A Dynamic Access Control Data Security Management Method Based on Multi-Layer Encryption

By establishing a platform service response judgment model through multi-layer encryption and historical data analysis, abnormal permission resets can be predicted, and appropriate synchronous or batch reset methods can be selected. This solves the service crash problem of the equipment operation and maintenance service platform when a large number of permissions are reset, and improves the stability and efficiency of the platform.

CN120639647BActive Publication Date: 2026-06-30QINGDAO TRAFFIC TECH INFORMATION

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
QINGDAO TRAFFIC TECH INFORMATION
Filing Date
2025-07-07
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

The existing equipment operation and maintenance service platform automatically resets permissions when equipment information has not been accessed for a long time, resulting in a large number of permissions being reset simultaneously. This may cause excessive delays in platform API response or even service crashes. Existing technology has failed to identify this anomaly in a timely manner.

Method used

By establishing a platform service response judgment model through multi-layer encryption and historical data analysis, it can predict whether permission reset will cause API response anomalies, select synchronous or batch reset methods, and plan the optimal batch reset strategy, including the minimum circle coverage algorithm and device type grouping, and dynamically adjust the permission reset method.

Benefits of technology

It effectively reduces the probability of platform service anomalies caused by large-scale permission synchronization resets, improves permission reset efficiency, and enables automated identification and timely handling of anomalies.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120639647B_ABST
    Figure CN120639647B_ABST
Patent Text Reader

Abstract

This invention discloses a dynamic access control data security management method based on multi-layer encryption, belonging to the field of data security management technology. The method includes: application-layer encryption of data on a device operation and maintenance service platform; transmission-layer encryption of user-platform interaction data after user login; collection of the number of user permissions and the access time of device information; collection of historical API response times and the number of historical permissions reset during automatic permission resets; establishment of a platform service response judgment model; prediction of whether synchronously resetting permissions will cause API response anomalies on the device operation and maintenance service platform; selection of permission reset method as synchronous reset or batch reset based on the prediction results; and, if batch reset is selected, planning of the batch reset method to reduce the probability of platform service anomalies caused by large-scale synchronous permission resets.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data security management technology, specifically a dynamic access control data security management method based on multi-layer encryption. Background Technology

[0002] The equipment operation and maintenance service platform stores various information about the equipment. Users can log in to the platform to interact with it and query relevant equipment information. To prevent unauthorized access and operation, the platform has set data access permissions to achieve secure management of equipment operation and maintenance data. Furthermore, it performs multi-layer encryption when interacting with the platform to further ensure data security.

[0003] Automatic permission reset is a key function of equipment operation and maintenance service platforms to achieve intelligent management. It automatically resets permissions when equipment information has not been accessed for a long time. After the automatic reset, users need to verify through various means to regain the corresponding data access permissions. It can balance security, efficiency and compliance requirements by dynamically adjusting permissions. However, since current equipment operation and maintenance service platforms generally have fixed automatic data access permission reset times, due to the variability of device access times, a large number of permissions may need to be reset simultaneously on the platform. This may lead to excessive delays in platform API response or even platform service crashes. Existing technology fails to detect this anomaly in time and instead chooses to reset the data access permissions of all users whose permissions need to be reset at once, which cannot reduce the probability of platform service anomalies caused by large-scale permission resets. Summary of the Invention

[0004] The purpose of this invention is to provide a dynamic access control data security management method based on multi-layer encryption to solve the problems raised in the prior art.

[0005] To achieve the above objectives, the present invention provides the following technical solution: a dynamic access control data security management method based on multi-layer encryption, comprising the following steps:

[0006] S1: Encrypt the data of the equipment operation and maintenance service platform at the application layer, and encrypt the data of the interaction between the user and the platform at the transmission layer after the user logs in to the equipment operation and maintenance service platform.

[0007] S2: Collect the number of user permissions and the access time of device information; collect the historical API response time and the number of historical permissions that were synchronously reset when the device operation and maintenance service platform performs automatic permission reset.

