An AI knowledge base supporting RBAC+ABAC permission control method
By constructing a dynamic hypergraph knowledge storage model and an intelligent permission adjudication engine, and combining RBAC and ABAC permission control methods, the efficiency and maintainability issues of AI knowledge bases in executing fine-grained permission control are solved, achieving efficient permission judgment and simplified policy rules.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING NANCAL RUIYUAN DIGITAL TECH CO LTD
- Filing Date
- 2026-03-03
- Publication Date
- 2026-06-30
AI Technical Summary
Existing AI knowledge bases cannot simultaneously guarantee the efficiency of permission decisions and the maintainability of policy rules when implementing fine-grained permission control, resulting in delayed permission decision response and increased policy set maintenance costs, as well as inconsistent permission decision results.
A dynamic hypergraph knowledge storage model is constructed, and the RBAC+ABAC access control method is combined with an intelligent access decision engine. The dynamic hypergraph storage model is used, and the RBAC and ABAC access control methods are combined. The intelligent access decision engine performs RBAC role verification and ABAC environment attribute collection in parallel. The access policy compression model is used for in-depth analysis and optimization. The thermodynamic entropy access policy optimization algorithm is used to adjust the policy parameters and generate the optimal access decision.
This approach enables access control precision down to the knowledge fragment level, reducing the computational complexity and response time of access decisions, improving the maintainability of policy rules and the consistency of decision results, and avoiding performance bottlenecks caused by an excessive number of policy rules.
Smart Images

Figure CN121786865B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of AI knowledge base technology, and specifically relates to an AI knowledge base that supports RBAC+ABAC permission control method. Background Technology
[0002] In AI knowledge base systems, traditional access control methods primarily rely on role-based access control mechanisms. This involves assigning different roles to users and setting up role access lists for documents to manage permissions. This approach is widely used in enterprise knowledge management, intelligent question-answering systems, and multi-tenant SaaS platforms. However, as knowledge bases expand and permission requirements become more complex, simple role-based control cannot meet the fine-grained access control requirements based on dynamic environmental attributes such as time, geolocation, and device status. Introducing attribute-based access control leads to an exponential increase in the number of policy rules, with many rules exhibiting logical overlap and conflicts. This results in the permission decision process needing to traverse thousands of rules for matching calculations, degrading response latency from milliseconds to seconds. Simultaneously, the maintenance cost of policy sets rises sharply, making it difficult for administrators to predict the interaction between new or modified rules and existing rules, frequently leading to inconsistent permission decision results. In other words, existing technologies present a technical problem where AI knowledge bases cannot simultaneously guarantee the efficiency of permission decisions and the maintainability of policy rules when implementing fine-grained access control. Summary of the Invention
[0003] In view of this, the present invention provides an RBAC+ABAC permission control method for AI knowledge bases, which can solve the technical problem in the prior art that AI knowledge bases cannot simultaneously guarantee the efficiency of permission judgment and the maintainability of policy rules when performing fine-grained permission control.
[0004] This invention is implemented as follows: It provides an AI knowledge base that supports RBAC+ABAC access control to construct a dynamic hypergraph knowledge storage model. Knowledge documents are parsed into document nodes, paragraph nodes, and entity nodes. Many-to-many relationships are established between nodes through hyperedges. Document-level RBAC role identifiers and document-level ABAC attribute tags are embedded in document nodes; paragraph-level RBAC role identifiers and paragraph-level ABAC attribute tags are embedded in paragraph nodes; and entity-level RBAC role identifiers and entity-level ABAC attribute tags are embedded in entity nodes. Upon receiving a user's knowledge access request, the intelligent access control engine performs RBAC role verification and ABAC verification in parallel. AC environment attribute collection; matching the target knowledge node of the knowledge access request with a pre-set sensitive data list; for non-sensitive knowledge nodes, the matching result of RBAC role verification is used as the basis for permission decision; for sensitive knowledge nodes, the trigger permission policy compression model is subjected to ABAC deep analysis. The permission policy compression model identifies logically equivalent rules through cosine similarity calculation and merges them, constructs a gradient boosting decision tree, and uses a Bloom filter to exclude mismatched rules to generate a simplified decision model; the permission policy optimization algorithm based on thermodynamic entropy adjusts the policy parameters through simulated annealing optimization process and outputs the policy configuration with the minimum entropy value to generate the final permission decision.
[0005] The dynamic hypergraph knowledge storage model uses a graph database as the underlying storage engine. Document nodes store document identifiers, document titles, document creation times, and document metadata information. Paragraph nodes store paragraph identifiers, paragraph text content, and paragraph position indexes. Entity nodes store entity identifiers, entity names, and entity type labels. Hyperedges record start node identifiers, end node identifiers, association types, and association strength values.
[0006] The document-level RBAC role identifier includes a list of allowed roles; the document-level ABAC attribute label includes a security classification identifier, an effective time range, and a department identifier; the paragraph-level RBAC role identifier includes a list of allowed roles; the paragraph-level ABAC attribute label includes a security classification identifier, an effective time range, and a department identifier; the entity-level RBAC role identifier includes a list of allowed roles; and the entity-level ABAC attribute label includes a security classification identifier, an effective time range, and a department identifier.
[0007] Among them, the intelligent permission adjudication engine is deployed as an independent microservice. RBAC role verification is achieved by querying whether the user role exists in the allowed access role list of the target knowledge node. ABAC environment attribute collection is completed through a hierarchical attribute caching system. User department attributes are cached locally with a 24-hour expiration time, and IP address attributes are cached at the nearest edge node with a 5-minute expiration time.
