709124.6A CN202310709124A CN116684160A CN 116684160 A CN116684160 A CN 116684160A CN 202310709124 A CN202310709124 A CN 202310709124A CN 116684160 A CN116684160 A CN 116684160A
Authority
CN
China
Prior art keywords
evidence
user
ipfs
pilchain
litigation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310709124.6A
Other languages
Chinese (zh)
Inventor
杜玮
许伟
张吉元
刘含旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Renmin University of China
Original Assignee
Renmin University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renmin University of China filed Critical Renmin University of China
Priority to CN202310709124.6A priority Critical patent/CN116684160A/en
Publication of CN116684160A publication Critical patent/CN116684160A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a method and a system for safely sharing and protecting privacy of litigation data, comprising the following steps: based on a PILChain system established in advance, registering a lawsuit stakeholder; when the PILChain system receives the evidence uploaded by the evidence provider, encrypting the evidence and obtaining a corresponding IPFS address link and decryption token; when the PILChain system receives the evidence request sent by the evidence demand party, the user attribute of the evidence demand party is verified, and the request evidence is returned to the evidence demand party. The application enables all parties including evidence providers and demanders to safely and efficiently upload and acquire evidence, designs a series of access control mechanisms, enables different users to have different operation authorities in a alliance chain, relieves the problem of incapacity of cooperative work of all organizations, ensures the security of judicial information, and can be widely applied to the fields of block chain data sharing and public welfare.

Description

Public service litigation data security sharing and privacy protecting method and system
Technical Field
The application relates to a method and a system for safely sharing and protecting privacy of litigation data based on a alliance chain, belonging to the field of blockchain data sharing and litigation.
Background
As people pay more attention to public interests, more and more countries are beginning to pay attention to public welfare, a more specific judicial field. In China, only 2021 has one year, the inspector has raised about 16.9 ten thousand public welfare litigation cases.
However, the current public litigation area still faces the following challenges: the investigation and evidence collection of the public welfare litigation are relatively difficult, the storage and maintenance of the electronic evidence are lack of necessary guarantee, and the information interconnection between different departments in the public welfare litigation process is lack. Specifically, the following is introduced:
i. investigation and evidence collection are difficult.
While public welfare is no longer an emerging field in the judicial community, the awareness of the public to public is still insufficient at the present stage, and due to information security problems, most people still hold a sightseeing attitude against the situation of being infringed by nearby production and living, public interests and the like, and worry about revealing private information when anonymous reporting or providing evidence, thereby generating unnecessary trouble. And secondly, related units are sometimes not matched with investigation, evidence is refused to be provided, or the evidence is subjected to dark change after being submitted, so that the psychological of benefiting and avoiding the harmful is often matched with the evidence to a low degree when the evidence is investigated, and the related evidence is difficult to be called without corresponding investigation guarantee measures. In addition, the public welfare litigation cases relate to more industries and wide range, the difficulty of evidence obtaining is increased, for example, the cases related to the environment and resources can relate to areas such as water bodies, lands, mountain forests, mineral deposits and the like, and necessary technical facilities and corresponding working mechanisms are lacked, so that the original data are difficult to obtain.
And ii, the storage and fixation of the syndrome are not necessarily ensured.
When the inspection authorities identify or examine the evidence materials of the litigation cases, some links still adopt the traditional evidence preservation method, and the procedures are complex and the efficiency is low. Meanwhile, with the advent of the informatization age, the ratio of electronic evidences such as internet clue information, satellite remote sensing maps, network media public opinion and the like in the field of public litigation is gradually increased, the problems of large data volume, fuzzy sources, low reliability and the like are layered endlessly, and the traditional C/S network architecture adopts a centralized framework, so that risks such as information asymmetry, information leakage or tampering, hacking and the like are easily caused. Furthermore, during the circulation of the evidence material of the lawsuits of public security, inspection, court authorities and authorities, the material needs to be prevented from being modified or damaged and lost at will, so as to improve the security of the deposit and fixation.
Lack of information interconnection between different departments.
In China, information systems such as a provincial inter-department big data case handling platform, a 'two-method' connection platform and the like exist at present to assist case handling, but in specific practice, the problem of unsmooth cooperation still occurs between the built-in mechanisms of the inspection mechanism and between the inspection mechanism and other mechanism departments. For example, the investigation supervision of the inspection authorities and the prosecution departments face that civil lawsuits cases where there may be damage to social public interests are not found and transferred in time, and that other administrative authorities in criminal attendant civil lawsuits cases rarely transfer cases to the inspection authorities but always rely on the inspection authorities to find themselves when they are transacted, etc. The information platform is slow to update, narrow in coverage, low in accuracy, unbalanced in inspection work development, unsmooth in cooperative mechanism, and likely to seriously influence the handling of the litigation cases.
In summary, in the field of public welfare litigation, it is highly desirable to establish a set of safer and interconnected network system for information sharing, business communication, clue evidence submission, transfer and preservation among different departments.
