A power grid project closed-loop management file management system
By using feature extraction and encryption modules, the problems of manual data entry and data security risks in the power grid project management system have been solved, realizing automated file processing and secure management, and improving the system's efficiency and security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- STATE GRID CORPORATION OF CHINA
- Filing Date
- 2022-07-29
- Publication Date
- 2026-06-26
AI Technical Summary
In existing power grid project management systems, information entry relies on manual input, making it difficult to verify data reliability. The security risks of original files and images are significant, resulting in a difficulty in balancing system processing efficiency and security.
The system employs a file import module for feature extraction and classification, combined with key identification, encryption, and access control. Through feature extraction units, project classification strategies, and file encryption and parsing management, it achieves automated file processing and secure storage, ensuring file uniqueness and security.
It enables automated splitting and retrieval of power grid project files, ensuring file uniqueness, avoiding information asymmetry, improving system security and management efficiency, and preventing file version errors and unauthorized modifications.
Smart Images

Figure CN115270182B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of power grid project initiation management, and more specifically, to a closed-loop management and control document management system for power grid projects. Background Technology
[0002] Power grid projects refer to power grid engineering projects. These projects are characterized by large scale, involving numerous departments, fields, and stages. Each stage relies on different platforms for data collection, which significantly hinders the orderly progress of the entire project. Significant manpower is required for data collection and analysis to achieve closed-loop control. However, manual management is prone to oversights. To minimize human intervention, various power grid project management systems have emerged. These systems consider the characteristics of engineering projects and their management, taking into account the requirements and connections at each stage of the project's lifecycle. Through information processing, integration, and control, they enable coordination and optimization among project participants and their respective responsibilities. Specifically, they achieve unified information processing through information integration, business process integration, service integration, and portal integration. However, two major problems remain: 1. The accessed information sources are still manually entered, requiring managers to analyze project documents and complete the data entry. Furthermore, the reliability of this data must be considered when using it. 2. If reliability needs to be verified or data issues need to be corrected, the original file's image data needs to be retrieved and verified or corrected by manual browsing. However, the original file's image data has security risks and is indivisible, making it impossible to retrieve directly. This results in an imbalance between security and efficiency when the entire system processes project files. Summary of the Invention
[0003] In view of this, the purpose of this invention is to provide a closed-loop management and control document management system for power grid projects. To solve the above technical problems, the technical solution of this invention is: a closed-loop management and control document management system for power grid projects, comprising...
[0004] The file import module includes a first feature extraction unit, a second feature extraction unit, a third feature extraction unit, and a benchmark identification unit. The first feature extraction unit extracts power grid project features from the power grid project file that meet the pre-configured feature extraction conditions, and deletes the corresponding power grid project features from the power grid project file to obtain a key identification file. The second feature extraction unit provides a feature generation database, which stores several feature generation conditions and corresponding feature generation strategies. The second feature extraction unit filters power grid project features that meet the feature generation conditions through the feature generation database and processes them using the corresponding feature generation strategies. The system describes the characteristics of power grid projects to generate power grid feature information. The generated power grid feature information is divided into preset solid feature groups, and unmatched power grid project features are divided into dynamic identification groups. This is used to extract project feature information from the scanned power grid project files. The third feature extraction unit is equipped with a dynamic identification algorithm. The dynamic identification algorithm marks the corresponding dynamic identification group according to the inter-component relationship of the power grid project files, and generates new power grid feature information according to the relevant conditions of the power grid project features in the dynamic identification group with inter-component relationship. The generated power grid feature information is then divided from the dynamic identification group to the corresponding solid feature group. The benchmark identification unit generates key benchmark information for the power grid project file based on the key identification file.
[0005] The project classification module is configured with a project classification strategy, and the project type stamp is configured for the power grid feature information in each solid feature group according to the project classification strategy.
[0006] The file encryption module includes a ciphertext generation unit, a ciphertext distribution unit, a key storage unit, and a pointer generation unit. The ciphertext generation unit encrypts each power grid feature information using a first encryption algorithm to obtain ciphertext of the feature information and the corresponding feature information key. The ciphertext distribution unit is configured with a ciphertext distribution strategy, which distributes the ciphertext of the feature information to different user terminals for storage and deletes the ciphertext of the feature information and the power grid feature information from the system. The key storage unit is configured with a key storage strategy, which stores the feature information key in storage space and obtains the corresponding key storage address. The pointer generation unit generates a file index pointer and a permission index pointer based on the key storage address. The permission index pointer is generated based on the project type stamp corresponding to the power grid feature information, and the file index pointer is generated based on the power grid project file to which the power grid feature information belongs. The file index pointer points to the address storing the corresponding permission index pointer, and the permission index pointer points to the key storage address.
[0007] The file management module includes a file encryption unit, a file configuration unit, and a file licensing unit. The file encryption unit is used to randomly extract key features from the key base information until the preset feature filtering conditions are met. The file index pointer is encrypted using the key features as encryption factors through a second encryption algorithm to obtain the file pointer ciphertext and the corresponding file pointer key. The file configuration unit is used to send the file pointer ciphertext and the corresponding file pointer key to the initial terminal corresponding to the power grid project file. The file licensing unit is used by the initial terminal to establish a usage stamp for the corresponding file pointer key and send it to other user terminals based on whether the user association relationship between other user terminals and the power grid project file meets the corresponding file licensing conditions.