[0008] Among them, the ABAC environment attribute collection obtains access time, IP address, device security status and geographical location information. When the user logs in, the background asynchronously prefetches the user's department attribute, user's job attribute and user's permission level attribute and caches them in memory key-value store.
[0009] The pre-defined sensitive data list includes a list of document identifiers classified as confidential or higher, a list of entity identifiers involving core technologies, and a list of paragraph identifiers marked as highly sensitive. The pre-defined sensitive data list is stored using a Bloom filter data structure, with the number of hash functions in the Bloom filter data structure set to 3 and the bit array length set to [missing information]. .
[0010] The permission policy compression model extracts the user attribute dimension, resource attribute dimension, environment attribute dimension, and logical operator type of each rule in the ABAC policy rule set, calculates the cosine similarity between rules, and merges rule pairs with a cosine similarity higher than 0.85 into a single rule after verifying their logical equivalence.
[0011] The permission policy compression model is structured as a multi-level compression architecture based on gradient boosting decision trees. The first layer is the policy rule feature extraction layer, which encodes the user attribute dimension, resource attribute dimension, environment attribute dimension and logical operator type of each ABAC policy rule into a 256-dimensional feature vector. The second layer is the rule similarity calculation layer, the third layer is the rule merging layer, the fourth layer is the decision tree construction layer, and the fifth layer is the Bloom filter construction layer.
[0012] In this process, each leaf node of the gradient boosting decision tree represents a permission decision result. The Bloom filter construction layer combines all possible attributes that may lead to access denial and hashes them into the Bloom filter. The simplified decision model performs logical operations on the matching results of RBAC role verification with the access time, IP address, device security status and geographical location information obtained from ABAC environment attribute collection to generate permission decision results.
[0013] Among them, the permission policy compression model uses a loss balance algorithm based on multi-task uncertainty weighting. It introduces a learnable uncertainty parameter for each of the rule equivalence verification task and the decision result prediction task, models the uncertainty parameter as log-variance, and uses the exponential reciprocal of the uncertainty parameter as the weighting coefficient of the loss of each sub-task in the joint loss function. During training, the gradient updates the model parameters and the uncertainty parameter simultaneously.
[0014] Among them, the permission policy optimization algorithm based on thermodynamic entropy calculates the complexity and conflict degree of each rule in the simplified decision model. The complexity is the product of the number of attribute conditions contained in the rule and the nesting depth of logical operators. The conflict degree is the area of the overlapping region of any two rules in the attribute space. The total entropy value of the policy set is calculated as the sum of the weighted sum of the complexity of all rules and the sum of the weighted sum of the conflict degree of all rules.
[0015] Specifically, when retrieving knowledge nodes using vector retrieval, the RBAC role identifier and ABAC attribute label of document nodes are mapped to 16-dimensional permission encoding vectors, the RBAC role identifier and ABAC attribute label of paragraph nodes are mapped to 16-dimensional permission encoding vectors, the RBAC role identifier and ABAC attribute label of entity nodes are mapped to 16-dimensional permission encoding vectors, and the permission encoding vectors are concatenated with the 768-dimensional semantic vector of the corresponding knowledge node to form a 784-dimensional joint vector.
[0016] The permission-aware vector index structure is constructed using a hierarchical navigable small world graph algorithm. The maximum number of connections in the vector index is set to 16, the dynamic candidate list length is set to 200, and the level parameter is set to 0.5. A modified Euclidean distance metric function is defined during vector retrieval. The standard Euclidean distance is used to calculate the 768-dimensional semantic vector part, and a penalty coefficient is introduced for the 16-dimensional permission encoding vector part.
[0017] The AI generation module generates answer content based on the set of knowledge nodes that the user has the right to access. It attaches a permission context fingerprint to the answer content. The permission context fingerprint records the highest security level, the set of departments to which the user belongs, and the list of required roles for all nodes in the set of knowledge nodes that the user has the right to access. The permission context fingerprint includes a unique session identifier, a generation timestamp, a snapshot of the user's role, a snapshot of the environment attributes, and a summary of the permission attributes of the source knowledge fragment.
[0018] Specifically, the permission reverification gateway extracts the list of required roles from the permission context fingerprint and finds the intersection with the list of authorized roles for the target operation. It then calculates the difference between the environment attribute snapshot in the permission context fingerprint and the current environment attribute. The difference is calculated as a weighted sum of the time difference between the access time in the environment attribute snapshot and the current access time, the geographical location difference of the IP address, and the change in the device security status. The weighting coefficients are set to 0.3, 0.4, and 0.3, respectively. When the difference exceeds 0.3, the secondary propagation operation is rejected and an operation log is generated.
[0019] The operation log records include the hash value of the previous operation log record, the current timestamp, the user identifier, the target knowledge node identifier, the operation type, the environment attribute snapshot, the permission policy identifier, and the hash value of the current operation log record content. The hash value of the current operation log record content of each record is calculated using the SHA-256 algorithm. The hash value of the current operation log record content is concatenated with the hash value of the previous operation log record and then hashed again to form a chain structure.