[0008] S3: Establish a platform service response judgment model to predict whether synchronously resetting the permissions to be reset will cause abnormal API response of the device operation and maintenance service platform, and select the permission reset method as synchronous reset or batch reset based on the prediction results.

[0009] S4: If you choose to reset in batches, collect the device type and device location information that need to have their data access permissions reset. Based on the collected information, plan the method of resetting permissions in batches. Resetting device data access permissions means turning off the permissions of all users to access and view the corresponding device information.

[0010] Preferably, in step S1: symmetric encryption technology is used to encrypt the device data stored in the device operation and maintenance service platform to achieve application layer encryption of the device operation and maintenance service platform; the transport layer encryption method is: using TLS1.3 combined with the national cryptographic SM2 dual protocol stack to encrypt the data transmitted between the user and the device operation and maintenance service platform;

[0011] By employing multi-layered encryption at the application and transport layers, the data in the equipment operation and maintenance service platform, as well as the interactive data between users and the platform, are encrypted. Subsequent data collection, retrieval, and analysis are performed only after data encryption, effectively improving the data security of the equipment operation and maintenance service platform.

[0012] Preferably, in step S2: after the user is authenticated, data access permissions are granted to the user. The device operation and maintenance service platform sets a fixed automatic reset time for permissions: when the device information has not been accessed or viewed for a duration of Q, the data access permissions for the corresponding device are automatically reset. The historical API response delay duration set for each automatic permission reset by the device operation and maintenance service platform is collected as t={t1,t2,...tm}, where m represents the historical number of automatic permission resets by the device operation and maintenance service platform. It is collected that the device operation and maintenance service platform previously automatically reset data access permissions for n devices in the first instance. A total of f users with data access permissions for one random device out of the n devices are collected. The data access permissions for the corresponding devices owned by these f users are collected. To determine the number of permissions, a user's access to a specific piece of information about a device is recorded as one data access permission. The data access permission counts of f users are summed to obtain the total data access permission count for a random device out of n devices processed during the first automatic permission reset. Similarly, the total data access permission count for each of the n devices processed during the first automatic permission reset is obtained. The total data access permission count for each device is summed to obtain the total data access permission count for n devices. The total number of permissions processed by the device maintenance service platform during the first automatic permission reset is G1, where G1 is the total data access permission count for n devices. The set of total permissions processed by the device maintenance service platform during the previous m automatic permission resets is G = {G1, G2, ..., Gm}.

[0013] Preferably, in step S3: the historical API response delay duration and the total number of permissions processed by the device operation and maintenance service platform during the previous m automatic permission reset operations are used to form data points {(G1,t1),(G2,t2),...(Gm,tm)}. After fitting the data points with a straight line, a platform service response judgment model is established: Y=a*x+b, where a and b are fitting coefficients, x is a variable in the platform service response judgment model that refers to the total number of permissions processed by the platform, and Y is a variable in the platform service response judgment model that refers to the API response delay duration.

[0014] Preferably, if the data access permissions of k devices need to be synchronously reset, the number of permissions to be synchronously reset is w. Substitute the number of permissions to be synchronously reset into the platform service response judgment model: Let x = w, predict the platform API response delay caused by synchronously resetting the permissions to be reset as a*w+b, set the normal platform API response delay as T, and compare T and a*w+b: if T ≤ a*w+b, it is determined that synchronously resetting the permissions to be reset will not cause the API response of the device operation and maintenance service platform to be abnormal, and the permissions to be reset are synchronously reset; if T > a*w+b, it is determined that synchronously resetting the permissions to be reset will cause the API response of the device operation and maintenance service platform to be abnormal, and the permissions to be reset are reset in batches and the batch reset method is planned. Substitute T into the model: Let Y = T, predict the total number of synchronously reset permissions that will not cause the API response of the device operation and maintenance service platform to be abnormal as (Tb) / a, and round down (Tb) / a.

