CN103593618A - Verification method and system for adoptability of electronic data evidence - Google Patents
Verification method and system for adoptability of electronic data evidenceDownload PDFInfo
- Publication number
- CN103593618A CN103593618ACN201310516312.3ACN201310516312ACN103593618ACN 103593618 ACN103593618 ACN 103593618ACN 201310516312 ACN201310516312 ACN 201310516312ACN 103593618 ACN103593618 ACN 103593618A
- Authority
- CN
- China
- Prior art keywords
- computer forensics
- authentication
- evidence obtaining
- forensics
- system user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
Description
Technical field
The present invention relates to technical field of computer information processing, specifically employing property verification method and the system of Computer forensics.
Background technology
Computer forensics is to be kept in computer memory or exterior storage medium with digital form, can prove numeral or the information of case truth.Computer forensics has invisible nature, diversity, destructible conventionally, easily forge, easily revise, easily take care of and the feature such as reappearance repeatedly.Computer forensics is in fact that a pile is processed into the binary code of " 0 " and " 1 " by coding rule in computing machine, cannot see, can not touch, its form of expression not only can be presented as textual form, can also occur with the multimedia form such as figure, image, audio frequency, video, be the development of the modern science and technology embodiment on Evidence in Litigation.In judicial domain, Computer forensics becomes a kind of effective evidence to be adopted, and also must meet the employing property standard of evidence, i.e. authenticity, relevance, legitimacy.Computer forensics employing property is a difficult problem of puzzlement electronic evidence-collecting research field always.
Chinese patent literature CN102609658A relates to a kind of electronic evidence solidification equipment, method and system.This invention is carried out data integrity protection to electronic evidence information, generate the digital digest of electronic data, and digital digest is carried out to time certification, when guaranteeing data integrity, by national authority time certification, solidified electronic evidence information, and this invention is stored after encryption the original text of electronic evidence information, even if user loses original text, also can be from the raw data of this system electron gain evidence information when there is dispute, and, data in being stored in system are through encrypting, can not be by back-stage management mode or other mode electron gain evidence the source language messages, guarantee reliability and the security of data.But above-mentioned electronic evidence, when guaranteeing integrality, only solidifies electronic evidence information in time, cannot meet all sidedly authenticity, relevance, the legitimacy requirement of electronic evidence.
Summary of the invention
A technical matters to be solved by this invention be in prior art Computer forensics when guaranteeing integrality, only solidify in time Computer forensics information, the technical matters that the authenticity that cannot meet all sidedly Computer forensics of bringing, relevance, legitimacy require, thus a kind of method and system that can simultaneously verify the employing property of Computer forensics on integrality, time and the space of evidence obtaining personnel, system user, Computer forensics have been proposed.
For solving the problems of the technologies described above, the present invention is achieved by the following technical solutions:
An employing property verification method, comprise the following steps:
Carry out the authentication of system user, and be stored in data check set;
Personnel's the authentication of collecting evidence, and be stored in data check set;
Obtain Computer forensics file;
According to the digital digest of Computer forensics file described in described Computer forensics file generated, and be stored in data check set;
Acquisition time stamp, and be stored in data check set;
Obtain geographic position data, and be stored in data check set;
The result of the result of the described evidence obtaining personal identity authentication obtaining, described system user authentication, described digital digest, described timestamp and described geographic position data are implanted in Quick Response Code by Quick Response Code generator program simultaneously, and be presented in the probation report of generation;
Identify digital digest, timestamp and the geographic position data of evidence obtaining personal identity authentication result that the Quick Response Code on described probation report obtains, system user identity authentication result, Computer forensics;
Described evidence obtaining personal identity authentication result, described system user authentication result, described digital digest, described timestamp and described geographic position data that the described evidence obtaining personal identity authentication result that identification is obtained, described system user authentication result, described digital digest, described timestamp and described geographic position data and data check are concentrated are compared, if consistent, judge that described evidence obtaining personnel identity is correct, and described Computer forensics is not tampered; Otherwise, judge that described evidence obtaining personnel identity is incorrect, or described Computer forensics is tampered.
The step of evidence obtaining personnel being carried out to authentication also comprises:
Extract described evidence obtaining personnel's biological information.
Described biological information is evidence obtaining personnel's fingerprint.
The step of system user being carried out to authentication also comprises:
Verify the password of described system user input;
By software security dog, system user is carried out to hardware verification.
The step of described acquisition time stamp specifically comprises:
Connect national standard time server, to described national standard time server request time authentication, and receive the time certification certificate that country's standard time server is sent.
By the preassembled Geographic Information System of home server, obtain described geographic position data instantly.
Based on same inventive concept, the present invention also provides a kind of employing property verification system of Computer forensics of Computer forensics, comprises with lower module:
The first authentication module, carries out the authentication of system user, and is stored in data check set;
The second authentication module, the personnel's that collect evidence authentication, and be stored in data check set;
The first acquisition module, obtains Computer forensics file;
Generation module, the digital digest to Computer forensics file described in described Computer forensics file generated, and be stored in data check set;
The second acquisition module, obtains the timestamp of described Computer forensics file, and is stored in data check set;
The 3rd acquisition module, obtains the geographic position data of described Computer forensics file, and is stored in data check set;
Implant module, the result of the result of the described evidence obtaining personal identity authentication obtaining, described system user authentication, described digital digest, described timestamp and described geographic position data are implanted in Quick Response Code by Quick Response Code generator program simultaneously, and be presented in the probation report of generation;
Identification module, identifies digital digest, timestamp and the geographic position data of evidence obtaining personal identity authentication result that the Quick Response Code on described probation report obtains, system user identity authentication result, Computer forensics;
Comparing module, described evidence obtaining personal identity authentication, described system user authentication, described digital digest, described timestamp and described geographic position data that the described evidence obtaining personal identity authentication that identification is obtained, described system user authentication, described digital digest, described timestamp and described geographic position data and data check are concentrated are compared, if consistent, judge that described evidence obtaining personnel identity is correct, and described Computer forensics is not tampered; Otherwise, judge that described evidence obtaining personnel identity is incorrect, or described Computer forensics is tampered.