[0020] This invention constructs a dynamic hypergraph knowledge storage model, embedding RBAC role identifiers and ABAC attribute tags at three granular levels: document, paragraph, and entity. This allows for access control precision down to the knowledge fragment level. An intelligent access control engine uses lightweight RBAC verification for rapid access control of non-sensitive knowledge nodes, while a deep analysis of access control policy compression models triggered by sensitive knowledge nodes is performed. These compression models utilize cosine similarity calculations to identify and merge logically equivalent rules, employing a gradient boosting decision tree to compress the policy rule set into a simplified decision model. A Bloom filter eliminates mismatched rules, reducing the average number of rule matches from thousands to tens. Furthermore, this invention quantifies rule complexity and conflict levels using a thermodynamic entropy-based access control policy optimization algorithm. A simulated annealing process searches for the configuration with the minimum entropy in the policy space, eliminating logical contradictions between rules and simplifying the nested structure of operators. This achieves the most ordered state for the policy set, avoiding performance bottlenecks caused by combinatorial explosion and improving the maintainability of the policy set. In summary, this invention solves the technical problem mentioned in the background art where AI knowledge bases cannot simultaneously guarantee the efficiency of access control decisions and the maintainability of policy rules when performing fine-grained access control. Attached Figure Description
[0021] Figure 1 This is a flowchart of the method of the present invention.
[0022] Figure 2 This is a graph showing the change in the total entropy of the strategy set as a function of the number of iterations.
[0023] Figure 3 A performance comparison chart for permission-aware vector index retrieval.
[0024] Figure 4 This is a distribution map showing the differences in environmental attributes during secondary propagation.
[0025] Figure 5 This is a diagram showing the results of the operation log chain integrity verification. Detailed Implementation
[0026] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below.
[0027] like Figure 1 The diagram shown is a flowchart of an AI knowledge base supporting RBAC+ABAC access control method provided by this invention. This method includes the following steps:
[0028] S01. Construct a dynamic hypergraph knowledge storage model, parse knowledge documents into document nodes, paragraph nodes and entity nodes, establish many-to-many associations between nodes through hyperedges, embed document-level RBAC role identifiers and document-level ABAC attribute tags in document nodes, embed paragraph-level RBAC role identifiers and paragraph-level ABAC attribute tags in paragraph nodes, and embed entity-level RBAC role identifiers and entity-level ABAC attribute tags in entity nodes.
[0029] S02. Receive the knowledge access request initiated by the user. The intelligent permission adjudication engine performs RBAC role verification and ABAC environment attribute collection in parallel. The RBAC role verification matches the user role with the RBAC role identifier of the target knowledge node by querying the user role. The ABAC environment attribute collection obtains access time, IP address, device security status and geographical location information.
[0030] S03. Match the target knowledge node of the knowledge access request with the preset sensitive data list. For non-sensitive knowledge nodes, use the matching result of the RBAC role verification as the basis for permission judgment. For sensitive knowledge nodes, perform ABAC deep analysis on the trigger permission policy compression model.
[0031] S04. The permission policy compression model extracts the user attribute dimension, resource attribute dimension, environment attribute dimension, and logical operator type of each rule in the ABAC policy rule set, calculates the cosine similarity between rules, and merges rule pairs with a cosine similarity higher than 0.85 into a single rule after performing logical equivalence verification. A gradient boosting decision tree is constructed and a Bloom filter is used to exclude mismatched rules, generating a simplified decision model. The simplified decision model performs logical operations on the matching results of the RBAC role verification with the access time, IP address, device security status, and geographical location information obtained from the ABAC environment attribute collection to generate permission judgment results.
[0032] S05. The permission policy optimization algorithm based on thermodynamic entropy calculates the complexity and conflict degree of each rule in the simplified decision model. The complexity is the product of the number of attribute conditions contained in the rule and the nesting depth of logical operators. The conflict degree is the area of the overlapping region of any two rules in the attribute space. The policy parameters are adjusted by simulating the annealing optimization process, and the policy configuration with the minimum entropy value is output. The policy configuration is applied to the permission decision result to generate the final permission decision.
[0033] S06. When recalling knowledge nodes using vector retrieval, the RBAC role identifier and ABAC attribute label of document nodes are mapped to 16-dimensional permission encoding vectors, the RBAC role identifier and ABAC attribute label of paragraph nodes are mapped to 16-dimensional permission encoding vectors, the RBAC role identifier and ABAC attribute label of entity nodes are mapped to 16-dimensional permission encoding vectors, the permission encoding vectors are concatenated with the 768-dimensional semantic vector of the corresponding knowledge node to form a 784-dimensional joint vector, a permission-aware vector index structure is constructed, the recalled knowledge nodes are filtered for permissions according to the final permission decision, and the set of knowledge nodes that the user is allowed to access is output.
[0034] S07. The AI generation module generates answer content based on the set of knowledge nodes that the user has the right to access. An access permission context fingerprint is attached to the answer content. This fingerprint records the highest security level, department set, and required role list of all nodes in the set of knowledge nodes that the user has the right to access. When the user performs secondary propagation of the answer content, the access permission re-verification gateway extracts the intersection between the required role list in the access permission context fingerprint and the authorized role list of the target operation. It then calculates the difference between the environmental attribute snapshot in the access permission context fingerprint and the current environmental attribute. If the difference exceeds 0.3, the secondary propagation operation is rejected, and an operation log is generated. The operation log includes the hash value of the previous operation log, the current timestamp, the user identifier, the target knowledge node identifier, the operation type, the environmental attribute snapshot, the access permission policy identifier, and the hash value of the current operation log content.