Disclosure of Invention
In view of the above problems, the present application aims to provide a method and a system for security sharing and privacy protection of data of litigation, which realize security sharing and privacy protection of data based on alliance chains through Hyperledger Fabric.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, the present application provides a method for securely sharing and protecting privacy of litigation data, comprising the steps of:
based on a PILChain system established in advance, completing registration of users of a lawsuit stakeholder;
when the PILChain system receives evidence uploaded by an evidence provider user, encrypting the evidence and obtaining a corresponding IPFS address link and a decryption token;
when the PILChain system receives an evidence request sent by an evidence requiring party user, verifying the attribute of the evidence requiring party user, and returning the request evidence to the evidence requiring party user.
Further, the PILChain system comprises a alliance blockchain and IPFS system built based on Hyperledger Fabric;
the alliance blockchain is used for configuring a plurality of organizations, so that a stakeholder of a public benefit litigation uploads and acquires evidence through the corresponding organization under a preset access control mechanism by an evidence provider user or an evidence demander user;
the IPFS system is used for storing the evidence uploaded by the user nodes in each organization.
Further, the organization within the federated blockchain includes at least third party evidence platforms, government agencies, inspection homes, and courts;
the operation authority of each organization under the preset access control mechanism at least comprises:
uploading or acquiring evidence by the stakeholder of the public service litigation through corresponding organization nodes according to the identity of the user of the evidence provider or the user of the evidence demander;
the third party evidence platform and the related government agency organizations only allow uploading evidence and accessing the evidence uploaded by themselves;
the inspection and court organization can call all evidence on the alliance blockchain, and the inspection organization can upload evidence during a case investigation.
Further, each organization is internally provided with an endorsement node, a confirmation node, a sequencing node and a CA node, wherein the CA node utilizes an Identity Mixer suite to issue digital certificates for all user nodes in the organization and provides digital certificate updating and revocation functions, and the digital certificates are used for granting different operation authorities to the user nodes; and the endorsement node, the confirmation node and the ordering node jointly realize uploading, downloading and checking of evidence among all user nodes in the organization according to preset rules.
Further, the IPFS is responsible for storing raw evidence data, including:
dividing the evidence uploaded to the IPFS into data blocks with preset sizes, and storing the data blocks in the IPFS as objects;
a content identifier generated according to the content of the evidence is used as a fingerprint of each uploading evidence;
and creating an IPFS address link, and sending the IPFS address link to the alliance blockchain for storage.
Further, when the pilshain system receives the evidence uploaded by the evidence provider user, encrypting the evidence and obtaining a corresponding IPFS address link and decryption token, including:
uploading the evidence by the evidence provider user, and locally encrypting the evidence data by using a PILChain system by using a symmetric encryption algorithm to obtain encrypted evidence;
the PILChain uploads the encrypted evidence to the IPFS to obtain a returned IPFS address link;
the PILChain locally makes a corresponding decryption token according to the used symmetric encryption algorithm, converts the decryption token by utilizing hash, and then uploads the IPFS address link and the converted token to the alliance blockchain in a transaction mode.
Further, when the pilshain system receives the evidence request sent by the evidence demander user, verifying the attribute of the evidence demander user, and returning the request evidence to the evidence demander user, including:
the evidence demand side user sends a request for acquiring evidence to the alliance blockchain, and the digital certificate of the evidence demand side user is verified based on an access control mechanism so as to determine whether the digital certificate has corresponding authority;
if the verification is successful, the alliance block chain returns an IPFS address link;
obtaining corresponding encryption evidence from the IPFS by using the IPFS address link;
the evidence-requiring party user sends a request to the alliance blockchain to obtain a decryption token, and the attribute of the evidence-requiring party user is verified again based on the access control protocol to determine whether the evidence-requiring party user has corresponding authority;
if the verification is successful, the alliance blockchain returns a decryption token;
the encrypted evidence is decrypted by the decryption token and returned to the evidence requester user.
In a second aspect, the present application provides a system for secure sharing and privacy protection of litigation data, comprising:
the system comprises a server side and a client side, wherein the server side is provided with a PILChain system, and the PILChain system is used for completing registration of users of related interests of a public service litigation;
when the PILChain system receives evidence uploaded by a client evidence provider user, encrypting the evidence and obtaining a corresponding IPFS address link and a decryption token;
when the PILChain system receives an evidence request sent by a client evidence demander user, verifying the attribute of the evidence demander user, and returning the request evidence to the evidence demander user.
In a third aspect, the present application provides a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform any of the methods.
In a fourth aspect, the present application provides a computing device comprising: one or more processors, memory, and one or more programs, wherein one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing any of the methods.
Due to the adoption of the technical scheme, the application has the following advantages:
1. according to the application, a evidence data sharing alliance blockchain system with authority control is designed for the practice of public litigation by using Hyperledger Fabric, a third party evidence platform, government institutions, inspection homes and courts are organized as main member organizations of the alliance chain, so that all parties including evidence providers and requesters can safely and efficiently upload and acquire evidence, and a series of access control mechanisms are designed, so that different users have different operation authorities in the alliance chain, the problem of the failure of cooperative work of all organizations is relieved, and the security of judicial information is ensured;
2. the application combines IPFS and blockchain, so that large evidence can be effectively transmitted on the alliance blockchain to ensure the safety of data and the expandability of the system;
3. the Identity Mixer is introduced into the evidence sharing system, so that the user is allowed to authenticate under the condition that the personal Identity is not disclosed, and the linkable property of a plurality of transactions on the chain is avoided, thereby ensuring the security of personal privacy.