[0008] The permission management module includes a permission configuration unit and a permission distribution unit. The permission configuration unit configures corresponding usage permissions for each user terminal based on the user association relationship between the initial terminal and other user terminals. The permission distribution unit is used to distribute permission index pointers to each user terminal based on the user terminal's usage permissions.
[0009] The parsing management module includes a parsing configuration unit. The parsing configuration unit configures a first decryption algorithm, a second decryption algorithm, and a file masking algorithm for each user terminal. The first decryption algorithm corresponds to the first encryption algorithm. The user terminal decrypts the ciphertext of the feature information to obtain the power grid feature information using the first decryption algorithm and the feature information key. The second decryption algorithm corresponds to the second encryption algorithm. The user terminal decrypts the ciphertext of the file pointer to obtain the file index pointer using the second decryption algorithm and the file pointer key. The file masking algorithm deletes the file pointer key with the usage stamp from the user terminal after the user terminal calls the corresponding permission index pointer.
[0010] Furthermore, the file import module is configured with an extraction condition database, which stores several feature extraction conditions. The feature extraction conditions include fuzzy matching conditions and feature format conditions. The fuzzy matching conditions are used to determine the keywords in the power grid project features and their corresponding similarity matching degree. The feature format conditions are used to determine the data format in the power grid project features and their format matching degree. When both the similarity matching degree and the format matching degree meet the preset benchmark matching range, it is considered that the corresponding feature extraction conditions are met. The fuzzy matching conditions and feature format conditions are obtained through sample training model training.
[0011] Furthermore, it also includes an association management module, which includes an inter-document association unit, an inter-user association unit, and a user-document association unit. The inter-document association unit is used to establish associations between power grid project documents based on the relevance between project name elements of the power grid project documents, and to generate inter-document association relationships between power grid project documents based on the project type elements of the associated power grid project documents. The inter-user association unit is used to establish associations between user terminals based on the relevance between user name elements corresponding to user terminals, and to generate inter-user association information between user terminals based on the user type elements of the associated user terminals. The user-document association unit is used to establish associations between power grid project documents and user terminals based on the project name elements of the power grid project documents and the user name elements of the user terminals, and to generate inter-user association information based on the project type elements of the associated power grid project documents and the user type elements of the user terminals.
[0012] Furthermore, the feature selection condition is that the feature complexity is higher than the preset feature selection benchmark, and the feature complexity is obtained by weighted calculation of the complexity of each key feature.
[0013] Furthermore, the file import module also includes a re-marking unit, which establishes a file import mark in a blank position of the power grid project file. The file import mark can be used as the extracted key feature.
[0014] Furthermore, each encrypted distribution strategy is configured with different data security levels based on the corresponding project type stamp. The number of encrypted messages distributed and the verification time are configured according to the data security level. The number of messages distributed is the number of user terminals to which the encrypted messages are distributed, and the verification time is the interval for verifying the correlation between encrypted messages.
[0015] Furthermore, the parsing management module also includes a copy import unit. The copy import unit configures a verification and decryption algorithm and a key matching algorithm for the user terminal. The verification and decryption algorithm is configured with a key feature index, which reflects the filtering conditions of key features. The verification and decryption algorithm obtains key features from the power grid project file input by the user terminal based on the key features, and then processes the key features through the key matching algorithm to obtain the file pointer key.
[0016] Furthermore, the usage permissions include higher-level permissions, lower-level permissions, and collaborative permissions. The user terminal corresponding to the higher-level permissions has permission to retrieve all permission index pointers of the initial terminal. The user terminal corresponding to the lower-level permissions has permission to receive permission index pointers according to the instructions of the initial terminal. Therefore, the user terminal corresponding to the collaborative permissions has permission to receive permission index pointers according to the request of the initial terminal. When a user terminal with usage permissions receives the corresponding permission index pointer, the permission index pointer is masked by the permission distribution unit.
[0017] Furthermore, it also includes a dynamic acceptance module. The project type stamp includes acceptance items and progress items. The dynamic acceptance module is configured with acceptance trigger conditions. When the project feature information with acceptance items meets the acceptance trigger conditions, the corresponding power grid feature information with progress items is retrieved according to the inter-item association relationship. An acceptance standard is generated based on the power grid feature information of the acceptance item, and an acceptance conclusion is generated through the power grid feature information with progress items in the acceptance standard.
[0018] Furthermore, it also includes a resource early warning module. The project type stamp includes existing items and variable items. The resource early warning module obtains the individual existing value based on the project feature information corresponding to the existing item, and retrieves the individual variable value corresponding to the project feature information with variable items according to the inter-item relationship. It updates the corresponding one-way existing value based on the individual variable value. When the one-way existing value is lower than the preset existing benchmark, it outputs resource early warning information.
[0019] The main technical advantages of this invention are reflected in the following aspects: 1. By using this setup, power grid project files are split into multiple parts through feature extraction. When needed, the corresponding associated part is directly invoked, and the invocation and feedback of a matter are completed through the association between the terminal and the file; 2. Original files are uniformly managed through association verification, ensuring the uniqueness of files within the system and avoiding the need for manual invocation due to information asymmetry. The file modification process is also traceable, thus preventing file version errors or irregular modifications that could lead to information errors during project implementation; 3. The multi-level key storage combined with multi-party encrypted storage improves the security of the system's power grid project file management. Attached Figure Description
[0020] Figure 1 : System architecture diagram of this invention.
