A system for dynamically adjusting packets across devices in real time

By combining distributed clustering and K-means clustering algorithm with a greedy strategy, the performance bottleneck and data conflict problems in cross-device grouped data synchronization are solved, realizing real-time dynamic adjustment and efficient collaboration of cross-device grouped data, and improving the system's throughput and response speed.

CN120768652BActive Publication Date: 2026-06-30GUANGZHOU LANGO ELECTRONICS TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
GUANGZHOU LANGO ELECTRONICS TECH CO LTD
Filing Date
2025-07-30
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

In existing cross-device group data synchronization technologies, the central server is prone to becoming a performance bottleneck, with low data processing and distribution efficiency, poor real-time performance, difficulty in meeting the need for instant updates of group data, lack of effective conflict resolution mechanisms, high network dependence, and easy interruption of the synchronization process.

Method used

A distributed cluster is used to build central and edge nodes. Combining the K-means clustering algorithm and greedy strategy, and through identity authentication module, distributed synchronization module, rule engine module, trigger engine module and algorithm engine module, it can dynamically adjust groups across devices. Multi-dimensional grouping rules and multi-dimensional triggering strategies are used for intelligent calculation and optimization to improve system throughput and response speed.

Benefits of technology

It enables real-time dynamic adjustment of grouped data across devices, improves system throughput and response speed, solves the performance bottleneck and data conflict issues of the central server, and ensures the instant update and efficient collaboration of grouped data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120768652B_ABST
    Figure CN120768652B_ABST
Patent Text Reader

Abstract

This invention provides a system for real-time dynamic adjustment of grouping across devices, including an identity authentication module, a distributed synchronization module, a rule engine module, a trigger engine module, and an algorithm engine module. These modules are coupled and interact through standardized data interfaces. By establishing a three-element association relationship between users, devices, and groups, unified management and authentication of user identities are achieved in a multi-device environment. A dynamic adjustment strategy is employed to achieve static allocation and dynamic adjustment of user permissions. Multi-dimensional grouping rules are formulated to filter users meeting certain conditions into the same group. A multi-dimensional trigger strategy is used to dynamically adjust groups. Intelligent calculation and optimization of dynamic grouping are performed based on the K-means clustering algorithm combined with a greedy strategy. Data synchronization between devices is achieved based on a distributed architecture, enabling real-time dynamic adjustment and efficient collaboration of grouping across devices.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of cross-device group adjustment, and more particularly to a system for real-time dynamic adjustment of cross-device groups. Background Technology

[0002] Existing cross-device packet data synchronization technologies often employ a hardware architecture of "single central server + terminal devices." The central server is typically deployed as a single machine or in a simple cluster, while the terminal devices interact with the central server using HTTP / HTTPS protocols. In terms of synchronization implementation, the central server usually receives and processes the packet adjustment request initiated by the terminal device, and then broadcasts the result to the relevant devices.

[0003] However, this model has several problems: First, the central server easily becomes a performance bottleneck. When faced with a large number of concurrent requests from devices, the efficiency of data processing and distribution drops sharply, leading to severe synchronization delays. Second, the request-response model of the HTTP protocol has poor real-time performance, making it difficult to meet the need for immediate updates of grouped data. Third, there is a lack of effective conflict resolution mechanisms. When multiple devices adjust the same group simultaneously, data conflicts are easily triggered, resulting in inconsistent grouped data. In addition, this architecture is highly dependent on the network; when the network is unstable, the synchronization process is easily interrupted.

[0004] Based on this, the technical problem to be solved by this application is: how to synchronize dynamically adjusted cross-device grouped data in real time. Summary of the Invention

[0005] To address the aforementioned issues, this invention provides a system for real-time dynamic adjustment of groupings across devices. It constructs a central node through a distributed cluster and combines it with edge nodes to achieve localized data processing and storage, significantly improving system throughput and response speed. Multi-dimensional grouping rules are established to filter users who meet certain criteria into the same group. A multi-dimensional triggering strategy is employed to dynamically adjust the groupings. Based on the K-means clustering algorithm combined with a greedy strategy, intelligent calculation and optimization of dynamic grouping are performed, enabling real-time updates of grouping data across devices.

[0006] To achieve the above objectives, the technical solution adopted by the present invention is as follows:

[0007] This invention provides a system for real-time dynamic adjustment of groups across devices, including a distributed synchronization module, which is connected to an identity authentication module, a rule engine module, a trigger engine module, and an algorithm engine module respectively.

[0008] Identity authentication module: used for unified management and authentication of user identities in a multi-device environment, and to build cross-device identity mapping relationship. Through the user-device-group three-element association relationship, corresponding permissions are assigned according to user roles;

[0009] Distributed synchronization module: Used to build a distributed synchronization network, with a local area network server or cloud server as the central node, used to store global packet data, and each device as the edge node, used to cache local packet copies, and to perform real-time synchronization and updates of packet data across devices.

[0010] The rules engine module is used to formulate multi-dimensional grouping rules, filter users after authentication by the identity authentication module based on the grouping rules, group users that meet the conditions, and synchronize the grouping data through the distributed synchronization module.

[0011] Trigger Engine Module: Used to monitor system status in real time, and trigger dynamic grouping based on multi-dimensional triggering strategies and preset conditions, and synchronize group data through distributed synchronization module;

[0012] Algorithm engine module: Based on the K-means clustering algorithm combined with a greedy strategy, the grouping is dynamically adjusted and optimized, and the grouping data is synchronized through a distributed synchronization module.

[0013] Furthermore, the identity authentication module includes an identity authentication unit, an identity association unit, and an access control unit;

[0014] The identity authentication unit supports multiple identity authentication methods, adopts a standard protocol, integrates multi-factor authentication methods, and is compatible with different authentication sources through an adapter mode;

[0015] The identity association unit binds user identities by establishing a three-element association relationship between user, device, and group.

[0016] The permission control unit performs fine-grained permission management based on the RBAC model, supports group-level permission configuration, and achieves dynamic permission control by combining attribute-based access control strategies.