4. The evidence data sharing and privacy protection framework in the scene of the public welfare litigation is described and is used for flexibly managing important information such as evidence, official document and the like generated in the process of examining the case of the public welfare litigation, so that the pain points that investigation and evidence collection are difficult, evidence storage and evidence fixation are not guaranteed and information interconnection among different institutions in the current public welfare litigation field are solved. Opens up a new scene of the application of the block chain in the judicial field, and provides a certain heuristic for the application research of the subsequent block chain in the public welfare and other judicial events.
Therefore, the method and the device can be widely applied to the field of blockchain data sharing and public welfare.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Like parts are designated with like reference numerals throughout the drawings. In the drawings:
FIG. 1 is a study framework provided by an embodiment of the present application;
fig. 2 is a flowchart of a method for security sharing and privacy protection of litigation data based on federation chain technology according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present application. It will be apparent that the described embodiments are some, but not all, embodiments of the application. All other embodiments, which are obtained by a person skilled in the art based on the described embodiments of the application, fall within the scope of protection of the application.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present application. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
Some concepts related to the present application will be briefly described first.
1) Block chain
Blockchain technology is an emerging technology that abstracts from the bit coin floor. The data structure of the distributed public account book maintained by the nodes of the whole network is similar to a linked list in the C language, and each node on the chain stores the latest transaction record and the hash value of the last block, so that the hash value can be changed greatly by any change to the data. This feature has the consequence that the entire chain cannot be forked unless the node has an computational power exceeding 51% of the full network, which avoids the common "double-bloom problem" and thus guarantees that the block cannot be altered. The blockchain is stored in all the participating nodes, so that the problem of single point failure is avoided, and the malicious node can be prevented from tampering data. The blockchain is a decentralised network, and an authoritative third party is not required to supervise and control the blockchain, and corresponding functions are completed through a distributed protocol and an intelligent contract technology.
Blockchains are classified into 3 types according to the degree of openness: public chains, private chains, and federation chains. Public chains are disclosed to all people, and according to a certain algorithm, each person can become one node and participate in calculation and reading and writing. A private chain is a highly concentrated blockchain, typically with only one organization, and only nodes trusted by the organization can participate in the blockchain for computation and reading and writing. The federation chain is interposed between the two and is typically made up of several organizations, each of which manages some nodes that maintain the functions of the blockchain.
The block chain consensus protocol belongs to a Bayesian fault tolerance protocol, and ensures that honest nodes in a block chain network can reach consensus under the interference of malicious nodes. In the distributed system, the consensus protocol is divided into two major classes, namely a crashed fault-tolerant protocol (crash fault tolerant, abbreviated as CFT) and a Bayesian fault-tolerant protocol (Byzantine fault tolerant, abbreviated as BFT) according to the fault-tolerant capability of the system to a fault component. The CFT protocol ensures that the system can reach consensus under the condition of component downtime, and is suitable for centralized distributed data clusters, such as Google distributed lock service Chubby, paxos protocols and the like. BFT protocol was proposed by Leslie Lamport in 1982, ensuring that the distributed system can still reach agreement under the interference of the fault components. The blockchain consensus protocol is a BFT protocol because of the open nature of the blockchain network, which needs to be resistant to malicious node interference.
Because the schema provided by the federated chain is capable of satisfying many application scenarios for data sharing, it is selected as the underlying blockchain schema for many items. The data in the blockchain is propagated through the whole network through a consensus algorithm, agreed and stored. Under the condition that no trusted third party exists, independent operation of transaction, transaction and distributed application is realized by utilizing the intelligent contract, and the integrity, safety and legality of the blockchain data are ensured. Meanwhile, the Hash algorithm and the Merker tree are combined to reduce the storage space of the blockchain, anonymous identity authentication is provided for the blockchain participants based on the digital signature algorithm, and the encryption and decryption technology is used for further protecting the privacy of the blockchain data.
2) Block chain encryption and decryption technology
Encryption and decryption techniques in blockchains concern the security and privacy protection of data. Encryption refers to the technique of generating ciphertext from information using a key, and decryption is the reverse of generating ciphertext into readable information using a key. Currently, two types of symmetric encryption and asymmetric encryption are mainly classified according to the difference of keys. Symmetric encryption refers to encryption and decryption using the same key. The method is characterized by open algorithm, small calculated amount, high encryption speed and high encryption efficiency. The main algorithm is DES,3DES,AES,TDEA,Blowfish,RC5,IDEA. Asymmetric encryption uses a key pair, a public key and a private key, the private key can deduce the public key, and the public key cannot obtain the private key. The private key encrypts the information and the corresponding public key can be decrypted. Otherwise, the public key encrypts the information, and the corresponding private key can be also unlocked. The method is characterized by better security, public key can be disclosed without worrying about information leakage, but the calculation is complex, and the encryption and decryption speed is slow. The main algorithms are RSA, elgamal, knapsack algorithm, rabin, D-H, ECC (elliptic Curve encryption algorithm).