[0015] Since the automatic reset time of permissions on the equipment operation and maintenance service platform is fixed, there may be situations where a large number of permissions need to be reset simultaneously, which can lead to excessively long API response delays or even platform service crashes. Considering that existing technologies cannot achieve automated identification of such anomalies, this invention establishes a platform service response judgment model through historical data analysis. This model is used to determine how many permissions need to be reset simultaneously to cause API response delay anomalies, and to predict whether resetting the current data access permissions to be reset simultaneously will cause API response anomalies on the equipment operation and maintenance service platform. This not only achieves automated identification of anomalies to help timely discover platform API response anomalies, but also facilitates the subsequent selection and planning of the optimal reset method for data access permission resets.

[0016] Preferably, in step S4: if the current permissions to be reset are to be reset in batches, the real-time location and device type information of the devices whose permissions need to be reset are collected. Based on the collected information, two methods for resetting permissions in batches are planned: Method 1 is to reset permissions based on device location, and Method 2 is to reset permissions based on device type. This allows for flexible selection of the optimal method to dynamically reset data access permissions.

[0017] Preferably, the method for resetting permissions in batches is as follows: First, the minimum circle covering algorithm is used to obtain the minimum circle that can cover the location points of k devices, and the radius of the minimum circle is R.

[0018] Execute operation step S100: Divide a number of concentric circles of the smallest circles with the maximum radius R in the manner of decreasing radius, with the radius decreasing value being r. Each time a concentric circle is divided, count the number of data access permissions of the devices covered by the smallest concentric circle divided. If the number of data access permissions of the devices covered by the corresponding concentric circle is greater than (T - b) / a, continue to divide the concentric circles until the number of data access permissions of the devices covered by the smallest concentric circle divided is less than or equal to (T - b) / a. Select to synchronously reset the data access permissions of the devices within the smallest concentric circle whose number of data access permissions of the covered devices is less than or equal to (T - b) / a, and剔除 the points that have been selected for reset;

[0019] Repeat the execution of operation step S100 for subsequent batches of permission synchronization resets until the number of data access permissions of the remaining devices covered by the smallest circle with radius R is less than or equal to (T - b) / a. Select to perform the last batch of synchronization resets on the data access permissions of the devices corresponding to the remaining position points;

[0020] Count that the number of reset batches required for batch - resetting permissions according to the first method of batch - resetting permissions to be processed is M.

[0021] Preferably, the second method of batch - resetting permissions is as follows: Collect the types of k devices, and obtain the set of the number of devices of each type as B = {B1, B2,... Bv}, where v represents that there are v different types of devices among the k devices. Divide the devices whose sum of the number of data access permissions of several types of devices in the set B is less than or equal to (T - b) / a into one group of devices. Select to perform the same - batch reset on the data access permissions of the devices in the same group, and剔除 the devices that have been grouped. Count that there are H ungrouped devices remaining after the剔除 process, and obtain the number of data access permissions of a randomly selected device among the H devices as L. Calculate L / [(T - b) / a], perform ceiling processing on L / [(T - b) / a], and select to divide the data access permissions of a randomly selected device among the H devices into L / [(T - b) / a] batches for reset. Make the same setting for the reset batches of the data access permissions of each device among the H devices. Count that the number of reset batches required for batch - resetting permissions according to the second method of batch - resetting permissions to be processed is N.

[0022] Preferably, compare M and N: If M < N, select to batch - reset the data access permissions of k devices according to the first method of batch - resetting permissions; if M > N, select to batch - reset the data access permissions of k devices according to the second method of batch - resetting permissions; if M = N, randomly select one of the two methods to batch - reset the data access permissions of k devices;

[0023] When it was predicted that synchronously resetting the access permissions of the data currently awaiting reset would cause abnormal API responses on the device operation and maintenance service platform, two batch reset permission methods were planned: Batch Reset Permission Method 1 and Batch Reset Permission Method 2. By comparing the number of batches required for the two planned batch reset permission methods, the method with fewer batches was selected to reset the data access permissions in batches. This not only effectively reduced the probability of platform service abnormalities caused by large-scale synchronous permission resets, but also improved the efficiency of permission reset.