Described the second authentication module also comprises:
The first checking submodule, extracts described evidence obtaining personnel's biological information.
Described biological information is evidence obtaining personnel's fingerprint.
Described the first authentication module also comprises:
The first checking submodule, verifies the password that described system user is inputted;
The second checking submodule, carries out hardware verification by software security dog to system user.
Described the second acquisition module also comprises:
Time certification submodule, connects national standard time server, to described national standard time server request time authentication, and receives the time certification certificate that country's standard time server is sent.
By the preassembled Geographic Information System of home server, obtain described geographic position data instantly.
Technique scheme of the present invention has the following advantages compared to existing technology:
(1) employing property verification method and the system of Computer forensics of the present invention, by carrying out authentication to system user, evidence obtaining personnel; To described Computer forensics file generated digital digest; And acquisition time stamp and geographic position data; To collect evidence personnel and system user authentication result, digital digest, timestamp and geographic position data by Quick Response Code generator program implantation Quick Response Code, and generate probation report, and when produce (shenglvehao)in court and checking data collection compare, if consistent, illustrate that evidence obtaining personnel and system user identity are legal, evidence is not tampered.The present invention is by extracting digital digest to Computer forensics, proved the integrality of described Computer forensics, by the authentication for evidence obtaining personnel and discriminating, guaranteed evidence obtaining personnel's legitimacy, and stab and geographic position data information by the joining day, Computer forensics is bound from time and two aspects, space, guaranteed the employing property of Computer forensics.
(2) employing property verification method and the system of Computer forensics of the present invention, described user is carried out to authentication, can verify by pin mode, and carry out hardware verification by software security dog, and the biological information that extracts described evidence obtaining personnel, extract in the present invention described evidence obtaining personnel finger print information; Thereby Computer forensics is being ensured aspect evidence obtaining personnel.
(3) employing property verification method and the system of Computer forensics of the present invention, by obtaining authoritative national standard time certification, guarantee described Computer forensics authenticity in time more; By the preassembled Geographic Information System of home server, obtain geographic position data instantly, by obtaining geographic position data, guaranteed Computer forensics authenticity spatially.
Accompanying drawing explanation
For content of the present invention is more likely to be clearly understood, below in conjunction with accompanying drawing, the present invention is further detailed explanation, wherein,
Fig. 1 is the process flow diagram of employing property verification method of the described Computer forensics of the embodiment of the present invention one;
Fig. 2 is the system architecture figure of employing property verification system of the described Computer forensics of the embodiment of the present invention two.
Embodiment
Embodiment mono-:
As shown in Figure 1, it comprises the following steps the process flow diagram of the employing property verification method of Computer forensics of the present invention:
Carry out the authentication of system user, and be stored in data check set;
Extract described evidence obtaining personnel's biological information, and be stored in data check set;
Obtain Computer forensics file;
According to the digital digest of Computer forensics file described in described Computer forensics file generated, and be stored in data check set;
Acquisition time stamp, and be stored in data check set;
Obtain geographic position data, and be stored in data check set;
The result of the result of the described evidence obtaining personal identity authentication obtaining, described system user authentication, described digital digest, described timestamp and described geographic position data are implanted in Quick Response Code by Quick Response Code generator program simultaneously, and be presented in the probation report of generation;
Identify digital digest, timestamp and the geographic position data of evidence obtaining personal identity authentication result that the Quick Response Code on described probation report obtains, system user identity authentication result, Computer forensics;
Described evidence obtaining personal identity authentication result, described system user authentication result, described digital digest, described timestamp and described geographic position data that the described evidence obtaining personal identity authentication result that identification is obtained, described system user authentication result, described digital digest, described timestamp and described geographic position data and data check are concentrated are compared, if consistent, judge that described evidence obtaining personnel identity is correct, and described Computer forensics is not tampered; Otherwise, judge that described evidence obtaining personnel identity is incorrect, or described Computer forensics is tampered.
The biological information that extracts described evidence obtaining personnel can adopt the technology such as instantly popular fingerprint recognition, face recognition and pupil identification.In the present embodiment, the biological information that extracts described evidence obtaining personnel adopts fingerprint identification method, extract described evidence obtaining personnel's fingerprint, again evidence obtaining personnel's fingerprint and described electronics summary, timestamp and geographical location information are together implanted in Quick Response Code, thereby Computer forensics is being ensured aspect evidence obtaining personnel.
The step of system user being carried out to authentication also comprises:
Verify the password of described system user input;
By software security dog, system user is carried out to hardware verification.
When the integrality of Computer forensics and legitimacy are verified, for avoiding malice the 3rd people's login system to distort evidence, need to carry out authentication to the user of login system, specifically comprise the checking of software and hardware mode.System user can be judge or other legal related personnel.Only have the legal related personnel just can login system, to guarantee that Computer forensics is not tampered.