3)Fabric
A alliance chain project of Fabric which is developed by different organizations is a mature one in an open source project super ledger and is developed towards enterprise-level blockchain. The network is mainly composed of 3 nodes: an endorsement node, a confirmation node and a sorting node, and a pluggable authentication center (Certificate Authority, CA) node. The endorsement node is responsible for endorsing the transaction and performing read-write operation on the data according to the existing rules. After receiving the proposal of the transaction, the endorsement node firstly verifies the signature in the proposal and checks whether the initiator of the proposal has authority; then according to the own state database, performing simulated transaction, and generating a Read Set (Read Set) and a Write Set (Write Set) representing a Read-Write operation Set of the Fabric state database; finally, the execution result is endorsed and returned to the sponsor of the transaction. The confirmation node is responsible for checking the transaction sent by the endorsement node and verifying the data result. The ordering node is responsible for ordering received transactions, packaging the received transactions into blocks, and returning the results to the nodes corresponding to the transactions. The CA node is a core node under PKI system in Fabric and is mainly responsible for the registration of users, the issuance and revocation of certificates and the like. The attractive function in Fabric is that it supports multiple chains (channels), each supporting links to different organizations, running independent chain codes (Chaincode). This makes it possible to run several independent chains on one blockchain, as well as to isolate transactions of different chains on the same node.
The process of public welfare litigation is complex and involves a large number of participating institutions, so a solution is needed that can support evidence providers and requesters and various jurisdictions to cooperatively access evidence. The electronic evidence after the physical evidence is digitalized is stored on a large server, so that the problems of physical evidence loss and the like in the judicial process are solved. The electronic evidence is stored and shared, but the problems that the electronic evidence is tampered and the like in the judicial process are gradually revealed. Recently, public welfare litigation introduces a blockchain technology to realize safe sharing of electronic evidence, and the characteristics of blockchain distributed data storage avoid the problems of data loss, data tampering and the like.
Therefore, in order to solve the above-mentioned problems, in some embodiments of the present application, a method for sharing and protecting privacy of data of public welfare litigation is implemented in combination with a federation chain technology, first, third party evidence platforms, government agencies, inspection homes and courts are organized as main members of the federation chain, so that parties including evidence providers and demanders can safely and efficiently upload and acquire evidence; secondly, storing the large evidence file in an interstellar file system (IPFS) outside a alliance chain to ensure the safety of data and the expandability of the system; finally, based on the characteristics of the blockchain, a series of access control mechanisms are designed, so that different users have different operation authorities in the alliance chain, the problem that each organization works cooperatively is solved, and the security of judicial information is ensured.
In accordance therewith, further embodiments of the present application provide a litigation data secure sharing system, apparatus, and storage medium.
Example 1
As shown in fig. 1, the embodiment provides a method for security sharing and privacy protection of litigation data, which includes the following steps:
1) Establishing a public litigation evidence data sharing practice and privacy protection alliance chain system (PILChain) based on Hyperledger Fabric, and completing user registration in the form of an encrypted digital certificate; wherein the PILChain system comprises an IPFS and a federated blockchain;
2) When the PILChain system receives the evidence uploaded by the evidence provider, encrypting the evidence and obtaining a corresponding IPFS address link and decryption token;
3) When the PILChain system receives the evidence request sent by the evidence demand party, the user attribute of the evidence demand party is verified, and the request evidence is returned to the evidence demand party.
Preferably, the step 1) includes the steps of:
1.1 A public litigation evidence data sharing practice and privacy protection alliance chain system based on Hyperledger Fabric is established to realize the security and privacy of evidence storage and sharing;
1.2 The pilshain system issues corresponding digital identities, attribute certificates, and private keys to registered users in the form of encrypted digital certificates, as well as rights to perform certain operations in the federated blockchain.
Preferably, in step 1.1) above, in order to store evidence and ensure security and privacy of data sharing, the system of the present application is built on a federated blockchain, which is a semi-open blockchain network, with participants pre-selected, and most of the members being an organization or a user group. The federation chain has fewer nodes, faster consensus, higher security, and no need for cryptocurrency as an incentive than a traditional public blockchain. Since transactions on a coalition chain are not publicly accessible, and stakeholders of litigation are mostly government agencies, judicial institutions, enterprises, social groups and other organizations, evidence related to cases is generally not publicly revealed to the public, and therefore, a coalition chain-based system can ensure that the evidence of litigation can only be viewed or acquired by members of known identity on the chain when shared.
As shown in fig. 1, the data sharing practice and privacy protection alliance chain system model, i.e. pilshain, based on Hyperledger Fabric litigation evidence is provided for the application. The pilshain system includes a coalition blockchain and IPFS built based on Hyperledger Fabric; the alliance blockchain is used for configuring a plurality of organizations, so that a stakeholder of the public welfare lities uploads and acquires evidence through the corresponding organization under a preset access control mechanism by an evidence provider user or an evidence demander user; the IPFS system is used for storing the evidence uploaded by the user nodes in each organization.
