Blockchain certificate storage: one of the alternatives for Hangzhou Internet Court

background

Blockchain technology has been widely used in the fields of judicial evidence storage, evidence collection, and evidence issuance in my country. The starting point is the "Regulations of the Supreme People's Court on Several Issues Concerning the Trial of Cases by Internet Courts" issued by the Supreme People's Court in 2018. Specifically, the Regulations were drafted under the leadership of the Hangzhou Internet Court. I was working at the NetEase Hangzhou Research Institute at the time. Judicial evidence storage was one of the research directions of the research institute. The Hangzhou Internet Court extensively solicited technical opinions from the blockchain industry during the drafting process. I was fortunate to be selected as one of the technical representatives by the company, and worked closely with the company. Representatives from Tongren, Alibaba, Hangzhou Gongdao and other companies discussed together. This technical blog is compiled based on the notes I took at that time. At that time, we not only provided consulting opinions, but also provided implementable technical solutions for reference on the construction of the certificate storage system.

Provisions of the Supreme People's Court on Several Issues Concerning the Trial of Cases in Internet Courts

Article 11 The electronic data submitted by the parties can be proved through electronic signatures, trusted timestamps, hash value verification, blockchain and other evidence collection, fixation and anti-tampering technical means, or through the certification of electronic evidence collection and storage platforms. Its authenticity shall be confirmed by the Internet Court.

Reported certificate storage system design alternatives

general principles

• Legal compliance principles: Comply with relevant national laws, regulations and industry regulatory requirements, and provide underlying technical support based on blockchain for data storage.
• Security principle: Take strict security measures to ensure the security of on-chain data assets and on-chain transactions to avoid attacks
• Privacy Protection Principle: Adopt tenant isolation, security authentication and authorization to ensure data privacy on the chain and prevent the leakage of important user information
• Data consistency principle: The data off-chain and on-chain should be as consistent as possible, and the data between various nodes in the chain should also be guaranteed to be ultimately consistent.
• Principle of autonomy and controllability: Necessary technical means should be adopted to ensure that the certificate-depositing alliance chain is in a controllable state and to prevent uncontrollable events that violate the law.
• Data traceability principle: Make use of the non-tampering characteristics of the blockchain to ensure that all business activities on the chain have relevant records, are traceable and auditable
• Business-oriented principle: Analyze whether the certificate chain is suitable for carrying the certificate according to specific needs, and give priority to the business scenarios used in design and development.

layered architecture

base node

• Computing: Provide computing power support during the operation of the blockchain system, including but not limited to physical machines, cloud hosts, containers and other technologies
• Storage: Provides various types of data generated during the operation of the blockchain system, including: ledgers, transaction information, backup data, etc.
• Network: Provide the network node function of the distributed network system during the operation of the blockchain system, and enable efficient and safe communication between nodes.

Certificate chain

• Consensus mechanism: Adopt PBFT consensus, join forces with industry and national authorities to participate in block confirmation, effectively avoiding malicious and non-malicious errors
• Distributed ledger: All nodes maintain it together to implement a tamper-proof and trustworthy mechanism to ensure the integrity, consistency, and authenticity of the ledger.
• Privacy protection: Through strict authorization mechanisms, it is ensured that sensitive information such as application information and business processing in blockchain applications will not be leaked or illegally obtained.
• Data signature: The data signature function can effectively avoid the integrity and unforgeability of data units, and is generally implemented based on asymmetric encryption.
• Smart contract: It is a set of commitments defined in the form of computer code, which can be widely used in copyright deposit and transaction scenarios.

Certificate deposit business

• Business scope: Realize core functions such as "text storage, image storage, file storage, copyright transactions, and infringement detection"
• Business process: see description at the end

Certificate access

• Web access: The platform access party implements the certificate storage function through the Web. In addition, the Web side also implements user registration and login, payment, and several value-added services.
• API access: The platform access party calls the certificate deposit service through API. The API interface definition can be found in the "NetEase Certificate Deposit Service Platform API Interface" document.

Common functions

• Platform operation:

  • Operational strategy: including business, technology, security, privacy and authentication strategies

  • Platform monitoring: Monitor the overall operating status of the platform, including: network communication of nodes in the blockchain network, consensus algorithm, storage space, etc.

  • External docking: docking matters between the certificate deposit service platform and other external platforms, including: payment system, business management system, etc.

• Platform security:

  • Real-name authentication: In accordance with relevant national regulations, the real-name authentication mechanism is strictly implemented while ensuring the privacy protection of user information.

  • Permission management: Specify corresponding permission management strategies based on different roles and implement the principle of minimal openness

  • System security: Provides inter-node communication encryption and node data encryption storage, conducts regular security scans, and performs node host security reinforcement

  • Anti-spam: External data (text, pictures, videos, etc.) must pass NetEase Yidun security review to ensure business compliance and security

• Regulatory audit:

  • Supervision support: Implement technical means such as pre-event access control, mid-event authority control, and post-event traceability to achieve regulatory goals and ensure that records are traceable and auditable

  • Audit function: allows the audit unit to join as a node in the blockchain for real-time auditing

Cross-chain docking architecture

Full diagram of evidence storage, infringement evidence collection and judicial process

Business process description

Users initiate original content storage (corresponding to activities 1, 2, and 3 on the left in the picture above)

• Perform hash calculation on the original content and calculate the hash value corresponding to the content, which is called the content hash value (compatible with the Internet Court hash algorithm)

• Save original content to cloud storage.