When obtaining Computer forensics file, if obtain a plurality of Computer forensics files simultaneously, regard described a plurality of Computer forensics files as a file, to its generating digital summary.
The process of described generating digital summary is that the input of random length is processed, and produces the fixing pseudo-random sequence of length, and its feature comprises: how long the information no matter (1) is inputted has, and the digital digest calculating is regular length always; (2) whether digital digest looks like at random, can check its output identical with a large amount of inputs, and different inputs has different output.Only, when input is identical, just can obtain identical digital digest.Digital digest and Computer forensics information have unique correspondence, thereby can protect the integrality of Computer forensics file.
In the present embodiment, the method for generating digital summary adopts hash algorithm, also claims hash function.Hash function (or hashing algorithm, claim again hash function, English: be Hash Function) a kind of method that creates little numeral " fingerprint " from any data.Hash, " hash " done in general translation, is that (be called again pre-mapping, pre-image), by hashing algorithm, be transformed into the output of regular length, this output is exactly hashed value for input random length.This conversion is a kind of compressing mapping, and namely, the space of hashed value is conventionally much smaller than the space of input, and different inputs may hash to identical output, and can not carry out unique definite input value from hashed value.Formulation is: h=H (M), H ()--one-way hash function wherein, M--random length expressly, h--regular length hashed value.
The hash algorithm of applying in information security field, also needs to meet other key characteristics:
The first yes one-way (one-way), from pre-mapping, can obtain simply rapidly hashed value, and can not shine upon in advance by one of structure on calculating, make its hash result equal certain specific hashed value, construct corresponding M=H-1 (h) infeasible.Like this, hashed value just can statistics on unique sign input value, therefore, Hash in cryptography be otherwise known as " eap-message digest (message digest) ", be exactly that requirement can easily be carried out " message " " summary ", but in " summary " in cannot be compared " summary " itself more about " message " information.
The secondth, anti-collision (collision-resistant), cannot produce 2 pre-mappings that hashed value is identical.Given M, calculates and cannot find M', meets H (M)=H (M'), the weak anti-collision of this meaning; In calculating, be also difficult to find a pair of M arbitrarily and M', make to meet H (M)=H (M'), this calls strong anti-collision.Requiring " strong anti-collision " is mainly in order to take precautions against what is called " birthday attack (birthday attack) ", in 10 people's group, you can find the people's identical with your birthday probability is 2.4%, and in same group, having 2 identical probability of people's birthday is 11.7%.Similarly, in the very large situation in the space of pre-mapping, algorithm must have enough intensity to guarantee to find easily the people of " identical birthday ".
The 3rd is mapping distributing homogeneity and difference profile homogeneity.In hash result, be 0 bit and be 1 bit, its sum should be about equally; The variation of a bit in input, will have bit over half to change in hash result, and this is called again " avalanche effect (avalanche effect) "; Realize the variation that makes to occur in hash result 1bit, in input, have at least bit over half to change.Its essence is the information that must make each bit in input, each bit that is as far as possible reflected to uniformly output gets on; Each bit in output is the result that in inputting, the information one of many as far as possible bit works.So-called " compression function (compression function) ", is exactly by a regular length input, is transformed into the output of shorter regular length.Hash function is exactly to be designed to the grouping of continuous repetition " compression " input based on by specific compression function and the process of the result that front first compression is processed, until whole message is all compressed complete, last output is as the hashed value of whole message.
MD5 (RFC1321) is that Rivest was in the improvement version to MD4 in 1991.It is to input still with 512 groupings, and its output is the cascade of 4 32 words, identical with MD4.The improvement that it is done compared with MD4 is:
1) added fourth round
2) each step has unique additive constant;
3) the second G function in taking turns becomes ((X ∧ Z) ∨ (Y ∧~Z)) to reduce its symmetry from ((X ∧ Y) ∨ (X ∧ Z) ∨ (Y ∧ Z));
4) each step has all added the result of back, to accelerate " avalanche effect ";
5) changed the 2nd and taken turns the order of taking turns middle access input subgroup with 3rd, reduced the similarity degree of form;
6) near-optimal every ring shift left displacement of taking turns, to accelerating " avalanche effect ", ring shift left of each wheel is all different.
First message splitted into several groupings of 512, and wherein last 512 groupings are " message ending+byte of padding (100 ... 0)+64 message-lengths ", and to guarantee the message for different length, this grouping is not identical.The restriction of 64 message-lengths has caused the input length of MD5 safety must be less than 264bit, because be greater than the length information of 64, will be left in the basket.And 4 32 bit register words are initialized as A=0x01234567, B=0x89abcdef, C=0xfedcba98, D=0x76543210, they will participate in all the time computing and form final hash result.
The major cycle that then each 512 message groupings enter algorithm with the form of 16 32 words, individual data of 512 message groupings have determined the number of times circulating.Major cycle has 4 to take turns, and every wheel used respectively nonlinear function
F(X,Y,Z)=(X∧Y)∨(~X∧Z)
G(X,Y,Z)=(X∧Z)∨(Y∧~Z)
H(X,Y,Z)=X⊕Y⊕Z
I(X,Y,Z)=X⊕(Y∨~Z)
This 4 round transformation is to proceed as follows respectively entering 16 32 words of 512 message groupings of major cycle: the result by 3 in copy a, the b of A, B, C, D, c, d after F, G, H, I computing and the 4th addition, add the additive constant of 32 words and 32 words, and by the some positions of the value ring shift left of gained, finally acquired results is added to one of a, b, c, d, and be recycled to ABCD, complete thus once circulation.