[0035] The dynamic hypergraph knowledge storage model uses a graph database as its underlying storage engine. Document nodes store document identifiers, document titles, document creation times, and document metadata. Paragraph nodes store paragraph identifiers, paragraph text content, and paragraph position indexes. Entity nodes store entity identifiers, entity names, and entity type labels. Hyperedges record start node identifiers, end node identifiers, association types, and association strength values. Document-level RBAC role identifiers include a list of allowed roles. Document-level ABAC attribute labels include security classification identifiers, effective time ranges, and department identifiers. Paragraph-level RBAC role identifiers include a list of allowed roles. Paragraph-level ABAC attribute labels include security classification identifiers, effective time ranges, and department identifiers. Entity-level RBAC role identifiers include a list of allowed roles. Entity-level ABAC attribute labels include security classification identifiers, effective time ranges, and department identifiers.
[0036] The intelligent permission adjudication engine is deployed as an independent microservice. The RBAC role verification is achieved by querying whether the user role exists in the allowed access role list of the target knowledge node. The ABAC environment attribute collection is completed through a hierarchical attribute caching system. The user department attribute is cached locally with a 24-hour expiration time, and the IP address attribute is cached at the nearest edge node with a 5-minute expiration time. When the user logs in, the background asynchronously prefetches the user department attribute, user position attribute, and user permission level attribute and caches them in the memory key-value store.
[0037] The pre-set sensitive data list includes a list of document identifiers classified as confidential or higher, a list of entity identifiers involving core technologies, and a list of paragraph identifiers marked as highly sensitive. The pre-set sensitive data list is stored using a Bloom filter data structure, with the number of hash functions in the Bloom filter data structure set to 3 and the bit array length set to... When the target knowledge node identifier of the knowledge access request is matched in the Bloom filter data structure, it is determined to be a sensitive knowledge node; otherwise, it is determined to be a non-sensitive knowledge node.
[0038] The permission policy compression model is structured as a multi-level compression architecture based on a gradient boosting decision tree. The first layer is the policy rule feature extraction layer, which encodes the user attribute dimension, resource attribute dimension, environment attribute dimension, and logical operator type of each ABAC policy rule into a 256-dimensional feature vector. The second layer is the rule similarity calculation layer, which uses cosine similarity to measure the equivalence between rules. The third layer is the rule merging layer, which merges rule pairs with a cosine similarity higher than 0.85 into a single rule after confirming their functional equivalence through exhaustive search of truth tables. The fourth layer is the decision tree construction layer, which constructs a gradient boosting decision tree using the merged rule set as training samples. Each leaf node of the gradient boosting decision tree represents a permission decision result. The fifth layer is the Bloom filter construction layer, which hashes and maps all attributes that may lead to access denial into the Bloom filter. The steps for establishing the training dataset for the permission policy compression model include collecting all rules from the historical ABAC policy rule base, labeling each rule with its involved attribute dimensions and logical operators, generating 10 million simulated access requests and their corresponding permission decision results as positive and negative samples, performing Cartesian product matching between the rule set and the simulated access requests to obtain a rule hit matrix, labeling the rule set hit for each simulated access request and the final decision, and dividing the training set and validation set in an 8:2 ratio. The training steps for the permission policy compression model include initializing the gradient boosting decision tree with a learning rate of 0.1, a maximum tree depth of 8, and a minimum number of samples per leaf node of 50; using a logarithmic loss function to measure the model's prediction error on the training set; constructing decision trees one by one using a greedy algorithm; fitting the residual of the previous model to each decision tree; evaluating the model's accuracy and recall on the validation set after 500 iterations; selecting the model version with the best performance on the validation set as the final compressed model; and using a loss balancing algorithm based on multi-task uncertainty weighting to automatically balance the loss contributions of different tasks during multi-task learning by learning the uncertainty parameters of the tasks.
[0039] The loss balance algorithm based on multi-task uncertainty weighting introduces a learnable uncertainty parameter for both the rule equivalence verification task and the decision prediction task. The uncertainty parameter is modeled as a log-variance form. In the joint loss function, the inverse exponent of the uncertainty parameter is used as the weighting coefficient for the loss of each sub-task. At the same time, a regularization term for the uncertainty parameter is added to the joint loss function. During training, the gradient updates both the model parameters and the uncertainty parameter, so that tasks with high uncertainty automatically receive lower weights and tasks with low uncertainty receive higher weights. The loss balance algorithm based on multi-task uncertainty weighting introduces two sub-tasks into the permission policy compression model: a rule equivalence verification task and a decision prediction task. The rule equivalence verification task focuses on inferring the logical relationships between rules, while the decision prediction task focuses on the accuracy of the final permission decision. The uncertainty parameters of the two sub-tasks differ significantly in the early stages of training. The rule equivalence verification task exhibits higher uncertainty due to its involvement in symbolic reasoning. The loss balance algorithm based on multi-task uncertainty weighting automatically reduces the weight of the rule equivalence verification task to avoid misleading the overall optimization direction. As training progresses, the uncertainty of the rule equivalence verification task gradually decreases, and the weight increases accordingly. Ultimately, the permission policy compression model effectively learns the implication relationships between rules while ensuring decision accuracy, achieving deep compression of the policy set without sacrificing functional integrity. Compared to a fixed-weight multi-task learning scheme, the loss balance algorithm based on multi-task uncertainty weighting improves the convergence speed of the permission policy compression model and reduces the redundancy of the compressed policy set. The uncertainty parameter of the rule equivalence verification task gradually converges from 2.5 in the early training stage to 0.8, and the uncertainty parameter of the decision prediction task gradually converges from 1.2 in the early training stage to 0.6. The weight ratio of the two sub-tasks is dynamically adjusted from 1:3 in the early stage to 1:1 in the final stage. This allows the compressed policy set to maintain functional equivalence with the original policy set while reducing the number of rules and eliminating logical conflicts between rules. The computation path of the permission adjudication engine when performing rule matching is simplified, avoiding the combinatorial explosion problem caused by too many policy rules. The overall permission decision response time is shortened and the consistency of the decision results is enhanced.