[0024] Compared with the prior art, the beneficial effects of the present invention are:

[0025] Since the automatic reset time of permissions on the equipment operation and maintenance service platform is fixed, there may be situations where a large number of permissions need to be reset simultaneously, which may lead to excessively long API response delays or even platform service crashes. Considering that existing technologies cannot achieve automated identification of such anomalies, this invention establishes a platform service response judgment model through historical data analysis. This model is used to determine how many permissions need to be reset simultaneously to cause API response delay anomalies, and to predict whether resetting the current data access permissions to be reset simultaneously will cause API response anomalies on the equipment operation and maintenance service platform. This not only achieves automated identification of anomalies to help timely discover platform API response anomalies, but also facilitates the subsequent selection and planning of the optimal reset method for resetting data access permissions.

[0026] When it was predicted that synchronously resetting the access permissions of the data currently awaiting reset would cause abnormal API responses on the device operation and maintenance service platform, two batch reset permission methods were planned: Batch Reset Permission Method 1 and Batch Reset Permission Method 2. By comparing the number of batches required for the two planned batch reset permission methods, the method with fewer batches was selected to reset the data access permissions in batches. This not only effectively reduced the probability of platform service abnormalities caused by large-scale synchronous permission resets, but also improved the efficiency of permission reset. Attached Figure Description

[0027] Figure 1 This is a flowchart illustrating the dynamic access control data security management method based on multi-layer encryption according to the present invention. Detailed Implementation

[0028] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention. Example

[0029] like Figure 1 As shown, this embodiment provides a dynamic access control data security management method based on multi-layer encryption, including: S1: Application layer encryption of the data of the device operation and maintenance service platform; after the user logs into the device operation and maintenance service platform, transmission layer encryption of the interaction data between the user and the platform: using symmetric encryption technology to encrypt the device data stored in the device operation and maintenance service platform to achieve application layer encryption of the device operation and maintenance service platform; the transmission layer encryption method is: using TLS1.3 combined with the national cryptographic SM2 dual protocol stack to encrypt the data transmitted between the user and the device operation and maintenance service platform;

[0030] S2: Collect the number of user permissions and the access time of device information. Collect the historical API response time and the number of historical permissions reset during automatic permission resets by the device operation and maintenance service platform. After user authentication, data access permissions are granted. The device operation and maintenance service platform sets a fixed automatic permission reset time: when the device information has not been accessed for a period of Q, the data access permissions of the corresponding device are automatically reset. The historical API response delay time set for each automatic permission reset by the device operation and maintenance service platform is collected as t={t1,t2,...tm}, where m represents the historical number of automatic permission resets by the device operation and maintenance service platform. The data access permissions of the device operation and maintenance service platform were automatically reset for the first time for a total of n devices. The data access permissions of all devices with n permissions were collected. There are f users who have access to data on one random device out of n devices. The number of data access permissions for each of the f users is collected. The data access permissions of the f users are added together to get the total number of data access permissions for one random device out of n devices processed during the first automatic permission reset. Similarly, the total number of data access permissions for each of the n devices processed during the first automatic permission reset is obtained. The total number of data access permissions for each of the n devices is added together to get the total number of data access permissions for the n devices. The total number of permissions processed by the device operation and maintenance service platform during the first automatic permission reset operation is G1, where G1 is the total number of data access permissions for the n devices. The set of the total number of permissions processed by the device operation and maintenance service platform during the previous m automatic permission reset operations is G={G1,G2,...Gm}.

[0031] S3: Establish a platform service response judgment model to predict whether synchronously resetting the permissions to be reset will cause API response anomalies in the device operation and maintenance service platform. Based on the prediction results, select either synchronous reset or batch reset as the permission reset method: Construct data points {(G1,t1), (G2,t2), ..., (Gm,tm)} by combining the historical API response delay duration and the total number of permissions processed by the device operation and maintenance service platform in the previous m automatic permission reset operations. After fitting a straight line to the data points, establish a platform service response judgment model: Y = a*x + b, where a and b are fitting coefficients, x is the variable representing the total number of permissions processed by the platform in the platform service response judgment model, and Y is the variable representing the API response delay duration in the platform service response judgment model. Obtain the current number of permissions to be synchronously reset for k devices, which is w. Then,... Substituting the number of permissions into the platform service response judgment model: Let x=w, the predicted platform API response delay time caused by synchronously resetting the current permissions to be reset is: a*w+b. Set the normal platform API response delay time to T, and compare T and a*w+b: If T≤a*w+b, it is determined that synchronously resetting the current permissions to be reset will not cause the API response of the device operation and maintenance service platform to be abnormal, and the current permissions to be reset are selected to be synchronously reset; If T>a*w+b, it is determined that synchronously resetting the current permissions to be reset will cause the API response of the device operation and maintenance service platform to be abnormal, and the current permissions to be reset are selected to be reset in batches and the batch reset method is planned. Substituting T into the model: Let Y=T, the predicted total number of synchronously reset permissions that will not cause the API response of the device operation and maintenance service platform to be abnormal is (Tb) / a. Round down (Tb) / a, where * is the multiplication sign;

[0032] S4: If you choose to reset in batches, collect the device type and device location information of the device whose data access permissions need to be reset, and plan the method of resetting permissions in batches based on the collected information: If you choose to reset the current permissions in batches, collect the real-time location and device type information of the device whose permissions need to be reset, and plan the method one and the method two of resetting permissions in batches based on the collected information.

[0033] One method for resetting permissions in batches is as follows: First, use the minimum circle covering algorithm to obtain the minimum circle that can cover the location points of k devices, and obtain the radius of the minimum circle as R;

[0034] Execute operation step S100: Divide the concentric circles into several smallest circles with radius R as the maximum value and the radius decreasing in descending order. The radius decreases by r. After each concentric circle is divided, the number of data access permissions of the devices covered by the smallest concentric circle is counted. If the number of data access permissions of the devices covered by the corresponding concentric circle is greater than (Tb) / a, the concentric circle division continues until the number of data access permissions of the devices covered by the smallest concentric circle is less than or equal to (Tb) / a. Select the devices in the smallest concentric circle whose number of data access permissions of the covered devices is less than or equal to (Tb) / a and perform the first batch of synchronous reset of the data access permissions, and remove the points that have been selected for reset.

[0035] Repeat operation step S100 to perform subsequent batches of permission synchronization reset until the number of data access permissions of the remaining devices covered by the smallest circle with radius R is less than or equal to (Tb) / a, and select the data access permissions of the devices corresponding to the remaining location points to perform the last batch of synchronization reset.

[0036] The number of reset batches required for resetting permissions according to the first method is M.

[0037] The second method for batch resetting permissions is as follows: Collect the types of k devices, and obtain the set of devices of each type as B={B1,B2,...Bv}, where v represents the number of different types of devices among the k devices. Group the devices whose sum of the data access permission counts of several types of devices in set B is less than or equal to (Tb) / a into a group. Select the devices in the same group to reset the data access permissions in the same batch. Remove the grouped devices. After the removal process, there are H types of ungrouped devices remaining. Get the data access permission count of a random device among the H types of devices as L. Calculate L / [(Tb) / a]. Round L / [(Tb) / a] up. Select the random device among the H types of devices to reset the data access permission in L / [(Tb) / a] batches. Perform the same setting process on each batch of data access permission reset for each type of device in the H types of devices. The number of reset batches required for batch resetting permissions using the second method is N.

[0038] For example: It is predicted that synchronously resetting the data access permissions of 50 data items will not cause abnormal API responses in the device operation and maintenance service platform. It is collected that the data access permissions of 30 devices need to be reset in the current period. The number of data access permissions of the 30 devices is 100, and there are 4 different types of devices in total. The set of the number of data access permissions for each type of device obtained is B = {8, 25, 60, 7}, where 8 + 25 + 7 = 40 < 50, that is, the sum of the number of data access permissions of the first, second, and fourth types of devices is less than (T - b) / a. The first, second, and fourth types of devices are grouped into one group of devices, and the data access permissions of the first, second, and fourth types of devices are reset in the same batch. The cumulative batch number is 1, and there is 1 remaining ungrouped device, that is, the third type of device. The number of data access permissions of the third type of device is 60. Calculate 60 / 50, and perform ceiling processing on 60 / 50 to obtain L / [(T - b) / a] = 2. It is selected to reset the data access permissions of the third type of device in two batches. It is statistically found that a total of 1 + 2 = 3 batches need to be divided to reset the permissions according to the second method of pending batch reset of permissions;

[0039] Compare M and N: If M < N, select to batch-reset the data access permissions of k devices according to the first method of pending batch reset of permissions; if M > N, select to batch-reset the data access permissions of k devices according to the second method of pending batch reset of permissions; if M = N, arbitrarily select one of the two methods to batch-reset the data access permissions of k devices.

[0040] For those skilled in the art, it is obvious that the present invention is not limited to the details of the above exemplary embodiments, and can be implemented in other specific forms without departing from the spirit or basic characteristics of the present invention. Therefore, from any point of view, the embodiments should be regarded as exemplary and non-restrictive. The scope of the present invention is defined by the appended claims rather than the above description. Therefore, all changes falling within the meaning and scope of the equivalent elements of the claims are intended to be embraced within the present invention. Any reference signs in the claims should not be regarded as limiting the claims involved.

Claims

1. A dynamic access control data security management method based on multi-layer encryption, characterized in that: Includes the following steps: S1: Encrypt the data of the equipment operation and maintenance service platform at the application layer, and encrypt the data of the interaction between the user and the platform at the transmission layer after the user logs in to the equipment operation and maintenance service platform. S2: Collect the number of user permissions and the access time of device information; collect the historical API response time and the number of historical permissions that were synchronously reset when the device operation and maintenance service platform performs automatic permission reset. S3: Establish a platform service response judgment model to predict whether synchronously resetting the permissions to be reset will cause abnormal API response of the device operation and maintenance service platform, and select the permission reset method as synchronous reset or batch reset based on the prediction results. S4: If you choose to reset in batches, collect the device type and device location information of the devices whose data access permissions need to be reset, and plan the method of resetting permissions in batches based on the collected information; In step S2: After user authentication, data access permissions are granted. The device operation and maintenance service platform sets a fixed automatic reset time for permissions: when device information has not been accessed or viewed for a duration of Q, the data access permissions for the corresponding device are automatically reset. The historical API response delay duration set for each automatic permission reset by the device operation and maintenance service platform is collected as t={t1,t2,...tm}, where m represents the historical number of automatic permission resets by the device operation and maintenance service platform. The platform previously automatically reset data access permissions for n devices in the first instance. A total of f users with data access permissions for one random device out of the n devices are collected. The permissions of these f users are then collected. For each corresponding device, the number of data access permissions is calculated by summing the data access permissions of f users. This gives the total number of data access permissions for a random device among the n devices processed during the first automatic permission reset. Similarly, the total number of data access permissions for each of the n devices processed during the first automatic permission reset is obtained. Summing the total number of data access permissions for each device gives the total number of data access permissions for n devices. The total number of permissions processed by the device operation and maintenance service platform during the first automatic permission reset operation is G1, where G1 is the total number of data access permissions for n devices. The set of total permissions processed by the device operation and maintenance service platform during the previous m automatic permission reset operations is G={G1,G2,...Gm}.

2. The dynamic access control data security management method based on multi-layer encryption according to claim 1, characterized in that: In step S1: The device data stored in the device operation and maintenance service platform is encrypted using symmetric encryption technology to achieve application layer encryption of the device operation and maintenance service platform; the transport layer encryption method is: the data transmitted between the user and the device operation and maintenance service platform is encrypted using a dual protocol stack of TLS1.3 and SM2.

3. The dynamic access control data security management method based on multi-layer encryption according to claim 1, characterized in that: In step S3: The historical API response delay duration and the total number of permissions processed by the device operation and maintenance service platform during the previous m automatic permission reset operations are combined to form data points {(G1,t1),(G2,t2),...(Gm,tm)}. After fitting the data points with a straight line, a platform service response judgment model is established: Y=a*x+b, where a and b are fitting coefficients, x is the variable representing the total number of permissions processed by the platform in the platform service response judgment model, and Y is the variable representing the API response delay duration in the platform service response judgment model.