Additive constant used is by such table T[i] define, wherein i is 1 ... 64, T[i] be the integral part of 4294967296 powers of the sinusoidal absolute value of i, doing is like this in order further to eliminate the linearity in conversion by sine function and power function.
After all 512 all computings of dividing into groups, the cascade of ABCD will be outputted as the result of MD5 hash.
Timestamp technology is a kind of conventional technology in this area, conventionally timestamp is divided into two classes: (1) self-built timestamp: this type of timestamp is (as GPS by time receiving equipment, CDMA, big-dipper satellite) come acquisition time to time stamp server, and sign and issue timestamp certificate by time stamp server.This kind of timestamp can be used to not have when enterprises confirmation of responsibility , court authenticates legal effect, because of its by the time, exist during receiving equipment time of reception be tampered may, so can not be as legal basis; (2) there is the timestamp of the effect of law: third party's trusted timestamp authentication service that Ta Shiyou China Chinese Academy of Sciences country's time service center provides, by national time service center, be responsible for the time service and punctual monitoring of time.Because its punctual monitoring function ensures the accuracy of the time in timestamp certificate and is not tampered.
The timestamp service that adopts more authoritative national time dissemination system to provide in the present embodiment, on home server Time Created platform, time server by home server and national time dissemination system connects, obtain timestamp, local computer obtains the timestamp that home server provides.This time can not distort, and guarantees in time the authenticity of Computer forensics.
Simultaneously, Geographic Information System is also installed on home server, and (English is Geographic Information System or Geo-Information system, be called for short GIS), the geographical location information while obtaining the preservation of evidence, thus spatially guarantee the authenticity of Computer forensics.
In other embodiments, acquisition time stabs and obtains the step order of geographic position data and do not limit, and can first obtain the step of geographic position data, then carry out the step of acquisition time stamp.
In the present embodiment, probation report is format text, the information that has comprised Computer forensics self, the described system user authentication result of obtaining, described evidence obtaining personal identity authentication result, described digital digest, described timestamp and described geographic position data are implanted in Quick Response Code by Quick Response Code generator program simultaneously, be presented in probation report.In court, in the time of need to adopting Computer forensics, Quick Response Code on probation report is identified, and compare with original system user authentication, the authentication of evidence obtaining personnel identity, digital digest, timestamp and geographical location information that above-mentioned several steps generate, if consistent, illustrate that evidence was not tampered, personnel identity is legal, can adopt.
The present invention is by extracting digital digest to Computer forensics, proved the integrality of described Computer forensics, and stab and geographic position data information by the joining day, adopt system user authentication and the authentication of evidence obtaining personnel identity, Computer forensics is bound from time and two aspects, space, and guaranteed evidence obtaining personnel legitimacy, guaranteed the adopting property of electronics according to card.
Embodiment bis-:
Based on same inventive concept, the present invention also provides a kind of employing property verification system of Computer forensics of Computer forensics, and its system architecture figure as shown in Figure 2 comprises with lower module:
The first authentication module, carries out the authentication of system user, and is stored in data check set;
The second authentication module, the personnel's that collect evidence authentication, and be stored in data check set;
The first acquisition module, obtains Computer forensics file;
Generation module, the digital digest to Computer forensics file described in described Computer forensics file generated, and be stored in data check set;
The second acquisition module, obtains the timestamp of described Computer forensics file, and is stored in data check set;
The 3rd acquisition module, obtains the geographic position data of described Computer forensics file, and is stored in data check set;
Implant module, the result of the result of the described evidence obtaining personal identity authentication obtaining, described system user authentication, described digital digest, described timestamp and described geographic position data are implanted in Quick Response Code by Quick Response Code generator program simultaneously, and be presented in the probation report of generation;
Identification module, identifies digital digest, timestamp and the geographic position data of evidence obtaining personal identity authentication result that the Quick Response Code on described probation report obtains, system user identity authentication result, Computer forensics;
Comparing module, described evidence obtaining personal identity authentication, described system user authentication, described digital digest, described timestamp and described geographic position data that the described evidence obtaining personal identity authentication that identification is obtained, described system user authentication, described digital digest, described timestamp and described geographic position data and data check are concentrated are compared, if consistent, judge that described evidence obtaining personnel identity is correct, and described Computer forensics is not tampered; Otherwise, judge that described evidence obtaining personnel identity is incorrect, or described Computer forensics is tampered.
Described the second authentication module also comprises:
The first checking submodule, extracts described evidence obtaining personnel's biological information
Described biological information is evidence obtaining personnel's fingerprint.
Described the first authentication module also comprises:
The second checking submodule, verifies the password that described system user is inputted;
The 3rd checking submodule, carries out hardware verification by software security dog to system user.
In other embodiments, the biological information that extracts described evidence obtaining personnel can adopt the technology such as face recognition and pupil identification.
Described the second acquisition module also comprises:
Time certification submodule, connects national standard time server, to described national standard time server request time authentication, and receives the time certification certificate that country's standard time server is sent.