[0017] Furthermore, the identity association unit establishes a three-element association relationship of user-device-group, including the following steps:

[0018] Establish the connection between users and devices: collect hardware and software environment information, formulate multi-device binding strategies, and evaluate the binding trust level;

[0019] Establish the association between devices and groups: divide the devices into groups into whitelists, formulate device group caching strategies, and process device switching events through identity association units to achieve device switching synchronization;

[0020] Establish the association between users and groups: analyze and group device usage patterns, detect abnormal device behavior, and trigger group adjustments;

[0021] Anomaly correlation detection: The associated data is encrypted and stored, and anomaly correlation patterns are identified and alerts are issued based on the isolated forest algorithm.

[0022] Preferably, when assessing trust levels, the assessment indicators include device usage time, geographical location consistency, operating habit matching, and multi-factor authentication.

[0023] Furthermore, in the access control unit, a hybrid access control model combining the RBAC core framework and ABAC dynamic policies is adopted. The policy engine enables static allocation and dynamic adjustment of permissions, including the following steps:

[0024] Build a role system, and design roles and corresponding permissions in a hierarchical manner;

[0025] Static role assignment and dynamic role permission inheritance;

[0026] Cache and verify the configured permissions;

[0027] Segment and collect user attributes to build an attribute system;

[0028] Set policy priorities. ABAC dynamic policies have higher priority than RBAC static permissions. When policy conflicts occur, the policy that has recently taken effect takes precedence.

[0029] Set up an attribute trigger mechanism to perform dynamic permission evaluation;

[0030] Bind roles and permissions, and dynamically adjust group permissions;

[0031] Design a permission conflict detection mechanism and adopt conflict resolution strategies based on the detected conflicts;

[0032] Audit access permissions log and set up an access control rollback mechanism;

[0033] Monitor and alert on abnormal access permissions.

[0034] Furthermore, the distributed synchronization module is designed with a three-level conflict handling mechanism, including:

[0035] Optimistic locking prevention: Each group of data carries a version number. When the device submits a modification, it must include the current version. If the central node finds that the versions are inconsistent, it will reject the request.

[0036] Automatic arbitration: For non-critical conflicts, the last-write-wins strategy is adopted, and the operation with the latest timestamp of the central node shall prevail;

[0037] Manual intervention: For critical conflicts, the conflict resolution interface is triggered, and the administrator can view the operation log and select the version to keep. The system will automatically generate a conflict resolution solution.

[0038] Furthermore, the execution process of the rule engine module includes the following steps:

[0039] Rule definition: Establish a multi-dimensional grouping rule system, including static attribute grouping rules, dynamic behavior grouping rules, and task scenario adaptive grouping rules. Use a graphical rule editor to generate a graphical rule configuration interface. Administrators can combine conditional expressions by dragging and dropping. Rules are stored in DRL format.

[0040] Rule parsing: DRL rules are parsed using the ANTLR4 parser to generate an abstract syntax tree, which is then converted into executable Java bytecode. A rule validator is used to detect condition conflicts / overwriting, and a rule indexer is used to build a fast matching index.

[0041] Rule execution: Efficient pattern matching is performed using the Rete algorithm, supporting weight factors and constraints. A parallel rule matching engine is built based on the Fork / Join framework, and the execution results are cached.

[0042] Furthermore, the execution process of the trigger engine module includes the following steps:

[0043] The trigger engine collects monitoring data in real time through probes deployed on various devices and service nodes;

[0044] The collected data undergoes multi-layered processing, including real-time indicator calculation, status standardization, and anomaly detection.

[0045] Visualize and store monitoring data;

[0046] Design a multi-trigger strategy for dynamically adjusting groups, including time-triggered strategy, event-triggered strategy, and indicator-triggered strategy;

[0047] Determine and filter trigger conditions, and prioritize the trigger conditions.

[0048] Obtain the context at the time of triggering and dynamically adjust the grouping by executing the triggering operation.

[0049] Furthermore, the execution process of the algorithm engine module includes the following steps:

[0050] Multidimensional features are extracted from user attributes and standardized. The multidimensional features include static features and dynamic features. Dynamic weights are assigned to different features according to the grouping scenario to construct a multidimensional feature space.

[0051] The K-means++ algorithm is used for clustering, and grouping rule constraints are embedded in the initialization phase;

[0052] During the iterative calculation, the weighted Euclidean distance from the user to each cluster center is calculated, and the user is assigned to the cluster with the closest distance. After the iteration ends, the grouping that does not meet the hard constraints is forcibly corrected.

[0053] Define multiple soft constraint evaluation metrics, evaluate the soft constraint metrics for each group in turn, and if the metrics are not met, initiate a greedy swap strategy:

[0054] Perform local search refinement for each group, and after all local adjustments are completed, sort the groups by fitness, and re-execute the greedy swap strategy for groups with fitness scores below the threshold.

[0055] When user characteristics change, the impact of the characteristic change is assessed, and local re-clustering is initiated for the affected groups;

[0056] Receive the grouping request sent by the trigger engine and extract the set of users participating in the grouping;

[0057] Multiple grouping schemes are generated in parallel based on different K values, and the feasibility of the schemes is verified triple-wise.

[0058] A multi-objective decision-making method is used to rank multiple schemes, taking into account hard constraint satisfaction, soft constraint score, and historical effect reference. The scheme with the highest comprehensive score is selected as the final grouping result. Administrators are allowed to manually fine-tune the automatically generated schemes and output the generated grouping schemes.

[0059] The beneficial effects of this invention are as follows:

[0060] This invention provides a system for real-time dynamic adjustment of grouping across devices, including an identity authentication module, a distributed synchronization module, a rule engine module, a trigger engine module, and an algorithm engine module. These modules are coupled and interact through standardized data interfaces. By establishing a three-element association relationship between users, devices, and groups, unified management and authentication of user identities are achieved in a multi-device environment. A dynamic adjustment strategy is employed to achieve static allocation and dynamic adjustment of user permissions. Multi-dimensional grouping rules are formulated to filter users who meet certain conditions into the same group. A multi-dimensional trigger strategy is used to dynamically adjust groups. Based on an improved K-means clustering algorithm combined with a greedy strategy, intelligent calculation and optimization of dynamic grouping are performed. Data synchronization between devices is achieved based on a distributed architecture, enabling real-time dynamic adjustment and efficient collaboration of groups in a cross-device environment. Attached Figure Description

[0061] Figure 1 This is a system block diagram of a cross-device real-time dynamic adjustment of grouping according to the present invention. Detailed Implementation

[0062] Please see Figure 1As shown, the present invention relates to a system for real-time dynamic adjustment of groups across devices, including a distributed synchronization module, which is connected to an identity authentication module, a rule engine module, a trigger engine module, and an algorithm engine module respectively.

