A data security sharing method and system for an integrated management platform
By constructing a dynamic authorization sphere and quantum-secure encryption in the integrated management platform, combined with multi-head attention neural networks and topological path detection, the problems of permission redundancy and security vulnerabilities in data sharing are solved, and secure and controllable efficient data sharing is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- WUXI YUNLIN BIG DATA TECH CO LTD
- Filing Date
- 2025-08-13
- Publication Date
- 2026-06-26
AI Technical Summary
Existing technologies struggle to balance data sharing efficiency and security control in integrated management platforms. Static permission allocation leads to redundancy or insufficiency of permissions, traditional encryption mechanisms are weak against quantum attacks, and there is a lack of end-to-end auditing capabilities.
By converting business data streams into sets of data nodes with weighted attributes, determining core permission anchors based on node spatial density clustering, constructing a dynamic authorization sphere, generating a permission matrix using quantum-secure encryption and multi-head attention neural networks, and combining topology path detection algorithms and cross-node audit evidence chains, dynamic permission management and encryption strategies are achieved.
It achieves dynamic permission adaptation, enhances data security and encryption strength, can respond to operational risks in real time, ensures the matching of permission policies and encryption strength, and supports cross-node end-to-end auditing and abnormal operation location.
Smart Images

Figure CN120934835B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data processing technology, and in particular to a method and system for secure data sharing in a comprehensive management platform. Background Technology
[0002] With the rapid development of the digital economy, various integrated management platforms (such as government service platforms, medical information platforms, and enterprise resource management platforms) have become the core carriers for data aggregation and business collaboration. These platforms need to meet the data sharing needs across departments, levels, and systems to improve business processing efficiency, but they also face severe data security challenges.
[0003] Currently, data sharing often falls into the dilemma of "difficulty in balancing sharing efficiency and security management":
[0004] On the one hand, overly strict access control can hinder data flow and affect business collaboration efficiency; on the other hand, a lenient sharing policy may lead to risks such as unauthorized access, data leakage, or abuse.
[0005] Traditional data security sharing methods often employ static permission allocation mechanisms, which divide user permissions in a fixed manner based on preset rules, making it difficult to cope with dynamically changing operational scenarios.
[0006] For example, when a user's operation trajectory crosses data nodes with different security levels, the static permission model cannot adjust the authorization scope in real time, which can easily lead to permission redundancy or insufficient permissions. At the same time, existing encryption mechanisms mostly rely on traditional cryptographic algorithms. In addition, most methods lack the ability to audit the entire operation process, making it difficult to trace the root cause of abnormal operations and resulting in the inability to quickly identify the responsible party after a security incident. Summary of the Invention
[0007] The technical problem to be solved by the present invention is to provide a method and system for secure data sharing in a comprehensive management platform, which can detect changes in the risk of user operation behavior in real time.
[0008] To solve the above-mentioned technical problems, the technical solution of the present invention is as follows:
[0009] A method for secure data sharing in a comprehensive management platform, the method comprising:
[0010] Step 1: Convert the business data stream into a set of data nodes with weighted attributes. Each node contains a source identifier, a time sequence marker, and a security level vector. Determine the core anchor points for permissions based on node spatial density clustering.
[0011] Step 2: Using the core anchor point as the origin, generate the main reference vector and the secondary reference vector along the data security level gradient; construct the fan-shaped security boundary region between the two vectors using the convex hull geometry algorithm; set up compliance monitoring points within the boundary region and risk monitoring points outside the boundary region;
[0012] Step 3: Obtain the operation events of the monitoring points and generate the operation trajectory chain in the order of timestamps; use the topology path detection algorithm to determine whether the trajectory chain crosses the safety boundary; when a crossing is detected, generate the permission convergence factor;
[0013] Step 4: Use the permission convergence factor as the key length control parameter to generate an encryption key; use the encryption key to perform quantum-safe encryption on the data node set to obtain the ciphertext data stream;
[0014] Step 5: Input the encrypted data stream into the multi-head attention neural network to generate an initial permission matrix; calculate the Euclidean distance between nodes in the initial permission matrix using the permission convergence factor as the scaling factor; construct a dynamic authorization sphere with the core anchor point as the center and the permission convergence factor as the radius, and retain the permission entries corresponding to the nodes in the sphere; normalize the retained permission entries to obtain the permission policy matrix.
[0015] Step 6: Based on the permission matrix and security boundary, verify the user operation coordinates to obtain the verification result; bind the verification result with the operation trajectory chain and generate a cross-node audit evidence chain.
[0016] A comprehensive management platform data security sharing system includes:
[0017] The determination module is used to convert business data streams into a set of data nodes with weighted attributes. Each node contains a source identifier, a time sequence marker, and a security level vector. The core anchor points for permissions are determined based on node spatial density clustering.
[0018] The configuration module is used to generate a primary reference vector and a secondary reference vector along the data security level gradient with the core anchor point as the origin; construct a fan-shaped security boundary region between the two vectors through a convex hull geometry algorithm; set compliance monitoring points within the boundary region and risk monitoring points outside the boundary region;
[0019] The acquisition module is used to acquire operation events of monitoring points and generate operation trajectory chains in timestamp order; it uses a topology path detection algorithm to determine whether the trajectory chain crosses the safety boundary; when a crossing is detected, it generates an access control convergence factor.
[0020] The generation module is used to generate an encryption key by using the permission convergence factor as a key length control parameter; the encryption key is then used to perform quantum-safe encryption on the data node set to obtain a ciphertext data stream.
[0021] The processing module is used to input the encrypted data stream into the multi-head attention neural network to generate an initial permission matrix; calculate the Euclidean distance between nodes in the initial permission matrix using the permission convergence factor as a scaling factor; construct a dynamic authorization sphere with the core anchor point as the center and the permission convergence factor as the radius, and retain the permission entries corresponding to the nodes in the sphere; and normalize the retained permission entries to obtain the permission policy matrix.
[0022] The verification module is used to verify the coordinates of user operations based on the permission matrix and security boundaries to obtain the verification results; the verification results are bound to the operation trajectory chain, and a cross-node audit evidence chain is generated.
[0023] The above-described solution of the present invention has at least the following beneficial effects:
[0024] By determining the core anchor points of permissions through node spatial density clustering and generating permission convergence factors by combining the interaction between the operation trajectory chain and the security boundary, the system can perceive changes in the risk of user operation behavior in real time. The construction of the dynamic authorization sphere can shrink or expand in real time according to the permission convergence factor, accurately retaining the permission entries of the nodes within the sphere. This avoids the problems of "redundancy risks caused by permission solidification" or "insufficient permissions affecting sharing efficiency" in traditional static permission allocation, and achieves dynamic adaptation of permissions.
[0025] By using the permission convergence factor as a key length control parameter, the encryption strength is linked to the operational risk level. When a trajectory chain is detected to cross the security boundary, the permission convergence factor triggers a key length adjustment, enhancing the specificity of quantum-secure encryption. At the same time, the permission matrix is optimized using the convergence factor as a scaling factor to ensure the matching between permission policies and encryption strength, forming a closed-loop security mechanism of "risk perception - encryption enhancement - permission tightening" to improve overall data protection capabilities.
[0026] The cross-node audit evidence chain binds verification results with the operation trajectory chain, fully recording the user's behavior from data access to operation execution. The topology path detection algorithm accurately captures boundary crossing events, and combined with the traceability of the dynamic authorization process, it can realize the root cause of abnormal operations.
[0027] The initial permission matrix generated by the multi-head attention neural network can cover multi-dimensional sharing needs, while the dynamic authorization sphere achieves precise filtering of permission items through Euclidean distance calculation. Under the premise of ensuring the security of core data, it maximizes the retention of necessary sharing permissions. This method can avoid data flow obstruction caused by excessive control and prevent security vulnerabilities caused by indiscriminate sharing, thus achieving the dual goals of "security and controllability" and "efficient sharing". Attached Figure Description
[0028] Figure 1This is a flowchart illustrating a data security sharing method for an integrated management platform provided by an embodiment of the present invention.
[0029] Figure 2 This is a schematic diagram of a comprehensive management platform data security sharing system provided by an embodiment of the present invention. Detailed Implementation
[0030] Exemplary embodiments of the present disclosure will now be described in more detail with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be implemented in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
[0031] like Figure 1 As shown, an embodiment of the present invention proposes a method for secure data sharing in a comprehensive management platform, the method comprising the following steps:
[0032] Step 1: Convert the business data stream into a set of data nodes with weighted attributes. Each node contains a source identifier, a time sequence marker, and a security level vector. Determine the core anchor points for permissions based on node spatial density clustering.
[0033] Step 2: Using the core anchor point as the origin, generate the main reference vector and the secondary reference vector along the data security level gradient; construct the fan-shaped security boundary region between the two vectors using the convex hull geometry algorithm; set up compliance monitoring points within the boundary region and risk monitoring points outside the boundary region;
[0034] Step 3: Obtain the operation events of the monitoring points and generate the operation trajectory chain in the order of timestamps; use the topology path detection algorithm to determine whether the trajectory chain crosses the safety boundary; when a crossing is detected, generate the permission convergence factor;
[0035] Step 4: Use the permission convergence factor as the key length control parameter to generate an encryption key; use the encryption key to perform quantum-safe encryption on the data node set to obtain the ciphertext data stream;
[0036] Step 5: Input the encrypted data stream into the multi-head attention neural network to generate an initial permission matrix; calculate the Euclidean distance between nodes in the initial permission matrix using the permission convergence factor as the scaling factor; construct a dynamic authorization sphere with the core anchor point as the center and the permission convergence factor as the radius, and retain the permission entries corresponding to the nodes in the sphere; normalize the retained permission entries to obtain the permission policy matrix.
[0037] Step 6: Based on the permission matrix and security boundary, verify the user operation coordinates to obtain the verification result; bind the verification result with the operation trajectory chain and generate a cross-node audit evidence chain.
[0038] In this embodiment of the invention, business data streams are converted into a set of data nodes with weighted attributes, providing refined basic data units for subsequent data security management and access control. Each node contains a source identifier, time sequence marker, and security level vector, which can clearly trace the data source, record the data generation time, and clarify the data security level. Furthermore, determining the core anchor point of permissions based on node spatial density clustering can accurately locate the core area of data access control, laying the foundation for the subsequent construction of security boundaries and dynamic authorization systems, and avoiding resource waste and security vulnerabilities caused by indiscriminate data management.
[0039] By generating primary and secondary reference vectors with the core anchor point as the origin and constructing a sector-shaped security boundary region through a convex hull geometry algorithm, the data security scope can be scientifically and accurately defined. Compliance monitoring points are set up within the boundary region to monitor the data status under normal operation in real time. Risk monitoring points are set up outside the boundary region to promptly detect risky operations that cross the boundary. This achieves layered monitoring of data operations, improves the pertinence and effectiveness of data security early warning, and solves the problems of vague monitoring scope and difficulty in distinguishing between normal and risky operations in traditional monitoring methods.