Timestamp technology is a kind of conventional technology in this area, conventionally timestamp is divided into two classes: (1) self-built timestamp: this type of timestamp is (as GPS by time receiving equipment, CDMA, big-dipper satellite) come acquisition time to time stamp server, and sign and issue timestamp certificate by time stamp server.This kind of timestamp can be used to not have when enterprises confirmation of responsibility , court authenticates legal effect, because of its by the time, exist during receiving equipment time of reception be tampered may, so can not be as legal basis; (2) there is the timestamp of the effect of law: China third party trusted timestamp authentication service that Ta Shiyou China Chinese Academy of Sciences country's time service center provides, by national time service center, be responsible for the time service and punctual monitoring of time.Because its punctual monitoring function ensures the accuracy of the time in timestamp certificate and is not tampered.
In the present embodiment, by the preassembled Geographic Information System of home server, obtain described geographic position data instantly, thereby spatially guarantee the authenticity of Computer forensics.
The present invention is by extracting digital digest to Computer forensics, proved the integrality of described Computer forensics, by the authentication for evidence obtaining personnel and discriminating, guaranteed evidence obtaining personnel's legitimacy, and stab and geographic position data information by the joining day, Computer forensics is bound from time and two aspects, space, guaranteed the employing property of Computer forensics.
Obviously, above-described embodiment is only for example is clearly described, and the not restriction to embodiment.For those of ordinary skill in the field, can also make other changes in different forms on the basis of the above description.Here exhaustive without also giving all embodiments.And the apparent variation of being extended out thus or change are still among the protection domain in the invention.
Claims (12)
1. an employing property verification method for Computer forensics, is characterized in that, comprises the following steps:
Carry out the authentication of system user, and be stored in data check set;
Personnel's the authentication of collecting evidence, and be stored in data check set;
Obtain Computer forensics file;
According to the digital digest of Computer forensics file described in described Computer forensics file generated, and be stored in data check set;
Acquisition time stamp, and be stored in data check set;
Obtain geographic position data, and be stored in data check set;
The result of the result of the described evidence obtaining personal identity authentication obtaining, described system user authentication, described digital digest, described timestamp and described geographic position data are implanted in Quick Response Code by Quick Response Code generator program simultaneously, and be presented in the probation report of generation;
Identify digital digest, timestamp and the geographic position data of evidence obtaining personal identity authentication result that the Quick Response Code on described probation report obtains, system user identity authentication result, Computer forensics;
Described evidence obtaining personal identity authentication result, described system user authentication result, described digital digest, described timestamp and described geographic position data that the described evidence obtaining personal identity authentication result that identification is obtained, described system user authentication result, described digital digest, described timestamp and described geographic position data and data check are concentrated are compared, if consistent, judge that described evidence obtaining personnel identity is correct, and described Computer forensics is not tampered; Otherwise, judge that described evidence obtaining personnel identity is incorrect, or described Computer forensics is tampered.
2. the employing property verification method of Computer forensics according to claim 1, is characterized in that, the step of evidence obtaining personnel being carried out to authentication also comprises:
Extract described evidence obtaining personnel's biological information.
3. the employing property verification method of Computer forensics according to claim 2, is characterized in that, described biological information is evidence obtaining personnel's fingerprint.
4. the employing property verification method of Computer forensics according to claim 1, is characterized in that, the step of system user being carried out to authentication also comprises:
Verify the password of described system user input;
By software security dog, system user is carried out to hardware verification.
5. according to the employing property verification method of the arbitrary described Computer forensics of claim 1-4, it is characterized in that, the step of described acquisition time stamp specifically comprises:
Connect national standard time server, to described national standard time server request time authentication, and receive the time certification certificate that country's standard time server is sent.
6. according to the employing property verification method of the arbitrary described Computer forensics of claim 1-5, it is characterized in that, by the preassembled Geographic Information System of home server, obtain described geographic position data instantly.
7. an employing property verification system for the Computer forensics of Computer forensics, is characterized in that, comprises with lower module:
The first authentication module, carries out the authentication of system user, and is stored in data check set;
The second authentication module, the personnel's that collect evidence authentication, and be stored in data check set;
The first acquisition module, obtains Computer forensics file;
Generation module, the digital digest to Computer forensics file described in described Computer forensics file generated, and be stored in data check set;
The second acquisition module, obtains the timestamp of described Computer forensics file, and is stored in data check set;
The 3rd acquisition module, obtains the geographic position data of described Computer forensics file, and is stored in data check set;
Implant module, the result of the result of the described evidence obtaining personal identity authentication obtaining, described system user authentication, described digital digest, described timestamp and described geographic position data are implanted in Quick Response Code by Quick Response Code generator program simultaneously, and be presented in the probation report of generation;
Identification module, identifies digital digest, timestamp and the geographic position data of evidence obtaining personal identity authentication result that the Quick Response Code on described probation report obtains, system user identity authentication result, Computer forensics;
Comparing module, described evidence obtaining personal identity authentication, described system user authentication, described digital digest, described timestamp and described geographic position data that the described evidence obtaining personal identity authentication that identification is obtained, described system user authentication, described digital digest, described timestamp and described geographic position data and data check are concentrated are compared, if consistent, judge that described evidence obtaining personnel identity is correct, and described Computer forensics is not tampered; Otherwise, judge that described evidence obtaining personnel identity is incorrect, or described Computer forensics is tampered.
8. the employing property verification system of the Computer forensics of Computer forensics according to claim 7, is characterized in that, described the second authentication module also comprises:
The first checking submodule, extracts described evidence obtaining personnel's biological information.
