A blockchain storage hardware device for on-site audit forensics
By designing a hardware device that incorporates multimedia acquisition, satellite positioning, trusted timestamps, and a blockchain light node chip, the problem of insufficient credibility of the evidence chain in existing audit evidence collection is solved. It realizes the collection and preservation of on-site evidence data and ensures that the time is immutable, thereby improving the credibility and legal validity of the evidence chain.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHONGQING UNIV OF TECH
- Filing Date
- 2026-03-12
- Publication Date
- 2026-06-09
AI Technical Summary
Existing audit and evidence collection methods suffer from insufficient credibility of the evidence chain, inability to guarantee time and location information at the hardware level, separation of evidence storage and collection processes, and lack of mechanisms to prevent physical tampering, resulting in insufficient data credibility and legal validity.
Design a blockchain evidence storage hardware device for on-site auditing and evidence collection, comprising a main control processor, a multimedia acquisition unit, a satellite positioning module, a trusted timestamp module, a blockchain light node chip, a secure storage unit, and a communication interface module. Implement hash calculation, timestamp generation, and blockchain writing at the hardware level to build multi-layered anti-tampering protection.
It enables the collection and storage of on-site evidence data, ensuring that the time is immutable, thus constructing an unforgeable spatiotemporal proof, enhancing the credibility and legal validity of the evidence chain, supporting offline evidence collection scenarios, and strengthening anti-tampering capabilities.
Smart Images

Figure FT_1 
Figure FT_2 
Figure FT_3
Abstract
Description
Technical Field
[0001] This invention relates to the field of audit information technology, specifically to a blockchain-based evidence storage hardware device and corresponding evidence storage method for on-site audit evidence collection. Background Technology
[0002] Audit evidence collection is a core part of the audit process. The authenticity, completeness, and immutability of audit evidence directly affect the legal validity and reliability of audit conclusions. Traditional on-site audit evidence collection mainly relies on auditors using common equipment (such as smartphones, digital cameras, and laptops) to collect images, audio recordings, and documents, which are then manually compiled, archived, and submitted to the audit management system. This method has the following prominent problems:
[0003] First, the credibility of the evidence chain is insufficient. Evidence data collected by general-purpose equipment needs to go through multiple manual steps to be transmitted to the audit system after being stored locally. There is a possibility that the data may be tampered with, replaced or forged in the intermediate steps, making it impossible to technically prove the originality and completeness of the evidence to the auditee and regulatory agencies.
[0004] Second, the time and location information lacks hardware-level guarantees. The timestamps of devices such as smartphones are generated by the operating system software layer and can be forged by modifying the system clock; geographical location information can also be simulated by software means, which casts doubt on the credibility of the time and location of the evidence and weakens the probative value of the audit evidence.
[0005] Third, the evidence storage and collection processes are separated. Even if the auditing firm uses software methods such as digital signatures or hash verification, these operations are usually performed only after the evidence data is uploaded to the auditing system. This makes it impossible to achieve immediate binding between collection and evidence storage, and there is still a risk that the data may be replaced within the time window.
[0006] Fourth, there is a lack of mechanisms to prevent physical tampering. Existing forensic equipment lacks the ability to detect and respond to physical disassembly at the hardware level. Attackers can physically read the storage medium, bypassing software-level access controls, which puts stored audit data and private keys at risk of being stolen.
[0007] Blockchain technology, with its decentralized, immutable, and fully traceable characteristics, offers a new approach to solving the aforementioned problems. Some solutions have attempted to introduce blockchain technology into the field of auditing and evidence preservation; however, existing solutions are primarily software-based and rely on general-purpose hardware. The core hash calculations, timestamp generation, and blockchain writing operations are still performed at the software layer, failing to fundamentally eliminate the risk of attacks or bypasses at the software layer.