• Save it as the content hash value存证服务平台区块链, and the blockchain will include it in a specific block, which has a block hash value.

• Batch form anchors the judicial chain, as described below

Discover infringements and collect infringement evidence (corresponding to activities 4, 5, and 6 on the left in the picture above)

• Call存证服务平台系统 the evidence collection interface. This interface is a trusted environment certified by the notary office to obtain evidence of infringement-related information.

• The infringement evidence collection results and process (formed screen recording information) are calculated to obtain the infringement evidence collection hash value.

• Save forensic content to cloud storage.

• Use the infringement evidence to obtain the hash value and store it 存证服务平台区块链. The blockchain will include it in a specific block, which has a block hash value.

• Batch form anchors the judicial chain, as described below

Anchoring the judicial chain in batches: the certificate storage service platform blockchain generates blocks at certain intervals. After the blocks are generated, the blocks will contain a set of original content hash values ​​and infringement evidence hash values; The hash value of the block and the block itself is stored in 司法链. After successfully entering the judicial chain, the judicial chain returns the judicial chain hash certificate.

After collecting evidence of infringement, the system will automatically prompt the user whether they need to defend their rights and what judicial assistance can be provided; notaries can intervene to preserve the evidence, and lawyers can intervene to defend their rights; a review and filtering process will be carried out before the lawsuit is formally submitted.

Initiate a litigation request (corresponding to activity A on the right in the picture above)

• Call the Internet Court Interface Litigation Application Interface.

• The lawsuit states the identity of the parties, the facts and reasons, and the original content, content hash, judicial chain hash certificate, infringement evidence, infringement evidence hash, etc.

• If accepted successfully, the case number will be returned.

Verification link (corresponding to activities B and C on the right in the picture above)

• Verification initiated during the litigation stage is initiated within the trusted network environment of the Internet Court.

• Verify that the content hash is in the transaction of the block corresponding to the judicial chain hash certificate, and verify that the original content and content hash match

• Hangzhou Mutual Law and the existing notarization evidence link of the notary office call evidence preservation through content hash and infringement evidence hash to verify whether there is a relevant notarization certificate.

• The judicial chain hash certificate corresponds to the block time, which can be used as time evidence for original content storage; (optional) the original notarization certificate contains a trusted timestamp for original storage, which can also be used as time evidence for original content storage.

• Successful verification proves the validity of the original content and solid content, as well as the corresponding storage time.

---

Hangzhou Internet Court Judicial Chain Platform Specifications

It seems to be based on Ant Chain, with requirements for performance, security, and reliability:

• Performance: independent consensus algorithm, throughput reaches 25,000 transactions per second; transaction confirmation time is seconds; dynamic expansion, storage horizontal expansion

• Security: Identity authentication and authorization management of all participants; full-link end-to-end encrypted transmission; pluggable cryptographic algorithms; supports national secret algorithms and hardware encryption devices; provides different levels of privacy such as one-time passwords and multi-party signatures Protection means; consensus protocol prevents node malicious attacks

• Reliability: automatic adaptation of network delays; automatic recovery of node consensus status; automatic recovery of node block data; automatic routing of node services

Some concepts

Blockchain: A block chain data structure that is non-forgeable, non-tamperable and traceable in a peer-to-peer network environment through transparent and trustworthy rules. Patterns for implementing and managing transaction processing.

Hangzhou Internet Court Litigation Platform (hereinafter referred to as the "Litigation Platform"): a professional platform for Hangzhou Internet Court to hear online disputes involving the Internet, which can be used for storage, access, exchange, Certify electronic evidence generated during litigation.

Hangzhou Internet Court Judicial Blockchain Platform (hereinafter referred to as the "Judicial Blockchain Platform"): It is a full chain to solve the generation, storage, transmission and extraction of electronic evidence. To solve the road trust issue, a public trust evidence chain is developed and constructed using blockchain technology.

The anchoring method is different from what we expected: each item is entered into the chain one by one, and although the evidence of the same case is entered into the chain discretely, it must be logically connected in series, and the relevant evidence has a consistent token

And it cannot be stored in the form of compressed packages such as zip rar. In addition to fixed business data, it is also necessary to fix the processing flow data of the business data, physical electronic equipment identification and other information.
This shows that our business understanding of certificate deposits is still different from others; the technical understanding is more consistent >

The transmission data format includes HTTPS+JSON text format and HTTPS+binary data packet format.

Data packets are divided into two categories: evidence storage data packets and evidence collection data packets.

The data submitted to the judicial blockchain is a Hash value, and the relevant plain text content needs to be stored by yourself or through a third-party platform.

---

Verification process

(1) The parties and their litigation agents upload evidence on the litigation platform, and enter the hash value of the evidence content and the hash value of the blockchain where the content is located in the remarks;

(2) The verification system initiates the evidence retrieval operation, and the litigation platform transmits the evidence files to the verification system;

(3) The verification system calculates the electronic data summary for the received electronic data, automatically compares it through the judicial chain electronic data summary comparison interface, and imports the comparison results into the litigation platform after verification.