9. the employing property verification system of the Computer forensics of Computer forensics according to claim 8, is characterized in that:
Described biological information is evidence obtaining personnel's fingerprint.
10. the employing property verification system of the Computer forensics of Computer forensics according to claim 9, is characterized in that, described the first authentication module also comprises:
The first checking submodule, verifies the password that described system user is inputted;
The second checking submodule, carries out hardware verification by software security dog to system user.
11. according to the employing property verification system of the Computer forensics of the arbitrary described Computer forensics of claim 7-10, it is characterized in that, described the second acquisition module also comprises:
Time certification submodule, connects national standard time server, to described national standard time server request time authentication, and receives the time certification certificate that country's standard time server is sent.
12. according to the employing property verification system of the Computer forensics of the arbitrary described Computer forensics of claim 7-11, it is characterized in that,
By the preassembled Geographic Information System of home server, obtain described geographic position data instantly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516312.3ACN103593618A (en) | 2013-10-28 | 2013-10-28 | Verification method and system for adoptability of electronic data evidence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516312.3ACN103593618A (en) | 2013-10-28 | 2013-10-28 | Verification method and system for adoptability of electronic data evidence |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103593618Atrue CN103593618A (en) | 2014-02-19 |
Family
ID=50083751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310516312.3APendingCN103593618A (en) | 2013-10-28 | 2013-10-28 | Verification method and system for adoptability of electronic data evidence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103593618A (en) |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104112093A (en)* | 2014-06-25 | 2014-10-22 | 北京天威诚信电子商务服务有限公司 | Evidence obtaining method and system based on electronic signature data |
| CN104598800A (en)* | 2015-01-21 | 2015-05-06 | 浪潮通用软件有限公司 | Authentication method and authentication system for identity information of grain depot and terminal equipment |
| CN105260640A (en)* | 2015-10-28 | 2016-01-20 | 南京邮电大学 | Evidence collecting system and method based on fingerprint authentication and GPS |
| CN105260677A (en)* | 2015-10-28 | 2016-01-20 | 南京邮电大学 | Multiple-attribute-based electronic data fixing system and method |
| CN105635070A (en)* | 2014-11-05 | 2016-06-01 | 许田 | Anti-counterfeit method and system for digital file |
| CN106033519A (en)* | 2016-05-14 | 2016-10-19 | 北京中凌科技有限公司 | Data security method for electronic file |
| CN106127061A (en)* | 2016-06-22 | 2016-11-16 | 杨越 | Computer Cryptography Security ensures computational methods |
| CN106296528A (en)* | 2015-05-24 | 2017-01-04 | 上海光阴信息科技有限公司 | A kind of evidence-gathering and the method and system of process |
| CN106656511A (en)* | 2017-01-13 | 2017-05-10 | 阳振庭 | Method and system for uniformly managing identity endorsement |
| CN107491699A (en)* | 2016-06-10 | 2017-12-19 | 波音公司 | For the method and system to data encoding |
| CN107808102A (en)* | 2017-11-08 | 2018-03-16 | 深圳市携网科技有限公司 | A kind of data evidence method of Audit-oriented terminal |
| CN108304701A (en)* | 2017-01-13 | 2018-07-20 | 阳振庭 | A method and system for generating an identity signature |
| CN108510272A (en)* | 2018-03-09 | 2018-09-07 | 福州米鱼信息科技有限公司 | A kind of electronic evidence acquisition method and system based on operational order |
| CN108550040A (en)* | 2018-03-09 | 2018-09-18 | 福州米鱼信息科技有限公司 | A kind of electronic evidence acquisition method and system based on throwing screen display |
| CN108737095A (en)* | 2018-05-21 | 2018-11-02 | 南京森林警察学院 | A kind of number now surveys record trust model system |
| CN109075978A (en)* | 2016-04-28 | 2018-12-21 | 托雷迈卡有限责任公司 | For generating the computer system of certified data |
| CN109063512A (en)* | 2018-06-17 | 2018-12-21 | 饶四强 | A method of time-proven is carried out using bar code |
| CN109544173A (en)* | 2017-08-16 | 2019-03-29 | 浙江绍兴苏泊尔生活电器有限公司 | Air purifier and method and device for authentication thereof |
| CN109960948A (en)* | 2017-12-26 | 2019-07-02 | 湖北汽车工业学院 | Method for enhancing the security of electronic evidence and electronic evidence storage |
| WO2019127514A1 (en)* | 2017-12-29 | 2019-07-04 | 国民技术股份有限公司 | Graphic code generation method and apparatus, graphic code verification method and apparatus, device, and storage medium |
| CN110008728A (en)* | 2019-04-11 | 2019-07-12 | 苏州超擎图形软件科技发展有限公司 | Electronic evidence method for anti-counterfeit and device |
| CN110659519A (en)* | 2019-11-18 | 2020-01-07 | 陕西品漠农牧科技发展有限公司 | Voucher manufacturing method based on block chain, timestamp and geographic position |
| US10586268B2 (en)* | 2014-06-09 | 2020-03-10 | Mastercard International Incorporated | Method and system for providing merchant referrals to consumers |