The major organization involved in a litigation case survey is shown in figure 1. The federation blockchain consists of individual organization members (Organizations) including third party evidence platforms, government agencies, inspection homes, and courts. The stakeholders of the public welfare, such as citizens, companies, public security authorities, environmental protection departments, monitoring devices of the internet of things, inspection officers and judges, can upload/acquire evidence through corresponding organizations. The third party evidence platform and related government authorities only allow uploading of evidence and access to self-uploaded evidence; the inspection and court may invoke all evidence on the alliance chain, and the inspection may also upload evidence during the case investigation.
In the flow of evidence sharing, there are two very critical classes of user roles, namely evidence provider and evidence demander. The operations that these two classes of roles correspond to stakeholders in the real world and they are allowed to perform in the PILChain system are as follows:
evidence provider: mainly any stakeholder who holds evidence related to a litigation case. They may be third party evidence platforms, government agencies and checkhouses. Evidence provided by citizens and businesses may be recorded by third party evidence platforms or public security authorities. Other government agencies, such as the environmental protection agency, associated with the investigation of litigation cases may share their evidence with the inspection and courts. The system can also realize automatic data access of the Internet of things equipment, including satellite remote sensing and environment monitoring equipment, and can also directly acquire historical law enforcement information from an administrative law enforcement platform. The inspector at the inspection yard can also upload evidence during the case investigation.
Evidence demander: mainly refers to courts and inspection homes. The evidence requiring party sends an evidence request through the alliance block chain, and the identity and the authority are verified through the access control module, and the corresponding evidence can be obtained only if the verification passes.
Meanwhile, the system provided by the application combines the IPFS with the alliance blockchain, the IPFS is responsible for storing large-scale original evidence data, and the alliance chain stores metadata (such as IPFS link addresses and the like) corresponding to the original evidence. IPFS is a point-to-point storage network for storing and sharing data in a distributed file system. The file uploaded to the IPFS is divided into small blocks of up to 256KB and stored as objects in the IPFS. The objects are connected through pointers so as to ensure the integrity of the file and the distributed storage. IPFS uses a Content Identifier (CID) as the unique "fingerprint" of the file. If the user uploads a new version of evidence data to the IPFS, the original data will not be overwritten by it, while the new data will get another new CID, which also means that the IPFS can prevent any modification of the file content by the user. In addition, the content addressing nature of IPFS also ensures that CID and file content can be linked accurately and permanently so evidence data can be stored securely anywhere.
Preferably, in step 1.2) above, in the Fabric federation chain, each actor or node participating in the blockchain network needs to first obtain its own digital identity in the form of an encrypted digital certificate. Certificate Authority is primarily responsible for issuing such digital certificates. With the certificate and the rights granted by the certificate, the user in the federation chain is entitled to perform certain operations.
In the PILChain, each organization is internally provided with an endorsement node, a confirmation node, a sequencing node, a CA node and user nodes, wherein the CA node is used for issuing digital certificates for all user nodes in the organization, and in addition, services such as certificate updating, certificate revocation and the like are provided, and each digital certificate is granted with different operation authorities according to different user nodes; the endorsement node, the confirmation node and the ordering node are used for verifying, executing, confirming and the like the transaction among the user nodes according to a preset rule. After the digital certificate is taken to obtain the identity and is verified by the CA, the user can perform a series of operations, such as uploading, acquiring, checking and the like of the evidence.
Meanwhile, an encryption protocol suite, i.e., identity Mixer (also sometimes referred to as Idemix), in Fabric is also configured in the CA node. By virtue of the zero knowledge proof document, it is made easier to protect private information (such as the identity of the transactor) of the alliance chain members. The Identity Mixer contains three roles, namely, issuer, verifier, and user. The issuer (e.g., fabric CA) is responsible for issuing digital credentials to users, who generate Idemix credentials and provide proof to verifiers (e.g., idemix MSP) to verify whether certain attributes are correct or valid. For example, in pilshain, a government agency may create a "zero knowledge proof file" from a digital certificate issued by an issuer and selectively reveal information in the digital certificate to a verifier when uploading evidence. Based on the zero knowledge proof file, the verifier and the issuer can not obtain other private information which is not disclosed by the government agency, and the dual purposes of authentication and privacy protection are achieved.
Preferably, the step 2) includes the steps of:
2.1 Uploading evidence by the evidence provider user, and locally encrypting the evidence data by using a symmetric encryption algorithm by using the PILChain to obtain encrypted evidence;
2.2 PILChain uploads encrypted evidence to IPFS to obtain a returned address link;
2.3 PILChain locally generates a corresponding decryption token according to the used symmetric encryption algorithm, converts the decryption token by utilizing hash, and then uploads the IPFS address link and the converted token to the alliance blockchain in a transaction mode.