[0008] Therefore, there is an urgent need for an on-site audit and evidence collection device that solidifies the key operations of blockchain evidence storage in a dedicated hardware layer, so as to ensure the characteristics of immediate evidence storage upon collection, unforgeable time, and complete and verifiable evidence chain from a physical perspective. Summary of the Invention
[0009] (a) Purpose of the invention
[0010] The purpose of this invention is to provide a blockchain-based evidence storage hardware device for on-site auditing and evidence collection, in order to solve the problems of insufficient credibility of the evidence chain, inability to guarantee time and location information at the hardware level, separation of evidence storage and collection processes, and lack of anti-physical tampering mechanisms in existing auditing and evidence collection methods, thereby achieving the goal of on-site evidence collection data being collected and stored simultaneously, time being immutable, and data fingerprints being verifiable on the blockchain.
[0011] (II) Technical Solution
[0012] To achieve the above objectives, the present invention provides the following technical solution: a blockchain evidence storage hardware device for on-site auditing and evidence collection, comprising a main control processor, a multimedia acquisition unit, a satellite positioning module, a trusted timestamp module, a blockchain light node chip, a secure storage unit, a communication interface module, and a power management module.
[0013] The main control processor is electrically connected to the multimedia acquisition unit, satellite positioning module, trusted timestamp module, blockchain light node chip, secure storage unit, communication interface module and power management module, and is responsible for uniformly scheduling the working sequence and data flow of each module.
[0014] The multimedia acquisition unit is used to collect audio and video data and image data required for on-site auditing and evidence collection, and transmits the collected raw data to the main control processor in real time.
[0015] The satellite positioning module is used to acquire the geographic coordinates of the device when it is collecting evidence on site, generate location metadata, and synchronize it to the main control processor.
[0016] The trusted timestamp module has a built-in hardware clock source, which is used to generate a hardware-level trusted timestamp at the same time as the evidence data is generated. The trusted timestamp is directly driven by the hardware clock source and is generated without going through the software layer of the main control processor, thus ensuring the immutability of the timestamp at the physical level.
[0017] The blockchain light node chip includes a hash operation unit and an on-chain writing unit. The hash operation unit performs hash calculations on the original byte stream of the evidence collection data to generate a data fingerprint. The on-chain writing unit encapsulates the data fingerprint, trusted timestamp, and geographic coordinate metadata into an evidence storage transaction body, completes the signing through a trusted execution environment, and broadcasts the evidence storage transaction body to a preset consortium blockchain network to realize on-chain evidence storage.
[0018] The secure storage unit is equipped with a hardware encryption engine for encrypting and storing the collected raw evidence data and evidence records. The storage area is divided into a temporary cache area and a persistent evidence storage area. Data in the temporary cache area can only be cleared after the evidence storage and uploading to the blockchain are completed.
[0019] The communication interface module supports both wired and wireless communication methods and is used for data interaction with the audit management system and batch uploading of evidence records.
[0020] The power management module has a built-in rechargeable battery and power management circuit, which provides a continuous and stable power supply for the device and triggers the main control processor to issue an alarm when the power is lower than a preset threshold.
[0021] Furthermore, the multimedia acquisition unit includes a high-definition camera submodule, a microphone array submodule, and a document scanning submodule. The high-definition camera submodule includes a main camera and a wide-angle camera; the microphone array submodule consists of an array of at least four microphone units, which suppresses environmental noise through beamforming algorithms; the document scanning submodule integrates a near-field scanning light source and an image sensor to perform flattening scanning acquisition of paper documents.
[0022] Furthermore, the trusted timestamp module also includes a timekeeping unit, which performs periodic calibration with the National Time Service Center through a satellite time synchronization protocol. When the connection with an external time source is lost, it relies on a built-in high-precision temperature-compensated crystal oscillator to maintain time autonomously, with a timekeeping error of no more than ±1 second / 24 hours. It also generates a calibration log for each calibration operation and stores it in write-only mode.
[0023] Furthermore, the blockchain light node chip also includes a trusted execution environment unit. The hash calculation unit and the on-chain writing unit run within the trusted execution environment unit. The auditing of private keys and the hash calculation process are not exposed to the normal operating environment of the main control processor. At the same time, the measurement report generated by the data integrity processing link is also stored on the chain.