| CN110912802A (en)* | 2019-11-07 | 2020-03-24 | 上海百事通信息技术股份有限公司 | E-mail data processing method and device |
| CN111339379A (en)* | 2020-02-29 | 2020-06-26 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis system |
| CN112766994A (en)* | 2021-02-09 | 2021-05-07 | 公安部第三研究所 | Tamper-proof method, system and storage medium for capability verification material |
| CN113905140A (en)* | 2021-09-30 | 2022-01-07 | 伟志股份公司 | GIS-based natural resource investigation system and method |
| CN114528541A (en)* | 2022-02-23 | 2022-05-24 | 宁夏凯信特信息科技有限公司 | Electronic data evidence obtaining method, evidence obtaining system and evidence obtaining terminal |
| CN114693475A (en)* | 2022-06-01 | 2022-07-01 | 四川证法科技有限公司 | Method and system for realizing on-site supervision notarization based on AR glasses |
| WO2025058578A1 (en)* | 2023-09-12 | 2025-03-20 | KOÇAK SARI, Seda | Mobile application system and usage method that provides the protection of audio and visual data with real-time location and content-protected coding using smart devices |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060265328A1 (en)* | 2003-07-18 | 2006-11-23 | Global Friendship Inc. | Electronic information management system |
| CN101110982A (en)* | 2007-06-19 | 2008-01-23 | 李儒耕 | Method for acquiring evidence using wireless terminal and server |
| CN101330386A (en)* | 2008-05-19 | 2008-12-24 | 刘洪利 | Authentication system based on biological characteristics and identification authentication method thereof |
| CN102223374A (en)* | 2011-06-22 | 2011-10-19 | 熊志海 | Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence |
| CN102609658A (en)* | 2012-02-15 | 2012-07-25 | 何晓行 | Electronic evidence consolidating device, electronic evidence consolidating method and electronic evidence consolidating system |
- 2013
- 2013-10-28CNCN201310516312.3Apatent/CN103593618A/enactivePending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060265328A1 (en)* | 2003-07-18 | 2006-11-23 | Global Friendship Inc. | Electronic information management system |
| CN101110982A (en)* | 2007-06-19 | 2008-01-23 | 李儒耕 | Method for acquiring evidence using wireless terminal and server |
| CN101330386A (en)* | 2008-05-19 | 2008-12-24 | 刘洪利 | Authentication system based on biological characteristics and identification authentication method thereof |
| CN102223374A (en)* | 2011-06-22 | 2011-10-19 | 熊志海 | Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence |
| CN102609658A (en)* | 2012-02-15 | 2012-07-25 | 何晓行 | Electronic evidence consolidating device, electronic evidence consolidating method and electronic evidence consolidating system |
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10586268B2 (en)* | 2014-06-09 | 2020-03-10 | Mastercard International Incorporated | Method and system for providing merchant referrals to consumers |
| CN104112093A (en)* | 2014-06-25 | 2014-10-22 | 北京天威诚信电子商务服务有限公司 | Evidence obtaining method and system based on electronic signature data |
| CN105635070A (en)* | 2014-11-05 | 2016-06-01 | 许田 | Anti-counterfeit method and system for digital file |
| CN104598800A (en)* | 2015-01-21 | 2015-05-06 | 浪潮通用软件有限公司 | Authentication method and authentication system for identity information of grain depot and terminal equipment |
| CN106296528A (en)* | 2015-05-24 | 2017-01-04 | 上海光阴信息科技有限公司 | A kind of evidence-gathering and the method and system of process |
| CN105260640A (en)* | 2015-10-28 | 2016-01-20 | 南京邮电大学 | Evidence collecting system and method based on fingerprint authentication and GPS |
| CN105260677A (en)* | 2015-10-28 | 2016-01-20 | 南京邮电大学 | Multiple-attribute-based electronic data fixing system and method |
| CN105260640B (en)* | 2015-10-28 | 2019-04-30 | 南京邮电大学 | A forensic system and method based on fingerprint authentication and GPS |
| CN109075978A (en)* | 2016-04-28 | 2018-12-21 | 托雷迈卡有限责任公司 | For generating the computer system of certified data |
| CN109075978B (en)* | 2016-04-28 | 2022-04-01 | 托雷迈卡有限责任公司 | Computer system for generating authenticated data |
| CN106033519A (en)* | 2016-05-14 | 2016-10-19 | 北京中凌科技有限公司 | Data security method for electronic file |
| CN107491699A (en)* | 2016-06-10 | 2017-12-19 | 波音公司 | For the method and system to data encoding |
| CN107491699B (en)* | 2016-06-10 | 2023-09-19 | 波音公司 | Method and system for encoding data |
| WO2017219474A1 (en)* | 2016-06-22 | 2017-12-28 | 杨越 | Computation method for guaranteeing security of computer password |
| CN106127061A (en)* | 2016-06-22 | 2016-11-16 | 杨越 | Computer Cryptography Security ensures computational methods |
| CN106656511A (en)* | 2017-01-13 | 2017-05-10 | 阳振庭 | Method and system for uniformly managing identity endorsement |
| CN108304701A (en)* | 2017-01-13 | 2018-07-20 | 阳振庭 | A method and system for generating an identity signature |
| CN109544173A (en)* | 2017-08-16 | 2019-03-29 | 浙江绍兴苏泊尔生活电器有限公司 | Air purifier and method and device for authentication thereof |
| CN107808102A (en)* | 2017-11-08 | 2018-03-16 | 深圳市携网科技有限公司 | A kind of data evidence method of Audit-oriented terminal |
| CN109960948A (en)* | 2017-12-26 | 2019-07-02 | 湖北汽车工业学院 | Method for enhancing the security of electronic evidence and electronic evidence storage |
| WO2019127514A1 (en)* | 2017-12-29 | 2019-07-04 | 国民技术股份有限公司 | Graphic code generation method and apparatus, graphic code verification method and apparatus, device, and storage medium |