[0040] The permission policy optimization algorithm based on thermodynamic entropy defines the complexity of each rule in the permission policy set as the product of the number of attribute conditions contained in the rule and the nesting depth of logical operators. The conflict degree between rules is defined as the area of the overlapping region between any two rules in the attribute space. The total entropy value of the policy set is calculated as the weighted sum of the complexity of all rules and the weighted sum of the conflict degrees of all rules. The weight coefficients are obtained by regression from historical policy maintenance cost data. The optimization process uses a simulated annealing framework with an initial temperature of 100. In each iteration, a rule is randomly selected for perturbation. The perturbation operation includes deleting redundant attribute conditions, merging logical operators, and splitting composite rules into multiple simple rules. After perturbation, the total entropy value of the policy set is recalculated. If the entropy value decreases, the perturbation is accepted; if the entropy value increases, the perturbation is accepted with probability. The probability is a natural exponential function with a negative entropy increment divided by the current temperature as the exponent. Every 100 iterations, the temperature is multiplied by a decay factor of 0.95. Optimization terminates when the temperature is below 1 or when there is no decrease in entropy value for 50 consecutive iterations. The current policy set is output as the optimization result.
[0041] The thermodynamic entropy-based permission policy optimization algorithm provides a systematic solution from a thermodynamic perspective to the ABAC policy rule explosion problem. Traditional rule merging methods rely on manually defined heuristic rules, making it difficult to find the globally optimal configuration while ensuring functional equivalence. The thermodynamic entropy-based algorithm quantifies the disorder of the policy set as the objective function for optimization. Through a simulated annealing random search mechanism, it effectively escapes the trap of local optima, exploring the configuration with the minimum entropy value (i.e., the most ordered) in the policy space. This configuration corresponds to the state with the least redundancy and the lowest conflict in the rule set. The optimized policy set not only significantly reduces the number of rules, but more importantly, the logical relationships between rules are clearer, eliminating contradictory configurations that previously led to inconsistent permission decisions. This makes the computational path of the intelligent permission adjudication engine more concise when performing rule matching, avoiding the performance bottleneck caused by combinatorial explosion. Simultaneously, the maintainability of the policy set is greatly improved, allowing administrators to quickly locate potential conflict points when adding or modifying rules. The stability and reliability of the entire permission control system are fundamentally enhanced. The permission policy optimization algorithm based on thermodynamic entropy introduces a temperature parameter to control the search step size. In the early stage of optimization, under high temperature conditions, it allows for a large range of policy adjustments to escape local optima. As the temperature gradually decreases, the search step size decreases accordingly, allowing the optimization process to gradually converge to the globally optimal policy configuration. Compared with the traditional greedy search algorithm, the permission policy optimization algorithm based on thermodynamic entropy exhibits stronger global search capabilities when facing high-dimensional policy spaces, avoiding suboptimal solutions caused by premature convergence.
[0042] The permission-aware vector index structure construction steps include mapping the list of allowed roles in the RBAC role identifier of each knowledge node and the security classification identifier in the ABAC attribute label to a 16-dimensional permission encoding vector. One-hot encoding is used to represent role existence, and ordinal encoding is used to represent security level. The permission encoding vector is concatenated with the 768-dimensional semantic vector of the knowledge node to form a 784-dimensional joint vector. A hierarchical navigable small world graph algorithm is used to construct the vector index. The maximum number of connections in the vector index is set to 16, the dynamic candidate list length is set to 200, and the level parameter is set to 0.5. A modified Euclidean distance metric function is defined during vector retrieval. The modified Euclidean distance metric function uses standard Euclidean distance to calculate the 768-dimensional semantic vector part and introduces a penalty coefficient for the 16-dimensional permission encoding vector part. When the permission encoding vector of the querying user does not match the permission encoding vector of the candidate knowledge node, the distance value of the candidate knowledge node is multiplied by a penalty coefficient of 10, so that the candidate knowledge node with mismatched permissions is automatically moved to the back in the similarity ranking.
[0043] The permission context fingerprint includes a unique session identifier, a generation timestamp, a user role snapshot, an environment attribute snapshot, and a source knowledge fragment permission attribute digest. The source knowledge fragment permission attribute digest records the highest security level, department set, and required role list of all knowledge nodes referenced in the generated answer content. The permission context fingerprint is encoded with a 256-bit hash value and appended to the metadata field of the answer content. The permission re-verification gateway parses the metadata field of the answer content to extract the permission context fingerprint. It then finds the intersection of the required role list in the permission context fingerprint with the authorized role list of the target operation. Finally, it calculates the difference between the environment attribute snapshot in the permission context fingerprint and the current environment attribute. The difference is calculated as a weighted sum of the time difference between the access time in the environment attribute snapshot and the current access time, the geographical location difference of the IP address, and the change in device security status, with weighting coefficients set to 0.3, 0.4, and 0.3, respectively.