Preferably, the step 3) includes the steps of:
3.1 Evidence requirement issues a request to the federation blockchain to acquire evidence, in which process the access control protocol verifies its attributes to determine if it has the corresponding rights;
3.2 If the verification is successful, the alliance blockchain returns an IPFS address link;
3.3 Pilshain obtains corresponding encrypted evidence from IPFS using the link;
3.4 Evidence requirement sends a request to the federation blockchain to obtain a decryption token, during which the access control protocol again verifies its attributes to determine if it has the corresponding rights;
3.5 If the verification is successful, the federation blockchain returns a decryption token;
3.6 Pilshain decrypts the encrypted evidence using the token and returns it to the evidence requester user.
Based on the above description, the system for sharing and protecting privacy of litigation evidence based on alliance chains provided by the embodiment has the following characteristics:
confidentiality. Before the evidence data is uploaded to the IPFS, the provider needs to encrypt the evidence data locally, then transfer the encrypted evidence data to the IPFS, and then transfer the token used for linking and decrypting the IPFS address to the alliance chain. When the demander acquires evidence, the demander must verify the identity through the access control protocol twice, and the IPFS link and the token used for local decryption are respectively obtained in sequence. Even if evidence is obtained from the IPFS by improper means, the content of the evidence itself cannot be viewed without the decryption token corresponding thereto. Thus, the evidence data can be ensured to have relative confidentiality in the transmission process through double insurance. In addition, when the evidence provider uploads the evidence, the Identity Mixer component can be utilized to selectively disclose personal information to the verifier through the zero-knowledge document, and the privacy of the personal information is also kept secret to a great extent.
Traceable and tamper-proof. Since the federation chain itself is a kind of blockchain, the IPFS links and decryption key information corresponding to the evidence are stored in the chain type block structure with the time stamp, and each block contains the corresponding information of the previous block except the created block, and are related to each other by the cryptography technology. If a certain data is modified by a certain user during transmission, the corresponding hash value will change, and the matching verification of other users in the alliance chain cannot be passed. Meanwhile, in IPFS, since the address of the file is created from the content itself, whether the evidence provider updated the version of the data or uploaded new data, the system reassigns it a CID, also making the evidence data optionally non-tamperable once uploaded. Therefore, the scheme can easily realize traceability and non-falsification of the evidence.
Data integrity. By the CID of the block head number, the transaction ID and the unique fingerprint of the file in the block chain structure, the scheme can realize the accurate positioning of evidence data, and ensure that each piece of evidence is unique, original and non-missing. IPFS can also realize repeated data deletion, cluster durability, node pinning content and the like, common blocks of different files can be reused, storage cost and redundancy possibility are reduced, and evidence can be effectively saved for a long time. In addition, any user needs to be authenticated before uploading data, and only legal and compliant registered users can provide evidence, so that the authenticity and accuracy of evidence sources are ensured to a certain extent.
Regulatory compliance. Firstly, authenticating identities of on-chain institutions and users through Certificate Authority to ensure that identities of node main bodies in real life are legal, limiting authority of uploading and acquiring evidence of different node users by using protocols such as access control and the like, and ensuring that writing main bodies of on-chain data are legal; secondly, the existing laws and regulations and technical standards are converted into user chain codes, intelligent contract languages and the like, so that the standard implementation and execution of the evidence access process are ensured, and the legality and standardization of the evidence used in the public welfare are further ensured; finally, based on the examination of the IPFS link address and the comparison of the hash values of the data in the corresponding blocks, whether the transmission process of the evidence is legal or not can be checked.
And (5) expandability. From the perspective of an evidence provider, the system can be used for uploading the evidence by independently registering accounts of the society citizens, can be used for directly calling related data by accessing an enterprise internal database, an administrative law enforcement information platform, a social media public opinion platform and the like, can be used for automatically collecting evidence from equipment such as satellite remote sensing, environment surveying instruments and the like to perform uplink, continuously expands evidence sources and meets informationized requirements. Meanwhile, the scheme stores encrypted evidence in the out-of-chain distributed database and provides corresponding hash storage in the blockchain, so that a large data set can be processed with lower delay. From the point of view of evidence demand side, in addition to the inspection institute, institutions such as public security, courts and judicial administrative authorities can also apply for the authority of acquiring evidence through the system, and the evidence can be circulated safely among different departments to assist in case handling. From the perspective of an identity verification party, the system can cooperate with a national identity information platform, an enterprise information resource library and the like, is convenient for identity verification of node users, and can deploy more diversified intelligent contracts to a bottom layer blockchain through an SDK to further optimize the identity verification process.
Example 2
In contrast, the above embodiment 1 provides a method for sharing and protecting privacy of litigation data, and the present embodiment provides a system for sharing and protecting privacy of litigation data. The system provided in this embodiment may implement the method for sharing and protecting privacy of litigation data in embodiment 1, where the system may be implemented in software, hardware, or a combination of software and hardware. For example, the system may include integrated or separate functional modules or functional units to perform the corresponding steps in the methods of embodiment 1. Since the system of this embodiment is substantially similar to the method embodiment, the description of this embodiment is relatively simple, and the relevant points may be found in part in the description of embodiment 1, which is provided by way of illustration only.