| CN108550040A (en)* | 2018-03-09 | 2018-09-18 | 福州米鱼信息科技有限公司 | A kind of electronic evidence acquisition method and system based on throwing screen display |
| CN108510272A (en)* | 2018-03-09 | 2018-09-07 | 福州米鱼信息科技有限公司 | A kind of electronic evidence acquisition method and system based on operational order |
| CN108737095B (en)* | 2018-05-21 | 2021-03-05 | 南京森林警察学院 | Method for carrying out credible operation by using digital current survey record credible model system |
| WO2019223310A1 (en)* | 2018-05-21 | 2019-11-28 | 南京森林警察学院 | Digital crime scene investigation record trusted model system |
| CN108737095A (en)* | 2018-05-21 | 2018-11-02 | 南京森林警察学院 | A kind of number now surveys record trust model system |
| CN109063512A (en)* | 2018-06-17 | 2018-12-21 | 饶四强 | A method of time-proven is carried out using bar code |
| CN110008728A (en)* | 2019-04-11 | 2019-07-12 | 苏州超擎图形软件科技发展有限公司 | Electronic evidence method for anti-counterfeit and device |
| CN110008728B (en)* | 2019-04-11 | 2021-08-24 | 苏州超擎图形软件科技发展有限公司 | Electronic evidence anti-counterfeiting method and device |
| CN110912802A (en)* | 2019-11-07 | 2020-03-24 | 上海百事通信息技术股份有限公司 | E-mail data processing method and device |
| CN110659519A (en)* | 2019-11-18 | 2020-01-07 | 陕西品漠农牧科技发展有限公司 | Voucher manufacturing method based on block chain, timestamp and geographic position |
| CN111339379A (en)* | 2020-02-29 | 2020-06-26 | 重庆百事得大牛机器人有限公司 | Electronic evidence analysis system |
| CN112766994A (en)* | 2021-02-09 | 2021-05-07 | 公安部第三研究所 | Tamper-proof method, system and storage medium for capability verification material |
| CN113905140A (en)* | 2021-09-30 | 2022-01-07 | 伟志股份公司 | GIS-based natural resource investigation system and method |
| CN113905140B (en)* | 2021-09-30 | 2023-06-23 | 伟志股份公司 | GIS-based natural resource investigation system and method |
| CN114528541A (en)* | 2022-02-23 | 2022-05-24 | 宁夏凯信特信息科技有限公司 | Electronic data evidence obtaining method, evidence obtaining system and evidence obtaining terminal |
| CN114693475A (en)* | 2022-06-01 | 2022-07-01 | 四川证法科技有限公司 | Method and system for realizing on-site supervision notarization based on AR glasses |
| WO2025058578A1 (en)* | 2023-09-12 | 2025-03-20 | KOÇAK SARI, Seda | Mobile application system and usage method that provides the protection of audio and visual data with real-time location and content-protected coding using smart devices |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103593618A (en) | Verification method and system for adoptability of electronic data evidence | |
| CN111628868B (en) | Digital signature generation method and device, computer equipment and storage medium | |
| Shen et al. | Privacy-preserving image retrieval for medical IoT systems: A blockchain-based approach | |
| JP6096893B2 (en) | Biometric signature system, registration terminal and signature generation terminal | |
| CN106657049B (en) | System and method for real-time collecting and fixing electronic evidence | |
| CN101331706A (en) | Secure threshold decryption protocol computation | |
| EP3637674A1 (en) | Computer system, secret information verification method, and computer | |
| CN112487253B (en) | User invitation code generation method, verification method, device, equipment and storage medium | |
| Yu et al. | Comments on “public integrity auditing for dynamic data sharing with multiuser modification” | |
| CN106685640B (en) | Electronic evidence fixed information generation method and electronic evidence fixed server | |
| KR101925463B1 (en) | Method of record and validation of image hash value and apparatus using the same | |
| CN112906056A (en) | Cloud storage key security management method based on block chain | |
| CN113452526A (en) | Electronic document storage and verification method and corresponding device | |
| KR20150007960A (en) | Secret data matching device, secret data matching method, and recording medium | |
| Chen et al. | Steganographic secret sharing with GAN-based face synthesis and morphing for trustworthy authentication in IoT | |
| CN114978694A (en) | Data volume generation method, device, equipment and storage medium based on digital signature | |
| CN101141466A (en) | File Authentication Method Based on Interleaved Watermark and Biological Features | |
| CN110992219A (en) | Intellectual property protection method and system based on block chain technology | |
| CN106713297B (en) | Electronic data fixed platform based on cloud service | |
| CN117370952A (en) | Multi-node identity verification method and device based on block chain | |
| CN112069479A (en) | Face data calling method and device based on block chain | |
| Punith et al. | Blockchain based Electronic Voting Machine | |
| KR102486027B1 (en) | Metering data collection server that collects metering data in conjunction with a camera arranged to photograph the area where the metering value is displayed on the meter and operating method thereof | |
| Maulana et al. | Beccak: Combination of Blockchain and Keccak Algorithm for Improved Digital Signature Performace | |
| CN116522359A (en) | Evidence trusted evidence storage method, device, medium and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20140219 |