[0044] The hash value of the current operation log record content of each record in the operation log is calculated using the SHA-256 algorithm. The hash value of the current operation log record content is concatenated with the hash value of the previous operation log record and hashed again to form a chain structure. The operation log record is written to the distributed ledger storage system immediately after it is generated. The distributed ledger storage system adopts multi-replica redundant storage and ensures consistency through a consensus algorithm. Any tampering with any operation log record will cause the hash value verification of all subsequent operation log records to fail. The system periodically performs an operation log record chain integrity check, verifying the continuity of the hash chain one by one starting from the genesis log.
[0045] Optionally, the present invention also provides a method for forming an AI knowledge base access control system by means of a computer, wherein the computer is provided with a readable storage medium, the readable storage medium stores program instructions, and the program instructions execute the above-described method when running in the computer.
[0046] The specific implementation methods of the above steps are described in detail below.
[0047] The specific implementation of step S01 involves first performing document parsing on the knowledge document. Natural language processing (NLP) technology is used to segment the knowledge document into three levels of content units: document-level, paragraph-level, and entity-level. Document-level content units retain complete document structure information. Paragraph-level content units extract each paragraph from the document and record its position index within the document. Entity-level content units extract entity information such as names of people, places, organizations, and terms from the document using named entity recognition algorithms. Subsequently, document nodes, paragraph nodes, and entity nodes are created in a graph database. Document nodes are assigned unique document identifiers and their titles, creation times, and metadata are stored. Paragraph nodes are assigned unique paragraph identifiers and their text content and position index are stored. Entity nodes are assigned unique entity identifiers and their names and type labels are stored. Many-to-many relationships are established between nodes through hyperedges. The hyperedge records the starting node identifier, ending node identifier, association type, and association strength value. The association strength value is obtained by calculating the semantic similarity and co-occurrence frequency between nodes. Document-level RBAC role identifiers and document-level ABAC attribute tags are embedded in document nodes. The document-level RBAC role identifier includes a list of allowed roles, and the document-level ABAC attribute tags include a security classification identifier, an effective time range, and a department identifier. Paragraph-level RBAC role identifiers and paragraph-level ABAC attribute tags are embedded in paragraph nodes, and entity-level RBAC role identifiers and entity-level ABAC attribute tags are embedded in entity nodes. The embedding process of the permission metadata is achieved by directly writing permission attributes as attribute fields of nodes into the graph database. The purpose of constructing the dynamic hypergraph knowledge storage model is to achieve deep integration of knowledge representation and permission control, so that permission control can be accurately implemented down to the knowledge fragment level.
[0048] The specific implementation of step S02 is as follows: When a user initiates a knowledge access request through a client, the intelligent permission adjudication engine receives the knowledge access request and extracts the target knowledge node identifier and user identity information from the knowledge access request. The intelligent permission adjudication engine simultaneously starts the RBAC role verification thread and the ABAC environment attribute acquisition thread. The RBAC role verification thread extracts the user role from the user identity information, queries the graph database for the RBAC role identifier of the target knowledge node to obtain the list of allowed access roles, and determines whether the user role exists in the list of allowed access roles. If it exists, the RBAC role verification thread outputs a successful matching verification result; otherwise, it outputs a failed matching verification result. The ABAC environment attribute acquisition thread extracts the IP address from the network layer of the knowledge access request, obtains the access time from the system clock, and obtains the device from the device fingerprint database. In the security status, geographic location information is queried from the IP address geographic location database. The ABAC environment attribute collection process adopts a hierarchical attribute caching system to optimize performance. User department attributes are cached locally with a 24-hour expiration time, while IP address attributes are cached at edge nodes with a 5-minute expiration time. The design principle of the hierarchical attribute caching system is to allocate different caching strategies according to the change frequency and real-time requirements of the attributes. Attributes with low change frequency use a longer caching time to reduce database query overhead, while attributes with high real-time requirements use a shorter caching time to ensure data freshness. When a user logs in, the intelligent permission adjudication engine asynchronously prefetches the user's department attributes, position attributes, and permission level attributes in the background and caches them in the memory key-value store. The purpose of the parallel execution mechanism is to improve the efficiency of permission adjudication and avoid response delays caused by serial verification.
[0049] The specific implementation of step S03 is that the intelligent permission adjudication engine inputs the target knowledge node identifier of the knowledge access request into a preset sensitive data list for querying. The preset sensitive data list uses a Bloom filter data structure to store a list of document identifiers with a confidentiality level of Confidential or higher, a list of entity identifiers involving core technologies, and a list of paragraph identifiers marked as highly sensitive. The number of hash functions in the Bloom filter is set to 3, and the length of the bit array is set to... The query process maps the target knowledge node identifier to three bit array indices using three hash functions. It checks whether all positions corresponding to the three bit array indices are 1. If all are 1, it is determined to be a sensitive knowledge node and triggers the permission policy compression model to perform ABAC deep analysis. If any position is 0, it is determined to be a non-sensitive knowledge node and the matching result of RBAC role verification in step S02 is used as the basis for permission judgment. The selection principle of the Bloom filter data structure is that it has constant time complexity query performance and low memory overhead, making it suitable for fast membership testing of large-scale datasets. Although the Bloom filter has a false positive probability, it does not have a false negative probability. That is, it may misclassify non-sensitive nodes as sensitive nodes but will not misclassify sensitive nodes as non-sensitive nodes. The false positive probability is controlled below 1% by reasonably setting the number of hash functions and the length of the bit array. The purpose of the sensitivity judgment mechanism is to achieve a dynamic balance between the efficiency and security of permission control. Fast RBAC verification is used for non-sensitive knowledge to improve the system response speed, and strict ABAC analysis is used for sensitive knowledge to ensure data security.