[0063] Identity authentication module: used for unified management and authentication of user identities in a multi-device environment, and to build cross-device identity mapping relationship. Through the user-device-group three-element association relationship, corresponding permissions are assigned according to user roles;

[0064] The identity authentication module includes an identity authentication unit, an identity association unit, and an access control unit;

[0065] The identity authentication unit supports multiple identity authentication methods, adopts standard protocols such as OAuth2.0, SAML2.0, and JWT, and integrates multi-factor authentication methods such as biometrics (fingerprint / facial recognition) and hardware tokens (U2F). It is compatible with different authentication sources (such as campus unified identity authentication and enterprise AD domain) through the adapter pattern. The adapter pattern refers to adapting an interface of a certain type to the interface type expected by the user, so that different devices can be compatible.

[0066] The identity association unit binds user identities by establishing a three-element association relationship between user, device, and group. It achieves cross-device identity binding through device fingerprint technology (hardware serial number + software environment hash value) and supports dynamic evaluation of device trust levels (new devices require secondary verification, while frequently used devices can log in without a password). For example, device trust management can be divided into three layers, including trusted devices (initial authentication + secondary verification), suspicious devices (requiring multi-factor authentication, i.e., MFA), and unknown devices (isolated access).

[0067] Establishing a ternary association between user, device, and group includes the following steps:

[0068] Establish the connection between users and devices: collect hardware and software environment information, formulate multi-device binding strategies, and evaluate the binding trust level;

[0069] Upon initial connection, the client obtains device hardware identifiers (such as CPU serial number, motherboard serial number, and MAC address) and collects software environment information (operating system version, browser fingerprint, and installed application hash value) through the underlying API.

[0070] Develop a multi-device binding policy. Multiple devices include primary devices, secondary devices, and temporary devices. For example, a user can designate one frequently used device as the primary device (such as an office computer) with the highest trust level. The user can bind up to five secondary devices (such as mobile phones and tablets), and the binding must be confirmed by the primary device. When accessing the device without binding, secondary verification (scanning a QR code or SMS verification code) is required by the primary device.

[0071] When assessing trust levels, four evaluation indicators can be used: device usage time, geographical location consistency, operating habit matching, and multi-factor authentication. For example, device usage time can be scored 30 points, geographical location consistency 20 points, operating habit matching 30 points, and multi-factor authentication 20 points. The total score is obtained by adding the four scores, and the trust level of the device is determined based on the total score.

[0072] Establish the association between devices and groups: divide the devices into groups into whitelists, formulate device group caching strategies, and process device switching events through identity association units to achieve device switching synchronization;

[0073] Administrators can set the types of devices that can be accessed by a group (e.g., only office computers can be allowed to access the project group), and research groups can set geographical location restrictions for devices (e.g., only devices within the campus network can be allowed to access).

[0074] Develop a device group caching strategy. For example, the primary device caches all complete data of the group (valid for 7 days), the secondary device caches basic group information and user-related data (valid for 48 hours), and the temporary device does not cache group data, but retrieves it from the central node for each access.

[0075] During device handover synchronization, the old device sends a device handover event to the identity association unit, and the new device requests packet data synchronization from the identity association unit. The identity association unit generates a device difference packet and pushes the packet data to the new device, while marking the packet data of the old device as invalid.

[0076] Establish the association between users and groups: analyze and group device usage patterns, detect abnormal device behavior, and trigger group adjustments;

[0077] Users identified on mobile devices (frequent users of phones / tablets) will be automatically assigned to discussion groups (suitable for short-term interactions), users identified on desktop devices (frequent users of computers) will be assigned to programming groups (suitable for long-term focused tasks), and active users across multiple devices will be assigned to collaboration groups (requiring multiple devices to complete tasks together).

[0078] The system detects whether the equipment is abnormal and analyzes the type of abnormality. If it is an abnormal cross-regional login, it is classified into the temporary isolation group. If it is an abnormal access to an unknown device, it is classified into the risk monitoring group. If it is an abnormal high-frequency device switching, it is classified into the adaptability test group. The groups classified into the temporary isolation group, risk monitoring group, and adaptability test group are then subjected to secondary verification. Once the verification is successful, the system can be restored.

[0079] Anomaly correlation detection: The associated data is encrypted and stored, and anomaly correlation patterns are identified and alerts are issued based on the isolated forest algorithm.

[0080] For abnormal association patterns, such as a single device being associated with more than 20 groups, it may indicate account sharing; a user accessing the same group through 3 different devices within 1 hour may indicate account theft; and a device simultaneously belonging to more than 10 different types of groups may indicate permission abuse. The isolated forest algorithm is used to identify abnormal association patterns and alarm thresholds are set. For example, when the triplet anomaly score is greater than 0.8, a security alarm is triggered, high-risk associations are temporarily frozen, and the user is required to re-authenticate.

[0081] The permission control unit implements fine-grained permission management based on the RBAC model, supports group-level permission configuration (such as only allowing the group leader to adjust members), and combines attribute-based access control policy (ABAC) to implement dynamic permission control (such as temporarily upgrading collaboration permissions based on user activity).

[0082] The access control unit employs a hybrid access control model combining the RBAC core framework with ABAC dynamic policies. The policy engine enables static allocation and dynamic adjustment of permissions, including the following steps:

[0083] Build a role system, and design roles and corresponding permissions in a hierarchical manner;

[0084] For example, system-level roles include super administrator and regular administrator; group-level roles include group leader, deputy group leader, and regular member; and temporary roles include visitor and observer (read-only). Set permissions for each role, such as group leader permissions including: modifying group information, adding members, removing members, assigning tasks, and deleting the group (requiring secondary verification).

[0085] Static role assignment and dynamic role permission inheritance;

[0086] Static role assignment: Users apply to the administrator to join a group, the administrator assigns the corresponding role, and verifies the role permissions through the permission control unit. After successful verification, the user is notified of the role assignment result.