[0040] By acquiring operation events at monitoring points and generating operation trajectory chains based on timestamps, the entire data operation process can be recorded, facilitating the tracing of data flow paths. A topology path detection algorithm is used to determine whether the trajectory chain crosses a security boundary, enabling rapid and accurate identification of unauthorized operations. When a crossing is detected, a permission convergence factor is generated, providing a quantitative basis for subsequent permission adjustments and encryption processing. This enables timely response to data security risks and avoids serious consequences such as data leakage caused by the continued execution of risky operations.
[0041] By using the permission convergence factor as a key length control parameter to generate encryption keys, the encryption strength is matched with the level of data security risk. The higher the risk, the longer the key length may be, and the stronger the encryption effect. Using this encryption key to perform quantum-safe encryption on the data node set can effectively resist the decryption threat brought by quantum computing, greatly improve the encryption security of the data, and solve the problems of low correlation between key generation and risk and weak resistance to quantum attacks in traditional encryption methods.
[0042] By inputting the encrypted data stream into a multi-head attention neural network to generate an initial permission matrix, a more comprehensive initial permission allocation scheme can be obtained by taking into account multiple factors. The Euclidean distance between nodes is calculated using the permission convergence factor as a scaling factor, and a dynamic authorization sphere is constructed to retain the permission entries corresponding to the nodes within the sphere. This enables dynamic adjustment of permissions, making permission allocation more in line with actual security needs. The retained permission entries are normalized to obtain the permission policy matrix, ensuring the standardization and consistency of the permission policy and avoiding unreasonable and chaotic permission allocation.
[0043] By verifying user operation coordinates based on the permission matrix and security boundary, the system can accurately determine whether user operations are compliant and obtain reliable verification results. Binding the verification results to the operation trajectory chain and generating a cross-node audit evidence chain enables full recording and audit traceability of user operations. This provides complete and reliable evidence support for the investigation and accountability of data security incidents, solving the problems of incoherent evidence and difficulty in cross-node traceability in traditional auditing methods, and meeting the compliance requirements of data security management.
[0044] In a preferred embodiment of the present invention, step 1 includes:
[0045] Step 11: Parse the input business data stream, extract a unique source identifier for each independent data unit in the business data stream, record the time sequence mark of its generation or processing time, and a multi-dimensional security level vector that quantifies its sensitivity, so as to form an initial data node set.
[0046] Step 12: Calculate the spatial density of each node in the attribute space based on the attribute space formed by the source identifier, time sequence tag and security level vector of each node. The spatial density reflects the density of the neighboring nodes around the node.
[0047] Step 13: Based on the calculated spatial density, select nodes whose spatial density is higher than the preset density threshold and mark them as high-density nodes.
[0048] Step 14: Identify tightly wrapped nodes in the high-density node set obtained in step 13;
[0049] Step 15: Identify the tightly surrounding nodes as the core anchor points for permissions.
[0050] In this embodiment of the invention, the specific implementation process of step 11 is as follows:
[0051] First, the input business data stream is parsed in a structured manner, categorized and processed according to data format (e.g., structured tables, semi-structured JSON, unstructured text): For structured tables, individual data units are directly split by row; for JSON data, it is split by top-level key-value pairs; for text data, it is split by semantic paragraphs or business events. For each data unit:
[0052] Extract source identifiers: If the data comes from a database, combine "database name + table name + primary key value" to generate a string; if it comes from a terminal device, concatenate "device model + serial number + IP address"; if it comes from user operations, combine "username + ID card number hash value + operation terminal identifier" to ensure that each identifier is unique and tamper-proof within the platform.
[0053] Record time stamp: If the data has a built-in UTC timestamp, it is directly converted to the platform's local time zone (accurate to milliseconds); if there is no timestamp, the current time is obtained by calling the platform's clock service and appended, while adding a "supplemented" identifier after the stamp. For example, "2025-07-28 10:30:25.123 (original)" and "2025-07-28 10:31:00.456 (supplemented)".
[0054] The security level vector is generated by quantifying it from three fixed dimensions: privacy dimension is classified as "public (1), internal public (2), departmental confidential (3), core confidential (4)"; commercial value dimension is assessed as "no value (1), low value (2), medium value (3), high value (4), and extremely high value (5)"; and compliance dimension is divided as "non-sensitive (1), generally sensitive (2), and highly sensitive (3)". For example, the patient medical record data vector is (4, 4, 3), and the public announcement data vector is (1, 1, 1).
[0055] The specific implementation process of step 12 above is as follows:
[0056] A three-dimensional attribute space is constructed using the source identifier (converted to a string hash value), the time sequence marker (converted to a timestamp value), and the security level vector (three-dimensional numerical value) as axes. Each node corresponds to a coordinate point in the space (hash value, timestamp, vector value).
[0057] When setting the neighborhood range, refine it by dimension: the difference in source identifier hash value is less than 100 (approximately corresponding to 90% string similarity); the difference in time sequence marker timestamp is less than 3600 seconds (1 hour); the difference in each dimension of the security level vector is less than 1, and the sum of the three-dimensional differences is less than 2.
[0058] When counting the number of nodes in the neighborhood, the current node itself is excluded, and only other nodes that meet all the above conditions are counted. The neighborhood volume is calculated as: source identifier dimension range (200) × temporal dimension range (3600) × security vector dimension range (2×2×2), resulting in a fixed value. The spatial density is the number of nodes in the neighborhood divided by this volume value.
[0059] The specific implementation process of step 13 above is as follows:
[0060] The preset thresholds are subdivided by platform type: government platforms are set to "at least 8 nodes in the neighborhood", medical platforms are set to "at least 5 nodes in the neighborhood", and enterprise platforms are set to "at least 3 nodes in the neighborhood".
[0061] The comparison adopts "full scan + secondary verification": first, all nodes are traversed and nodes with density values exceeding the threshold are selected; then, 10% of the candidate nodes are randomly selected and their spatial density is recalculated (the starting point of the neighborhood is changed). If more than 90% of the secondary calculation results still exceed the threshold, they are confirmed as high-density nodes. The final high-density node set is grouped according to the source identifier prefix, which facilitates subsequent cluster identification.
[0062] The specific implementation process of step 14 above is as follows:
[0063] When calculating attribute distance, the values of each dimension are first standardized: the source identifier hash value is normalized according to the platform's maximum hash value, the time sequence tag is normalized according to the 24-hour timestamp range, and each dimension of the security vector is normalized according to its own maximum value; when performing weighted summation, the source identifier matching degree weight is set to 0.3 (the more similar, the smaller the distance), the time sequence difference weight is set to 0.2 (the closer the time, the smaller the distance), and the security vector difference weight is set to 0.5 (the smaller the difference, the smaller the distance).
[0064] The tightness threshold is set according to the cluster type: 0.3 (standardized distance value) for medical data clusters and 0.4 for government data clusters. When identifying clusters, a high-density node is first selected as a seed, and all nodes with a distance less than the threshold are found to form a temporary cluster; then the process is repeated for each node in the temporary cluster, and overlapping clusters are merged; finally, clusters with more than 5 nodes are retained, and the nodes in these clusters are the tightly surrounding nodes.
[0065] The specific implementation process of step 15 above is as follows:
[0066] When calculating the central node, the source identifier is taken as the median of the hash values of all nodes in the cluster, and the corresponding string is restored to the closest one; the time sequence mark is taken as the median of the timestamps, and converted into a specific time; the security level vector is taken as the mode of each dimension (the value that appears most frequently); when adding auxiliary anchor points, the nodes are arranged in ascending order of their time sequence marks, and one is selected every 5 nodes (the 5th, 10th, 15th...), and its distance from the central node is calculated. If it is less than 1 / 2 of the distance between the central node and the farthest node, it is confirmed as an auxiliary anchor point; all anchor points are stored with a label of "cluster ID + anchor point type (core / auxiliary) + number of covered nodes", such as "cluster 001-core-12 nodes" and "cluster 001-auxiliary-5 nodes".
[0067] This invention refines the data unit splitting rules and generates independent data units based on the characteristics of different data formats, ensuring the integrity and independence of data nodes. The source identifier is generated using a multi-dimensional combination and is unique and tamper-proof, providing accurate identification for data traceability. The time sequence marker is accurate to milliseconds and distinguishes between original and supplementary entries, ensuring the accuracy of time dimension records. The security level vector is quantified and graded from a fixed dimension, making data sensitivity comparable intuitively and effectively solving the management chaos caused by ambiguous data attributes.
[0068] By constructing a three-dimensional attribute space, source, time, and security attributes are transformed into computable coordinate points, realizing the spatial representation of data nodes. The neighborhood range rules with refined dimensions ensure the accuracy of neighbor node judgment; the fixed neighborhood volume calculation method makes the spatial density horizontally comparable, which can objectively reflect the density around the node and avoid misjudgment of dense areas due to ambiguity in judgment criteria.
[0069] The density threshold is set differently according to platform type, so that the screening criteria are more in line with actual business needs (such as medical platforms which have higher requirements for data density); the comparison mechanism of "full scan + secondary verification" reduces mislabeling caused by single calculation error and improves the accuracy of high-density node identification; the set form of grouping by source identifier prefix improves data processing efficiency.
[0070] The standardized processing and differentiated weight allocation during attribute distance calculation highlight the importance of the security dimension (weight 0.5), making the distance value more reflective of the degree of security association between nodes; setting a tightness threshold according to cluster type enhances the targeting of cluster identification; the identification method of "seed node expansion + merging overlapping clusters" ensures the integrity and independence of tightly surrounding node clusters, avoids cluster splitting or omission, and provides a clear node range for determining the core anchor point.
[0071] The central node calculation uses the median (source identifier, time sequence) and mode (security vector) to reduce the impact of extreme values on the core location and ensure the representativeness of the anchor point. Auxiliary anchor points are added according to the number of nodes, making the access control of the core area more refined and avoiding the problem of insufficient coverage of a single anchor point. The tag information attached to the anchor point improves the accuracy and efficiency of access control.
[0072] In a preferred embodiment of the present invention, step 2, generating a primary reference vector and a secondary reference vector along the data security level gradient with the core anchor point as the origin, includes:
[0073] Step 21: Use the core permission anchor point determined in Step 1 as the origin of the spatial coordinates;
[0074] Step 22: Calculate the direction in the attribute space from the origin where the data security level increases the fastest, and determine this direction as the main reference direction;
[0075] Step 23: Generate a main reference vector in the main reference direction according to the preset main angle offset;
[0076] Step 24: Based on the primary reference direction, calculate the secondary reference direction according to the preset secondary angle offset.
[0077] Step 25: In the secondary reference direction, generate a secondary reference vector according to the preset secondary angle offset.
[0078] In this embodiment of the invention, the specific implementation process of step 21 is as follows:
[0079] First, extract the three-dimensional coordinates of each anchor point from the set of core permission anchor points determined in Step 1. These coordinates include the source identifier hash value, the time sequence marker timestamp, and the security level vector value. These coordinates serve as the origin of the spatial coordinate system. If multiple core anchor points exist, establish an independent coordinate system for each anchor point. For auxiliary anchor points, map their coordinates to the coordinate system of the nearest core anchor point, treating them as special points within that coordinate system. During the coordinate system establishment process, standardize the values of each dimension to ensure that the numerical range of different dimensions does not affect the accuracy of subsequent directional calculations.