[0050] The specific implementation of step S04 is as follows: After receiving the trigger signal, the permission policy compression model loads all ABAC policy rules from the policy rule base. The policy rule feature extraction layer traverses each ABAC policy rule to extract the user attribute dimension, resource attribute dimension, environment attribute dimension, and logical operator type. The user attribute dimension is encoded into a 64-dimensional vector, the resource attribute dimension is encoded into a 64-dimensional vector, the environment attribute dimension is encoded into a 64-dimensional vector, and the logical operator type is encoded into a 64-dimensional vector. These are then concatenated to form a 256-dimensional feature vector. Rule similarity is then calculated. The layer calculates the cosine similarity of each pair of feature vectors for all rules. The cosine similarity is calculated as the cosine of the angle between two vectors, ranging from 0 to 1. A cosine similarity closer to 1 indicates greater similarity between the two rules. The rule merging layer filters rule pairs with a cosine similarity higher than 0.85 and performs logical equivalence verification on these pairs. Logical equivalence verification uses a truth table exhaustive method, enumerating all possible attribute value combinations and calculating the decision results for each rule. If the decision results for both rules are completely identical under all attribute value combinations, they are considered functionally equivalent, and the functionally equivalent rule pairs are merged. For a single rule, the decision tree construction layer uses the merged rule set as training samples to construct a gradient boosting decision tree. The learning rate of the gradient boosting decision tree is set to 0.1, the maximum tree depth is set to 8, and the minimum number of samples per leaf node is set to 50. The training process of the gradient boosting decision tree adopts an additive model and a forward stepwise algorithm. Each decision tree fits the residual of the previous model. After 500 iterations, the final model is output. The Bloom filter construction layer combines and hashes all attributes that may lead to access denial into the Bloom filter. The permission policy compression model inputs the matching result of RBAC role verification in step S02 and the access time, IP address, device security status, and geographical location information obtained from ABAC environment attribute collection into the gradient boosting decision tree. The decision tree recursively judges from the root node according to the input attributes, traversing down the branches that meet the conditions until reaching the leaf node. The value of the leaf node is the permission decision result. The purpose of the permission policy compression is to solve the combinatorial explosion problem caused by the exponential growth of the number of ABAC policy rules. By merging rules and compressing decision trees, the original policy set is transformed into an equivalent simplified decision model, which significantly reduces the computational complexity of permission adjudication.
[0051] The specific implementation of step S05 is as follows: The permission policy optimization algorithm based on thermodynamic entropy receives the simplified decision model output from step S04, traverses each rule in the simplified decision model, and calculates the complexity of the rule. The complexity of a rule is defined as the product of the number of attribute conditions contained in the rule and the nesting depth of logical operators. The number of attribute conditions is obtained by counting the number of different attributes involved in the rule, and the nesting depth of logical operators is obtained by the height of the abstract syntax tree computation tree of the parsed rule. It traverses all rule pairs in the simplified decision model and calculates the conflict degree between rules. The conflict degree between rules is defined as the area of the overlapping region of any two rules in the attribute space. The area of the overlapping region is obtained by calculating the intersection volume of the attribute condition constraint ranges of the two rules. The total entropy value of the policy set is calculated as the sum of the weighted sum of the complexity of all rules and the weighted sum of the conflict degree of all rule pairs. The weight coefficients are obtained by linear regression of historical policy maintenance cost data. The temperature parameter of the simulated annealing algorithm is initialized to 100. In each iteration, a rule is randomly selected from the simplified decision model, and the perturbation operation type is randomly selected. The perturbation operation type includes deleting redundancy. The residual attribute condition, merging logic operator, and splitting compound rule are converted into multiple simple rules. After the perturbation operation is performed, the total entropy value of the strategy set is recalculated. If the new entropy value is less than the old entropy value, the perturbation is accepted. If the new entropy value is greater than the old entropy value, the perturbation is accepted with probability. The probability calculation is a natural exponential function with the negative entropy increment divided by the current temperature as the exponent. Every 100 iterations, the temperature is multiplied by a decay factor of 0.95. The design principle of temperature decay is to simulate the gradual cooling process of materials during physical annealing. At high temperatures, the system has greater energy and allows for larger state jumps. At low temperatures, the system energy decreases and the state change tends to stabilize. When the temperature is below 1 or no entropy decrease occurs for 50 consecutive iterations, the optimization loop is terminated, and the current strategy set is output as the optimization result. The optimization result is applied to the permission decision result output in step S04 to generate the final permission decision. The purpose of the permission strategy optimization algorithm based on thermodynamic entropy is to find the strategy configuration with the minimum entropy value while ensuring the equivalence of strategy functions. The minimum entropy value corresponds to the state with the least redundancy and the lowest conflict in the rule set, eliminating contradictory configurations with inconsistent permission decisions.