[0087] Dynamic role inheritance: Deputy group leaders automatically inherit all permissions of ordinary members, group leaders automatically inherit all permissions of deputy group leaders plus management permissions, and temporary roles (visitors) only have read-only permissions and have no inheritance relationship.

[0088] Cache and verify the configured permissions;

[0089] The configured permissions can be cached. User roles and permission information can be cached on the client through local caching, and role-permission mapping can be cached in Redis through distributed caching (TTL=15 minutes). If the cache expires, an expiration notification will be pushed via WebSocket when the role changes.

[0090] When verifying user permissions, the user's role is extracted from the user's operation request, and the role permissions are queried. If the permissions exist, the operation is allowed; if the permissions do not exist, the operation is denied and recorded in the operation log.

[0091] Segment and collect user attributes to build an attribute system;

[0092] The attributes include static attributes, such as major, skill level, and registration time; dynamic attributes, such as activity level (e.g., number of posts in the last 7 days), task completion rate, and collaboration rating; and environmental attributes, such as device type, network location, and access time. User attribute data is obtained through the client and an attribute system is constructed.

[0093] Set policy priorities. ABAC dynamic policies have higher priority than RBAC static permissions. When policy conflicts occur, the policy that has recently taken effect takes precedence.

[0094] Set up an attribute trigger mechanism to perform dynamic permission evaluation;

[0095] The attribute triggering mechanism includes timed triggering, which scans all user attributes every 30 minutes and triggers policy matching; event triggering, which immediately evaluates user attribute changes, such as activity updates; and operation triggering, which evaluates dynamic permissions in real time before executing sensitive operations.

[0096] Bind roles and permissions, and dynamically adjust group permissions;

[0097] Create groups, set default role permissions, add custom policies, assign initial member roles, generate permission configurations, and synchronize permissions to member devices. For group permissions, inheritance is implemented, meaning that child groups automatically inherit the basic permissions of the parent group.

[0098] For example, based on activity level, when the activity level is greater than or equal to 90, temporary access to pinned discussions is granted (valid for 24 hours); when the activity level is greater than or equal to 80 for three consecutive days, temporary access to file upload and review is granted; when the activity level is less than 30, some collaboration permissions are revoked (only viewing permissions are retained).

[0099] Design a permission conflict detection mechanism and adopt conflict resolution strategies based on the detected conflicts;

[0100] Static conflict detection:

[0101] Role permission overlap detection: Identify mutually exclusive permissions within the same role (e.g., having both "add" and "delete" permissions but no approval permission);

[0102] Policy condition overlap detection: Identify policies with conflicting effects under the same conditions (such as simultaneously allowing and denying the same operation).

[0103] Group permission inheritance conflict: Identify situations where a subgroup overrides the core permissions of the parent group.

[0104] Dynamic conflict detection:

[0105] Conflict detection during operation: Check whether there is a conflict between RBAC and ABAC permissions before executing the operation;

[0106] Scheduled conflict scan: Scans all user permissions every day at midnight and generates a conflict report;

[0107] Permission change conflict detection: Real-time detection of potential conflicts when modifying permission configurations.

[0108] The priority rules for conflict resolution strategies are set as follows: ABAC dynamic permissions > RBAC static permissions, group-level permissions > global permissions, and most recently effective policies > historical policies. When a permission conflict is detected, the conflict type is first analyzed, and corresponding measures are formulated. The measures require administrator approval. If the administrator approves, the measures are implemented; if the administrator rejects, the conflict is logged.

[0109] Audit access permissions log and set up an access control rollback mechanism;

[0110] By recording permission logs, you can understand permission change records (who modified whose permissions and when), permission usage records (who used what permissions to perform operations and when), and permission denial records (who was denied permissions, when, and for what reason).

[0111] The permission rollback mechanism allows you to understand permission change rollback (supports rolling back to any historical version of permission configuration), operation permission rollback (query the specific permission status when an operation is executed), and permission conflict rollback (analyze the causes and resolution process of historical permission conflicts).

[0112] Monitor and alert on abnormal access permissions.

[0113] Abnormal permissions include high-frequency permission operations (more than 5 sensitive permission operations per minute), cross-regional permissions (the same account performing permission operations in different regions within a short period of time), and abnormal privilege escalation (a regular user suddenly obtaining high-level permissions, such as group leader privileges). When abnormal permissions are detected, an alarm event is generated, and the alarm event is handled in a tiered manner, such as Level 1 automatically freezing permissions, Level 2 requiring manual review, and Level 3 logging the event. The alarm event is also notified to the administrator.

[0114] Distributed synchronization module: Used to build a distributed synchronization network, with a local area network server or cloud server as the central node, used to store global packet data, and each device as the edge node, used to cache local packet copies, and to perform real-time synchronization and updates of packet data across devices.

[0115] A distributed synchronization network consisting of a central node and edge nodes is constructed. The central node (a LAN server or cloud server) stores global group data, while the edge nodes (each device) cache local group copies. A full-duplex communication channel is built using the WebSocket protocol to enable real-time data interaction between the central node and each device. When a group adjustment operation (such as adding or deleting group members, or modifying group names) is performed on a device, the operation command is first sent to the central node. After updating the global data, the central node pushes the command to the edge nodes of other relevant devices in real time via a WebSocket long connection or a message queue (such as RabbitMQ). Upon receiving the update command, the edge nodes synchronously update their locally cached group data, thereby achieving real-time synchronization of group information across devices.

[0116] The central node cluster is deployed on a Kubernetes cluster and adopts the Spring Cloud Alibaba microservice architecture, which includes the Nacos service registry (supporting group data service discovery), RocketMQ message middleware (handling 50,000 synchronous messages per second), and RedisCluster caching layer (storing group data version numbers, TTL=10 minutes).

[0117] Edge node components are embedded in the clients of each device, including a WebSocket long connection module (maintaining real-time communication with the central node, with a heartbeat interval of 20 seconds, and an exponential backoff algorithm for disconnection reconnection strategy), an SQLite local database (storing copies of grouped data, with a 3-layer caching strategy: memory LRU cache, disk SQLite, and device storage backup), and a conflict resolution engine (handling concurrent modification conflicts from multiple devices).