[0080] The specific implementation process of step 22 above is as follows:
[0081] In the attribute space, a spherical neighborhood with a suitable radius (e.g., a radius of 5 units) is defined centered on the origin. The security level vector values of all nodes within this neighborhood are counted, and the change in security level for each node relative to the origin is calculated (i.e., the node's security level vector value minus the origin's security level vector value). The changes in security level for all nodes are summed to obtain a comprehensive change vector. The direction of this vector represents the direction of the fastest increase in data security level and is determined as the primary reference direction. If the number of nodes in the neighborhood is insufficient (e.g., less than 10), the neighborhood radius is appropriately increased, and the calculation is repeated.
[0082] The specific implementation process of step 23 above is as follows:
[0083] In the determined primary reference direction, a sector is generated based on a preset primary angle offset (e.g., 15 degrees). The central axis of this sector is the primary reference direction, and the opening angle is twice the primary angle offset (i.e., 30 degrees). Within the sector, the node farthest from the origin and with a significantly improved safety level is selected, and the vector pointing from the origin to this node is determined as the primary reference vector. If there are no nodes meeting the conditions within the sector, the primary angle offset is adjusted appropriately (e.g., increased by 5 degrees), the sector is regenerated, and nodes are selected again.
[0084] The specific implementation process of step 24 above is as follows:
[0085] Based on the primary reference direction, a secondary reference direction is calculated according to a preset secondary angle offset (e.g., 45 degrees). The specific method is as follows: rotate the primary reference direction around the origin by the secondary angle offset to obtain a new direction. To ensure the accuracy of the secondary reference direction, a small angle range (e.g., ±5 degrees) is defined near the rotated direction. The changes in the safety level of nodes within this range are statistically analyzed, and the direction with the relatively faster increase in safety level is selected as the final secondary reference direction.
[0086] The specific implementation process of step 25 above is as follows:
[0087] In the determined secondary reference direction, a fan-shaped region is generated according to the preset secondary angle offset (e.g., 45 degrees). The central axis of this fan-shaped region is the secondary reference direction, and the opening angle is twice the secondary angle offset (i.e., 90 degrees). Within the fan-shaped region, nodes with a moderate distance from the origin and a relatively uniform distribution of safety levels are selected. The vector pointing from the origin to this node is determined as the secondary reference vector. If the node distribution in the fan-shaped region is too sparse or dense, the secondary angle offset is adjusted appropriately, the fan-shaped region is regenerated, and nodes are selected. The finally generated secondary reference vector and the primary reference vector together constitute the reference framework for the subsequent construction of the safety boundary.
[0088] This invention uses the core permission anchor point as the origin of the spatial coordinate system, providing a unified and accurate reference benchmark for subsequent direction and vector calculations. This ensures the comparability of all directions and vectors within the same coordinate system, avoiding directional deviations caused by inconsistent origins. By calculating the direction with the fastest security level improvement and determining it as the primary reference direction, it can accurately pinpoint the path of most significant changes in data security risks, providing key directional guidance for security boundary construction. Based on a preset primary angle offset, a primary reference vector is generated in the primary reference direction. This not only follows the core trend of the primary reference direction but also takes into account security level changes within a certain range through angle offset, enabling the primary reference vector to more comprehensively reflect the security level gradient characteristics in that direction. Based on the primary reference direction, a secondary reference direction is obtained according to a preset secondary angle offset, allowing the secondary reference direction to form a reasonable angle with the primary reference direction. The combination of the two can cover a wider range of security level gradient areas, avoiding the limitations of capturing security gradients from a single direction. A secondary reference vector is generated in the secondary reference direction with reference to the secondary angle offset, complementing the primary reference vector and jointly constructing a multi-dimensional security level gradient reference system, improving the coverage of security level changes.
[0089] In a preferred embodiment of the present invention, a sector-shaped safety boundary region between two vectors is constructed using a convex hull geometry algorithm; compliance monitoring points are set within the boundary region, and risk monitoring points are set outside the boundary region, including:
[0090] Step 26: Based on the main reference vector generated in step 23 and the secondary reference vector generated in step 25, define them as two boundary rays constituting the sector region.
[0091] Step 27: Based on the two boundary rays defined in Step 26 and the permission core anchor point set in Step 21, determine that the permission core anchor point is a common vertex and the two boundary rays are edges originating from that vertex.
[0092] Step 28: For the common vertex and the endpoints of the two boundary rays determined in Step 27, process them using a convex hull geometry algorithm to obtain the minimum convex polygon vertex set. This includes: Step 281: Input the geometric elements determined in Step 27, namely the common vertex, the endpoints of the principal reference vector, and the endpoints of the secondary reference vector, to form a set of points to be processed; Step 282: Process the set of points to be processed, selecting the common vertex as the reference point for geometric sorting; Step 283: Process the remaining points, namely the two endpoints, calculating the azimuth angles of the two endpoints relative to the reference point; Step 284: Process the azimuth angles obtained in Step 283. Sort the two end points in ascending order of azimuth angle; Step 285: Process the sorted point sequence, i.e., the reference point, the first end point, and the second end point, starting from the reference point, connect the points in the point sequence in sequence; Step 286: During the connection process, check whether the turning direction of each newly added connecting edge is always consistent with the previous edge to avoid forming a concave angle; Step 287: When Step 286 confirms that the connection process always maintains a consistent turning direction and all points are connected, output the closed polygon point sequence formed by the connecting edges. This point sequence is the vertex set that constitutes the minimum convex polygon.
[0093] Step 29: By processing the set of vertices of the minimum convex polygon, calculate and construct the minimum convex polygon region that connects the end points of the two boundary rays and includes the common vertex. This minimum convex polygon region is the sector-shaped safe boundary region.
[0094] Step 210: Within the internal space covered by the sector-shaped safety boundary area constructed in step 29, select and set multiple compliance monitoring points according to the preset distribution density of compliance monitoring points;
[0095] Step 211: Within the external space of the sector-shaped safety boundary area constructed in step 29, and paying particular attention to the location immediately adjacent to its boundary, select and set multiple risk monitoring points according to the preset risk monitoring point distribution density.
[0096] In this embodiment of the invention, the specific implementation process of step 26 is as follows:
[0097] First, extract the endpoint coordinates (Xm, Ym, Zm) of the primary reference vector generated in step 23 and the endpoint coordinates (Xs, Ys, Zs) of the secondary reference vector generated in step 25 from the storage, and verify whether these two endpoint coordinates satisfy the following:
[0098] The distance from the core anchor point (origin) of the permission is greater than the preset minimum value (e.g., 0.5 units) to avoid the boundary definition being unclear due to the vector being too short; the direction difference angle is within a reasonable range (e.g., 15°-165°) to prevent the two vectors from being too close or opposite in direction.
[0099] If the verification fails, then:
[0100] If the vector is too short, repeat step 23 or step 25, increasing the distance parameter during vector generation; if the direction difference is abnormal, adjust the secondary angle offset in step 24 and regenerate the secondary reference vector; after verification, construct two infinitely long rays starting from the origin and passing through the aforementioned endpoints. Add direction identifiers (such as primary reference ray, secondary reference ray) to each ray, and record the angle between the ray and the preset reference direction (such as the positive X-axis direction) for subsequent verification.
[0101] The specific implementation process of step 27 above is as follows:
[0102] The coordinates of the core anchor point (origin) for permissions set in step 21 are determined to be (0, 0, 0). Check whether the origin satisfies the following conditions: it is located near the geometric center of all high-density node clusters (verified by calculating the average distance from the origin to each closely surrounding node in step 14; if it exceeds 30% of the cluster radius, it is unqualified); in the security level vector space, its security level value is at a medium level (to avoid extreme values that may cause boundary area offset).
[0103] If the origin does not satisfy the condition, then:
[0104] If the positional deviation is too large, repeat step 15 and recalculate the core anchor point using a weighted average method (nodes with closer temporal sequences and higher security levels have greater weights). If the security level is abnormal, check the quantization standard of the security level vector in step 11 and adjust the weight allocation. After confirming that the origin is qualified, set the starting point of both the main and secondary reference rays to this origin and mark that these two rays share this common vertex. Generate a visual preview of the rays (if the system supports it) and manually check whether the rays diverge correctly from the origin.
[0105] The specific implementation process of step 28 above is as follows:
[0106] Step 281: Combine the origin (0, 0, 0), the endpoints of the primary reference vector (Xm, Ym, Zm), and the endpoints of the secondary reference vector (Xs, Ys, Zs) into a set of points to be processed. Add a unique identifier (e.g., O, M, S) to each point and check whether the coordinate values contain non-numeric values (e.g., NaN, infinity). If outliers are found, re-extract the coordinates from the original vector generation process. Step 282: Specify the origin O as the reference point for geometric sorting, create a virtual coordinate system centered on O, and combine the remaining two points M... Transform points M and S into this coordinate system to facilitate subsequent azimuth angle calculation; Step 283: In the virtual coordinate system, calculate the azimuth angles of points M and S relative to point O. Specifically, calculate the projection vectors of vectors OM and OS onto the XY plane; Using the positive X-axis as a reference, measure the angle of the projection vector in a counterclockwise direction. If the vector has a significant component in the Z-axis direction (the absolute value of Z exceeds 20% of the projection length on the XY plane), then correct the angle (e.g., if Z is positive, increase the angle by 180°; if Z is negative, the angle remains unchanged).
[0107] Step 284: Compare the azimuth angles of points M and S. If the azimuth angles are equal, compare their distances to point O (points farther away are ranked later). Sort M and S according to the comparison results to obtain an ordered point sequence (e.g., O→M→S or O→S→M). Step 285: Starting from the reference point O, connect the points in the point sequence sequentially to form edges OM and MS. Check whether the connection forms a closed path (i.e., whether the last point can be connected to O). If not, adjust the order of the points. Step 286: During the connection process, each time a new edge is added, check the turning direction of the edge with the previous edge. Specifically, calculate the cross product of the projection vectors of the current edge and the previous edge in the XY plane. If the cross product is positive, it indicates a counterclockwise turn; if it is negative, it indicates a clockwise turn. Ensure that all turning directions are consistent (e.g., all are counterclockwise). If they are inconsistent, swap the order of M and S.
[0108] Step 287: When all points are connected and a closed polygon is formed, verify whether the polygon is a convex polygon. Specifically, check that all interior angles are less than 180° and that the extension of any side does not intersect with other sides. If the verification passes, output the vertex sequence (e.g., O→M→S→O); if it fails, return to step 284 to reorder.
[0109] The specific implementation process of step 29 above is as follows:
[0110] Based on the vertex sequence output in step 28, check if it contains three distinct points. If duplicate points exist, then: if the origin O is duplicated, delete the redundant O point, keeping one at the beginning and one at the end; if M or S is duplicated, check the vector generation process and correct any coordinate extraction errors. After confirming the vertex sequence is correct, construct a line segment connecting points M and S. Check if this line segment is completely inside the polygon, i.e., calculate the intersection points of line segment MS with each side of the polygon. If the intersection points are all at the two endpoints M and S of the line segment, and the line segment does not cross any other side of the polygon, then the line segment is inside. If the line segment is not inside, fine-tune the coordinates of M and S (e.g., move them 0.1 units along the original vector direction) and check again. Finally, the closed region formed by vertices O, M, S, and line segment MS is the sector-shaped safety boundary region. Add attribute labels (e.g., "Safety Level Gradient Region") to this region and record the boundary equation of the region (stored as parameters for easy subsequent calculation).