[0024] Furthermore, the secure storage unit is also equipped with an access control submodule, which performs at least one of PIN code verification and biometric verification, and triggers a security lockout mechanism and sends a security alarm event when three consecutive verifications fail.
[0025] Furthermore, the device also includes an anti-tamper detection module, which triggers a series of actions when unauthorized disassembly is detected, including hardware erasure of the audit private key, writing to an indelible security log, and sending an anti-tamper alarm to the audit management system.
[0026] Furthermore, the multimedia acquisition unit also includes a watermark overlay submodule, which uses a discrete cosine transform frequency domain embedding method to embed identity identifiers, timestamps, and geographic coordinates as invisible digital watermarks into each frame of image data.
[0027] (III) Beneficial Effects
[0028] Compared with the prior art, the present invention has the following beneficial effects:
[0029] First, it ensures the credibility of the evidence storage at the physical level. This invention embeds hash calculation, timestamp generation, and blockchain writing operations all within a dedicated hardware chip, completing the process in a trusted execution environment. The audit private key does not pass through the software layer of the main control processor, fundamentally eliminating the risk of software attacks tampering with the evidence storage data and achieving the technical goal of evidence storage upon collection.
[0030] Second, it constructs an unforgeable spatiotemporal proof. The trusted timestamp module generates timestamps through a built-in hardware clock source and calibrates with the National Time Service Center via a satellite time synchronization protocol. Combined with the geographical coordinates obtained by the satellite positioning module, it forms a hardware-level spatiotemporal proof, overcoming the inherent defect that traditional software timestamps can be forged.
[0031] Third, it achieves multi-layered anti-tampering protection. This invention constructs a defense-in-depth system through multiple dimensions such as blockchain evidence storage, trusted execution environment, hardware encrypted storage, invisible digital watermarking, and tamper detection. Any tampering with the evidence data can be detected through on-chain hash comparison, and any physical disassembly of the device itself will trigger key erasure and alarms, greatly improving the anti-attack capability of audit evidence.
[0032] Fourth, it supports offline evidence collection scenarios. The communication interface module supports both wired and wireless communication methods. Evidence collection data collected offline is encrypted and stored locally and a queue to be uploaded to the blockchain is maintained. Once the network is restored, the data is automatically uploaded to the blockchain in chronological order, effectively ensuring the continuity of evidence collection in scenarios with limited network access.
[0033] Fifth, it enhances the legal validity of audit evidence. After the collected data is stored on the blockchain, its hash value, collection timestamp, and geographical coordinates are all recorded and verifiable on the chain. Combined with the measurement reports generated by the trusted execution environment, it can provide judicial and regulatory authorities with a technically verifiable chain of evidence, significantly improving the legal admissibility of audit evidence. Attached Figure Description
[0034] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below.
[0035] Figure 1 This is a block diagram of the overall structure of the device of the present invention.
[0036] Figure 2 This is a schematic diagram of the internal structure of the multimedia acquisition unit of the present invention.
[0037] Figure 3This is a schematic diagram of the internal structure and data flow of the blockchain light node chip of the present invention.
[0038] Figure 4 This is a schematic diagram illustrating the working principle of the trusted timestamp module of the present invention.
[0039] Figure 5 This is a flowchart of the on-site audit evidence collection and preservation method of the present invention. Detailed Implementation
[0040] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative effort are within the scope of protection of the present invention.
[0041] Example 1: Overall Structure of the Device
[0042] See Figure 1 As shown in the figure, the blockchain evidence storage hardware device for on-site auditing and evidence collection provided by this embodiment of the invention adopts the form of a portable handheld device. Its shape is designed with reference to law enforcement recorders. It has drop protection and IP54 dustproof and waterproof capabilities, making it convenient for auditors to carry and use in various on-site environments.