[0118] Synchronization of identity information across multiple devices is achieved based on the constructed distributed synchronization network:

[0119] Device access phase: When a new device logs in for the first time, the client sends an authentication request to the authentication module through a TLS 1.3 encrypted channel, carrying an authentication token in JWT format, which includes userId and device fingerprint information.

[0120] Identity association phase: The identity authentication module queries the historical device list for the userId. If it is a new device, it is added to deviceList and a device association token is generated (valid for 24 hours).

[0121] Real-time synchronization mechanism: When a user modifies personal information (such as avatar, permission role) on device A, the change event is pushed to all associated devices through the Apache Kafka message queue. Each device pulls the latest identity data through the gRPC interface and updates the local cache (using LevelDB database, with TTL policy setting the cache validity period to 1 hour).

[0122] Design a three-level conflict resolution mechanism:

[0123] Optimistic locking prevention: Each group of data carries a version number (initially 1). When the device submits a modification, it must include the current version. If the central node finds that the versions are inconsistent, it will reject the request.

[0124] Automatic arbitration: For non-critical conflicts (such as modifying group name and members at the same time), the last write-win (LWW) strategy is adopted, and the operation with the latest timestamp of the central node shall prevail.

[0125] Manual intervention: For critical conflicts (such as simultaneously deleting a group and adding a member), the conflict resolution interface is triggered. Administrators can view the operation logs and select the version to keep, and the system will automatically generate a conflict resolution solution.

[0126] The rules engine module is used to formulate multi-dimensional grouping rules, filter users after authentication by the identity authentication module based on the grouping rules, group users that meet the conditions, and synchronize the grouping data through the distributed synchronization module.

[0127] The Drools rule engine is used as the core component to build a complete process of rule definition, parsing, and execution.

[0128] Rule definition: Establish a multi-dimensional grouping rule system, including static attribute grouping rules, dynamic behavior grouping rules, and task scenario adaptive grouping rules. Use a graphical rule editor to generate a graphical rule configuration interface. Administrators can combine conditional expressions by dragging and dropping. Rules are stored in DRL format.

[0129] For static attribute grouping rules, the system supports administrators or teachers to customize user attribute tags, such as subject major, skill level, and learning progress. The system will automatically filter users who meet the preset attribute matching conditions and generate new groups. Simultaneously, user attributes can be dynamically updated, and the system can automatically trigger group adjustments based on the new attributes. Static attribute grouping rules include the following:

[0130] Discipline and major rules: Supports grouping by multi-level discipline classification (such as "Engineering > Computer Science > Software Engineering"), and matches major names using regular expressions.

[0131] Ability level rules: Skill level is quantified into 1-5 levels, supporting interval matching (e.g., levels 2-4 are intermediate) and discrete value matching (level 4 is advanced only).

[0132] Time attribute rules: Users can be grouped by registration time (e.g., users registered in the last 30 days) or activity time (users active in the last 7 days).

[0133] For dynamic behavior grouping rules, a user behavior evaluation model is established by collecting user operational behavior data in the system (such as speaking frequency, task completion quality, and collaboration participation). When it is found that a member of a group has extremely low participation or frequent conflicts within the group, the system will automatically trigger a group adjustment mechanism to reassign that member to a more suitable group. The following dimensions of data are collected:

[0134] Interactive behaviors: Number of times you speak (≥5 times per day is considered active), Number of files uploaded (≥3 per week);

[0135] Task performance: Task completion rate (≥80%), completion time (≤120% of average time);

[0136] Collaboration data: Number of times @ others were mentioned, number of times @ others were mentioned, group score (≥4 points).

[0137] Example rule: "Users who have posted ≥10 times in the past 7 days and have a task completion rate ≥90% are classified as the active learning group."

[0138] For task-scenario adaptive rules, task-oriented grouping rules are set for different task scenarios in remote or multi-device teaching. The system analyzes users' skill tags (such as programming, design, document writing, etc.), calculates the skill complementarity between members through intelligent algorithms, and automatically assigns users to the most complementary groups to ensure that the ability level of each group is similar and promotes group collaboration efficiency.

[0139] For example:

[0140] Discussion scenario: The rules are "4-6 people per group, with members having ≥70% complementary expertise and ≥50% being active users";

[0141] Programming practice: The rules are "3-5 people per group, programming ability standard deviation ≤ 1.5, group leader ability level ≥ 4";

[0142] Presentation and reporting: The rule is "each group has 5-7 people, and at least one member with design / presentation / documentation skills."

[0143] Rule parsing: DRL rules are parsed using the ANTLR4 parser to generate an abstract syntax tree, which is then converted into executable Java bytecode. A rule validator is used to detect condition conflicts / overwriting, and a rule indexer is used to build a fast matching index.

[0144] Rule execution: Efficient pattern matching is performed using the Rete algorithm, supporting weight factors and constraints. A parallel rule matching engine is built based on the Fork / Join framework, supporting rule matching for 100,000 users per second. Execution results are cached to avoid redundant calculations.

[0145] Once the grouping rules are defined, to avoid conflicts, the rule priorities are designed from highest to lowest as follows: manual grouping rules (assigned by teachers) > task scenario rules > dynamic behavior rules > static attribute rules. When rules of the same priority conflict, the execution order is determined by either the rule creation time (newer rules take precedence) or the weight value (configurable from 0-100). A rule conflict detection tool is provided, displaying overlapping areas of rules through visual charts to assist administrators in adjusting rule conditions.

[0146] Trigger Engine Module: Used to monitor system status in real time, and trigger dynamic grouping based on multi-dimensional triggering strategies and preset conditions, and synchronize group data through distributed synchronization module;

[0147] The execution process of the triggering module includes the following steps:

[0148] The trigger engine collects monitoring data in real time through probes deployed on various devices and service nodes;

[0149] The monitoring data includes group status data (timely scanning of group members, member activity, task completion rate, and other indicators), user behavior data (capturing user cross-device operations through data points to form a user behavior trajectory map), and system performance data (collecting performance indicators such as synchronization delay between central and edge nodes and execution time of grouping algorithms to determine whether the system is in a suitable state for adjustment).

[0150] The collected data undergoes multi-layered processing, including real-time indicator calculation, status standardization, and anomaly detection.