[0021] Figure reference numerals: 100, File import module; 110, First feature extraction unit; 120, Second feature extraction unit; 130, Third feature extraction unit; 140, Baseline identification unit; 200, Project classification module; 300, File encryption module; 310, Ciphertext generation unit; 320, Ciphertext distribution unit; 330, Key storage unit; 340, Pointer generation unit; 400, File management module; 410, File encryption unit; 420, File configuration unit; 430, File licensing unit; 500, Permission management module; 510, Permission configuration unit; 520, Permission distribution unit; 600, Parsing management module; 610, Parsing configuration unit; 700, Association management module; 710, Inter-item association unit; 720, Inter-user association unit; 730, User-item association unit; 800, Dynamic acceptance module; 900, Resource early warning module. Detailed Implementation
[0022] The specific embodiments of the present invention will be further described in detail below with reference to the accompanying drawings, so that the technical solution of the present invention can be more easily understood and mastered.
[0023] A closed-loop management and control document management system for power grid projects, including
[0024] The file import module 100 primarily functions to import files. It can be used with any user terminal. The module has two basic pieces of information: first, a scanned image of the uploaded file for storage as a power grid project file; and second, information on the type and any missing details of the uploaded image, such as project file details, names of the contractor and client, type of work, and stage of the project. The module provides selectable formatted information as the basis for user terminal uploads. Since the content to be filled in and the feature extraction may overlap, and as file feature recognition becomes increasingly reliable with standardized file formats, the amount of information required decreases. The preferred process involves first identifying features using a project feature extraction strategy, then providing prompts for any unidentified but necessary parts and guiding the user to complete the entry. After the initial entry is completed, the initial information for the entire power grid file is successfully configured, and the user terminal that uploaded the file is considered the initial terminal for that power grid project file. While existing technologies have the function of scanning and importing files, because each terminal can import files and there is only one electronic copy, modifications are possible. With multiple versions, collecting file information becomes difficult, making retrieval of a single item complex. Matching files with their initial terminals ensures file uniqueness. However, if a modified version of a file is imported, it needs to match the corresponding initial terminal. For example, if terminal A is the initial terminal for the file, and terminal B re-imports the file, since the file contains information corresponding to terminal A (e.g., the client is listed as A), when B imports the file, the file information and terminal don't match, so a request is sent to terminal A. Terminal A determines it's a modified version and updates it; if it's a duplicate, it deletes it. It should be noted that although this application encrypts all files in the system, the file corresponding to the initial terminal is not encrypted relative to the initial terminal, as the platform is provided to multiple users from different types and companies. Therefore, this invention includes a first feature extraction unit 110, a second feature extraction unit 120, a third feature extraction unit 130, and a benchmark identification unit 140. Preferably, the file import module 100 also includes a re-marking unit, which establishes file import marks in blank spaces of the power grid project file. These file import marks can be used as extracted key features. By marking the file (which requires hardware support), distinctive markers, such as QR codes or coded graphics, can be created in blank spaces within the file. This allows files with low key base information complexity to have high complexity, thus meeting the requirement of uniqueness in key generation.
[0025] First, the first feature extraction unit 110 extracts power grid project features that meet the pre-configured feature extraction conditions from the power grid project file, and deletes the corresponding power grid project features from the power grid project file to obtain a key identification file. The file import module 100 is configured with an extraction condition database, which stores several feature extraction conditions. The feature extraction conditions include fuzzy matching conditions and feature format conditions. The fuzzy matching conditions are used to determine the keywords in the power grid project features and their corresponding similarity matching degree. The feature format conditions are used to determine the data format in the power grid project features and their format matching degree. When both the similarity matching degree and the format matching degree meet the preset benchmark matching range, it is considered that the corresponding feature extraction condition is met. The fuzzy matching conditions... The feature format conditions are obtained through sample training model training. Similarity refers to the similarity of keywords. For example, the keywords of email, email address, and recipient have high similarity. This can be achieved by calling an external keyword classification system. At the same time, it can be combined with the internal keyword input matching similarity. Format features include factors such as the number of digits, whether there are corresponding symbols, etc. Finally, the feature is calculated in a quantitative way to determine whether it matches the conditions in the database. If it matches, it means that the type of feature can find a corresponding relationship. The sample training model is obtained by annotating the feature types to be extracted, as well as the corresponding matching keywords and corresponding format elements in the files. Then, the same or different types of similarity matching algorithms and the deviation between the calculation results of the format matching algorithm and the actual sample content are trained. The logic for extracting information from a file is as follows: First, the system generates an extraction strategy through pre-input or training. For example, a power grid project document records the names of the parties involved, their contact information, email addresses, etc., using specific text for easy identification and following specific formats, such as the "@" character in email addresses. Using these specific texts and formats, general information can be collected. The same applies to specialized information, such as power consumption and voltage. A database is built through pre-input, allowing direct identification after importing the file. Each power grid project feature consists of two parts: one is the attribution of the feature, such as the project's progress, the company's equipment procurement information, and the specific equipment purchased and its value, which requires encryption. Therefore, features meeting the extraction criteria are extracted first. For example, if equipment A costs 1 million, the "1 million" following the name meets the extraction criteria, so "equipment A 1 million" can be directly extracted. However, since the name of equipment A may not exist in the pre-existing database, subsequent steps are required for identification.
[0026] The second feature extraction unit 120 provides a feature generation database, which stores several feature generation conditions and corresponding feature generation strategies. The second feature extraction unit 120 filters power grid project features that meet the feature generation conditions through the feature generation database and processes these features using the corresponding feature generation strategies to generate power grid feature information. The generated power grid feature information is divided into preset fixed feature groups, and unmatched power grid project features are divided into dynamic identification groups for extracting project feature information from the scanned power grid project files. The second feature extraction unit 120 classifies the above two parts based on the feature generation database, and the features in the feature generation database that can be clearly identified... First, the information is extracted. For example, if device A has 1 million units of power, although the feature format meets the extraction requirements, it is impossible to know the purpose of device A in the power grid project, or which corresponding links will use this device or perform loss calculations on this device. In this case, device A with 1 million units of power will be classified into the dynamic identification group. On the other hand, if device B with 1 million units of power has a backup in the preset feature generation database, then the data can be processed directly according to the feature generation conditions to obtain the power grid feature information. For example, the power grid feature information of device B with 1 million units of power grid is power grid construction-acceptance-device B-1 million units. When needed, this data can be quickly found, and this power grid feature information can be classified into the solid feature group. Then, the unidentifiable features are classified into the dynamic identification group.
[0027] The third feature extraction unit 130 is equipped with a dynamic recognition algorithm. The dynamic recognition algorithm marks the corresponding dynamic recognition group according to the inter-document relationship of the power grid project files, and generates new power grid feature information based on the relevant conditions of the power grid project features in the dynamic recognition group with inter-document relationship. The generated power grid feature information is then divided from the dynamic recognition group to the corresponding solid feature group. Through the dynamic recognition algorithm, the third feature extraction unit 130 can first find the corresponding relationship between files. For example, if the project names are the same, there are two files with different subjects. The relationship between the files can be determined according to the relationship between the subjects. For example, if A entrusts B to form file X1, and B entrusts C to form file X2 for the same matter, the relationship between files X1 and X2 can be determined according to the entrusted matter. Based on this relationship, the power grid project features of the dynamic recognition group can be newly marked. For example, if both files have information about equipment B worth 1 million, they can be marked as sub-entrustment-equipment B worth 1 million according to the relationship. In this way, power grid feature information can be generated. After all the relevant recognition is completed, the files can be divided into the corresponding solid feature groups to facilitate the association of power grid feature information.
[0028] The reference identification unit 140 generates key reference information for the power grid project file based on the key identification file. The remaining unidentifiable parts are first deleted from the file to form a new file. This new file does not involve confidential information, but it is unique because although there are many power grid project files, the remaining information can be used as the basis for generating the file key without affecting the security of the file information, and it can solve the problem of duplicate files across multiple platforms. Identical text, punctuation marks, underlines, line spacing, etc., can all be extracted and quantified to ensure the uniqueness of each file.
[0029] The project classification module 200 is configured with a project classification strategy. Based on the project classification strategy, project type stamps are configured for the power grid feature information in each solid feature group. Since each power grid feature information is divided into two parts, one part of the information is marked with a project type stamp to facilitate information retrieval and indexing.
[0030] Another core technical means of the present invention is: a file encryption module 300, including a ciphertext generation unit 310, a ciphertext distribution unit 320, a key storage unit 330, and a pointer generation unit 340;
[0031] The ciphertext generation unit 310 is used to encrypt each power grid feature information using a first encryption algorithm to obtain the feature information ciphertext and the corresponding feature information key. First, the ciphertext generation unit 310 encrypts the power grid feature information using an encryption algorithm to obtain the corresponding ciphertext and key. The key, together with the decryption algorithm, can decrypt the ciphertext.
[0032] The encrypted distribution unit 320 is configured with an encrypted distribution strategy. This strategy distributes the encrypted feature information to different user terminals for storage and deletes both the encrypted feature information and the power grid feature information from the system. Sending the encrypted information to different terminals for storage ensures that the encrypted information is not stored in the same location and that its content is not easily tampered with, as each encrypted message is stored on at least two different terminals. Therefore, if the encrypted information is tampered with, mismatches will occur, ensuring data reliability. Furthermore, the power grid feature information does not retain these encrypted messages, ensuring security. Preferably, each encrypted distribution strategy is configured with different data security levels based on the corresponding project type stamp. The distribution quantity and verification time are configured according to the data security level. The distribution quantity refers to the number of user terminals to which the encrypted information is distributed, and the verification time is the interval for verifying the correlation between encrypted messages. By distributing encrypted information through the encrypted distribution strategy and configuring the corresponding verification time and the number of user terminals to which it is distributed, which is configured according to the security level corresponding to the project type stamp, different storage strategies can be set for different information. When needed, the data can be quickly retrieved from the corresponding terminal via the address, improving response speed. However, since only initial terminal modification permissions are provided, the terminal that typically makes the call does not have modification permissions and therefore will not modify the content.
[0033] The key storage unit 330 is configured with a key storage strategy. The key storage strategy stores the feature information key in the storage space and obtains the corresponding key storage address. First, the key storage unit 140 is used to store the corresponding key information. Then, this key storage address is used as the basis for key acquisition. This ensures the variability of the key itself while improving data security.
[0034] The pointer generation unit 340 is used to generate a file index pointer and a permission index pointer based on the key storage address. The permission index pointer is generated based on the project type stamp corresponding to the power grid feature information, and the file index pointer is generated based on the power grid project file to which the power grid feature information belongs. The file index pointer points to the address where the corresponding permission index pointer is stored, and the permission index pointer points to the key storage address. The generation of the pointer includes two parts: the first part is the file index pointer, and the second part is the permission index pointer. Only by obtaining both pointers can the pointer point to the key address. However, the pointer does not directly record the address information, but only points to the interface of the address information. Therefore, even if the pointer is obtained, the address information cannot be synchronized to other terminals, thus improving data security.
[0035] The file management module 400 includes a file encryption unit 410, a file configuration unit 420, and a file permission unit 430.
[0036] The file encryption unit 410 randomly extracts key features from the key base information until a preset feature filtering condition is met. Using the key features as encryption factors, it encrypts the file index pointer using a second encryption algorithm to obtain the file pointer ciphertext and the corresponding file pointer key. The feature filtering condition is that the feature complexity is higher than the preset feature filtering base. The feature complexity is obtained by weighted calculation of the complexity of each key feature. Specifically, for a symbol, the base complexity can be configured based on its frequency of occurrence in the file, and then the complexity multiplier can be configured based on the symbol's position. When the sum of the complexity results is greater than a preset value, the condition is considered met. In this way, the initial user terminal can randomly adjust the corresponding file pointer key to ensure its own key security. Meanwhile, users with a base file can directly obtain the file pointer key by uploading the file, thus ensuring the file's uniqueness.
[0037] The file configuration unit 420 is used to send the encrypted file pointer and the corresponding file pointer key to the initial terminal corresponding to the power grid project file. After generating the encrypted text, the corresponding encrypted text and key are sent back to the initial terminal, which can then grant permission using the encrypted text and key.
[0038] The file licensing unit 430 is used by the initial terminal to establish a usage stamp for the corresponding file pointer key and send it to other user terminals based on whether the association relationship between other user terminals and the power grid project file meets the corresponding file licensing conditions. The file licensing unit 430 can send the file pointer key to the corresponding other user terminals through the key of the power grid project file and the user terminal. Other user terminals can obtain the corresponding pointer by requesting to call the ciphertext and decrypting it. The relationship between other user terminals and the file is also realized by matching the name mentioned in the file with the name in the user terminal network.
[0039] The permission management module 500 includes a permission configuration unit 510 and a permission distribution unit 520. The permission configuration unit 510 configures corresponding usage permissions for each user terminal based on the inter-user association relationship between the initial terminal and other user terminals. The permission distribution unit 520 distributes permission index pointers to each user terminal according to their usage permissions. The usage permissions include higher-level permissions, lower-level permissions, and collaborative permissions. User terminals with higher-level permissions have permission to access all permission index pointers of the initial terminal. User terminals with lower-level permissions have permission to receive permission index pointers according to the instructions of the initial terminal. Therefore, user terminals with collaborative permissions have permission to receive permission index pointers according to the request of the initial terminal. When a user terminal with usage permissions receives a corresponding permission index pointer, that permission index pointer is masked by the permission distribution unit 520. By configuring different permissions, the distribution of permission index pointers can be achieved. It should be noted that each file index pointer corresponds to multiple permission index pointers, each corresponding to different power grid characteristic information.
[0040] The parsing management module 600 includes a parsing configuration unit 610. The parsing configuration unit 610 configures a first decryption algorithm, a second decryption algorithm, and a file masking algorithm for each user terminal. The first decryption algorithm corresponds to the first encryption algorithm. The user terminal decrypts the ciphertext of the feature information to obtain the power grid feature information using the first decryption algorithm and the feature information key. The second decryption algorithm corresponds to the second encryption algorithm. The user terminal decrypts the ciphertext of the file pointer to obtain the file index pointer using the second decryption algorithm and the file pointer key. When the user terminal calls the corresponding permission index pointer, the file masking algorithm deletes the file pointer key with the usage stamp from the user terminal. Firstly, decryption can be completed by pre-configuring the corresponding decryption algorithm on the user terminal and combining it with the corresponding key. However, if the key is marked, it will be masked after one use, thus preventing further use and avoiding information leakage. Since the key is used as a pointer, the pointer itself does not cause information leakage. However, the pointer will obtain the corresponding address after being used. If this address can be repeatedly retrieved, even if the pointer does not disclose the address itself, there is still a certain security risk. On the other hand, the parsing management module 600 also includes a copy import unit. The copy import unit configures the verification and decryption algorithm and the key matching algorithm for the user terminal. The verification and decryption algorithm is configured with a key feature index, which reflects the filtering conditions of the key features. The verification and decryption algorithm obtains the key features from the power grid project file input by the user terminal based on the key features, and then processes the key features through the key matching algorithm to obtain the file pointer key.
[0041] The association management module 700 includes an inter-document association unit 710, an inter-user association unit 720, and a user-document association unit 730. The inter-document association unit 710 establishes associations between power grid project documents based on the relevance of project name elements, and generates inter-document association relationships between power grid project documents based on the project type elements of the associated power grid project documents. The inter-user association unit establishes associations between user terminals based on the relevance of user name elements corresponding to user terminals, and generates inter-user association information between user terminals based on the user type elements of the associated user terminals. The user-document association unit establishes associations between power grid project documents and user terminals based on the project name elements of power grid project documents and the user name elements of user terminals, and generates inter-user association information based on the project type elements of the associated power grid project documents and the user type elements of user terminals. The association management module 700 completes association management by extracting four features: project document name elements, user name elements, project type elements, and user type elements. The user-side elements are registered and verified when accessing the network, while the project-side elements are obtained through project document identification.
[0042] It also includes a dynamic acceptance module 800. The project type stamp includes acceptance items and progress items. The dynamic acceptance module 800 is configured with acceptance trigger conditions. When the feature information of a project with an acceptance item meets the acceptance trigger conditions, it retrieves the corresponding power grid feature information with a progress item based on the inter-item relationship, generates an acceptance standard based on the power grid feature information of the acceptance item, and generates an acceptance conclusion based on the power grid feature information with the progress item using the acceptance standard. This setup allows for the retrieval of corresponding data within the authorized scope using a single thread as an index, ensuring the security of other data while completing dynamic acceptance.
[0043] It also includes a resource early warning module 900. The project type stamp includes existing items and changing items. The resource early warning module 900 obtains the individual existing value based on the project feature information corresponding to the existing item, and retrieves the individual changing value corresponding to the project feature information with changing items based on the inter-item relationship. It updates the corresponding one-way existing value based on the individual changing value. When the one-way existing value is lower than the preset existing value benchmark, resource early warning information is output. Through the setting of the resource early warning module 900, the security of other data can be guaranteed while ensuring that individual data is retrieved. At the same time, it can realize resource calculation and early warning, and the data comes from unique files, which has strong traceability.
[0044] The architecture of this invention is as follows: 1. Presentation Layer: Web Page: Graphical display components rely on the application service layer. Communication between the presentation layer and the application service layer is achieved through messages; the HTTP(S) protocol is used between layers. 2. Application Service Layer: Unified External Interface: Data processing / view conversion relies on the business logic layer. Communication with the business logic layer is achieved through abstract base classes and interfaces; in-process method calls are used between layers. 3. Business Logic Layer: Business rules and business logic rely on the technology service layer. Communication with the technology service layer is achieved through abstract base classes and interfaces; in-process method calls are used between layers. 4. Technology Service Layer: Database service and relational service rely on the infrastructure service layer. Communication with the infrastructure service layer is achieved through abstract base classes and interfaces; in-process method calls are used between layers. 5. Infrastructure Service Layer: JVM Runtime, database service, middleware, and network I / O. Functional component breakdown:
[0045] A010101 Adds relational database connection support, supporting the commonly used relational database MySQL, as well as all databases providing standard JDBC interfaces. Relational databases connect via JDBC; defining a data source requires specifying the data source name, database type, database URL, default database, username, and password. A010102 Relational database connection modification allows modification of existing data source connection definitions to adapt to changes in the data source environment. Modifiable connection definition fields include: database URL, username, password, and data source description. A010103 Relational database data reading accesses the connected relational data source and reads its stored data through the JDBC interface of the unified analysis service component. Overall integration: The project's closed-loop management system needs to integrate with the data resource platform's data interface to ensure that sample business data from the data resource platform can be obtained through the interface.
[0046] Security requirements: Host security, system host description
[0047] Identity Authentication: The system employs an operating system account uniqueness mechanism to identify and authenticate users logging into the operating system. User login authentication utilizes a dual authentication method combining username, password, and State Grid digital security certificate. Measures such as session termination, limiting unauthorized login attempts, and automatic logout for unauthorized logins are implemented to restrict the number of consecutive failed login attempts for the same user. Usernames are assigned differently from those of the platform administrator and database administrator, ensuring uniqueness. Operating system account password security policies are configured as follows: minimum password length is 8 characters; passwords must be a combination of letters, numbers, or special characters; passwords cannot be the same as usernames; and password settings are configured. The system has a 90-day replacement cycle; accounts are locked for 30 minutes after 5 consecutive failed login attempts; access control includes prohibiting privileged accounts from remotely managing the system, using non-privileged users for daily operations, and implementing an approval process for privileged account applications; remote management and maintenance of the operating system uses SSH terminal access with restricted network addresses; different privileged users manage the operating system and database to achieve permission separation, limiting the minimum access permissions of built-in default accounts for various services, and disabling non-essential business accounts; sensitive tags are set for critical system information, such as configuration parameters and security logs, and access permissions are controlled; default passwords for system default accounts are prohibited. Unused and expired accounts are regularly deleted. Additional measures are taken at the network boundary, such as intrusion detection and enabling firewall virus protection; vulnerability scanning: the system is regularly scanned using vulnerability scanning tools, and vulnerabilities are addressed promptly, including patching, configuring network access control policies, and monitoring data flow related to hacker exploitation. Security patch updates are performed in accordance with company requirements. Resource control includes setting a security policy that locks login terminals after an operation timeout; disk quotas and other methods are used to limit the maximum usage of system resources by a single user. Security Audit: Enable operating system log auditing to audit critical security events such as user behavior and abnormal access to system resources. Auditors will conduct log audits and issue audit reports as needed. Data Backup: Regularly back up operating system and database system data, and perform backup and recovery tests periodically when the operating environment changes. Security Hardening: Perform security hardening before application system deployment and during major changes.
[0048] Network Security: Regarding network security, the system must comply with the provincial company's network security requirements, and complete post-deployment verification of firewalls, intrusion prevention systems, antivirus software, and VPN remote access. Device Security Management: Employ a unique network device account mechanism to identify and authenticate users logging into network devices; configure device management policies to restrict administrator login addresses for network devices; establish login timeout and account lockout policies; require authentication for local or remote device management; modify default usernames and passwords, avoid using default passwords, ensure passwords are at least 8 characters long, use a mix of letters, numbers, and special characters, and ensure they are not identical to the username, and store them encrypted; change passwords regularly; terminate sessions upon login failure, limit unauthorized login attempts, and automatically log out upon network connection timeout; use secure SSH or HTTPS for remote management of network devices to prevent eavesdropping on authentication information during network transmission; utilize the network device system's built-in auditing function or deploy a log server to ensure administrator operations are audited; disable unnecessary network ports and shut down unnecessary network services. Device Link Redundancy: Deploy network devices such as firewalls and switches in dual-machine mode to improve device link redundancy capabilities. Network equipment processing capacity assurance: Implement communication link load balancing; use traffic shaping devices or QoS measures to prioritize the transmission of important business information flows when network congestion occurs. Vulnerability scanning: Perform security scans on the system regularly or after major changes using vulnerability scanning tools, and promptly address any vulnerabilities found. Addressing methods include installing patches, configuring network access control policies, and monitoring data flows related to hacker exploitation of vulnerabilities. Equipment security hardening: Implement security hardening during the construction phase. Configuration file backup: After each update to network or security device configuration information, the network administrator should back up the device configuration files; regularly back up and check the device configuration files.
[0049] Of course, the above are just typical examples of the present invention. In addition, the present invention may have many other specific embodiments. All technical solutions formed by equivalent substitution or equivalent transformation fall within the scope of protection claimed by the present invention.
Claims
1. A closed-loop management and control document management system for power grid projects, characterized in that: include The file import module includes a first feature extraction unit, a second feature extraction unit, a third feature extraction unit, and a benchmark identification unit. The first feature extraction unit extracts power grid project features from the power grid project file that meet the pre-configured feature extraction conditions, and deletes the corresponding power grid project features from the power grid project file to obtain a key identification file. The second feature extraction unit provides a feature generation database, which stores several feature generation conditions and corresponding feature generation strategies. The second feature extraction unit filters power grid project features that meet the feature generation conditions through the feature generation database and processes them using the corresponding feature generation strategies. The system describes the characteristics of power grid projects to generate power grid feature information. The generated power grid feature information is divided into preset solid feature groups, and unmatched power grid project features are divided into dynamic identification groups. This is used to extract project feature information from the scanned power grid project files. The third feature extraction unit is equipped with a dynamic identification algorithm. The dynamic identification algorithm marks the corresponding dynamic identification group according to the inter-component relationship of the power grid project files, and generates new power grid feature information according to the relevant conditions of the power grid project features in the dynamic identification group with inter-component relationship. The generated power grid feature information is then divided from the dynamic identification group to the corresponding solid feature group. The benchmark identification unit generates key benchmark information for the power grid project file based on the key identification file. The project classification module is configured with a project classification strategy, and the project type stamp is configured for the power grid feature information in each solid feature group according to the project classification strategy. The file encryption module includes a ciphertext generation unit, a ciphertext distribution unit, a key storage unit, and a pointer generation unit. The ciphertext generation unit is used to encrypt each power grid feature information using a first encryption algorithm to obtain ciphertext of the feature information and the corresponding feature information key. The ciphertext distribution unit is configured with a ciphertext distribution strategy, which distributes the ciphertext of the feature information to different user terminals for storage and deletes the ciphertext of the feature information and the power grid feature information from the system. The key storage unit is configured with a key storage strategy, which stores the feature information key in the storage space and obtains the corresponding key storage address. The pointer generation unit is used to generate a file index pointer and a permission index pointer according to the key storage address. The permission index pointer is generated according to the project type stamp corresponding to the power grid feature information, and the file index pointer is generated according to the power grid project file to which the power grid feature information belongs. The file index pointer points to the address where the corresponding permission index pointer is stored, and the permission index pointer points to the key storage address. The file management module includes a file encryption unit, a file configuration unit, and a file licensing unit. The file encryption unit is used to randomly extract key features from the key base information until the preset feature filtering conditions are met. The file index pointer is encrypted with the key features as the encryption factor through the second encryption algorithm to obtain the file pointer ciphertext and the corresponding file pointer key. The file configuration unit is used to send the file pointer ciphertext and the corresponding file pointer key to the initial terminal corresponding to the power grid project file. The file licensing unit is used by the initial terminal to establish a usage stamp for the corresponding file pointer key and send it to other user terminals based on whether the user association relationship between other user terminals and the power grid project file meets the corresponding file licensing conditions. The permission management module includes a permission configuration unit and a permission distribution unit. The permission configuration unit configures corresponding usage permissions for each user terminal based on the user association relationship between the initial terminal and other user terminals. The permission distribution unit is used to distribute permission index pointers to each user terminal based on the user terminal's usage permissions. The parsing management module includes a parsing configuration unit. The parsing configuration unit configures a first decryption algorithm, a second decryption algorithm, and a file masking algorithm for each user terminal. The first decryption algorithm corresponds to the first encryption algorithm. The user terminal decrypts the ciphertext of the feature information to obtain the power grid feature information using the first decryption algorithm and the feature information key. The second decryption algorithm corresponds to the second encryption algorithm. The user terminal decrypts the ciphertext of the file pointer to obtain the file index pointer using the second decryption algorithm and the file pointer key. The file masking algorithm deletes the file pointer key with the usage stamp from the user terminal after the user terminal calls the corresponding permission index pointer.
2. The power grid project closed-loop management document management system as described in claim 1, characterized in that: The file import module is configured with an extraction condition database, which stores several feature extraction conditions. The feature extraction conditions include fuzzy matching conditions and feature format conditions. The fuzzy matching conditions are used to determine the keywords in the power grid project features and their corresponding similarity matching degree. The feature format conditions are used to determine the data format in the power grid project features and their format matching degree. When both the similarity matching degree and the format matching degree meet the preset benchmark matching range, it is considered that the corresponding feature extraction conditions are met. The fuzzy matching conditions and feature format conditions are obtained through sample training model training.
3. The power grid project closed-loop management document management system as described in claim 1, characterized in that: It also includes an association management module, which comprises an inter-document association unit, an inter-user association unit, and a user-document association unit. The inter-document association unit is used to establish associations between power grid project documents based on the relevance between project name elements of the power grid project documents, and to generate inter-document association relationships between power grid project documents based on the project type elements of the associated power grid project documents. The inter-user association unit is used to establish associations between user terminals based on the relevance between user name elements corresponding to user terminals, and to generate inter-user association information between user terminals based on the user type elements of the associated user terminals. The user-document association unit is used to establish associations between power grid project documents and user terminals based on the project name elements of the power grid project documents and the user name elements of the user terminals, and to generate inter-user association information based on the project type elements of the associated power grid project documents and the user type elements of the user terminals.
4. The power grid project closed-loop management document management system as described in claim 1, characterized in that: The feature selection criteria are that the feature complexity is higher than the preset feature selection benchmark, and the feature complexity is obtained by weighted calculation of the complexity of each key feature.
5. The power grid project closed-loop management document management system as described in claim 4, characterized in that: The file import module also includes a re-marking unit, which establishes file import marks in blank positions of the power grid project file. The file import marks can be used as key features to be extracted.
6. The power grid project closed-loop management document management system as described in claim 1, characterized in that: Each encrypted distribution strategy is configured with different data security levels based on the corresponding project type stamp. The number of encrypted messages distributed and the verification time are configured according to the data security level. The number of messages distributed is the number of user terminals to which the encrypted messages are distributed, and the verification time is the interval between verifications of the correlation between encrypted messages.
7. The power grid project closed-loop management document management system as described in claim 1, characterized in that: The parsing management module also includes a copy import unit. The copy import unit configures a verification and decryption algorithm and a key matching algorithm for the user terminal. The verification and decryption algorithm is configured with a key feature index, which reflects the filtering conditions of key features. The verification and decryption algorithm obtains key features from the power grid project file input by the user terminal based on the key features, and then processes the key features through the key matching algorithm to obtain the file pointer key.
8. The power grid project closed-loop management document management system as described in claim 1, characterized in that: The usage permissions include higher-level permissions, lower-level permissions, and collaborative permissions. The user terminal corresponding to the higher-level permissions has permission to retrieve all permission index pointers of the initial terminal. The user terminal corresponding to the lower-level permissions has permission to receive permission index pointers according to the instructions of the initial terminal. Therefore, the user terminal corresponding to the collaborative permissions has permission to receive permission index pointers according to the request of the initial terminal. When a user terminal with the necessary permissions receives the corresponding permission index pointer, that permission index pointer is masked by the permission distribution unit.
9. The power grid project closed-loop management document management system as described in claim 1, characterized in that: It also includes a dynamic acceptance module. The project type stamp includes acceptance items and progress items. The dynamic acceptance module is configured with acceptance trigger conditions. When the project feature information with acceptance items meets the acceptance trigger conditions, the corresponding power grid feature information with progress items is retrieved according to the inter-item relationship. An acceptance standard is generated based on the power grid feature information of the acceptance item, and an acceptance conclusion is generated through the power grid feature information with progress items in the acceptance standard.
10. The power grid project closed-loop management document management system as described in claim 1, characterized in that: It also includes a resource early warning module. The project type stamp includes existing items and variable items. The resource early warning module obtains the individual existing value based on the project feature information corresponding to the existing item, and retrieves the individual variable value corresponding to the project feature information with variable items according to the inter-item relationship. It updates the corresponding one-way existing value based on the individual variable value. When the one-way existing value is lower than the preset existing benchmark, it outputs resource early warning information.