[0111] The specific implementation process of step 210 above is as follows:
[0112] The grid is divided into five concentric rings along the radial direction (each ring's width is 1 / 5 of the sector's radius). Each ring is then divided into twelve equal sector blocks along the circumference (each block's central angle is 30°), forming 60 basic grids. The coordinates of the geometric center point of each grid are calculated, and it is checked whether the point is located within the sector (verified by substituting into the region boundary equation). Candidate points are selected by retaining the center points within the region and removing points located on the boundary (less than 0.01 units away from the boundary). Density adjustment is performed if the number of candidate points exceeds the preset density (e.g., 20 points per square meter). The following rules are applied: points closer to the origin are prioritized (weight coefficient 0.6), and points near the main reference ray are prioritized (weight coefficient 0.4). Points that meet the density requirements are randomly selected from the selected candidate points as compliance monitoring points. Each monitoring point is labeled (e.g., "Compliance-Ring 3-Sector 7"), and its coordinates and expected safety level range are recorded.
[0113] The specific implementation process of step 211 above is as follows:
[0114] Three monitoring zones are defined outside the sector-shaped safety boundary area:
[0115] The adjacent zone (0-0.5 units from the boundary) is the key monitoring area; the middle zone (0.5-1.0 units from the boundary) is the secondary key monitoring area; and the outer zone (1.0-1.5 units from the boundary) is the general monitoring area. Each monitoring zone is divided into 5 rings along the radius and 24 sectors (each with a central angle of 15°) along the circumference, forming a grid of 360. Candidate monitoring points are generated at the center of each grid, and their location within the corresponding monitoring zone is checked.
[0116] The density of monitoring points is allocated according to the zone, that is:
[0117] The adjacent zone has 30 points per square meter; the middle zone has 15 points per square meter; and the outer zone has 5 points per square meter. If the number of candidate points in a certain zone exceeds the density requirement, the following priority will be used for selection:
[0118] The adjacent zone prioritizes points closest to the boundary and located in the direction of the fan-shaped opening; the middle zone prioritizes points near the extension of the main reference ray; the outer zone is randomly selected; add labels to the selected monitoring points (e.g., "risk-adjacent zone-ring 2-sector 15"), and record their coordinates and risk level warning thresholds (e.g., the adjacent zone threshold is 1.2 times the safety boundary value).
[0119] In this embodiment of the invention, the primary and secondary reference vectors are defined as two boundary rays of the sector region, clarifying the basic framework for constructing the security boundary. By verifying the ray direction and adjusting the deviation, it is ensured that the boundary rays accurately reflect the security level gradient direction. The core anchor point of the permission is determined as the common vertex of the two boundary rays, ensuring that the starting point of the sector region is unified and has a clear core significance for data security. By verifying the conditions of the vertices and correcting errors, the offset of the entire security boundary region caused by inaccurate vertices is avoided, enhancing the reliability of the boundary region. The common vertex and the two end points are processed by the convex hull geometry algorithm. After a series of operations such as point set processing, reference point selection, azimuth angle calculation and sorting, connection and turning checks, the minimum convex polygon vertex set is obtained. This ensures that the set can accurately reflect the convex structure containing the common vertex and the end points of the two boundary rays, providing a correct vertex basis for constructing the minimum convex polygon region and avoiding non-convex shapes. The resulting boundary area was unreasonable. A fan-shaped security boundary area was constructed based on the minimum convex polygon vertex set. By checking the vertex set and verifying and adjusting the line segment positions, it was ensured that the area completely contained common vertices and connected the endpoints of the two boundary rays, forming a precise and closed security boundary area. Compliance monitoring points were set up at a preset density inside the fan-shaped security boundary area. Through grid division, center point selection, and density adjustment, the monitoring points were ensured to be evenly distributed and located in appropriate positions within the area, effectively monitoring compliant operations within the area and providing support for normal operation monitoring in data security sharing. Risk monitoring points were set up at a preset density outside the fan-shaped security boundary area and adjacent to the boundary. By dividing into different monitoring zones, grid division, and priority selection, the monitoring points could focus on risky operations near the boundary, enhancing the monitoring capability for abnormal operations outside the area. Together with the compliance monitoring points, this formed a comprehensive security monitoring system.
[0120] In a preferred embodiment of the present invention, step 3 includes:
[0121] Step 31: Based on the compliance monitoring points set in step 210 and the risk monitoring points set in step 211, obtain the user operation events that occur on them; each operation event shall include at least the event type, the coordinates of the location where it occurs, the identifier of the operation object, and the precise timestamp;
[0122] Step 32: Process the set of operation events obtained in step 31, sort them according to their timestamps in strict order from earliest to latest, and output an ordered sequence of operation events;
[0123] Step 33: Process the ordered sequence of operation events output in step 32, connect the position coordinates of operation events with adjacent timestamps in sequence, and generate a continuous operation trajectory chain representing the user's movement path between monitoring points.
[0124] Step 34: The topology path detection algorithm is used to process the operation trajectory chain generated in step 33 and the fan-shaped safety boundary region constructed in step 29 to obtain a set of crossing determination results for all path segments.
[0125] Step 35: Based on the set of crossing determination results for all path segments, check whether there is at least one path segment in the entire operation trajectory chain that has been determined to cross the safety boundary, and output the determination result of whether there is a crossing.
[0126] Step 36: When the determination result is that there is no traversal event, set the permission convergence factor to the preset default value or keep the valid value generated by the previous operation unchanged.
[0127] In this embodiment of the invention, the specific process of obtaining the monitoring point operation event in step 31 above is as follows:
[0128] The system monitors the status of compliance monitoring points (within the sector-shaped security boundary) and risk monitoring points (outside the boundary) in real time. When a user performs a data operation (such as querying, downloading, modifying, or transferring), the event collection mechanism is triggered.
[0129] Event information extraction:
[0130] Event type directly identifies the operation behavior (such as "query", "modify", "delete", "cross-node transfer");
[0131] The location coordinates of the operation are automatically associated with the preset spatial coordinates of the monitoring point where the operation occurred (e.g., the coordinates of the compliance monitoring point "Ring 3 - Sector 7" (X3, Y7, Z2), and the coordinates of the risk monitoring point "Adjacent Zone - Ring 2 - Sector 15" (X2', Y15', Z3')).
[0132] Operation object identifier: Extract the source identifier of the data node being operated on (such as "database table name + primary key" or "device number + data ID").
[0133] Precise timestamps are generated by calling the platform's atomic clock service to record the UTC time of the event (accurate to microseconds, in the format "YYYY-MM-DDHH:MM:SS.ssssss").
[0134] Check the completeness of event information (ensure no missing fields), the validity of coordinates (verify whether they fall within the preset monitoring point coordinate range), and the correctness of timestamp format. Remove invalid or abnormal events (such as coordinates not in the monitoring point list or empty timestamps), and finally form a structured set of operation events.
[0135] The specific process of sorting operation events in step 32 above is as follows:
[0136] Timestamp standardization converts the timestamps of all operation events into a unified numerical format (e.g., microsecond-level timestamps starting from "1970-01-01 00:00:00"), eliminating errors from string format comparison. Full sorting uses the standardized timestamp values as the sole sorting criterion to arrange the operation event set in ascending order (from earliest to latest). If events with identical timestamps exist (microsecond-level duplication), a secondary sort is performed based on the hash value of the operation object identifier from smallest to largest (ensuring the sorting result is unique). The sorted event list is output, with each event sequentially numbered (e.g., "Event 1 (earliest) → Event 2 → ... → Event N (latest)"), while retaining the original field information.
[0137] The specific process of generating the operation trajectory chain in step 33 above is as follows:
[0138] Starting with the first event in the ordered sequence of events, create an empty trajectory chain container; connect adjacent events:
[0139] Extract two adjacent events sequentially from the ordered sequence (e.g., event i and event i+1), obtain the position coordinates (Xi, Yi, Zi) of event i and the position coordinates (Xi+1, Yi+1, Zi+1) of event i+1; connect the two coordinate points with a virtual line segment, with the line segment pointing from event i to event i+1. The line segment attributes include "start time (timestamp of event i)", "end time (timestamp of event i+1)" and "operation object identifier (inherited if they are the same object, otherwise marked as "cross-object operation")"; repeat the adjacent event connection steps until all events are included in the trajectory chain, forming a continuous set of path segments (e.g., a complete line segment chain of "event 1 → event 2 → ... → event N"). The trajectory chain is stored in the form of "timestamp + coordinate point + line segment attribute".
[0140] The specific process of topology path detection and traversal determination in step 34 above is as follows:
[0141] Convert the three line segments (OM, OS, MS) of the sector boundary into parametric equation form (e.g., line segment OM: P(t) = O + t·(MO), t∈[0,1]); calculate the endpoint coordinates, direction vector and length of the line segments, and store them as structured data (e.g., {start point: O, end point: M, direction: MO, length: L}).
[0142] Trajectory chain decomposition and line segment parameterization:
[0143] The operation trajectory chain is decomposed into independent line segments by connecting adjacent events (such as the line segment from event i to event i+1); the parametric equation of each line segment is calculated (such as Q(s) = start point + s·(end point - start point), s∈[0,1]), and the start and end timestamps and operation objects of the line segment are recorded.
[0144] The process for calculating the intersection point of a line segment and a boundary line is as follows:
[0145] 3D spatial line segment intersection detection:
[0146] Solve the simultaneous parametric equations: Combine the trajectory line segment Q(s) with the boundary line segment P(t) to solve for the parameters s and t.
[0147] Determine the validity of the solution:
[0148] If a unique solution exists and s∈[0,1], t∈[0,1], then the two line segments intersect within the parameter range; if the solution is not unique (e.g., the line segments are collinear) or exceeds the parameter range, then they do not intersect; if the coordinates of the intersection point coincide with the start or end point of the trajectory line segment, then the intersection point is excluded (only the crossing of the middle part of the line segment is detected), and a tolerance threshold (e.g., 0.001 unit) is used to determine whether the coordinates "coincide" to avoid floating-point precision errors; by comparing whether the bounding boxes (AABB) of the two line segments overlap, the impossible intersection situation is excluded in advance, the space is divided into grids, and only the boundary line segments that intersect with the grid where the trajectory line segment is located are accurately calculated.
[0149] Verification of the projection of the point onto the sector plane:
[0150] Calculate the distance from the point to the plane containing the sector. If the distance exceeds the threshold (e.g., 0.001 units), it is directly determined as "outer side".
[0151] Angle discrimination method:
[0152] Calculate the vector OP between point P and origin O, and the angle α between OP and principal reference vector OM; if α ≤ principal angle offset of the sector (e.g., 15°), and the distance from point P to origin ≤ sector radius, then it may be on the inside.