The system for safely sharing and protecting privacy of litigation data provided by the embodiment comprises:
the system comprises a server side and a client side, wherein the server side is provided with a PILChain system, and the PILChain system is used for completing registration of users of stakeholders of public welfare;
when the PILChain system receives evidence uploaded by a client evidence provider user, encrypting the evidence and obtaining a corresponding IPFS address link and a decryption token;
when the PILChain system receives an evidence request sent by a client evidence demander user, verifying the attribute of the evidence demander user, and returning the request evidence to the evidence demander user.
Preferably, the litigation data security sharing and privacy protection scheme designed based on Hyperledger Fabric mainly comprises two parts: the underlying federation chain network topology built with Hyperledger Fabric and applications that use fabric-sdk to encapsulate the federation chain.
After the network topology structure of the alliance chain is designed, configuration information of organizations and nodes in the network is defined, and a fabric tool is used for generating corresponding certificates and keys. When configuration information required for organization and nodes in the network is ready, a Docker simulation is used to initiate node services. And (3) compiling chain codes of the public service litigation data security sharing and privacy protection scheme by using go and deploying the chain codes to corresponding nodes. The fabric SDK is instantiated through an interface provided by fabric-sdk, and the intelligent contract is called in the same docker network by using http service created by gin so as to realize the encapsulation of the alliance chain application.
Example 3
The present embodiment provides a processing device corresponding to the method for protecting privacy for safe sharing of litigation data provided in the present embodiment 1, where the processing device may be a processing device for a client, for example, a mobile phone, a notebook computer, a tablet computer, a desktop computer, etc., so as to execute the method in embodiment 1.
The processing device comprises a processor, a memory, a communication interface and a bus, wherein the processor, the memory and the communication interface are connected through the bus so as to complete communication among each other. The memory stores a computer program that can be executed on the processor, and when the processor executes the computer program, the method for sharing and protecting privacy of public litigation data provided in embodiment 1 is executed.
In some embodiments, the memory may be a high-speed random access memory (RAM: random Access Memory), and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
In other embodiments, the processor may be a Central Processing Unit (CPU), a Digital Signal Processor (DSP), or other general purpose processor, which is not limited herein.
Example 4
The method for safe sharing and privacy protection of litigation data of this embodiment 1 may be embodied as a computer program product, which may include a computer readable storage medium having computer readable program instructions embodied thereon for performing the method for safe sharing and privacy protection of litigation data of this embodiment 1.
The computer readable storage medium may be a tangible device that retains and stores instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any combination of the preceding.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present application and not for limiting the same, and although the present application has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the application without departing from the spirit and scope of the application, which is intended to be covered by the claims.

Claims (10)

1. The public welfare litigation data safe sharing and privacy protecting method is characterized by comprising the following steps of:
based on a PILChain system established in advance, registering a lawsuit stakeholder;
when the PILChain system receives the evidence uploaded by the evidence provider, encrypting the evidence and obtaining a corresponding IPFS address link and decryption token;
when the PILChain system receives the evidence request sent by the evidence demand party, the user attribute of the evidence demand party is verified, and the request evidence is returned to the evidence demand party.
2. The method for securely sharing and protecting privacy of litigation data according to claim 1, wherein said PILChain system comprises a federated blockchain and IPFS system built based on Hyperledger Fabric;
the alliance blockchain is used for configuring a plurality of organizations, so that a stakeholder of a public benefit litigation uploads and acquires evidence through the corresponding organization under a preset access control mechanism by an evidence provider user or an evidence demander user;
the IPFS system is used for storing the evidence uploaded by the user nodes in each organization.
3. The method of claim 2, wherein the organization within the federated blockchain includes at least third party evidence platforms, government agencies, inspection homes, and courts;
the operation authority of each organization under the preset access control mechanism at least comprises:
uploading or acquiring evidence by the stakeholder of the public service litigation through corresponding organization nodes according to the identity of the user of the evidence provider or the user of the evidence demander;
the third party evidence platform and the related government agency organizations only allow uploading evidence and accessing the evidence uploaded by themselves;
the inspection and court organization can call all evidence on the alliance blockchain, and the inspection organization can upload evidence during a case investigation.
4. The method for securely sharing and protecting privacy of litigation data according to claim 2, wherein each organization is configured with an endorsement node, a confirmation node, a sorting node and a CA node, the CA node issues digital certificates for all user nodes in the organization by using an Identity Mixer suite, and provides digital certificate updating and revocation functions, and the digital certificates are used for granting different operation rights to the user nodes; and the endorsement node, the confirmation node and the ordering node jointly realize uploading, downloading and checking of evidence among all user nodes in the organization according to preset rules.
5. The method of claim 2, wherein the data security sharing and privacy preserving method,
the IPFS is responsible for storing raw evidence data, including:
dividing the evidence uploaded to the IPFS into data blocks with preset sizes, and storing the data blocks in the IPFS as objects;
a content identifier generated according to the content of the evidence is used as a fingerprint of each uploading evidence;
and creating an IPFS address link, and sending the IPFS address link to the alliance blockchain for storage.