4. The dynamic access control data security management method based on multi-layer encryption according to claim 3, characterized in that: The system obtains the current number of permissions to be synchronously reset for k devices, w. Substituting this number into the platform service response judgment model: Let x = w, predict the platform API response delay caused by synchronously resetting the permissions as a*w + b. Set the normal platform API response delay time as T, and compare T and a*w + b: If T ≤ a*w + b, it is determined that synchronously resetting the permissions will not cause API response abnormalities on the device operation and maintenance service platform, and synchronous resetting of the permissions is selected; if T > a*w + b, it is determined that synchronously resetting the permissions will cause API response abnormalities on the device operation and maintenance service platform, and batch resetting of the permissions is selected and a batch resetting method is planned. Substituting T into the model: Let Y = T, predict the total number of synchronously reset permissions that will not cause API response abnormalities on the device operation and maintenance service platform as (Tb) / a, and round down (Tb) / a.

5. The dynamic access control data security management method based on multi-layer encryption according to claim 4, characterized in that: In step S4: If the current permissions to be reset are selected to be reset in batches, the real-time location and device type information of the devices whose permissions need to be reset are collected, and the two methods of resetting permissions in batches are planned based on the collected information.

6. The dynamic access control data security management method based on multi-layer encryption according to claim 5, characterized in that: The first method for resetting permissions in batches is as follows: First, the minimum circle covering algorithm is used to obtain the minimum circle that can cover the location points of k devices, and the radius of the minimum circle is R. Execute operation step S100: Divide the concentric circles into several smallest circles with radius R as the maximum value and the radius decreasing in descending order. The radius decreases by r. After each concentric circle is divided, the number of data access permissions of the devices covered by the smallest concentric circle is counted. If the number of data access permissions of the devices covered by the corresponding concentric circle is greater than (Tb) / a, the concentric circle division continues until the number of data access permissions of the devices covered by the smallest concentric circle is less than or equal to (Tb) / a. Select the devices in the smallest concentric circle whose number of data access permissions of the covered devices is less than or equal to (Tb) / a and perform the first batch of synchronous reset of the data access permissions, and remove the points that have been selected for reset. Repeat the operation step S100 to perform subsequent batches of permission synchronization reset until the number of data access permissions of the remaining devices covered by the smallest circle with a radius of R is less than or equal to (T - b) / a, and select to perform the last batch of synchronization reset on the data access permissions of the devices corresponding to the remaining position points. The number of reset batches required for batch-by-batch reset of permissions in accordance with the first method for batch-by-batch reset of permissions is counted as M.

7. The dynamic access control data security management method based on multi-layer encryption according to claim 6, characterized in that: The second method for batch-by-batch reset of permissions is as follows: Collect the types of k devices, and obtain the set of the number of devices of each type as B = {B1, B2,... Bv}, where v represents that there are v different types of devices among the k devices. Divide the devices whose sum of the number of data access permissions of several types of devices in the set B is less than or equal to (T - b) / a into a group of devices, select to perform the same batch of reset on the data access permissions of the devices in the same group, eliminate the devices that have been grouped, count that there are H types of ungrouped devices remaining after the elimination process, obtain the number of data access permissions of a randomly selected device among the H types of devices as L, calculate L / [(T - b) / a], perform rounding up on L / [(T - b) / a], select to divide the data access permissions of a randomly selected device among the H types of devices into L / [(T - b) / a] batches for reset, perform the same setting process on the reset batches of the data access permissions of each device among the H types of devices, and count that the number of reset batches required for batch-by-batch reset of permissions in accordance with the second method for batch-by-batch reset of permissions is N.

8. The dynamic access control data security management method based on multi-layer encryption according to claim 7, characterized in that: Compare M and N: If M < N, select to perform batch-by-batch reset of the data access permissions of k devices in accordance with the first method for batch-by-batch reset of permissions; if M > N, select to perform batch-by-batch reset of the data access permissions of k devices in accordance with the second method for batch-by-batch reset of permissions; if M = N, arbitrarily select one of the two methods to perform batch-by-batch reset of the data access permissions of k devices.