[0043] The device's hardware architecture is centered around a main control processor, which uses an ARM Cortex-A series processor with a clock speed of no less than 1.2GHz. The built-in operating system uses a security-hardened embedded Linux, with only application programming interfaces for auditing and forensics open, and all unnecessary system services and network ports closed to reduce the software attack surface.
[0044] The main control processor is connected to the multimedia acquisition unit, satellite positioning module, trusted timestamp module, blockchain light node chip, secure storage unit, communication interface module, and power management module via a high-speed internal bus. Data flow between modules is uniformly scheduled by the main control processor, but hash calculations, timestamp generation, and blockchain signature writing operations involving evidence security are all completed independently within each dedicated chip, bypassing the main control processor's software layer through hardware interrupts and hardware direct memory access mechanisms.
[0045] The power management module has a built-in lithium polymer rechargeable battery with a capacity of no less than 4000mAh, supports standard USB-C interface charging, and can work continuously for no less than 8 hours on a full charge, covering the needs of a complete audit workday. The power management module monitors the battery level in real time. When the battery level drops below 20%, a yellow warning is issued on the device display screen via the main control processor. When the battery level drops below 5%, a red alarm is issued and the auditor is prompted to save the current evidence data.
[0046] Example 2: Multimedia Acquisition Unit
[0047] See Figure 2 As shown, the multimedia acquisition unit is the core data entry point of the device, which includes three parts: a high-definition camera submodule, a microphone array submodule, and a document scanning submodule.
[0048] The high-definition camera submodule consists of a main camera with a 1 / 2.3-inch CMOS image sensor (resolution no less than 5 megapixels, supporting 1080P / 30fps video recording) and a wide-angle camera (angle no less than 120°). The main camera uses optical image stabilization technology to ensure image clarity, while the wide-angle camera is used to capture global environmental images of the audit site. The two cameras can work simultaneously, capturing both panoramic and detailed images at the same time.
[0049] The microphone array submodule adopts a four-microphone rectangular array layout, with a signal-to-noise ratio of no less than 65dB for each microphone. The array runs a beamforming algorithm through a hardware DSP chip to adaptively increase the gain of the main sound direction and suppress ambient noise from the sides and rear by more than 30dB, ensuring that the voice content in the recording is clear and indistinguishable.
[0050] The document scanning submodule integrates an 850nm near-infrared supplementary light source array and a high-resolution linear image sensor (resolution no less than 600 DPI) to perform flat scanning of paper documents placed below the device. The acquired images are automatically processed by the onboard image processing unit for perspective transformation to remove distortion, adaptive binarization, and brightness equalization, outputting standardized digital image files suitable for OCR recognition and archiving.
[0051] The watermark overlay submodule is integrated into the image processing pipeline of the high-definition camera submodule. After the image data is read from the sensor and before it is written to the temporary buffer, a dedicated watermark processing FPGA unit makes minor modifications to the mid-frequency band of the DCT transform coefficients of each frame of the image, embedding 36 bytes of watermark information containing the auditor's identifier (16 bytes), the current trusted timestamp (8 bytes), and the geographic coordinates (12 bytes). The watermark embedding strength coefficient α can be adjusted between 0.01 and 0.05, with a default value of 0.02. Under this parameter, the watermark information can still be completely extracted after JPEG compression to a quality factor of 70.
[0052] Example 3: Trusted Timestamp Module
[0053] See Figure 4 As shown, the trusted timestamp module is the key hardware unit for realizing the time unforgeability feature of this invention.
[0054] The core of the trusted timestamp module is a dedicated real-time clock chip. This chip uses an independent crystal oscillator as its clock source and is physically isolated from the system clock of the main control processor. The main control processor has only read-only access to this chip and cannot modify its timing values through software.
[0055] When the device is networked, the timekeeping unit synchronizes its clock with the National Time Service Center (Shaanxi Astronomical Observatory) every 24 hours via the NTP / GNSS time service protocol, achieving a synchronization accuracy within ±50 milliseconds. Each synchronization operation generates a calibration log entry containing the time before synchronization, the time after synchronization, the deviation, and the time service source. This entry is appended to a write-only calibration log file in a secure storage unit, and the operating system does not have permission to delete this file.
[0056] When the device is offline, the timekeeping unit autonomously keeps time using its built-in high-precision temperature-compensated crystal oscillator (TCXO). The TCXO's frequency stability is better than ±0.5ppm (within the operating temperature range of -10°C to +60°C), and the daily error is no more than ±0.04 seconds, meeting the time accuracy requirements for auditing and forensics.
[0057] When the device is powered on, the trusted timestamp module reports the current clock status to the main control processor. If a clock anomaly is detected (such as a jump exceeding the threshold), the auditor will be prompted on the device display screen, and a clock anomaly flag will be marked in the subsequently generated evidence metadata. This does not affect the evidence collection process but leaves a trace in the evidence storage record.
[0058] Example 4: Blockchain Light Node Chip
[0059] See Figure 3 As shown, the blockchain light node chip is the core security unit for achieving the credibility of evidence storage in this invention, and it is implemented using a dedicated security chip (such as one that meets the CC EAL5+ security level standard).
[0060] The Trusted Execution Environment (TEE) unit is built on ARM TrustZone technology, dividing the chip's computing resources into two isolated areas: a Secure World and a Normal World. The hash operation unit and the on-chain write unit operate in the Secure World. The generation, storage, and use of audit private keys are all completed within the Secure World. The main control processor and main operating system, which operate in the Normal World, cannot read any data in the Secure World.
[0061] The hash operation unit implements both SHA-256 and SM3 hash algorithms, supporting block-based streaming hash calculations for large files without loading the entire file into memory, thus reducing storage resource requirements. For audio and video files, the hash operation unit performs hash calculations on the original encoded data stream (rather than the transcoded file), ensuring that the calculation results correspond one-to-one with the original acquired data.
[0062] The on-chain write unit implements a light node protocol with a pre-defined consortium blockchain network (taking a consortium blockchain based on the PBFT consensus mechanism as an example). The structure of the notarized transaction body is defined as follows:
[0063] Tx = { DevID: Unique device identifier, AuditorID: Auditor identifier, DataHash: Data hash value, Timestamp: Trusted timestamp, Location: {lat, lng, alt}, DataType: Evidence data type, MeasurementReport: TEE metric report hash}
[0064] The on-chain writing unit uses the private key from the X.509 certificate issued by the auditing authority to perform an SM2 elliptic curve digital signature on Tx, which is completed within a secure world. The signed transaction body is broadcast to the consortium blockchain node through the communication interface module. After verifying the signature validity and transaction format, the blockchain node writes the transaction into a new block and returns the transaction hash TxHash to the device.
[0065] Before each evidence storage operation, the Trusted Execution Environment Unit measures the software components running in the secure world, including the integrity verification of the hash operation unit firmware, the on-chain writing unit firmware, and the private key management module. It generates a measurement report and stores the hash value of the measurement report in the MeasurementReport field of the evidence storage transaction on the chain, ensuring that the trustworthiness of the evidence storage operation itself is also recorded on the chain.
[0066] Example 5: On-site Audit Evidence Collection and Preservation Methods
[0067] See Figure 5 As shown, this embodiment describes a complete on-site audit evidence collection and preservation process, using a special audit of the procurement compliance of a state-owned enterprise as an example.
[0068] S1. Evidence Preparation Phase: After arriving at the auditee's site, the auditors activate the device and complete biometric verification via fingerprint recognition (Secure Storage Unit Access Control Submodule). The device automatically performs a power-on self-test: the trusted timestamp module reports the current time as 9:22 AM on November 6, 2025, with a deviation of +0.03 seconds from Beijing time; the satellite positioning module successfully obtains indoor GPS / BeiDou hybrid positioning with an accuracy of 3.5 meters; the blockchain light node chip successfully connects to the consortium blockchain network deployed by the auditing agency, with the latest block height being 1,547,893. With all self-tests passed, the device enters the evidence collection standby state, and a green status indicator bar is displayed at the top of the screen.
[0069] S2. Data Acquisition Phase: Auditors first used the document scanning submodule to scan an original procurement contract. The scanning process took approximately 8 seconds, generating a 600 DPI PDF file with a file size of 4.2 MB. Subsequently, the high-definition camera submodule was used to photograph the cover and signature page of the original contract, acquiring a total of 5 images. During this process, the trusted timestamp module recorded the acquisition start timestamp T_start = 2025-11-06T09:23:15.0823, and the satellite positioning module locked the geographic coordinates (lat: 39.9042, lng: 116.4074, alt: 42.1m).
[0070] S3. Hash Calculation and Timestamp Binding Phase: After the procurement contract scanning document is collected, the hash operation unit of the blockchain light node chip calculates the SHA-256 hash value of the original byte stream of the PDF file in a secure environment. The result is H = a3f5c8d2e1b904... (a 64-bit hexadecimal string). Simultaneously, the trusted timestamp module generates a completion timestamp for the file, T_end = 2025-11-06T09:23:23.1145, forming a three-element binding data group (H, T_end, pos).
[0071] S4. On-chain Notification Stage: The on-chain writing unit encapsulates the three-element binding data group along with DevID (device unique identifier) and AuditorID (auditor employee ID) into a notification transaction body Tx. In a secure environment, it completes SM2 signing using the audit private key. The signed Tx is then broadcast to the consortium blockchain network via 5G wireless communication. Approximately 3 seconds later, the device receives the transaction hash TxHash = 0x7e3b9a12c4f8... from the consortium blockchain, and the device display shows a green on-chain success indicator.
[0072] S5. Local Encrypted Storage Stage: The original PDF file is encrypted by the AES-256 hardware encryption engine of the secure storage unit and then written to the persistent evidence storage area. The evidence storage meta data packet (JSON format, containing fields such as H, T_start, T_end, pos, DevID, AuditorID, TxHash, etc.) is also encrypted and stored together.
[0073] S6. Evidence Collection and Verification: After the audit is completed, the audit staff enters TxHash into the audit management system to query the evidence storage records on the consortium blockchain and retrieves H, T_end, and pos stored on the chain. The staff calculates the SHA-256 hash value of the original PDF file exported from the device's persistent evidence storage area in real time and compares it with the H value on the chain. If they are completely consistent, the verification is successful, confirming that the scanned contract document has not been tampered with in any way since its collection, the collection time and location match the on-chain records, and the evidence chain is complete and valid.
[0074] The embodiments described above are merely illustrative of the technical solutions of the present invention and are not intended to limit it. Although the present invention has been described in detail above with reference to specific embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the present invention, and such modifications and equivalent substitutions should all be covered within the protection scope of the claims of the present invention.
Claims
1. A blockchain-based evidence storage hardware device for on-site auditing and evidence collection, characterized in that, include: The main control processor, multimedia acquisition unit, satellite positioning module, trusted timestamp module, blockchain light node chip, secure storage unit, communication interface module, and power management module are included. The main control processor is electrically connected to the multimedia acquisition unit, satellite positioning module, trusted timestamp module, blockchain light node chip, secure storage unit, communication interface module and power management module, and is responsible for uniformly scheduling the working sequence and data flow of each module; The multimedia acquisition unit is used to collect audio and video data and image data required for on-site auditing and evidence collection, and transmits the collected raw data to the main control processor in real time. The satellite positioning module is used to acquire the geographic coordinate information of the device when collecting evidence on site, generate location metadata, and synchronize it to the main control processor. The trusted timestamp module has a built-in hardware clock source, which is used to generate a hardware-level trusted timestamp at the same time as the evidence data is generated. The trusted timestamp is directly driven by the hardware clock source and is generated without going through the software layer of the main control processor, thus ensuring the immutability of the timestamp at the physical level. The blockchain light node chip includes a hash operation unit and an on-chain writing unit. The hash operation unit performs hash calculations on the raw byte stream of the evidence data to generate a data fingerprint. The on-chain writing unit encapsulates data fingerprints, trusted timestamps, and geographic coordinate metadata into a notarized transaction body, completes the signing through a trusted execution environment, and broadcasts the notarized transaction body to a preset consortium blockchain network to achieve notarization on the chain. The secure storage unit is equipped with a hardware encryption engine for encrypting and storing the collected raw evidence data and evidence records. The storage area is divided into a temporary cache area and a persistent evidence storage area. Data in the temporary cache area can only be cleared after the evidence storage and uploading to the blockchain are completed. The communication interface module supports both wired and wireless communication methods and is used for data interaction with the audit management system and batch uploading of evidence records. The power management module has a built-in rechargeable battery and power management circuit, which provides a continuous and stable power supply for the device and triggers the main control processor to issue an alarm when the power is lower than a preset threshold.
2. The blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 1, characterized in that, The multimedia acquisition unit includes a high-definition camera submodule, a microphone array submodule, and a document scanning submodule; The high-definition camera submodule includes a main camera and a wide-angle camera. The main camera is used to capture high-definition images and videos. Wide-angle cameras are used to capture panoramic images of the scene; The microphone array submodule consists of an array of at least four microphone units, used to collect on-site audio and suppress environmental noise and improve speech clarity through beamforming algorithms. The document scanning submodule integrates a near-field scanning light source and an image sensor, which is used to perform flattening scanning and acquisition of paper vouchers and ledgers, and to automatically perform distortion removal and brightness equalization processing on the scanned images.
3. The blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 1, characterized in that, The trusted timestamp module also includes a timekeeping unit, which performs periodic calibration with the National Time Service Center through a satellite time synchronization protocol, with a calibration cycle not exceeding 24 hours. In the event of a loss of connection with an external time source, the timekeeping unit relies on its built-in high-precision temperature-compensated crystal oscillator to keep time autonomously, with a timekeeping error of no more than ±1 second / 24 hours. The trusted timestamp module generates a calibration log for each time calibration operation. The calibration log is stored in a secure storage unit in write-only mode and cannot be deleted or modified.
4. The blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 1, characterized in that, The blockchain light node chip also includes a trusted execution environment unit; The Trusted Execution Environment (TEE) unit provides an isolated and secure operating area. The hash operation unit and the on-chain writing unit run within the TEE unit, and the auditing of the private key and the hash calculation process are not exposed to the normal operating environment of the main control processor. The trusted execution environment unit measures the complete data processing chain and generates a measurement report. The measurement report and the evidence-based transaction are written into the blockchain for post-audit verification.
5. A blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 1, characterized in that, The secure storage unit also includes an access control submodule; Before accessing the persistent evidence storage area, the access control submodule performs auditor authentication, which includes at least one of PIN code verification and biometric verification. When authentication fails three times in a row, the access control submodule triggers a security lockout mechanism. During the lockout period, all read and write operations on the persistent evidence storage area are prohibited, and a security alarm event is sent to the communication interface module.
6. A blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 1, characterized in that, The communication interface module includes a wireless communication submodule and a wired communication submodule; The wireless communication submodule supports 4G / 5G cellular communication and wireless local area network communication, and is used to broadcast the evidence storage transaction to the consortium blockchain network in real time at the evidence collection site with network coverage. The wired communication submodule includes a USB interface for wired connection with the local audit workstation when the network is unavailable, enabling batch export and delayed uploading of offline evidence data to the blockchain. The evidence collection data and locally generated evidence records collected by the device in offline mode are automatically retransmitted to the blockchain by the main control processor after communication is restored. The retransmission order is arranged according to the trusted timestamp order.
7. A blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 1, characterized in that, The main control processor is also equipped with a certificate metadata generation module; After each evidence collection operation is completed, the evidence storage metadata generation module automatically aggregates the following information to generate a structured evidence storage metadata data package: The evidence collection data includes hash value, evidence collection start timestamp, evidence collection end timestamp, geographical coordinates of evidence collection location, unique device identifier, auditor's identity identifier, evidence collection data type identifier, and evidence storage transaction hash. The evidence storage metadata is encapsulated in JSON format, digitally signed by the blockchain light node chip, and stored in the persistent evidence storage area of the secure storage unit. It is also saved on the blockchain as an additional field of the evidence storage transaction.
8. A blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 1, characterized in that, The device also includes an anti-tamper detection module; The tamper detection module senses the opening action of the device casing through a mechanical switch or a photosensitive sensor. When the anti-tamper detection module detects unauthorized disassembly, it immediately sends an interrupt signal to the main control processor. After responding to the interrupt, the main control processor performs the following operations: triggers the secure storage unit to perform hardware erasure of the audit private key, writes the anti-tamper event to the non-deletable security log, and sends an anti-tamper alarm to the audit management system through the communication interface module.
9. A blockchain-based evidence storage hardware device for on-site auditing and evidence collection according to claim 2, characterized in that, The multimedia acquisition unit also includes a watermark overlay submodule; The watermark overlay submodule embeds the auditor's identity, trusted timestamp, and geographic coordinates into each frame of image data in the form of an invisible digital watermark while collecting image and video data. The invisible digital watermark uses a discrete cosine transform frequency domain embedding method. The embedding strength parameter is adjustable, the watermark information does not affect the visual quality of the image, and it is still extractable after image compression.
10. A method for on-site auditing, evidence collection, and preservation based on the apparatus described in any one of claims 1 to 9, characterized in that, Includes the following steps: S1. Evidence Collection Preparation: The auditor starts the device and completes the identity verification through the access control submodule of the secure storage unit. The device completes a self-test, including verifying the clock status of the trusted timestamp module, the positioning status of the satellite positioning module, and the connection status between the blockchain light node chip and the consortium blockchain network. After the self-test is passed, it enters the evidence collection standby state. S2. Data Acquisition: Auditors operate the multimedia acquisition unit to collect evidence objects at the audit site. During the acquisition process, the main control processor records the evidence collection start timestamp T_start in real time, and the satellite positioning module synchronously acquires and locks the geographic coordinate information (lat, lng, alt). S3. Hash Calculation and Timestamp Binding: After each independent evidence data file is collected, the hash operation unit of the blockchain light node chip calculates the SHA-256 hash value H on the original data byte stream in the trusted execution environment. The trusted timestamp module synchronously generates the hardware-level completion timestamp T_end of the file, forming a three-element bound data group (H, T_end, pos). S4. On-chain storage: The on-chain writing unit encapsulates the three-element binding data group (H, T_end, pos) together with the device identifier DevID and the auditor identifier AuditorID into a storage transaction body Tx. In the trusted execution environment, Tx is digitally signed with the audit private key. The signed transaction body is broadcast to the consortium blockchain network to obtain the transaction hash TxHash returned by the blockchain. S5. Local encrypted storage: The original evidence data file is encrypted by the hardware encryption engine of the secure storage unit and then written to the persistent evidence storage area. The evidence storage metadata, including fields such as H, T_start, T_end, pos, DevID, AuditorID, and TxHash, is encrypted and stored in JSON format. S6. Evidence Collection and Verification: After the evidence collection is completed, the audit management system can query the evidence storage records from the consortium blockchain network through TxHash, compare the hash value H stored on the chain with the real-time calculated hash value of the local original file, and if they are consistent, it proves that the evidence data is complete and has not been tampered with; trusted timestamps and geographical coordinates can be verified through on-chain records.
11. The on-site audit evidence collection and preservation method according to claim 10, characterized in that, In step S4, when the device is in a network unavailable state: The on-chain writing unit stores the signed and stored transaction body Tx into the on-chain queue of the secure storage unit; The main control processor periodically checks the network status of the communication interface module, and automatically broadcasts the evidence-preserving transactions in the queue to be uploaded to the consortium blockchain network in the order of timestamps after the network is restored. The integrity of all evidence data generated during offline evidence collection is verified off-chain through calibration logs from the trusted timestamp module.