[0151] The sliding window algorithm is used to calculate dynamic indicators. Indicators with different dimensions (such as the number of people and activity scores) are normalized and mapped to the [0,1] interval for easy and uniform evaluation. The moving average algorithm is used to identify abrupt changes in indicators. For example, if the number of people in a group decreases by more than 50% within 5 minutes, it is marked as an abnormal state.

[0152] Visualize and store monitoring data;

[0153] Key metrics are visualized and stored, grouped by different colors to indicate status, such as red indicating activity <0.3. Monitoring data from a past period (e.g., 30 days) is stored in a database for analyzing trigger patterns. When a metric exceeds a threshold, an alert is pushed via a message queue, triggering an initial investigation process.

[0154] Design a multi-trigger strategy for dynamically adjusting groups, including time-triggered strategy, event-triggered strategy, and indicator-triggered strategy;

[0155] Time-triggered strategy: Periodic triggering based on preset Cron expressions, such as initiating group adjustments at 8 AM on weekdays. Before triggering, the system load is checked; if CPU utilization exceeds 80%, execution is automatically delayed by 30 minutes. For time-consuming group adjustment tasks, execution is limited to off-peak hours to avoid affecting normal use, and the trigger time is automatically adjusted according to the user's time zone.

[0156] Event-triggered strategies include: user behavior events, which trigger group adjustments when a user performs a specific operation, such as automatically marking a user as "unsuitable for the group" if they exit the same group three times consecutively, triggering regrouping; system status events, which are triggered when critical events are detected, such as the large-scale access of new devices (e.g., 30 devices logging in simultaneously in a classroom scenario), which automatically triggers temporary grouping to adapt to sudden demands; and business process events, which are triggered in conjunction with business progress, such as automatically reorganizing theoretical learning groups into experimental collaboration groups when online courses enter the experimental phase, prioritizing device compatibility (e.g., programming environments are already installed).

[0157] Metric triggering strategies include: group health metrics, such as activity metrics and balance metrics; user attribute metrics, such as skill mutations and device usage patterns; and system performance metrics, such as algorithm execution time and data synchronization pressure.

[0158] Determine and filter trigger conditions, and prioritize the trigger conditions.

[0159] First, verify the hard conditions, such as requiring "current online members ≥ 3" for group adjustments; otherwise, skip the trigger. Assign weights to soft conditions and calculate a total score. For example, an adjustment is triggered only if the score exceeds 0.7 for conditions like insufficient activity (weight 0.4), unbalanced skills (weight 0.3), and device incompatibility (weight 0.3). Priority is ranked as follows: P0 (system failure causing inconsistent group data, triggering immediate forced reorganization), P1 (abnormal group size, such as <2 or >8 members, triggering adjustment within 10 minutes), P2 (persistently low activity, triggering adjustment within the day), and P3 (regular timed triggering, executed when system resources are idle). If triggering is in parallel, it is queued according to trigger time; triggers with an interval of <5 minutes are merged into one execution, and higher-priority triggers can interrupt lower-priority tasks. The same group can trigger a maximum of 2 adjustments within 48 hours to avoid frequent reorganizations affecting user experience. Rules with poor results after triggering (such as a decrease in activity after adjustment) automatically enter a 7-day cooldown period during which they will not be triggered again.

[0160] Obtain the context at the time of triggering and dynamically adjust the grouping by executing the triggering operation.

[0161] Retrieve the trigger type (time / event / metric), specific conditions (e.g., activity level of 0.25), target group list, current member characteristics, and system resource status. Select grouping algorithm parameters based on the context. For example, in emergency triggers (P1 level), reduce the number of K-means iterations from 10 to 5 to prioritize speed. In regular triggers (P2 level), enable a full greedy strategy optimization to pursue grouping quality.

[0162] The adjustment instructions are pushed to the relevant devices through the distributed synchronization module. The edge nodes first perform transactional updates in the local SQLite and then synchronize to the central node. After the execution is completed, the synchronization status (success / failure / timeout) of each device is collected. Failed nodes are automatically retried 3 times. If it still fails, the log is recorded and manual intervention is triggered.

[0163] Algorithm engine module: Based on the K-means clustering algorithm combined with a greedy strategy, the grouping is dynamically adjusted and optimized, and the grouping data is synchronized through a distributed synchronization module.

[0164] Dynamic grouping is achieved using the K-means clustering algorithm combined with a greedy strategy. First, clustering features (such as user attributes, skill levels, and behavioral data) are determined based on grouping rules, mapping users to a multi-dimensional feature space. Then, the K-means algorithm is used to perform initial clustering of users, determining the initial groups. Next, a greedy strategy is applied to optimize the grouping results, checking whether each group meets the rule constraints (such as member limits, skill complementarity, etc.). Groups that do not meet the conditions are adjusted until all groups conform to the preset rules.

[0165] The execution process of the algorithm engine module includes the following steps:

[0166] Multidimensional features are extracted from user attributes and standardized. The multidimensional features include static features and dynamic features. Dynamic weights are assigned to different features according to the grouping scenario to construct a multidimensional feature space.

[0167] Static features, such as professional category and skill level rating, and dynamic features, such as activity level in the past 7 days and task completion rate, are used. All feature values ​​are standardized using Z-Score to transform them into standard feature vectors with a mean of 0 and a standard deviation of 1, ensuring the comparability of features with different dimensions. Dynamic weights are assigned to different features based on the grouping scenario. For example, in a teaching discussion scenario, activity level is weighted at 0.4, professional complementarity at 0.3, and collaboration rating at 0.3. These weights can be optimized through training on historical grouping performance data, for example, by using a genetic algorithm to maximize the skill complementarity of members within a group.

[0168] The K-means++ algorithm is used for clustering, and grouping rule constraints are embedded in the initialization phase;

[0169] Instead of random initialization, a user is first randomly selected as the first cluster center. The distances from other users to this center are calculated, and the user with the furthest distance is selected as the second center. This process is repeated until K initial centers are selected. Grouping rule constraints are embedded during the initialization phase. For example, if each group is set to have at least 3 people, and K=5 and the total number of users is 20, the initialization will prioritize selecting centers that can meet the subsequent group size constraints. If there is a rule that "each group must have at least one senior-skilled member," the initialization of centers will force the inclusion of such users to ensure that the initial grouping meets the basic constraints.

[0170] During the iterative calculation, the weighted Euclidean distance from the user to each cluster center is calculated, and the user is assigned to the cluster with the closest distance. After the iteration ends, the grouping that does not meet the hard constraints is forcibly corrected.

[0171] The system calculates the weighted Euclidean distance from users to each cluster center and recalculates the cluster centers after each assignment until the change in cluster center position is less than a preset threshold (e.g., 0.01) or the maximum number of iterations (default 10) is reached. After the iteration ends, groups that do not meet the hard constraints are forcibly corrected. For example, if a group has only 2 people, the user with the closest distance and most complementary features from the neighboring cluster is migrated; if a group lacks a specified role (e.g., the programming group has no testers), users with that role who will have the least impact on the original group after migration are selected from other clusters for adjustment, ensuring that all groups meet the hard requirements such as number of people and roles.

[0172] Define multiple soft constraint evaluation metrics, evaluate the soft constraint metrics for each group in turn, and if the metrics are not met, initiate a greedy swap strategy:

[0173] Several soft constraint evaluation metrics are defined, such as skill complementarity (calculated by the cosine similarity of the feature vectors of group members; the smaller the value, the stronger the complementarity, with a target of ≥0.7), activity balance (the standard deviation of the activity of group members, with a target of ≤0.2), and device compatibility (the percentage of devices supporting the same collaboration tools, with a target of ≥80%). Each group is evaluated for these soft constraint metrics sequentially. If a metric is not met, a greedy swap is initiated: one member is selected from another group to migrate to the current group, the fitness increase of the group after migration is calculated, and simultaneously one member is selected from the current group to migrate out, the combined fitness change of the two groups after migration is calculated, and the swap combination that maximizes the overall fitness increase is selected for execution. If there is no positive benefit, the swap is stopped.

[0174] Perform local search refinement for each group, and after all local adjustments are completed, sort the groups by fitness, and re-execute the greedy swap strategy for groups with fitness scores below the threshold.

[0175] For each group, perform 5 local searches, randomly selecting 1-2 members to try swapping with members from other groups. If the group's fitness improves after the swap, the new combination is retained. For example, in the programming group, try swapping two members with high skill similarity to improve skill complementarity within the group. Global Fitness Ranking: After all local adjustments are completed, sort by group fitness. For groups with fitness scores below a threshold, re-execute the greedy swap strategy to ensure balanced group quality globally. Fitness calculation combines hard and soft constraints; for example, 30 points are awarded for reaching the required number of members, 40 points for achieving the required skill complementarity, and 30 points for balanced activity. Groups with a total score below 60 trigger secondary optimization.

[0176] When user characteristics change, the impact of the characteristic change is assessed, and local re-clustering is initiated for the affected groups;

[0177] An incremental update optimization mechanism is adopted. When user characteristics change (such as an increase in skill score or a decrease in activity), the magnitude of the change is first calculated. Different response strategies are adopted based on the calculated magnitude of the change. If the change in characteristic value exceeds 10%, the fitness changes of the user's group and adjacent groups are evaluated. If the magnitude of the change is small (<10%), only the user's group is locally adjusted. Local re-clustering is initiated for the affected groups, retaining the group affiliation of users who have not changed, and only reassigning users with changed characteristics and adjacent users to avoid global recalculation.

[0178] Receive the grouping request sent by the trigger engine and extract the set of users participating in the grouping;

[0179] The trigger source receives grouping requests from the triggering engine, including timed triggers (such as daily reorganization at 8 AM), event triggers (such as task releases), and metric triggers (such as group activity < 0.3). It also obtains the triggering context (such as task type and group size limit). The source extracts the set of users participating in the grouping, filters out abnormal users (such as those inactive for 7 consecutive days), and supplements the data with the latest user characteristic data (obtaining behavioral data from the real-time data platform for the last 3 days) to ensure the timeliness and validity of the input data.

[0180] Multiple grouping schemes are generated in parallel based on different K values, and the feasibility of the schemes is verified triple-wise.

[0181] For example, in the discussion scenario, the default K=5 (4-6 people per group) is used to generate alternative solutions with K=4 and K=6, providing more options for subsequent optimization. Each solution undergoes triple verification, including hard constraint verification (checking whether all hard requirements such as the number of people and roles are met), soft constraint evaluation (calculating indicators such as skill complementarity and activity balance), and performance evaluation (estimating the impact of the grouping scheme on subsequent collaboration efficiency, such as predicting task completion rate based on historical data).

[0182] A multi-objective decision-making method is used to rank multiple schemes, taking into account hard constraint satisfaction, soft constraint score, and historical effect reference. The scheme with the highest comprehensive score is selected as the final grouping result. Administrators are allowed to manually fine-tune the automatically generated schemes and output the generated grouping schemes.

[0183] Through human-machine collaborative optimization, administrators can manually fine-tune the automatically generated schemes. When dragging members to different groups, the system calculates the change in fitness in real time and provides prompts such as "suggest adjustment" or "may reduce group quality" to assist administrators in making decisions. The system generates and outputs a grouping scheme with a JSON structure containing group details, member list, and grouping criteria.

[0184] The above embodiments are merely descriptions of preferred embodiments of the present invention and are not intended to limit the scope of the present invention. Various modifications and improvements made by those skilled in the art to the technical solutions of the present invention without departing from the spirit of the present invention should fall within the protection scope defined by the claims of the present invention.

Claims

1. A system for real-time dynamic adjustment of groups across devices, characterized in that, It includes a distributed synchronization module, which is connected to the identity authentication module, the rule engine module, the trigger engine module, and the algorithm engine module respectively; Identity authentication module: used for unified management and authentication of user identities in a multi-device environment, and to build cross-device identity mapping relationship. Through the three-element association relationship of user-device-group, corresponding permissions are assigned according to user roles; Distributed synchronization module: Used to build a distributed synchronization network, with a local area network server or cloud server as the central node, used to store global packet data, and each device as the edge node, used to cache local packet copies, and to perform real-time synchronization and updates of cross-device packet data. The rules engine module is used to formulate multi-dimensional grouping rules, filter users after authentication by the identity authentication module based on the grouping rules, group users that meet the conditions, and synchronize the grouping data through the distributed synchronization module. Trigger Engine Module: Used to monitor system status in real time, and trigger dynamic grouping based on multi-dimensional triggering strategies and preset conditions, and synchronize group data through distributed synchronization module; Algorithm engine module: Based on the K-means clustering algorithm combined with a greedy strategy, the grouping is dynamically adjusted and optimized, and the grouping data is synchronized through a distributed synchronization module.

2. The system for real-time dynamic adjustment of groups across devices according to claim 1, characterized in that, The identity authentication module includes an identity authentication unit, an identity association unit, and an access control unit; The identity authentication unit supports multiple identity authentication methods, adopts a standard protocol, integrates multi-factor authentication methods, and is compatible with different authentication sources through an adapter mode; The identity association unit binds user identities by establishing a three-element association relationship between user, device, and group. The permission control unit performs fine-grained permission management based on the RBAC model, supports group-level permission configuration, and achieves dynamic permission control by combining attribute-based access control strategies.

3. The system for real-time dynamic adjustment of groups across devices according to claim 2, characterized in that, The identity association unit establishes a three-element association relationship between user, device, and group, including the following steps: Establish the connection between users and devices: collect hardware and software environment information, formulate multi-device binding strategies, and evaluate the binding trust level; Establish the association between devices and groups: divide the devices into groups into whitelists, formulate device group caching strategies, and process device switching events through identity association units to achieve device switching synchronization; Establish the association between users and groups: analyze and group device usage patterns, detect abnormal device behavior, and trigger group adjustments; Anomaly correlation detection: The associated data is encrypted and stored, and anomaly correlation patterns are identified and alerts are issued based on the isolated forest algorithm.

4. A system for real-time dynamic adjustment of groups across devices according to claim 3, characterized in that, When assessing trust levels, evaluation metrics include device usage time, geographical location consistency, matching operating habits, and multi-factor authentication.

5. A system for real-time dynamic adjustment of groups across devices according to claim 2, characterized in that, The access control unit employs a hybrid access control model combining the RBAC core framework with ABAC dynamic policies. The policy engine enables static allocation and dynamic adjustment of permissions, including the following steps: Build a role system, and design roles and corresponding permissions in a hierarchical manner; Static role assignment and dynamic role permission inheritance; Cache and verify the configured permissions; Segment and collect user attributes to build an attribute system; Set policy priorities. ABAC dynamic policies have higher priority than RBAC static permissions. When policy conflicts occur, the policy that has recently taken effect takes precedence. Set up an attribute trigger mechanism to perform dynamic permission evaluation; Bind roles and permissions, and dynamically adjust group permissions; Design a permission conflict detection mechanism and adopt conflict resolution strategies based on the detected conflicts; Audit access permissions log and set up an access control rollback mechanism; Monitor and alert on abnormal access permissions.

6. A system for real-time dynamic adjustment of groups across devices according to claim 1, characterized in that, The distributed synchronization module is designed with a three-level conflict handling mechanism, including: Optimistic locking prevention: Each group of data carries a version number. When the device submits a modification, it must include the current version. If the central node finds that the versions are inconsistent, it will reject the request. Automatic arbitration: For non-critical conflicts, the last-write-wins strategy is adopted, and the operation with the latest timestamp of the central node shall prevail; Manual intervention: For critical conflicts, the conflict resolution interface is triggered, and the administrator can view the operation log and select the version to keep. The system will automatically generate a conflict resolution solution.

7. A system for real-time dynamic adjustment of groups across devices according to claim 1, characterized in that, The execution process of the rule engine module includes the following steps: Rule definition: Establish a multi-dimensional grouping rule system, including static attribute grouping rules, dynamic behavior grouping rules, and task scenario adaptive grouping rules. Use a graphical rule editor to generate a graphical rule configuration interface. Administrators can combine conditional expressions by dragging and dropping. Rules are stored in DRL format. Rule parsing: DRL rules are parsed using the ANTLR4 parser to generate an abstract syntax tree, which is then converted into executable Java bytecode. A rule validator is used to detect condition conflicts / overwriting, and a rule indexer is used to build a fast matching index. Rule execution: Efficient pattern matching is performed using the Rete algorithm, supporting weight factors and constraints. A parallel rule matching engine is built based on the Fork / Join framework, and the execution results are cached.

8. A system for real-time dynamic adjustment of groups across devices according to claim 1, characterized in that, The execution process of the trigger engine module includes the following steps: The trigger engine collects monitoring data in real time through probes deployed on various devices and service nodes; The collected data undergoes multi-layered processing, including real-time indicator calculation, status standardization, and anomaly detection. Visualize and store monitoring data; Design a multi-trigger strategy for dynamically adjusting groups, including time-triggered strategy, event-triggered strategy, and indicator-triggered strategy; Determine and filter trigger conditions, and prioritize the trigger conditions. Obtain the context at the time of triggering and dynamically adjust the grouping by executing the triggering operation.

9. A system for real-time dynamic adjustment of groups across devices according to claim 1, characterized in that, The execution process of the algorithm engine module includes the following steps: Multidimensional features are extracted from user attributes and standardized. The multidimensional features include static features and dynamic features. Dynamic weights are assigned to different features according to the grouping scenario to construct a multidimensional feature space. The K-means++ algorithm is used for clustering, and grouping rule constraints are embedded in the initialization phase; During the iterative calculation, the weighted Euclidean distance from the user to each cluster center is calculated, and the user is assigned to the cluster with the closest distance. After the iteration ends, the grouping that does not meet the hard constraints is forcibly corrected. Define multiple soft constraint evaluation metrics, evaluate the soft constraint metrics for each group in turn, and if the metrics are not met, initiate a greedy swap strategy: Perform local search refinement for each group, and after all local adjustments are completed, sort the groups by fitness, and re-execute the greedy swap strategy for groups with fitness scores below the threshold. When user characteristics change, the impact of the characteristic change is assessed, and local re-clustering is initiated for the affected groups; Receive the grouping request sent by the trigger engine and extract the set of users participating in the grouping; Multiple grouping schemes are generated in parallel based on different K values, and the feasibility of the schemes is verified triple-wise. A multi-objective decision-making method is used to rank multiple schemes, taking into account hard constraint satisfaction, soft constraint score, and historical effect reference. The scheme with the highest comprehensive score is selected as the final grouping result. Administrators are allowed to manually fine-tune the automatically generated schemes and output the generated grouping schemes.