[0153] Cross product direction determination method:
[0154] Calculate the cross product of vectors OP and OM to obtain the normal vector N1; calculate the cross product of vectors OP and OS to obtain the normal vector N2. If both N1 and N2 are in the same direction as the normal vector of the sector plane (the dot product is positive), then point P is on the inside; otherwise, it is on the outside. For a point on line segment MS, inversely deduce the parameter t through the parametric equation. If t∈[0,1], then the point is on the boundary; otherwise, determine the inside or outside based on the value of t.
[0155] The complete logic for determining whether a passage has occurred is as follows:
[0156] If the trajectory line segment has a valid intersection point (not an endpoint) with any boundary line segment, proceed to the next step; otherwise, it is judged as "not crossed". Verification of start and end point positions:
[0157] The starting point is on the inside and the ending point is on the outside: and there is an intersection point → it is determined as "crossing from the inside to the outside"; The starting point is on the outside and the ending point is on the inside: and there is an intersection point → it is determined as "crossing from the outside to the inside"; The starting point and the ending point are both on the inside: regardless of whether there is an intersection point → it is determined as "not crossed"; The starting point and the ending point are both on the outside: if the number of intersection points is even → it is determined as "not crossed"; if the number of intersection points is odd → it is determined as "crossing" (rare case, further verification is required).
[0158] Special case handling:
[0159] If the trajectory segment lies entirely on the boundary (i.e., both the starting and ending points are on the boundary, and the segment coincides with the boundary), it is determined as "not crossed." If the trajectory segment is tangent to the boundary (i.e., there is only one point of tangency and the starting and ending points are on the same side), it is determined as "not crossed." The specific steps for generating the result set are as follows: For each path segment, record the determination result ("crossed" or "not crossed"), the crossing position (intersection coordinates), the crossing direction (inside → outside or outside → inside), and the crossing time (calculated based on the timestamp interpolation of the trajectory segment).
[0160] Statistically analyze the number, frequency, and main areas of occurrence of all crossing events (e.g., which monitoring points are nearby); mark high-risk crossing events (e.g., crossings from high-safety zones to low-safety zones); perform secondary verification on events identified as "crossings" to ensure calculation accuracy; generate audit logs to record all judgment criteria and intermediate calculation results for subsequent traceability.
[0161] The specific process of determining the overall crossing in step 35 above is as follows:
[0162] Check the determination results of all path segments generated in step 34. If at least one segment is marked as "crossing", the whole segment is determined as "crossing event exists". Record the first crossing time, location and number of segments. If all segments are "not crossed", the segment is determined as "crossing event does not exist". Record the total number of segments that passed the verification. Combine the "crossing event aggregation" in step 34 with the statistical function in step 35 to avoid duplicate calculations.
[0163] The specific process for setting the permission convergence factor in step 36 above is as follows:
[0164] The result of step 35 is confirmed as "no time travel event exists"; factor value rules:
[0165] Default value setting: If this is the first operation on the platform, or the previous permission convergence factor has expired (e.g., exceeding the preset validity period of 24 hours), the preset default value will be used (set according to platform type: 0.2 for government platforms, 0.3 for medical platforms, and 0.1 for enterprise platforms; the smaller the value, the lower the risk). Previous value retention: If the permission convergence factor generated in the previous operation is still valid (and has not been reset due to other risk events), the value will be directly used (e.g., if the previous factor was 0.3 and valid, it will remain 0.3 this time). Recording and activation: The finally determined permission convergence factor will be stored in system variables and its source ("default value" or "previous valid value") will be marked as a parameter for subsequent encryption key generation and permission matrix adjustment.
[0166] This invention, from event acquisition (step 31) to ordered sorting (step 32) and trajectory chain generation (step 33), fully records the time, location, and object of user operations, providing a clear basis for tracing data flow paths and solving the problems of fragmented operation records and difficulty in reconstructing the entire process in traditional methods. The topology path detection algorithm (step 34), combined with a sector-shaped security boundary, accurately identifies whether the operation trajectory has crossed the boundary through refined logic such as intersection calculation and inner and outer verification, avoiding "false judgment" or "missed judgment" and improving the accuracy of risk identification. Step 35 quickly confirms the existence of crossing events by summarizing the path segment judgment results, providing a clear trigger signal for subsequent permission adjustment and encryption processing, ensuring the timeliness of risk response. Step 36 maintains or resets the permission convergence factor when there are no crossing events, so that the permission policy matches the actual risk state, avoiding resource waste caused by excessive encryption or security risks caused by overly loose permissions, and balancing security and operational efficiency.
[0167] In a preferred embodiment of the present invention, step 4 includes:
[0168] Step 41: Process the preset base key length and the permission convergence factor output in step 35, multiply the base key length by the permission convergence factor and perform linear scaling to obtain the final key length value.
[0169] Step 42: Process the key length value determined in step 41, and use a lattice-based quantum-resistant cryptosystem to generate an encryption key that meets the key length requirement.
[0170] Step 43: Process the set of data nodes with weighted attributes formed in Step 1 and use it as input for the plaintext data to be encrypted;
[0171] Step 44, Perform quantum-safe encryption:
[0172] Step 441: Process the encryption key generated in step 42 and the plaintext data input in step 43, and decompose the key into multiple sub-key blocks;
[0173] Step 442: Dynamically allocate sub-key blocks to the corresponding nodes based on the security level vector weights of each data node;
[0174] Step 443: Employ a quantum-resistant symmetric encryption algorithm and use the allocated subkey blocks to independently encrypt each node;
[0175] Step 444: Aggregate all encrypted node data to generate a ciphertext data stream.
[0176] In this embodiment of the invention, the specific implementation process of key length scaling in step 41 is as follows:
[0177] Three preset baseline key lengths are used (based on data sensitivity): 256 bits for high-sensitivity data, 192 bits for medium-sensitivity data, and 128 bits for low-sensitivity data. The corresponding baseline length is automatically matched based on the security level vector of the data node (e.g., high-sensitivity data has a privacy dimension ≥3). For example, if a node's vector is (4, 3, 2), a 256-bit baseline is matched. The permission convergence factor (e.g., 0.6) is obtained from step 35 and checked to see if it is within the valid range (0.1-0.9). If it is below 0.1, it is forcibly increased to 0.1 (to avoid the key being too short); if it is above 0.9, it is decreased to 0.9 (to avoid the key being too long and affecting efficiency).
[0178] Linear scaling and alignment:
[0179] Calculate: Base length × convergence factor (e.g., 256 × 0.6 = 153.6); round the result up + align by 8 bits: 153.6 → 160 bits (to ensure that the key length is a multiple of 8, which meets the byte alignment requirements of the encryption algorithm).
[0180] The specific implementation process of generating the quantum-resistant encryption key in step 42 above is as follows:
[0181] The Kyber algorithm (the NIST-recommended post-quantum key encapsulation mechanism) is selected. Based on the key length (160 bits) configuration parameters from step 41, the polynomial degree is set to 512 and the modulus to 3329, ensuring security matches the key length. The hardware security module (HSM)'s true random number generator is invoked to generate a 256-bit initial seed (seed entropy ≥ 256 bits, conforming to the FIPS 140-2 standard). A random basis matrix of the lattice is generated based on the seed (containing 512 polynomials, each with coefficients in the range [-1, 0, 1]). A secret key (short vector) is generated from the lattice using a Gaussian sampling algorithm, and the public key is calculated based on the basis matrix and the secret key. The first 160 bits (the length determined in step 41) are truncated from the secret key as the final session key for encryption. The mathematical correlation between the public and secret keys is verified (ensuring that content encrypted with the public key can be decrypted with the corresponding secret key). The quantum attack resistance of the key pair is tested (by simulating a lattice basis reduction attack using a third-party tool, verifying an attack success rate < 10%). -18 ).
[0182] The implementation process of data node preprocessing in step 43 above is as follows:
[0183] Extract individual nodes from the dataset in Step 1 (e.g., "Patient A's medical record"), remove irrelevant attributes (e.g., redundant format markers), and retain core fields (e.g., diagnosis results, medication records); remove special characters from text data (e.g., remove unprintable characters), and perform range validation on numerical data (e.g., age > 0 and < 150); parse the security level vector of the nodes (e.g., (4, 3, 2) corresponds to privacy level 4, business value level 3, and compliance level 2); calculate the total weight according to the dimension weight allocation formula: privacy (40%) + business value (30%) + compliance (30%) → 4 × 0.4 + 3 × 0.3 + 2 × 0.3 = 3.1 (weight range 1-5); divide the node data into 1KB blocks (e.g., 3.5KB of data is divided into 4 blocks, and the last block less than 1KB is padded to 1KB with PKCS#7); convert each block of data into a binary stream: text data is encoded using UTF-8, numerical data is encoded using little-endian byte order, and structured data (e.g., JSON) is first converted into key-value pairs and then encoded.
[0184] The subkey block decomposition process in step 441 above is as follows:
[0185] The 160-bit key generated in step 42 is divided into 5 sub-key blocks of 32 bits each (160 ÷ 32 = 5, and the last block is padded with 0s to make it 32 bits if it is less than 32 bits). A unique identifier is added to each sub-key block (such as "Block 1-32 bits" "Block 2-32 bits") for subsequent allocation tracking.
[0186] The dynamic allocation process of subkey blocks in step 442 above is as follows:
[0187] Subkey blocks are allocated according to the security level weight of the data node (3.1): for every 1 increase in weight, 1 more block is allocated (basic allocation is 1 block, 3.1 → 3 blocks are allocated); 3 blocks are randomly selected from 5 subkey blocks (to avoid the fixed allocation pattern being cracked) and bound to 3 data blocks of the node (1 data block corresponds to 1 subkey block).
[0188] The process of implementing node-independent encryption in step 443 above is as follows:
[0189] The AES-256-GCM algorithm (a quantum-resistant symmetric encryption scheme) is used to generate a 12-bit random initialization vector (IV) and a 128-bit authentication tag for each data block. The data block is encrypted with the allocated subkey block + IV to generate ciphertext. At the same time, the authentication tag of ciphertext + IV is calculated (used to verify integrity during decryption).
[0190] The above step 444, the ciphertext data stream aggregation process is implemented as follows:
[0191] All encrypted ciphertexts are concatenated in the order of the original data blocks to form the ciphertext body; a metadata header is generated, which includes the key length (160 bits), subkey allocation table (recording which data block used which subkey), IV list, and authentication tag list; after concatenating the header and ciphertext body, the overall SHA-256 hash value is calculated (appended to the tail), and finally a complete ciphertext data stream is generated.
[0192] The subkey block of this invention is only temporarily called during encryption and is immediately cleared from memory after encryption is completed (to avoid leakage). The metadata records the encryption timestamp, operator ID, and source identifier of the data node, supporting full-link traceability of the encryption process. For highly sensitive data, a "subkey block rotation" mechanism is adopted (the subkey allocation rule is changed every 100 nodes encrypted) to balance security and computational efficiency.