6. The method for securely sharing and protecting privacy of litigation data according to claim 5, wherein said encrypting the evidence and obtaining the corresponding IPFS address link and decryption token when the PILChain system receives the evidence uploaded by the evidence provider user comprises:
uploading the evidence by the evidence provider user, and locally encrypting the evidence data by using a PILChain system by using a symmetric encryption algorithm to obtain encrypted evidence;
the PILChain uploads the encrypted evidence to the IPFS to obtain a returned IPFS address link;
the PILChain locally makes a corresponding decryption token according to the used symmetric encryption algorithm, converts the decryption token by utilizing hash, and then uploads the IPFS address link and the converted token to the alliance blockchain in a transaction mode.
7. The method for securely sharing and protecting privacy of litigation data according to claim 6, wherein said verifying the attributes of the evidence-demander user and returning the requested evidence to the evidence-demander user when the pilghain system receives the evidence request from the evidence-demander user comprises:
the evidence demand side user sends a request for acquiring evidence to the alliance blockchain, and the digital certificate of the evidence demand side user is verified based on an access control mechanism so as to determine whether the digital certificate has corresponding authority;
if the verification is successful, the alliance block chain returns an IPFS address link;
obtaining corresponding encryption evidence from the IPFS by using the IPFS address link;
the evidence-requiring party user sends a request to the alliance blockchain to obtain a decryption token, and the attribute of the evidence-requiring party user is verified again based on the access control protocol to determine whether the evidence-requiring party user has corresponding authority;
if the verification is successful, the alliance blockchain returns a decryption token;
the encrypted evidence is decrypted by the decryption token and returned to the evidence requester user.
8. A system for secure sharing and privacy protection of litigation data, comprising:
the system comprises a server side and a client side, wherein the server side is provided with a PILChain system, and the PILChain system is used for completing registration of users of related interests of a public service litigation;
when the PILChain system receives evidence uploaded by a client evidence provider user, encrypting the evidence and obtaining a corresponding IPFS address link and a decryption token;
when the PILChain system receives an evidence request sent by a client evidence demander user, verifying the attribute of the evidence demander user, and returning the request evidence to the evidence demander user.
9. A computer readable storage medium storing one or more programs, wherein the one or more programs comprise instructions, which when executed by a computing device, cause the computing device to perform any of the methods of claims 1-7.
10. A computing device, comprising: one or more processors, memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing any of the methods of claims 1-7.
CN202310709124.6A 2023-06-15 2023-06-15 Public service litigation data security sharing and privacy protecting method and system Pending CN116684160A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310709124.6A CN116684160A (en) 2023-06-15 2023-06-15 Public service litigation data security sharing and privacy protecting method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310709124.6A CN116684160A (en) 2023-06-15 2023-06-15 Public service litigation data security sharing and privacy protecting method and system

Publications (1)

Publication Number Publication Date
CN116684160A true CN116684160A (en) 2023-09-01

Family

ID=87785264

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310709124.6A Pending CN116684160A (en) 2023-06-15 2023-06-15 Public service litigation data security sharing and privacy protecting method and system

Country Status (1)

Country Link
CN (1) CN116684160A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118195768A (en) * 2024-05-15 2024-06-14 罗普特科技集团股份有限公司 Anti-fraud collaboration system based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118195768A (en) * 2024-05-15 2024-06-14 罗普特科技集团股份有限公司 Anti-fraud collaboration system based on block chain

Similar Documents

Publication Publication Date Title
Uddin et al. A survey on the adoption of blockchain in iot: Challenges and solutions
TWI694350B (en) Information supervision method and device based on blockchain
US11741083B2 (en) Cross-shard private atomic commit
US10491390B2 (en) Proof chaining and decomposition
CN113255005B (en) Block chain-based data asset circulation method, device and equipment
AU2020414467B2 (en) Partially-ordered blockchain
US11323269B2 (en) Preserving privacy of linked cross-network transactions
US11362826B2 (en) Endorsement process for non-deterministic application
US11184395B1 (en) Cross-network identity provisioning
Gao et al. The notarial office in E-government: a blockchain-based solution
US11550796B2 (en) Coexistence mediator for facilitating blockchain transactions
US11455403B2 (en) Privacy-preserving document sharing
CN116168820A (en) Medical data interoperation method based on virtual integration and blockchain fusion
JP2023098847A (en) Apparatus, method and computer program (selective audit process for privacy-preserving blockchain)
CN116684160A (en) Public service litigation data security sharing and privacy protecting method and system
CN112350863B (en) Decentralized access control method and system based on transaction
US11683185B2 (en) Entity certification management
US11310311B2 (en) Media obfuscation
CN114826684B (en) Decentralized crowdsourcing method, system and terminal supporting efficient privacy protection
US20230245112A1 (en) Non-interactive token certification and verification
US20230081416A1 (en) Anonymous private shared partitions in blockchain networks
Wang et al. Blockchain for Public Safety: A Survey of Techniques and Applications
US11481222B2 (en) Computation and prediction of linked access
US11856109B2 (en) Entity certification management
US11379594B2 (en) Media obfuscation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination