A method and system for trusted forensics of a drone

By combining trusted data collection at the drone's edge hardware with distributed evidence storage via a consortium blockchain, the problems of easily tampered electronic data and opaque evidence collection processes have been solved. This enables end-to-end trusted evidence collection, meets the electronic evidence requirements of judicial scenarios, and improves the real-time performance and reliability of evidence collection.

CN122394785APending Publication Date: 2026-07-14FUJIAN POLICE ACAD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
FUJIAN POLICE ACAD
Filing Date
2026-04-27
Publication Date
2026-07-14

Smart Images

  • Figure CN122394785A_ABST
    Figure CN122394785A_ABST
Patent Text Reader

Abstract

The application provides a kind of unmanned aerial vehicle trusted evidence obtaining method and system, in unmanned aerial vehicle end, through the acquisition agent in hardware trusted execution environment, the original data generated in running process is collected in real time, incremental hash calculation is carried out on the original data to generate data fingerprint, and the data fingerprint and associated metadata are signed with private key at hardware level to generate source end signature data packet;Second digital signature is carried out, evidence storage transaction request is generated and submitted to alliance chain network;Through the smart contract encapsulated with judicial evidence rules, the validity of hardware level digital signature and secondary digital signature is verified;After verification, the globally unique evidence identifier is generated by the smart contract fusion data fingerprint, unmanned aerial vehicle unique identifier and on-chain timestamp, and written into the distributed ledger of alliance chain;Judicial verification end obtains corresponding data fingerprint from the distributed ledger, calculates the hash value of the evidence to be verified, and compares it with the obtained data fingerprint, to complete evidence check.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of low-altitude unmanned aerial vehicle (UAV) technology, specifically relating to a reliable method and system for UAV evidence collection. Background Technology

[0002] With their mobility, flexibility, and ease of deployment, drones have rapidly gained popularity in both civilian and professional fields. However, this has also led to incidents such as unauthorized flights and illegal collection of audiovisual information, creating an urgent need for electronic data forensics in the investigation and handling of these incidents. During operation, drones continuously generate various types of data, including flight control commands, satellite positioning trajectories, and audio-visual recordings. This data is the core evidence for defining flight behavior, determining responsibility for incidents, and conducting law enforcement investigations.

[0003] Existing drone-based evidence collection methods primarily focus on static data extraction and file recovery from onboard storage media, essentially representing a reactive, offline data acquisition technique. They lack the ability to reliably solidify data at its source in real time, and also lack the technical means to ensure tamper-proof and traceable evidence preservation throughout the entire evidence collection process. Therefore, they struggle to guarantee the credibility and judicial validity of the final electronic evidence.

[0004] Drone electronic data is inherently prone to tampering and loss, and traditional evidence collection methods suffer from several insurmountable technical shortcomings. Onboard data can be manually modified or deleted, compromising its originality. The data's time and location information are highly dependent on the device's local clock, making independent verification of the data source's credibility difficult. The entire process, from on-site extraction and data analysis to evidence presentation, involves multiple stages and operational entities; manual control is susceptible to oversights, easily casting doubt on the integrity and continuity of the evidence chain. Furthermore, centralized evidence storage and management models present single-point security risks, and the lack of rigid constraints on cross-departmental collaboration permissions fails to meet the stringent requirements of judicial scenarios regarding the authenticity, integrity, and traceability of electronic evidence. Summary of the Invention

[0005] In view of the defects and shortcomings of existing technologies, this invention provides a reliable evidence collection method and system for drones, aiming to solve problems such as easy tampering of drone electronic data, difficulty in verifying the source, lack of transparency in the evidence collection process, and single point of failure risks in centralized storage.

[0006] The core of this invention lies in constructing a dual-security architecture that combines trusted data acquisition from the device's edge hardware with distributed evidence storage via a consortium blockchain. On the UAV edge, by integrating a trusted execution environment or hardware security module, real-time, isolated, and trusted acquisition and preprocessing of multi-source data, such as flight control commands, satellite positioning trajectories, and audio / video streams, are performed at the data generation source. The key innovation lies in employing a dual-signature mechanism: first, the device's private key is used to sign the data itself and its hash value, ensuring the data source's trustworthiness and integrity; subsequently, the forensic operator uses their exclusive key to re-sign the result, binding the operator's identity and responsibility. To adapt to the characteristics of streaming data such as audio and video, the system adopts an incremental hash calculation strategy based on keyframes, constructing a Merkle tree structure to achieve efficient and verifiable integrity protection for massive amounts of data; furthermore, a time-series-based verifiable evidence commitment chain is constructed, achieving global consistency verification throughout the data's lifecycle through a recursively cascaded hash structure, fundamentally solving the technical pain point of difficulty in detecting time-series data tampering.

[0007] On the evidence storage side, the system submits key evidentiary information, such as double-signed data summaries and operation logs, to a consortium blockchain network specifically designed for judicial collaboration via smart contracts for evidence storage. This network employs a multi-channel architecture to achieve data isolation and access control between different institutions. The evidence storage process supports a dual-track mode: online real-time evidence storage is performed when network conditions are available; in the event of a network outage, data can be temporarily cached locally and automatically synchronized to the blockchain once the network is restored, ensuring the continuity of the evidence collection process and the integrity of the evidence chain. Furthermore, all key operations generate logs and calculate hash values, forming a hash chain in sequence, achieving immutability and traceability throughout the entire operation process.

[0008] Ultimately, the authenticity, integrity, and operational process of the electronic evidence formed through the above methods can be publicly verified via blockchain or verified offline using keys held by relevant institutions, thus forming a reliable end-to-end drone electronic data evidence collection solution that meets the stringent requirements of judicial scenarios.

[0009] The specific technical solution adopted by this invention to solve its technical problem is as follows:

[0010] A trusted method for obtaining evidence from drones includes:

[0011] On the drone side, a data acquisition agent deployed in a hardware trusted execution environment physically isolated from the flight control system collects raw data generated during operation in real time, performs incremental hash calculation on the raw data to generate a data fingerprint, and uses the private key in the hardware trusted execution environment to perform hardware-level digital signature on the data fingerprint and associated metadata to generate a source-end signed data packet.

[0012] The on-site evidence collection terminal performs a secondary digital signature on the source-end signature data packet, generates a notarized transaction request, and submits it to the consortium blockchain network composed of multiple authoritative institutional nodes.

[0013] In the consortium blockchain network, the validity of the hardware-level digital signature and the secondary digital signature is verified by a smart contract that encapsulates judicial evidence collection rules.

[0014] After verification, the smart contract integrates data fingerprints, drone unique identifiers, and on-chain timestamps to generate a globally unique evidence identifier, and writes the globally unique evidence identifier and associated evidence storage information into the distributed ledger of the consortium blockchain.

[0015] The judicial verification terminal obtains the corresponding data fingerprint from the distributed ledger, calculates the hash value of the evidence to be verified, and compares it with the obtained data fingerprint to complete the evidence verification.

[0016] Furthermore, the original data is stored in an off-chain storage system, and the distributed ledger of the consortium blockchain only stores data fingerprints and associated metadata.

[0017] Furthermore, the trusted execution environment is either a trusted execution environment built into the UAV main control chip or an external hardware security module.

[0018] The data acquisition agent and the flight control system use a one-way data transmission method. The flight control system pushes the raw data one-way to the cache area of ​​the trusted execution environment of the hardware, and the data acquisition agent does not write data to general storage devices, including the onboard SD card.

[0019] Furthermore, the incremental hash calculation is implemented using a Merkle tree structure. For flight log data, leaf node hashes are generated for each message and aggregated to obtain the root hash. For media data, segmented hashes are generated after slicing according to preset rules and aggregated to obtain the root hash. A verifiable evidence commitment chain is constructed based on the time series. The hash value of the data at the current moment, the commitment value at the previous moment, the trusted timestamp, and the unique identifier of the UAV are hashed to generate the evidence commitment value at the current moment, forming a recursively cascaded global consistency verification structure.

[0020] Furthermore, for video stream data, slicing according to a preset duration ensures that each slice contains at least one instant-on-demand refresh frame.

[0021] Furthermore, it supports both online streaming incremental on-chain and offline batch processing on-chain modes;

[0022] In online mode, incremental data fingerprints are sent to the consortium blockchain agent nodes in real time. In offline mode, the global hash of the complete task file is calculated and cross-verified with the incremental data fingerprints on the blockchain.

[0023] Furthermore, the consortium blockchain network adopts the Raft consensus mechanism, configures high-priority channels for emergency case transactions, and deploys transaction caching and retransmission mechanisms on proxy nodes;

[0024] Consortium blockchain nodes are divided into core nodes that participate in consensus, proxy nodes that are responsible for data forwarding, and read-only verification nodes that are only used for querying.

[0025] Furthermore, the consortium blockchain network creates independent private channels for different cases, and channel nodes implement dynamic access and exit management through smart contracts;

[0026] The hash values ​​of all operation logs throughout the entire lifecycle of the evidence are appended to the blockchain for storage, forming an electronic evidence custody chain.

[0027] The smart contract implements a three-level mapping of institutions, roles, and permissions, predefines multiple types of judicial roles and assigns corresponding operation permissions, and automatically verifies the identity of nodes and the qualifications of channel members before the transaction is executed.

[0028] And, a trusted forensic system for unmanned aerial vehicles (UAVs) for performing the above methods, including:

[0029] The edge-side trusted acquisition unit, deployed on the UAV, is used to collect raw data through a hardware trusted execution environment that is physically isolated from the flight control system, and to perform incremental hash calculations and hardware-level digital signatures.

[0030] The edge evidence collection unit is used to perform secondary digital signatures on the source-end signed data packets and submit them for evidence storage transactions.

[0031] A consortium blockchain network unit consists of nodes from multiple authoritative institutions, used to maintain the distributed ledger and perform consensus processing;

[0032] The smart contract execution unit, deployed in the consortium blockchain network unit, is used to automatically verify the validity of signatures and complete the evidence solidification.

[0033] The judicial verification unit is used to obtain data fingerprints from the distributed ledger and complete evidence verification.

[0034] Furthermore, the smart contract execution unit includes a permission management module, an evidence storage and solidification module, and an audit trail module, which are used to realize role permission control, on-chain evidence storage, and full-process operation recording, respectively.

[0035] Compared to existing technologies, this invention and its preferred solution, through the physical isolation design of the trusted execution environment on the edge hardware and the flight control system, combined with a one-way data transmission mechanism, eliminate the possibility of human tampering from the data source, effectively ensuring the originality and authenticity of the evidence data. The synergistic application of incremental hash calculation and hardware-level digital signatures achieves the technical effect of data generation being solidified and collection being authenticated, significantly improving the real-time performance and reliability of the evidence collection process. The recursively cascaded verifiable evidence commitment chain achieves global consistency verification throughout the data lifecycle; any data tampering will trigger a cascading change in the commitment value, possessing provable collision resistance capabilities, further strengthening the unforgeability and integrity of electronic evidence. The secondary digital signature at the on-site evidence collection end and the hardware signature at the drone end form a dual responsibility binding, clarifying the responsibility of the equipment and the operator, and enhancing the legal effect of the evidence. The introduction of consortium blockchain networks and smart contracts encodes judicial evidence collection rules into automated execution logic, eliminating the operational risks caused by human intervention and ensuring the transparency and consistency of the evidence collection process. Data fingerprints are stored on-chain, and original data is stored off-chain. The dual-track evidence storage model effectively reduces on-chain storage pressure while ensuring judicial credibility, achieving a balance between system performance and evidence security. Support for both online streaming incremental on-chain and offline batch processing on-chain modes flexibly adapts to different application scenarios such as real-time evidence collection and post-event supplementary recording, enhancing the system's practicality and adaptability. The optimized architecture and high-priority channel configuration of the consortium blockchain network ensure rapid response capabilities for urgent cases, while dynamic access management of private channels achieves data isolation and access control. On-chain appending storage of the entire evidence lifecycle operation log forms a complete electronic evidence custody chain, providing technical support for the traceability and integrity of evidence. The three-level mapping mechanism of institutions, roles, and permissions implemented by smart contracts provides rigid permission constraints for cross-departmental collaboration, effectively preventing unauthorized operations and data leakage risks. The judicial verification end achieves efficient verification of evidence authenticity and integrity through rapid comparison of on-chain data fingerprints and local evidence, constructing an end-to-end credible evidence collection closed loop from data source to court examination, significantly improving the credibility and probative value of drone electronic evidence in judicial practice. Attached Figure Description

[0036] The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments:

[0037] Figure 1 This is an architecture diagram of a trusted forensics scheme for unmanned aerial vehicles (UAVs) according to an embodiment of the present invention

[0038] Figure 2 This is a general framework diagram of the drone trusted forensics system according to an embodiment of the present invention;

[0039] Figure 3 This is a verifiable commitment chain diagram for a drone according to an embodiment of the present invention. Detailed Implementation

[0040] To make the features and advantages of the present invention more apparent and understandable, specific embodiments are described below in detail:

[0041] It should be noted that the following detailed descriptions are exemplary and intended to provide further explanation of this application. Unless otherwise specified, all technical and scientific terms used in this specification have the same meaning as commonly understood by one of ordinary skill in the art to which this application pertains.

[0042] It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the exemplary embodiments according to this application. As used herein, the singular form is intended to include the plural form as well, unless the context clearly indicates otherwise. Furthermore, it should be understood that when the terms "comprising" and / or "including" are used in this specification, they indicate the presence of features, steps, operations, devices, components, and / or combinations thereof.

[0043] In response to core technical problems such as easy data tampering, incomplete evidence chains, unreliable evidence collection processes, and lack of cross-departmental access control during the electronic evidence collection process involving drones, this invention proposes an end-to-end reliable drone evidence collection method and system, constructing a closed-loop trust system for the entire process from data collection at the source to court examination and verification.

[0044] This solution adopts a dual-core architecture combining edge-side trusted data collection with consortium blockchain distributed evidence storage: A trusted data collection agent based on a trusted execution environment is deployed on the drone to collect key data such as flight logs and audio / video media in real time and perform incremental hash calculations, generating immutable digital fingerprints and completing hardware-level digital signatures to ensure data originality from the source; a consortium blockchain network composed of multiple authoritative entities such as relevant departments and drone manufacturers is constructed, relying on the Hyperledger Fabric underlying framework to achieve distributed on-chain solidification of metadata and hash fingerprints, while simultaneously using a channel mechanism to achieve physical-level isolation and fine-grained access control for sensitive case data.

[0045] The solution encapsulates the judicial evidence collection compliance process into a smart contract, enabling the automated execution of the entire process of evidence storage, transfer, and verification, and rigidly constraining the permissions of evidence collection operations and cross-departmental collaboration rules; by adding the hash of the full lifecycle operation log of evidence on the blockchain, a tamper-proof and penetrable audit trail system is constructed to fully record every step of the evidence operation from collection, storage, transfer to verification.

[0046] This system can effectively ensure the data integrity, source credibility, and process auditability of electronic evidence obtained from drones, meet the requirements of judicial scenarios for the authenticity, traceability, and compliance of electronic evidence, and greatly enhance the credibility and judicial effectiveness of drone-related evidence collection.

[0047] The specific construction of this solution will be further demonstrated and described below with reference to the accompanying drawings and specific embodiments:

[0048] 1. Problem Description

[0049] 1.1 Definition of Entity Network System

[0050] To clearly depict the data flow and trust boundaries in the drone forensics process, this embodiment constructs a heterogeneous network entity system encompassing physical space perception and data acquisition as well as cyberspace anchoring and solidification. This system... It can be formally described by a quintuple, i.e. The entity meanings and their interaction logic are as follows:

[0051] Source data generation entity (UAV): Serving as the physical source of forensic tasks. Considering the computing and storage limitations of onboard equipment, a lightweight acquisition agent based on a Trusted Execution Environment (TEE) is deployed within the UAV. This agent is used for any raw multimedia or log data acquired. The UAV is responsible for extracting digital fingerprints and generating cryptographic proofs in the isolated environment, i.e., outputting... .

[0052] Edge Verification Provider (FE): Representing an authoritative authority or authorized body, the FE is responsible for initiating evidence storage transactions. To ensure equal rights and responsibilities, the FE must use its unique private key. Perform a second digital signature on the data packets and associated metadata generated by the UAV.

[0053] Distributed Consensus Network (CN): Established by multiple authoritative institutions including the authentication center and relevant departments, CN maintains a decentralized global ledger. It is responsible for verifying the legality of transactions submitted by FE and completing the packaging of blocks and synchronization of ledger status through a specific consensus algorithm.

[0054] Verifying Entity (VP): Refers to judges, lawyers, or arbitrators at the end of the chain of evidence. VP has read-only access to the ledger, can retrieve on-chain anchored fingerprint data through application layer interfaces, and input verification functions to verify the integrity and spatiotemporal attributes of real-world copies of evidence.

[0055] Smart Contracts (SC): Automated scripts deployed in each node of the consortium blockchain, encapsulating strict access control policies, evidence solidification algorithms and verification mechanisms. Their execution process is open and transparent to the entire network, ensuring that the evidence collection rules are enforced without human intervention.

[0056] 1.2 Threat Model Assumptions

[0057] Assume that a probabilistic attacker A exists in the system, possessing polynomial-time computation capabilities, capable of eavesdropping, intercepting, tampering with, or replaying publicly available communications on the network, and to some extent penetrating physical devices. The threat model of this invention is based on the following three assumptions:

[0058] (1) Compromise between terminal physical and storage.

[0059] Assume the UAV's onboard SD card is completely untrusted. A malicious "black flight" operator, A, has the capability to physically damage the storage medium or maliciously tamper with flight logs and replace critical video frame data using mounting tools before the drone crashes or is captured. .

[0060] (2) Semi-trusted operators and channel interception. Assume the UAV holder or some field forensics personnel... It is either semi-credible or even malicious, attempting to intercept communication channels and carry out data tampering or forged timestamp attacks during the "on-chain window period" when data leaves the UAV but has not yet been packaged by the consortium blockchain CN consensus in order to evade legal responsibility or fabricate favorable evidence.

[0061] (3) Failure of centralized institutions. It is assumed that the database of a traditional single-center authentication institution is vulnerable in terms of topology, and its database may be subject to targeted penetration attacks by external hackers, resulting in the alteration or destruction of historical electronic evidence.

[0062] 2. Design of Trusted Evidence Collection Methods and Devices Based on Consortium Blockchain

[0063] 2.1 Overall Architecture

[0064] To address the above issues, this embodiment provides a highly cohesive, loosely coupled four-layer architecture designed for end-to-end trusted forensics. From bottom to top, the layers are: data source layer, blockchain core layer, smart contract layer, and application service layer. The overall architecture is as follows: Figure 2 As shown, each layer achieves software and hardware collaboration around the core invention objectives of ensuring the immutability, credibility of the source, and traceability of the entire process of drone electronic evidence, rather than a generalized service architecture.

[0065] Among them, the data source layer corresponds to Figure 2 The edge-side data acquisition layer focuses on trusted hardware-level data acquisition at the UAV edge. Through a trusted execution environment or hardware security module, it achieves unidirectional acquisition of flight data and audio / video media, incremental hash calculation, and hardware signature, significantly reducing the risk of data tampering at the source. The core blockchain layer corresponds to... Figure 2 The consortium blockchain network layer, built on a peer-to-peer network, utilizes an optimized Raft consensus algorithm, a distributed ledger, and a state database to permanently solidify hash fingerprints, timestamps, and dual signatures, achieving decentralized evidence storage. The smart contract layer corresponds to... Figure 2The smart contract layer encapsulates the specific business logic for judicial evidence collection, providing standardized on-chain interfaces for evidence storage, verification, access control, and audit tracking, rigidly executing the evidence collection process and replacing manual control. The application service layer corresponds to... Figure 2 The evidence collection and verification terminals provide a visual interface for different roles such as evidence collectors, judicial personnel, and auditors, enabling evidence submission, retrieval, verification, and auditing, and supporting rapid verification in court hearings.

[0066] In this embodiment, the evidence-gathering data adopts a closed-loop circulation mechanism combining dual signatures and on-chain solidification, fully corresponding to... Figure 1 The interaction logic of the five core entities in the physical network system is implemented as follows: First, the drone, as the source data generating entity, uses its internal trusted agent to collect audio, video, and flight logs in real time in an isolated environment, completes incremental hash calculation and hardware signature, and generates an immutable original data fingerprint. Second, the on-site evidence collector, as the edge evidence collection entity, uses its exclusive private key to perform a secondary digital signature on the data packet, confirms the responsibility for evidence collection operations, and submits it to the distributed consensus network. Subsequently, the consensus nodes in the distributed consensus network perform fully automatic verification of the double signature and data packet format. After the verification is successful, the smart contract is triggered to execute the evidence storage logic. Finally, the smart contract writes the data hash, satellite timestamp, double signature, and drone's unique identifier into the distributed ledger, completing the permanent solidification of evidence. The judicial verification entity at the end of the evidence chain can retrieve the on-chain anchored data through the application platform during the court hearing, compare it with the local evidence copy using hash, and complete the verification of the integrity and authenticity of the evidence.

[0067] 2.2 Reliable data acquisition and preprocessing at the edge

[0068] This layer, as one of the core inventions of this embodiment, solves the technical problems of easy tampering and unreliable source of drone electronic evidence before it is uploaded to the blockchain through four key mechanisms: hardware trusted isolation, one-way data acquisition, dual-mode on-chain, and incremental Merkle hashing.

[0069] This device supports two on-chain modes: online data streaming incremental processing and historical data batch processing, which can be adapted to different evidence collection scenarios. Online data streaming incremental processing is suitable for drones that are flying in real time or seized on-site. For large-capacity video streams, a time frame slicing strategy is adopted to calculate segmented hashes. For flight logs (such as GPS coordinates and attitude angles), incremental hash calculation is used, and fingerprints are sent to the agent node in real time through the 4G / 5G communication module mounted on the drone. Historical data batch processing is suitable for drones that are investigated after the fact or recovered from crashes. A global hash is calculated on the complete mission file and cross-verified with the incremental fingerprint on the chain as the final judicial determination benchmark.

[0070] To address the issue of authenticity of electronic evidence before it is uploaded to the blockchain, this device introduces a hardware-level trust mechanism at the data source layer and specifies the following implementation details:

[0071] (1) Adaptation scheme of TEE / HSM in UAV embedded system

[0072] This device uses a drone main control chip that supports ARM TrustZone technology, deploying a trusted data acquisition agent within its secure world. This secure world is physically isolated from the flight control system, Linux kernel, and other normal world components, ensuring that the acquisition agent's code and runtime data cannot be accessed by the insecure world. For low-end drones without a TEE (Trusted Equipment), an external Microchip ATECC608A series hardware security module (HSM) is used, connected to the main control chip via an I2C interface, storing the device's unique private key and performing hash calculations and signature operations.

[0073] (2) Interface specifications between data acquisition agent and flight control / airborne storage

[0074] The data acquisition agent runs in the TEE / HSM and exchanges data unidirectionally with the flight control system via a shared memory channel. Flight control systems such as PX4 push the following data to a secure world circular buffer in real time via UART or SPI interfaces:

[0075] Flight log (MAVLink message frames, including attitude, GPS, servo output, etc.); MAVLink is the communication protocol for micro-aircraft.

[0076] Media files (H.264 streams from cameras accessed via the CSI interface).

[0077] The acquisition agent does not write directly to the onboard SD card, but instead writes the fingerprint and metadata to a dedicated tamper-proof storage area via DMA, exposing only the signed data packets to the outside world.

[0078] (3) Specific algorithm selection for incremental hashing and audio / video slicing parameters

[0079] This embodiment preferably adopts the Merkle tree incremental hashing mechanism, which supports segmented verification of large files and global verification, balancing verification accuracy and computational efficiency.

[0080] For incremental hashing of flight logs: a Merkle tree structure is adopted. For each received MAVLink message, its SHA-256 hash is calculated as a leaf node, and an intermediate hash is generated every 100 messages. The final root hash serves as the fingerprint of the log segment, supporting independent verification of flight data for any time period. This design allows for independent verification of flight data for any time period without loading the full log.

[0081] For video streams, H.264 / H.265 encoding is used, with segments of fixed duration (preferably 2 seconds). Each segment has an independent hash calculated, and a Merkle root hash is generated for global verification. For audio streams, AAC encoding is used, with segments of 512KB data blocks, and segmented hashes are also calculated. Each segment is required to include an IDR (Instant Decoding Refresh) frame to ensure that any segment can be independently decoded and verified.

[0082] (4) Data packet generation and on-chain triggering

[0083] After aggregating the above incremental hashes, the data acquisition agent constructs the following data packet and immediately sends it to the edge forensics terminal via a 4G / 5G module or directly submits it to the consortium blockchain agent node:

[0084]

[0085] in, This is a unique identification number for the drone and should be consistent with the account registered with the Civil Aviation Administration of China (UAM). Geographic coordinates; For satellite time stamps; For data types; The hash value of the original data; This is an optional path proof used to support partial on-chain verification. Digital signatures for the above elements by trusted hardware.

[0086] (5) A method for constructing a verifiable evidence commitment chain based on time series

[0087] As a further preferred embodiment, this invention proposes a verifiable evidence commitment mechanism based on time-series data streams, building upon incremental Merkle hashing. This mechanism is used to perform formal trustworthy modeling of multi-source heterogeneous data generated during UAV operation, addressing the problem that traditional incremental hashing only provides local integrity verification and lacks global consistency constraints.

[0088] To address the issue that traditional incremental hashing only provides local integrity verification and lacks global consistency constraints, this invention constructs the following recursive commitment structure:

[0089] For the data stream generated by the drone in time series Define the moment The value of the evidence commitment is:

[0090]

[0091] in, For collision-resistant hash functions, A trusted timestamp generated based on satellite time synchronization or blockchain consensus. This serves as a unique device identifier for the drone. The recursive structure achieves a strong coupling between data content, time attributes, and device origin, ensuring that any data tampering at any point in time will lead to a cascading change in subsequent commitment values, thus possessing globally consistent and verifiable characteristics.

[0092] Based on this, the device signature generated by the trusted hardware execution environment is combined with the following. Second signature with on-site evidence collector Construct a globally unique evidence identifier:

[0093]

[0094] Furthermore, it can be proven in terms of security that it is effective against arbitrary tampering. All of them have:

[0095]

[0096] That is, the probability of tampering being detected is close to 1, which ensures the strong integrity and anti-forgery ability of electronic evidence.

[0097] This time-series-based verifiable commitment chain structure is as follows: Figure 3 As shown.

[0098] This commitment chain mechanism, combined with the aforementioned Merkle tree incremental hashing mechanism, can simultaneously achieve independent and rapid verification of single data segments and global consistency verification of the entire dataset, further enhancing the tamper-proof capability of electronic evidence.

[0099] 2.3 Design of Consortium Blockchain Network and Evidence Storage Mechanism

[0100] This embodiment designs a consortium blockchain architecture based on Hyperledger Fabric, and on this basis, designs a dual-track evidence storage mechanism for drone electronic data with on-chain anchoring and off-chain scaling, so as to achieve a balance between security, privacy and system performance in judicial evidence collection.

[0101] First, this system adopts Raft consensus by default and makes the following optimizations for drone evidence collection scenarios: (1) Adjust the block size (1MB~10MB) adaptively according to network load and node response time to ensure throughput in high-concurrency evidence collection scenarios. (2) Set a high-priority channel for transactions with urgent case tags to ensure that key evidence is quickly uploaded to the chain (confirmation time ≤ 2 seconds). (3) In view of the possibility of drone mobile nodes being disconnected, introduce transaction caching and receipt retransmission mechanism to ensure eventual data consistency.

[0102] As a further optimized design, the transaction cache is deployed locally on the lightweight proxy node. When a disconnection with the core node is detected, unconfirmed transactions are automatically cached. After reconnection, transactions are retransmitted in batches according to time sequence. If no receipt is received for three consecutive times, an alarm is triggered.

[0103] Secondly, consortium blockchain nodes are divided into three categories: First, core consensus nodes, deployed by authoritative institutions such as authentication centers and relevant departments, participate in Raft voting and block packaging, and their number is odd (≥5). Second, lightweight proxy nodes, deployed in relevant municipal-level departments, are only responsible for receiving data packets, verifying signatures, and forwarding them to core nodes, without participating in consensus. Third, read-only verification nodes are used by relevant departments, lawyers, authentication experts, and other VP entities, and only synchronize block headers and key metadata.

[0104] Next, a highly scalable dual-track evidence storage mechanism structure was designed, as shown in Table 1. Off-chain, a distributed file system is built to store the original electronic data packets; on-chain, only key metadata and core fingerprints are stored. Furthermore, this method innovatively designs an operation log hash field. Each time evidence is accessed and transferred during subsequent handover and verification processes, an accompanying log is generated, and its hash value is appended to the chain, thus forming an immutable electronic evidence storage chain on-chain.

[0105] Table 1. Dual-track storage structure for drone evidence collection data

[0106]

[0107] Finally, the specific rules for channel creation and management are as follows: Initiated by the case sponsoring organization, and after a vote (e.g., ≥2 / 3 approval) by the alliance management committee (including relevant departments and manufacturers), a private channel is automatically created via the system blockchain. The channel naming convention is Case_<case level>_<region code>_<random number>, such as Case_Secret_350200_abc123. After channel creation, the proposing organization designates a list of authorized node public keys, which are dynamically added via the smart contract AccessControl. Node exit requires log auditing, and the contract executes the kick-out operation afterward.

[0108] 2.4 Solidified Business Logic of Smart Contracts

[0109] This device transforms standard operating procedures and legal rules for judicial evidence collection into executable contract code, deploys it within a consortium blockchain network, and replaces manual control with rigid code constraints. It primarily comprises the design of the following three main business modules:

[0110] (1) Role-based dynamic access control. The authentication logic is pushed down to the smart contract layer. When a node initiates a transaction request, the contract first parses its identity credentials and extracts its organizational attributes. Only nodes with the evidence collector attribute can call the evidence storage interface, while nodes with the judge or arbitrator attribute have global verification permissions.

[0111] Smart contracts mainly consist of two core business modules: role-based dynamic access control and state machine-driven evidence storage contracts.

[0112] Role-based dynamic access control is the core mechanism for this device to achieve judicial privacy protection and fine-grained access control. Its core logic is to realize a three-level mapping of institutions, roles, and permissions, strictly mapping judicial roles in the physical world to operational entities in cyberspace, and ensuring that the boundaries of judicial power are rigidly enforced at the code level.

[0113] In terms of role definition, the contract sets out five core roles based on the actual business needs of drone evidence collection. The first role is the evidence collector, corresponding to legally qualified on-site law enforcement personnel or forensic experts in the physical world, primarily responsible for submitting and initially searching for evidence. The second role is the judge, corresponding to judicial personnel responsible for case hearings in the physical world, possessing the highest authority for evidence verification and retrieval. The third role is the arbitrator, corresponding to personnel in arbitration institutions who may participate in dispute mediation, possessing verification authority similar to that of judges. The fourth role is the auditor, corresponding to judicial supervision departments or internal auditors, responsible for conducting compliance reviews of the entire evidence collection process. The fifth role is the manufacturer's maintenance personnel, corresponding to the drone manufacturer's technical personnel, responsible only for system maintenance and technical support, without access to specific case data.

[0114] In terms of permission design, the contract constructs a permission matrix, assigning operational permissions to different roles that match their judicial responsibilities. Evidence collectors can only submit evidence, query their own submitted evidence records, and request access to relevant evidence when needed for the case; they cannot view case data submitted by other evidence collectors. Judges possess global verification permissions, allowing them to verify all evidence stored on the platform, authorize access to sensitive evidence as needed for the case hearing, and freeze evidence status when necessary to prevent malicious manipulation. Auditors do not participate in the hearing or evidence collection of specific cases; they can only view the operation logs throughout the entire evidence lifecycle and trigger audit trail processes when compliance risks are discovered to ensure the evidence collection process complies with judicial norms. Once evidence status is frozen, all modification, deletion, and transfer operations corresponding to that evidence will be intercepted by the smart contract, and only the judge can unfreeze it.

[0115] Regarding the dynamic admission logic, the contract establishes a strict node joining and leaving mechanism. Node joining requires initiation by the channel administrator and majority vote from alliance members, ensuring that only authorized institutional nodes can participate in the evidence collection process for specific cases. After a node successfully joins, the contract binds its identity and role information and records it on the blockchain, simultaneously triggering a node joining event and permanently recording the operation time and node information on the blockchain. Node leaving also requires log auditing; after contract approval, a removal operation is executed, ensuring the node leaving process is traceable.

[0116] In terms of permission verification interface design, the contract pushes the authentication logic down to the underlying blockchain layer, rather than relying on single-point authentication at the application layer, fundamentally eliminating the risk of permission bypass. When any node initiates a transaction request, the contract first parses its identity credentials, extracts its organizational attributes and role information, then queries the permission matrix to determine whether the role has the corresponding operation permissions, and simultaneously verifies whether the node belongs to the current operation channel. Only when both permission requirements and channel membership are met will the transaction request be executed; otherwise, an insufficient permission error message will be returned directly.

[0117] The following is an example of how this contract implements a three-level mapping of institutions, roles, and permissions:

[0118] Roles: Forensic Examiner, Judge, Arbitrator, Auditor, Manufacturer.

[0119] Permission Matrix: (1) Evidence Collector: Store evidence, query evidence submitted by the individual, and apply for evidence access. (2) Judge: Verify globally, authorize access, and freeze evidence status. (3) Auditor: View operation logs and trigger audit trails.

[0120] Dynamic admission logic:

[0121] function AddNodeToChannel(nodeID, role, channelID):

[0122] require(msg.sender == ChannelAdmin, "Only Channel Administrators can perform this operation")

[0123] require(HasQuorumVote(channelID, "ADD_NODE"), "Number of votes not reached")

[0124] RoleRegistry[nodeID] = role

[0125] ChannelMembers[channelID].add(nodeID)

[0126] Emit(NodeJoined(nodeID, role, block.timestamp))

[0127] Permission verification interface:

[0128] function CheckPermission(nodeID, action, channelID) returns (bool):

[0129] role = RoleRegistry[nodeID]

[0130] return PermissionMatrix[role][action] && IsInChannel(nodeID,channelID)

[0131] (2) State Machine-Driven Evidence Preservation Contract. To ensure the uniqueness and spatiotemporal consistency of the evidence, after receiving the data packet metadata submitted by the on-site evidence collector, the contract calls the underlying cryptographic library to verify the digital signature of the Trusted Execution Environment (TEE). After successful verification, the contract integrates the data hash, drone ID, and the timestamp of the current block to calculate a globally unique evidence identifier and initializes its state to "preserved". Its core evidence preservation algorithm is shown in Algorithm 1.

[0132] Algorithm 1: Smart Contract-Based Algorithm for Unmanned Aerial Vehicle Electronic Evidence Consolidation

[0133]

[0134] The state machine-driven evidence storage contract is the core module of this device for permanently fixing electronic evidence on the blockchain. Its goal is to ensure the uniqueness and spatiotemporal consistency of evidence, and to prevent acts such as forging evidence and duplicate evidence storage. After receiving the data packet metadata submitted by the on-site evidence collector, the contract will automatically execute the entire process of verification and evidence storage according to the preset standardized process, without human intervention. All execution steps will be permanently recorded on the blockchain.

[0135] When the evidence preservation contract is invoked, it first obtains the identity of the initiator of the transaction and verifies whether their role is that of a forensic investigator. This step is the first line of defense for access control; only legally qualified forensic investigators can submit evidence, preventing unauthorized nodes or individuals from writing false data onto the blockchain. If the initiator's role does not meet the requirements, the contract will terminate execution directly and return an error message indicating insufficient permissions.

[0136] After the role verification is successful, the contract will call the underlying cryptographic library to verify the digital signature generated by the trusted execution environment or hardware security module on the drone side. This is the most critical step in the entire evidence preservation process, used to confirm that the submitted data does indeed come from the specified drone device and has not been tampered with during transmission. If the signature verification fails, it indicates that the data packet may have been intercepted or forged, and the contract will immediately terminate the evidence preservation process and return an error message indicating that the signature is invalid.

[0137] After successful signature verification, the contract obtains the timestamp of the current block. This timestamp is jointly confirmed by all consensus nodes in the consortium blockchain network and is immutable. Subsequently, the contract concatenates the original data hash, the drone's unique identifier, and the on-chain timestamp, using the SHA-256 hash algorithm to generate a globally unique evidence identifier. This design strongly binds data content, device identity, and the time dimension, ensuring that each piece of evidence has a unique identifier and cannot be forged.

[0138] After generating the evidence identifier, the contract queries the on-chain state database to check if the identifier already exists. If it exists, it means the evidence has already been deposited, and the contract returns an error message indicating failure to deposit the evidence onto the chain, preventing duplicate deposit. If it does not exist, the subsequent evidence deposit logic continues.

[0139] Next, the contract constructs a complete evidence record structure, including the original data hash, the drone's unique identifier, the forensic investigator's identity, the on-chain timestamp, and the evidence status, and initializes the evidence status to "deposited." Subsequently, the contract writes the evidence identifier and the corresponding evidence record into the on-chain state database, completing the permanent solidification of the evidence.

[0140] Finally, the contract triggers an on-chain event indicating successful evidence preservation, broadcasting the evidence identifier to all relevant nodes in the consortium blockchain network, notifying all parties that the evidence has been successfully preserved. At this point, the entire on-chain preservation process of electronic evidence is complete, returning the generated evidence identifier and transaction success status information.

[0141] This algorithm achieves reliable control over the entire process of electronic evidence from submission to solidification through multi-dimensional verification and automated execution. Each step has a clear logical basis and judicial significance, ensuring that the generated electronic evidence meets the judicial review requirements for authenticity, completeness and traceability.

[0142] As a further preferred implementation method, the smart contracts of this system employ a multi-party endorsement deployment mechanism to ensure the immutability of the code. After the smart contract code is written, it must be submitted to the consortium management committee for compliance review. After the review is approved, it must be jointly signed and endorsed by at least two-thirds of the core consensus nodes before being deployed to all nodes of the consortium blockchain. After deployment, the code hash value of the smart contract will be permanently written into the genesis block of the consortium blockchain. Any modification to the contract code must be re-submitted through the voting process of the consortium management committee and the multi-node endorsement process, thus jointly ensuring the immutability of the contract execution logic from both technical and institutional perspectives.

[0143] It should be noted that, unless otherwise defined, the technical or scientific terms used in this invention should have the ordinary meaning understood by one of ordinary skill in the art to which this invention pertains. The terms "first," "second," and similar terms used in this invention do not indicate any order, quantity, or importance, but are merely used to distinguish different components. Terms such as "comprising" or "including" mean that the element or object preceding the word encompasses the elements or objects listed following the word and their equivalents, without excluding other elements or objects. Terms such as "connected" or "linked" are not limited to physical or mechanical connections, but can include electrical connections, whether direct or indirect. Terms such as "upper," "lower," "left," and "right" are used only to indicate relative positional relationships; when the absolute position of the described object changes, the relative positional relationship may also change accordingly.

[0144] The above description is merely a preferred embodiment of the present invention and is not intended to limit the invention in any other way. Any person skilled in the art may make changes or modifications to the above-disclosed technical content to create equivalent embodiments. However, any simple modifications, equivalent changes, and modifications made to the above embodiments based on the technical essence of the present invention without departing from the scope of the present invention shall still fall within the protection scope of the present invention.

[0145] This invention is not limited to the preferred embodiment described above. Anyone inspired by this invention can derive other forms of reliable UAV forensics methods and systems. All equivalent variations and modifications made within the scope of the patent applications of this invention shall fall within the scope of this invention.

Claims

1. A reliable method for obtaining evidence from unmanned aerial vehicles (UAVs), characterized in that, include: On the drone side, a data acquisition agent deployed in a hardware trusted execution environment physically isolated from the flight control system collects raw data generated during operation in real time, performs incremental hash calculation on the raw data to generate a data fingerprint, and uses the private key in the hardware trusted execution environment to perform hardware-level digital signature on the data fingerprint and associated metadata to generate a source-end signed data packet. The on-site evidence collection terminal performs a secondary digital signature on the source-end signature data packet, generates a notarized transaction request, and submits it to the consortium blockchain network composed of multiple authoritative institutional nodes. In the consortium blockchain network, the validity of the hardware-level digital signature and the secondary digital signature is verified by a smart contract that encapsulates judicial evidence collection rules. After verification, the smart contract integrates data fingerprints, drone unique identifiers, and on-chain timestamps to generate a globally unique evidence identifier, and writes the globally unique evidence identifier and associated evidence storage information into the distributed ledger of the consortium blockchain. The judicial verification terminal obtains the corresponding data fingerprint from the distributed ledger, calculates the hash value of the evidence to be verified, and compares it with the obtained data fingerprint to complete the evidence verification.

2. The reliable evidence collection method for unmanned aerial vehicles according to claim 1, characterized in that: The original data is stored in an off-chain storage system, and the distributed ledger of the consortium blockchain only stores data fingerprints and associated metadata.

3. The reliable evidence collection method for unmanned aerial vehicles according to claim 1, characterized in that: The trusted execution environment is either the trusted execution environment built into the UAV main control chip or an external hardware security module. The data acquisition agent and the flight control system use a one-way data transmission method. The flight control system pushes the raw data one-way to the cache area of ​​the trusted execution environment of the hardware, and the data acquisition agent does not write data to general storage devices, including the onboard SD card.

4. The reliable evidence collection method for unmanned aerial vehicles according to claim 1, characterized in that: The incremental hash calculation is implemented using a Merkle tree structure. For flight log data, leaf node hashes are generated for each message and aggregated to obtain the root hash. For media data, segmented hashes are generated and aggregated according to preset rules to obtain the root hash. A verifiable evidence commitment chain is constructed based on time series. The hash value of the data at the current moment, the commitment value at the previous moment, the trusted timestamp, and the unique identifier of the drone are hashed to generate the evidence commitment value at the current moment, forming a recursively cascaded global consistency verification structure.

5. A reliable method for obtaining evidence from unmanned aerial vehicles according to claim 4, characterized in that: For video stream data, slicing according to a preset duration ensures that each slice contains at least one instant-on-demand refresh frame.

6. The reliable evidence collection method for unmanned aerial vehicles according to claim 1, characterized in that: Supports both online streaming incremental on-chain and offline batch processing on-chain modes; In online mode, incremental data fingerprints are sent to the consortium blockchain agent nodes in real time. In offline mode, the global hash of the complete task file is calculated and cross-verified with the incremental data fingerprints on the blockchain.

7. The reliable evidence collection method for unmanned aerial vehicles according to claim 1, characterized in that: The consortium blockchain network adopts the Raft consensus mechanism, configures high-priority channels for emergency case transactions, and deploys transaction caching and retransmission mechanisms on proxy nodes; Consortium blockchain nodes are divided into core nodes that participate in consensus, proxy nodes that are responsible for data forwarding, and read-only verification nodes that are only used for querying.

8. A trusted forensic method for unmanned aerial vehicles according to claim 1, characterized in that: The consortium blockchain network creates independent private channels for different cases, and channel nodes implement dynamic access and exit management through smart contracts. The hash values ​​of all operation logs throughout the entire lifecycle of the evidence are appended to the blockchain for storage, forming an electronic evidence custody chain. The smart contract implements a three-level mapping of institutions, roles, and permissions, predefines multiple types of judicial roles and assigns corresponding operation permissions, and automatically verifies the identity of nodes and the qualifications of channel members before the transaction is executed.

9. A trusted evidence collection system for unmanned aerial vehicles (UAVs), characterized in that, The system for performing the drone trusted forensics method according to any one of claims 1 to 8, the system comprising: The edge-side trusted acquisition unit, deployed on the UAV, is used to collect raw data through a hardware trusted execution environment that is physically isolated from the flight control system, and to perform incremental hash calculations and hardware-level digital signatures. The edge evidence collection unit is used to perform secondary digital signatures on the source-end signed data packets and submit them for evidence storage transactions. A consortium blockchain network unit consists of nodes from multiple authoritative institutions, used to maintain the distributed ledger and perform consensus processing; The smart contract execution unit, deployed in the consortium blockchain network unit, is used to automatically verify the validity of signatures and complete the evidence solidification. The judicial verification unit is used to obtain data fingerprints from the distributed ledger and complete evidence verification.

10. The trusted forensic system for unmanned aerial vehicles according to claim 9, characterized in that: The smart contract execution unit includes a permission management module, an evidence storage and solidification module, and an audit tracking module, which are used to realize role permission control, on-chain evidence storage, and full-process operation recording, respectively.