[0193] In step 41 of this invention, the baseline key length is linearly scaled by a permission convergence factor, so that the key length is directly related to the data security risk. The higher the risk (the larger the convergence factor), the longer the key and the higher the encryption strength; the lower the risk, the more concise the key. This avoids the problems of "over-encryption and waste of resources" or "insufficient encryption and hidden dangers" caused by traditional fixed key lengths, and achieves a balance between security and efficiency. Step 42 uses a lattice-based quantum-resistant cryptosystem to generate keys, fundamentally resisting the threat of quantum computing to crack traditional cryptography. Step 443 further uses a quantum-resistant symmetric encryption algorithm to form a full-link quantum security protection of "key generation + data encryption", providing long-term security for data. Steps 441 to 442, through subkey block decomposition and dynamic allocation, enable nodes with high-security-level vector weights to obtain more subkey protection, realizing differentiated management of "key encryption for sensitive data and moderate encryption for ordinary data", which not only improves the security of high-value data, but also reduces the overall encryption overhead. Step 444 adds metadata (such as subkey allocation table, hash value) when aggregating ciphertext, which not only supports full-link traceability of the encryption process (through source identifier, timestamp, etc.), but also ensures that the ciphertext has not been tampered with through authentication tags and hash verification, solving the problems of "untraceable encrypted data" and "difficult integrity verification" in traditional encryption.
[0194] In a preferred embodiment of the present invention, step 5 includes:
[0195] Step 51: Process the ciphertext data stream obtained in step 44, input it into a pre-trained multi-head attention neural network, extract global feature associations of the ciphertext data stream, and generate an initial permission matrix; the rows and columns of this matrix correspond to data nodes respectively, and the matrix element values represent the permission association strength between nodes.
[0196] Step 52: Process the initial permission matrix generated in step 51. Using the permission convergence factor output in step 35 as the distance scaling factor, calculate the Euclidean distance between the permission association strength values between every two nodes in the matrix to obtain the scaled permission distance matrix.
[0197] Step 53: Process the core anchor point of the permission determined in Step 1 and the permission convergence factor output in Step 35. Construct a dynamic authorization sphere space range with the coordinates of the core anchor point in the attribute space as the center and the value of the permission convergence factor as the radius.
[0198] Step 54: Process the permission distance matrix obtained in step 52, filter out all data nodes located within the dynamic authorization sphere space constructed in step 53, and retain the permission entries corresponding to the nodes.
[0199] Step 55: Process the permission entries retained in step 54, perform probability normalization calculation, make the sum of the weights of all entries equal to 1, and output the normalized permission policy matrix.
[0200] In this embodiment of the invention, step 51, which generates the initial permission matrix based on a multi-head attention neural network, is implemented as follows:
[0201] Extract metadata (such as the subkey allocation table and the number of data nodes) and the ciphertext body from the ciphertext data stream in step 44, and strip away non-feature information such as hash check values; split the ciphertext body according to the data nodes, and convert the ciphertext of each node into a fixed-length binary vector (such as 256-dimensional, with insufficient parts padded with 0) as the input features of the neural network.
[0202] Multi-head attention neural network configuration:
[0203] The pre-trained model is invoked (the training data consists of related samples of historical permission policies and encrypted features). The model contains 8 attention heads (focusing on different dimensions such as node source identifier, security level, and time sequence label respectively).
[0204] The input layer dimension matches the length of the ciphertext vector (256 dimensions), the hidden layer has 3 layers (128 neurons per layer), and the output layer dimension is "number of nodes × number of nodes" (consistent with the number of data nodes).
[0205] The construction and training process of the pre-trained multi-head attention neural network is as follows:
[0206] First, the model architecture was designed. The input layer receives a 256-dimensional ciphertext feature vector and a 128-dimensional metadata feature vector, which are then concatenated into a 384-dimensional input. The encoding layer contains three Transformer encoder blocks, each with eight attention heads of 48 dimensions and a feedforward neural network with a hidden layer dimension of 768. The output layer is a fully connected layer with a node count of squared. The eight attention heads focus on different dimensions of features, such as source identifier, security level, and temporal label. The training data comes from 100,000 security audit records over the past 12 months, including operation trajectory chains, ciphertext data streams, and manually labeled permission policies. After time offset and feature perturbation enhancement, feature engineering is performed to extract features such as the ciphertext subkey distribution pattern. The metadata is normalized and hashed, and then a label matrix is generated according to four levels, from fully accessible to inaccessible. During training, mean squared error was used as the primary loss, supplemented by attention head sparsity and temporal consistency losses. The AdamW optimizer and cosine annealing learning rate scheduling were used. After 50 training rounds, pre-training was performed on mask feature prediction and permission matrix completion. Then, the models were fine-tuned and integrated with labeled data. Model validation was performed using metrics such as accuracy @K. Intervention experiments and heatmaps were used to enhance the interpretability of the attention head, and adversarial examples were added to improve robustness. Finally, the model was quantized, compressed, and deployed as a low-latency REST API. New data was collected daily, incremental training was performed weekly, and metrics such as prediction confidence were monitored. In case of anomalies, the model was rolled back. In this way, a pre-trained model that can learn permission association patterns from encrypted features was constructed.
[0207] Global feature association extraction:
[0208] Each attention head calculates the association weight between nodes: for example, head 1 focuses on "source identifier similarity", head 2 focuses on "security level vector difference", and head 3 focuses on "encryption subkey association". After the multi-head features are concatenated, the association strength between nodes is output through a fully connected layer (range 0-1, the larger the value, the stronger the permission association). The number of rows and columns of the matrix are equal to the total number of data nodes (e.g., a 100×100 matrix if there are 100 nodes). The value of the matrix element (i, j) is the "permission association strength of node i to node j" output by the neural network, and the diagonal element (i, i) is set to the maximum value of 1 (the strongest permission association of itself).
[0209] The scaling calculation process for the permission distance matrix in step 52 above is as follows:
[0210] Initial permission matrix standardization:
[0211] Iterate through all elements of the initial permission matrix and convert the association strength value (0-1) into "distance equivalent": distance = 1 - association strength (the smaller the value, the stronger the association); verify the validity of the distance value (range 0-1), and reset abnormal values (such as negative numbers) to 1 (maximum distance).
[0212] Permission convergence factor adaptation:
[0213] Obtain the permission convergence factor (e.g., 0.6) output in step 35 and use it as the distance scaling factor (the larger the factor, the closer the distance after scaling is to the original value). If the convergence factor is 0 (extremely low risk), force it to be set to 0.1 (to avoid indiscriminate permissions due to distance scaling of 0).
[0214] Euclidean distance calculation and scaling:
[0215] For each pair of nodes (i, j) in the matrix, calculate the Euclidean distance of the normalized distance (based on a comprehensive calculation of distance equivalents across all dimensions).
[0216] Scaling the Euclidean distance using a convergence factor: Scaled distance = original Euclidean distance × convergence factor (e.g., if the original distance is 0.5, the scaled distance is 0.5 × 0.6 = 0.3).
[0217] Generation of permission distance matrix:
[0218] Construct a distance matrix of "number of nodes × number of nodes", where the element (i, j) is the scaled Euclidean distance between nodes i and j. Set the diagonal element (i, i) of the matrix to 0 (its own distance is 0), and label the matrix dimensions and calculate the timestamp.
[0219] Step 53 above, the dynamic authorization of the sphere's spatial range construction, is implemented as follows:
[0220] Core anchor point coordinate extraction:
[0221] Extract the three-dimensional attribute space coordinates (source identifier hash value, time sequence marker timestamp, security level vector value) from the core permission anchor points determined in step 1; standardize the coordinates (map each dimension value to the 0-1 range) to avoid the difference in numerical range of different dimensions affecting the sphere's range.
[0222] The radius of the sphere is determined as follows:
[0223] The permission convergence factor (e.g., 0.6) output in step 35 is directly used as the radius of the sphere (the normalized range is 0-1, and the larger the value, the wider the coverage).
[0224] Verify the reasonableness of the radius: If the radius is <0.1 (too small), automatically expand to 0.1 (to ensure that the core node is covered); if it is >0.8 (too large), shrink to 0.8 (to avoid excessive diffusion of permissions).
[0225] Definition of the spatial extent of a sphere:
[0226] Using the standardized coordinates of the core anchor point as the center of the sphere and the radius as the convergence factor value, the sphere's range is defined in the three-dimensional attribute space: any point (x, y, z) whose Euclidean distance from the center of the sphere is less than or equal to the radius is considered to be within the sphere. The extreme values of the coordinates of the sphere's boundaries are calculated (e.g., x-axis range: center x ± radius, y and z axes are similar) to quickly determine whether a node is within the range.
[0227] Sphere validity verification:
[0228] Randomly select 10% of historical core nodes and check if they are inside the sphere (distance ≤ radius). If the coverage is <80%, fine-tune the radius (increase by 0.1) and re-verify.
[0229] Step 54 above, the dynamic authorization sphere's node filtering and permission entry retention process, is implemented as follows:
[0230] Permission distance matrix analysis:
[0231] Iterate through the permission distance matrix generated in step 52, extract the scaled Euclidean distance between each data node (row) and the core anchor point (reference column), and label the distance value for each node (e.g., “Node A - Core Anchor Point: 0.45”).
[0232] Node selection within the sphere:
[0233] Compare the node distance with the radius of the dynamically authorized sphere (e.g., radius 0.6): nodes with a distance ≤ radius are determined as "nodes inside the sphere", and nodes with a distance > radius are "nodes outside the sphere"; for boundary nodes (distance = radius ± 0.01), they are preferentially determined as "nodes inside the sphere" (to avoid omissions due to accuracy errors).
[0234] Extraction and retention of permission entries:
[0235] From the initial permission matrix, extract the rows and columns corresponding to all nodes within the sphere: the rows represent "authorizing subject nodes" and the columns represent "authorized object nodes". Retain the permission association strength values (i.e. permission entries) at the intersection of these rows and columns to form a temporary permission subset (e.g., "the association strength of node A to node B is 0.8").
[0236] Record the filtering results: number of nodes within the sphere, total number of retained permission entries, and filtering timestamp.
[0237] The normalization process of the permission policy matrix in step 55 above is implemented as follows:
[0238] Preprocessing of reserved permission entries:
[0239] Check the permission entries retained in step 54, remove invalid values (such as NaN, negative numbers), set the weight of invalid entries to 0, merge duplicate entries (take the average of multiple records of the same subject-object pair), and ensure that each entry is unique.
[0240] Probability normalization calculation:
[0241] Calculate the total weight of all valid permission entries (e.g., total = 5.2).
[0242] Calculate the normalized weight of each entry: entry weight = original weight ÷ sum (e.g., original weight 0.8 → 0.8 ÷ 5.2 ≈ 0.1538).
[0243] If the sum is 0 (all entries have a weight of 0), then all entries are weighted equally (e.g., each of the 10 entries has a weight of 0.1).
[0244] Validation of normalization results:
[0245] Calculate the sum of all normalized weights and verify that it is approximately 1 (with an allowable error of ±0.001). If the error exceeds the range, recalculate.
[0246] For entries with a weight > 0.5 (too high), a secondary adjustment is made: the excess is evenly distributed to other entries (to avoid excessive concentration of a single authority).
[0247] Output of the permission policy matrix:
[0248] Using "authorized subject node × authorized object node" as rows and columns, normalized weights are filled in to form the final permission policy matrix.
[0249] The matrix includes additional metadata: normalized time, total number of entries, maximum / minimum weight values, supporting subsequent permission verification and auditing.
[0250] This invention utilizes a pre-trained multi-head attention network to directly extract global feature associations from encrypted data streams, overcoming the limitations of traditional permission systems that rely on plaintext metadata. It achieves intelligent derivation of permission relationships while ensuring data encryption. A dynamic authorization sphere space is constructed based on a permission convergence factor, allowing the permission range to automatically expand and contract according to risk assessment results. In high-risk situations, the sphere radius shrinks (convergence factor decreases), concentrating permissions near the core anchor point; in low-risk situations, the sphere expands, broadening the permission coverage and achieving a closed loop of "risk perception-permission adaptation." Through multi-dimensional analysis of subkey distribution patterns and security level vectors, a permission association strength matrix between nodes is generated, supporting differentiated control of access permissions for each data node and avoiding over-authorization caused by traditional permission strategies. Or insufficient authorization; the distance scaling mechanism in step 52, combined with the spatial filtering in step 54, pre-excludes nodes outside the sphere's range, reducing the computational load of subsequent normalization processing; at the same time, the parameter sharing mechanism of the pre-trained model further reduces the computational cost of permission inference; the generation process of the permission matrix retains a clear computational path (such as the feature weight distribution of the attention head and the boundary parameters of the sphere space), making the permission policy traceable and meeting compliance audit requirements; the probability weights after normalization intuitively reflect the relative priority of permission allocation; since the permission policy is directly generated based on ciphertext features, it is difficult for attackers to bypass permission control by tampering with plaintext metadata; the real-time adjustment of the dynamic sphere space also increases the difficulty of permission boundary prediction, improving the system's anti-attack capability.
[0251] In a preferred embodiment of the present invention, step 6 involves verifying the user's operation coordinates based on the permission matrix and security boundary to obtain a verification result; binding the verification result with the operation trajectory chain and generating a cross-node audit evidence chain, including:
[0252] Step 61: Process the user's current operation request and extract its operation coordinates and target node identifier;
[0253] Step 62: Process the permission policy matrix output in step 55 and the sector-shaped security boundary region constructed in step 29, and verify whether the operation coordinates simultaneously satisfy:
[0254] The permission policy matrix contains valid permission entries for the target node, and the operation coordinates are located within the sector-shaped security boundary area to output a binary verification result.
[0255] Step 63: Process the operation trajectory chain generated in step 33 and the verification result output in step 62, and bind the verification result as an additional attribute to the end node of the trajectory chain.
[0256] Step 64: Process the operation trajectory chain bound in step 63, and generate cross-node hash link evidence based on the time sequence markers and node identifiers contained therein; each evidence block contains the hash value of the current operation event, the hash value of the preceding event, and the boundary verification marker, forming an immutable audit evidence chain.
[0257] In this embodiment of the invention, step 61, user operation request parsing and coordinate extraction, is specifically implemented as follows:
[0258] Receive user operation requests (such as HTTP POST requests), parse the user identity token (such as JWT) in the request header, and verify the validity of the token signature using the public key; extract the operation type (such as read, modify, delete), operation timestamp (UTC format), and target data node identifier (such as database table name + record ID) from the request body.
[0259] Operation coordinate generation:
[0260] The IP address of the operation request is mapped to three-dimensional spatial coordinates (longitude, latitude, and network level) through the GeoIP database. The network level is determined according to the network segment type to which the IP address belongs (such as corporate intranet or DMZ). The operation timestamp is converted into seconds relative to the system startup time as the time dimension coordinate. The permission dimension coordinate is calculated according to the user role (such as administrator, auditor, and ordinary user) and permission level (levels 1-5) (e.g., administrator role + permission level 4 → mapped to coordinate point (4, 0.8)). The three-dimensional spatial coordinates are standardized (e.g., longitude [-180, 180] → [0, 1], latitude [-90, 90] → [0, 1]). The spatial, time, and permission three-dimensional coordinates are merged into a unified five-dimensional operation vector (x, y, z, t, p) as the operation coordinate.
[0261] The implementation process of dual authentication of permissions and security boundaries in step 62 above is as follows:
[0262] From the permission policy matrix in step 55, extract the row corresponding to the current user's identity (representing the user's permissions to each node); find the column where the target data node is located, obtain the corresponding normalized permission weight (e.g., 0.75 represents 75% access permission), and determine whether the permission weight exceeds the preset threshold (e.g., 0.5): if it exceeds, the permission verification passes; otherwise, it fails; obtain the sector security boundary parameters (center coordinates, start angle, end angle, radius) from step 29; calculate the Euclidean distance from the operation coordinates to the center of the circle, and determine whether it is less than or equal to the radius; calculate the azimuth angle of the operation coordinates relative to the center of the circle, and determine whether it is between the start angle and the end angle; if both the distance and angle meet the conditions, the security boundary verification passes; otherwise, it fails; if both the access permission verification and the security boundary verification pass, the result is "1" (allowed); if either verification fails, the result is "0" (rejected); record the verification timestamp and the verification executor ID (e.g., system process ID).
[0263] The process of verifying the results and binding them to the trajectory chain in step 63 above is as follows:
[0264] From the distributed ledger in step 33, retrieve the corresponding operation trajectory chain based on user identity and operation time range (e.g., the most recent 1 hour), calculate the hash value of all nodes on the chain, and compare it with the root hash value recorded at the chain head; obtain the last node of the trajectory chain (the latest operation record), and add new attribute fields "permission verification result" and "security boundary verification result"; fill the corresponding fields with the binary verification result from step 62, and record the verification timestamp and verification algorithm version number; recalculate the hash value of the extended end node (including the newly added attributes), append the updated end node to the trajectory chain, and synchronize it to all replica nodes of the distributed ledger.
[0265] The process of generating cross-node hash link evidence in step 64 above is as follows:
[0266] Current event block: contains complete information about the operation request (user identity, operation coordinates, target node, operation type, timestamp), verification result (permissions + security boundaries), and current block hash value (calculated from all fields in the block).
[0267] Preceding reference block: Contains the hash value of the previous operation event (obtained from the track chain).
[0268] Boundary verification block: contains parameters of the sector safety boundary (center, angle, radius) and intermediate results of the verification process (such as calculated distance and azimuth).
[0269] Hash chain construction:
[0270] Calculate the hash value H1 of the current event block (using the SHA-256 algorithm), and obtain the previous hash value H0 from the previous operation record; use H0 as part of the current evidence block, and calculate a new hash value H2 = SHA256(H0||H1||boundary verification block data); use H2 as the hash value of the current evidence block and store it in a distributed storage system (such as IPFS); each evidence block contains the hash value of the previous block, forming a chain structure, and periodically (e.g., every 100 operations) generate a Merkle tree of the evidence chain, storing the root of the tree in the blockchain to ensure long-term immutability; for critical operations (such as permission changes, access to sensitive data), additional digital signatures are generated (using the HMAC-SHA256 algorithm, with the key derived from the system master key).
[0271] Step 62 of this invention combines the permission policy matrix and the sector-shaped security boundary for dual verification, ensuring that the operation conforms to the preset permission allocation (permission matrix verification) and restricting the operation within the security space (boundary verification), forming a three-dimensional protection of "permission + space" to avoid vulnerabilities in a single verification dimension; Step 63 binds the verification result as an attribute to the end of the trajectory chain, so that the compliance status of each operation is deeply associated with the trajectory, realizing a one-to-one correspondence between "operation-verification-trajectory", solving the traceability gap problem caused by the separation of verification results and operation records in traditional systems; Step 64 constructs cross-node evidence blocks through hash links, each piece of evidence containing the current event hash, the previous hash, and the verification mark, forming a chain-linked immutable structure. Even if data on a single node is tampered with, it will be quickly identified due to hash mismatch, meeting the audit traceability requirements in high compliance scenarios; the evidence chain generated based on time sequence markers and node identifiers fully records the flow path of user operations between different data nodes, supporting reverse tracing from the current operation to the initial operation, clearly restoring the entire process of cross-node interaction, and facilitating the location of the source of abnormal operations; the generation of verification results depends on clear permission matrix rules and boundary parameters, and the evidence block contains verification markers, allowing auditors to confirm the rationality of the verification results by reproducing the verification logic (such as permission entry query, coordinate boundary calculation), enhancing the credibility of compliance audits; the real-time verification mechanism (steps 61 to 62) can quickly provide feedback on the results (allow / deny) when the user operation request is initiated, avoiding the passive situation of tracing after the execution of illegal operations, and controlling risks before the operation is executed.
[0272] like Figure 2 As shown, a comprehensive management platform data security sharing system includes:
[0273] The determination module is used to convert business data streams into a set of data nodes with weighted attributes. Each node contains a source identifier, a time sequence marker, and a security level vector. The core anchor points for permissions are determined based on node spatial density clustering.
[0274] The configuration module is used to generate a primary reference vector and a secondary reference vector along the data security level gradient with the core anchor point as the origin; construct a fan-shaped security boundary region between the two vectors through a convex hull geometry algorithm; set compliance monitoring points within the boundary region and risk monitoring points outside the boundary region;
[0275] The acquisition module is used to acquire operation events of monitoring points and generate operation trajectory chains in timestamp order; it uses a topology path detection algorithm to determine whether the trajectory chain crosses the safety boundary; when a crossing is detected, it generates an access control convergence factor.
[0276] The generation module is used to generate an encryption key by using the permission convergence factor as a key length control parameter; the encryption key is then used to perform quantum-safe encryption on the data node set to obtain a ciphertext data stream.
[0277] The processing module is used to input the encrypted data stream into the multi-head attention neural network to generate an initial permission matrix; calculate the Euclidean distance between nodes in the initial permission matrix using the permission convergence factor as a scaling factor; construct a dynamic authorization sphere with the core anchor point as the center and the permission convergence factor as the radius, and retain the permission entries corresponding to the nodes in the sphere; and normalize the retained permission entries to obtain the permission policy matrix.
[0278] The verification module is used to verify the coordinates of user operations based on the permission matrix and security boundaries to obtain the verification results; the verification results are bound to the operation trajectory chain, and a cross-node audit evidence chain is generated.
[0279] The above description represents the preferred embodiments of the present invention. It should be noted that those skilled in the art can make various improvements and modifications without departing from the principles of the present invention, and these improvements and modifications should also be considered within the scope of protection of the present invention.
Claims
1. A method for secure data sharing in a comprehensive management platform, characterized in that, The method includes: Step 1: Convert the business data stream into a set of data nodes with weighted attributes. Each node contains a source identifier, a time sequence marker, and a security level vector. Determine the core anchor points for permissions based on node spatial density clustering. Step 2: Using the core anchor point as the origin, generate the main reference vector and the secondary reference vector along the data security level gradient; construct the fan-shaped security boundary region between the two vectors using the convex hull geometry algorithm; set up compliance monitoring points within the boundary region and risk monitoring points outside the boundary region; Step 3: Obtain the operation events of the monitoring points and generate the operation trajectory chain in the order of timestamps; use the topology path detection algorithm to determine whether the trajectory chain crosses the safety boundary; when a crossing is detected, generate the permission convergence factor; Step 4: Use the permission convergence factor as the key length control parameter to generate an encryption key; use the encryption key to perform quantum-safe encryption on the data node set to obtain the ciphertext data stream; Step 5: Input the encrypted data stream into the multi-head attention neural network to generate an initial permission matrix; calculate the Euclidean distance between nodes in the initial permission matrix using the permission convergence factor as the scaling factor; construct a dynamic authorization sphere with the core anchor point as the center and the permission convergence factor as the radius, and retain the permission entries corresponding to the nodes in the sphere; normalize the retained permission entries to obtain the permission policy matrix. Step 6: Based on the permission matrix and security boundary, verify the user operation coordinates to obtain the verification result; bind the verification result with the operation trajectory chain and generate a cross-node audit evidence chain.
2. The data security sharing method for an integrated management platform according to claim 1, characterized in that, Step 1 includes: Step 11: Parse the input business data stream, extract a unique source identifier for each independent data unit in the business data stream, record the time sequence mark of its generation or processing time, and a multi-dimensional security level vector that quantifies its sensitivity, so as to form an initial data node set. Step 12: Calculate the spatial density of each node in the attribute space based on the attribute space formed by the source identifier, time sequence tag and security level vector of each node. The spatial density reflects the density of the neighboring nodes around the node. Step 13: Based on the calculated spatial density, select nodes whose spatial density is higher than the preset density threshold and mark them as high-density nodes. Step 14: Identify tightly wrapped nodes in the high-density node set obtained in step 13; Step 15: Identify the tightly surrounding nodes as the core anchor points for permissions.
3. The data security sharing method for an integrated management platform according to claim 2, characterized in that, Step 2: Using the core anchor point as the origin, generate the primary and secondary reference vectors along the data security level gradient, including: Step 21: Use the core permission anchor point determined in Step 1 as the origin of the spatial coordinates; Step 22: Calculate the direction in the attribute space from the origin where the data security level increases the fastest, and determine this direction as the main reference direction; Step 23: Generate a main reference vector in the main reference direction according to the preset main angle offset; Step 24: Based on the primary reference direction, calculate the secondary reference direction according to the preset secondary angle offset. Step 25: In the secondary reference direction, generate a secondary reference vector according to the preset secondary angle offset.
4. The data security sharing method for an integrated management platform according to claim 3, characterized in that, A sector-shaped safety boundary region between two vectors is constructed using a convex hull geometry algorithm; compliance monitoring points are set within the boundary region, and risk monitoring points are set outside the boundary region, including: Step 26: Based on the main reference vector generated in step 23 and the secondary reference vector generated in step 25, define them as two boundary rays constituting the sector region. Step 27: Based on the two boundary rays defined in Step 26 and the permission core anchor point set in Step 21, determine that the permission core anchor point is a common vertex and the two boundary rays are edges originating from that vertex. Step 28: For the common vertex and the end points of the two boundary rays determined in Step 27, process them using the convex hull geometry algorithm to obtain the minimum set of convex polygon vertices. Step 29: By processing the set of vertices of the minimum convex polygon, calculate and construct the minimum convex polygon region that connects the end points of the two boundary rays and includes the common vertex. This minimum convex polygon region is the sector-shaped safe boundary region. Step 210: Within the internal space covered by the sector-shaped safety boundary area constructed in step 29, select and set multiple compliance monitoring points according to the preset distribution density of compliance monitoring points; Step 211: Within the external space of the sector-shaped safety boundary area constructed in step 29, and paying particular attention to the location immediately adjacent to its boundary, select and set multiple risk monitoring points according to the preset risk monitoring point distribution density.
5. The method for secure data sharing in a comprehensive management platform according to claim 4, characterized in that, Step 28: For the common vertices and the endpoints of the two boundary rays determined in Step 27, process them using a convex hull geometry algorithm to obtain the minimum set of convex polygon vertices, including: Step 281: Input the geometric elements determined in step 27, namely the common vertex, the end point of the primary datum vector, and the end point of the secondary datum vector, to form a set of points to be processed; Step 282: Process the set of points to be processed, and select common vertices as reference points for geometric sorting; Step 283: Process the remaining points, namely the two end points, and calculate the azimuth angles of the two end points relative to the reference point; Step 284: Process the azimuth angles obtained in step 283, and sort the two endpoints in ascending order of azimuth angles; Step 285: Process the sorted point sequence, namely the reference point, the first end point, and the second end point. Starting from the reference point, connect the points in the point sequence in sequence. Step 286: During the connection process, check whether the turning direction of each newly added connection edge is always consistent with that of the previous edge, so as not to form a concave angle; Step 287: After step 286 confirms that the connection process always maintains a consistent direction and that all points are connected, output the closed polygon point sequence formed by the connecting edges. This point sequence is the set of vertices that constitute the smallest convex polygon.
6. The method for secure data sharing in a comprehensive management platform according to claim 5, characterized in that, Step 3 includes: Step 31: Based on the compliance monitoring points set in step 210 and the risk monitoring points set in step 211, obtain the user operation events that occur on them; each operation event shall include at least the event type, the coordinates of the location where it occurs, the identifier of the operation object, and the precise timestamp; Step 32: Process the set of operation events obtained in step 31, sort them according to their timestamps in strict order from early to late, and output an ordered sequence of operation events; Step 33: Process the ordered sequence of operation events output in step 32, connect the position coordinates of operation events with adjacent timestamps in sequence, and generate a continuous operation trajectory chain representing the user's movement path between monitoring points. Step 34: The topology path detection algorithm is used to process the operation trajectory chain generated in step 33 and the fan-shaped safety boundary region constructed in step 29 to obtain a set of crossing determination results for all path segments. Step 35: Based on the set of crossing determination results for all path segments, check whether there is at least one path segment in the entire operation trajectory chain that has been determined to cross the safety boundary, and output the determination result of whether there is a crossing. Step 36: When the determination result is that there is no traversal event, set the permission convergence factor to the preset default value or keep the valid value generated by the previous operation unchanged.
7. The method for secure data sharing in a comprehensive management platform according to claim 6, characterized in that, Step 4 includes: Step 41: Process the preset base key length and the permission convergence factor output in step 35, multiply the base key length by the permission convergence factor and perform linear scaling to obtain the final key length value. Step 42: Process the key length value determined in step 41, and use a lattice-based quantum-resistant cryptosystem to generate an encryption key that meets the key length requirement. Step 43: Process the set of data nodes with weighted attributes formed in Step 1 and use it as input for the plaintext data to be encrypted; Step 44, Perform quantum-safe encryption: Step 441: Process the encryption key generated in step 42 and the plaintext data input in step 43, and decompose the key into multiple sub-key blocks; Step 442: Dynamically allocate sub-key blocks to the corresponding nodes based on the security level vector weights of each data node; Step 443: Employ a quantum-resistant symmetric encryption algorithm and use the allocated subkey blocks to independently encrypt each node; Step 444: Aggregate all encrypted node data to generate a ciphertext data stream.
8. The method for secure data sharing in a comprehensive management platform according to claim 7, characterized in that, Step 5 includes: Step 51: Process the ciphertext data stream obtained in step 44, input it into a pre-trained multi-head attention neural network, extract global feature associations of the ciphertext data stream, and generate an initial permission matrix; the rows and columns of this matrix correspond to data nodes respectively, and the matrix element values represent the permission association strength between nodes. Step 52: Process the initial permission matrix generated in step 51. Using the permission convergence factor output in step 35 as the distance scaling factor, calculate the Euclidean distance between the permission association strength values between every two nodes in the matrix to obtain the scaled permission distance matrix. Step 53: Process the core anchor point of the permission determined in Step 1 and the permission convergence factor output in Step 35. Construct a dynamic authorization sphere space range with the coordinates of the core anchor point in the attribute space as the center and the value of the permission convergence factor as the radius. Step 54: Process the permission distance matrix obtained in step 52, filter out all data nodes located within the dynamic authorization sphere space constructed in step 53, and retain the permission entries corresponding to the nodes. Step 55: Process the permission entries retained in step 54, perform probability normalization calculation, make the sum of the weights of all entries equal to 1, and output the normalized permission policy matrix.
9. A method for secure data sharing in a comprehensive management platform according to claim 8, characterized in that, Step 6: Based on the permission matrix and security boundary, verify the user's operation coordinates to obtain the verification result; The verification results are linked to the operation trajectory chain, and a cross-node audit evidence chain is generated, including: Step 61: Process the user's current operation request and extract its operation coordinates and target node identifier; Step 62: Process the permission policy matrix output in step 55 and the sector-shaped security boundary region constructed in step 29, and verify whether the operation coordinates simultaneously satisfy: The permission policy matrix contains valid permission entries for the target node, and the operation coordinates are located within the sector-shaped security boundary area to output a binary verification result. Step 63: Process the operation trajectory chain generated in step 33 and the verification result output in step 62, and bind the verification result as an additional attribute to the end node of the trajectory chain. Step 64: Process the operation trajectory chain bound in step 63, and generate cross-node hash link evidence based on the time sequence markers and node identifiers contained therein; each evidence block contains the hash value of the current operation event, the hash value of the preceding event, and the boundary verification marker, forming an immutable audit evidence chain.
10. A comprehensive management platform data security sharing system, characterized in that, The system is used to perform the method as described in any one of claims 1 to 9, comprising: The determination module is used to convert business data streams into a set of data nodes with weighted attributes. Each node contains a source identifier, a time sequence marker, and a security level vector. The core anchor points for permissions are determined based on node spatial density clustering. The configuration module is used to generate a primary reference vector and a secondary reference vector along the data security level gradient with the core anchor point as the origin; construct a fan-shaped security boundary region between the two vectors through a convex hull geometry algorithm; set compliance monitoring points within the boundary region and risk monitoring points outside the boundary region; The acquisition module is used to acquire operation events of monitoring points and generate operation trajectory chains in timestamp order; it uses a topology path detection algorithm to determine whether the trajectory chain crosses the safety boundary; when a crossing is detected, it generates an access control convergence factor. The generation module is used to generate an encryption key by using the permission convergence factor as a key length control parameter; the encryption key is then used to perform quantum-safe encryption on the data node set to obtain a ciphertext data stream. The processing module is used to input the encrypted data stream into the multi-head attention neural network to generate an initial permission matrix; calculate the Euclidean distance between nodes in the initial permission matrix using the permission convergence factor as a scaling factor; construct a dynamic authorization sphere with the core anchor point as the center and the permission convergence factor as the radius, and retain the permission entries corresponding to the nodes in the sphere; and normalize the retained permission entries to obtain the permission policy matrix. The verification module is used to verify the coordinates of user operations based on the permission matrix and security boundaries to obtain the verification results; the verification results are bound to the operation trajectory chain, and a cross-node audit evidence chain is generated.