[0052] The specific implementation of step S06 is as follows: The vector retrieval module receives the query text input by the user, encodes the query text into a 768-dimensional query semantic vector using a pre-trained language model, extracts the user role and user permission level from the user identity information, maps the user role and user permission level into a 16-dimensional query permission encoding vector, and concatenates the query semantic vector and the query permission encoding vector to form a 784-dimensional query joint vector. It then retrieves the knowledge node most similar to the query joint vector from the permission-aware vector index structure. The permission-aware vector index structure is constructed using a hierarchical navigable small-world graph algorithm. The principle of the small-world graph algorithm is to achieve efficient approximate nearest neighbor search by constructing a multi-layered graph structure. The top-level graph has fewer nodes but larger connection spans between nodes for quickly locating the target region, while the bottom-level graph has more nodes but smaller connection spans between nodes for precise search. The retrieval process starts from the top-level graph and searches downwards layer by layer until it reaches the bottom-level graph. Each layer of the search uses a greedy strategy to select the nearest neighbor node to the query vector. The maximum number of connections in the vector index is set to 16 to control the out-degree of each node. The dynamic candidate list length is set to 200 to control the number of candidate nodes maintained during the search process. The level parameter is set to 0.5 to control the number of layers and nodes in the graph. Regarding the quantity relationship, the retrieval process defines a modified Euclidean distance metric function. This modified Euclidean distance metric function uses standard Euclidean distance calculation for the 768-dimensional semantic vector portion and introduces a penalty coefficient for the 16-dimensional permission encoding vector portion. When the permission encoding vector of the querying user does not match the permission encoding vector of a candidate knowledge node, the distance value of the candidate knowledge node is multiplied by a penalty coefficient of 10. The condition for permission mismatch is that the allowed access role list in the RBAC role identifier of the candidate knowledge node does not contain the querying user's user role. This modified Euclidean distance metric function ensures that candidate knowledge nodes with permission mismatches are excluded from the search results. Nodes are automatically shifted to the right in the similarity ranking. The retrieval module outputs the top 100 knowledge nodes with the highest similarity as the recall results. The permission filtering module receives the recall results and the final permission decision output in step S05, traverses each knowledge node in the recall results, and determines whether the RBAC role identifier and ABAC attribute label of the knowledge node meet the requirements of the final permission decision. Knowledge nodes that do not meet the requirements are filtered out, and the set of knowledge nodes that the user is allowed to access is output. The purpose of the permission-aware vector index structure is to realize the integration of vector retrieval and permission filtering, and avoid a large amount of invalid calculation caused by recalling first and then filtering.
[0053] The specific implementation of step S07 is as follows: The AI generation module receives the set of knowledge nodes that the user is authorized to access, output from step S06. It extracts the paragraph text content of the knowledge nodes from the set and uses retrieval-enhanced generation technology to input the paragraph text content as context into the large language model. The large language model generates answer content based on the user's query text and context. The permission fingerprint generation module traverses the set of knowledge nodes, extracting the security classification identifier, department identifier, and allowed access role list from the ABAC attribute tags of each knowledge node. It calculates the highest security level of all nodes in the set as the maximum value of the security classification identifier, merges the department identifiers of all nodes to form a department set, merges the allowed access role lists of all nodes to form a required role list, generates a session unique identifier and a generation timestamp, and encapsulates the session unique identifier, generation timestamp, user role, access time, IP address, device security status, geographical location information, highest security level, department set, and required role list into a permission context fingerprint. The permission context fingerprint is then hashed using the SHA-256 algorithm. A 256-bit hash value is calculated and appended to the metadata field of the answer content. When a user performs a secondary propagation operation on the answer content through a client, the permission re-verification gateway intercepts the secondary propagation operation, parses the metadata field of the answer content to extract the 256-bit hash value, and uses the 256-bit hash value to reverse-look up the permission context fingerprint. A list of required roles is extracted from the permission context fingerprint, and a list of authorized roles is obtained from the target environment of the secondary propagation operation. The intersection of the required role list and the authorized role list is calculated. If the intersection is empty, the secondary propagation operation is rejected. Access time, IP address, and device security status are extracted from the permission context fingerprint as an environment attribute snapshot. The current access time, current IP address, and current device security status are obtained. The time difference between the current access time and the current access time are calculated, the geographical location difference between the current IP address and the current IP address is calculated, and the change in device security status between the current device security status and the current device security status is calculated. The time difference, geographical location difference, and change in device security status are multiplied by weight coefficients of 0.3, 0.4, and 0.3 respectively, and then summed to obtain the difference degree. If the difference degree exceeds 0...Three operations are rejected for secondary propagation, and an operation log is generated. This operation log includes the hash value of the previous operation log, the current timestamp, user identifier, target knowledge node identifier, operation type, environment attribute snapshot, permission policy identifier, and the hash value of the current operation log content. The SHA-256 algorithm is used to calculate the hash value of the operation log content. The hash value of the current operation log content is concatenated with the hash value of the previous operation log, and then the SHA-256 algorithm is used again to calculate the hash value, forming a chain structure. This operation log is then written to a distributed ledger storage system, which uses triple-replica redundant storage. The purpose of this end-to-end security enhancement and auditing mechanism is to prevent the leakage of permissions during the secondary propagation of high-secret information generated by AI. Permission context fingerprinting is used to track the permission attributes of the generated content, and the hash chain structure ensures the immutability of the operation log.
[0054] It should be noted that one of the key technical ideas of this invention is the deep integration of the dynamic hypergraph knowledge storage model and permission metadata. Traditional knowledge base systems manage knowledge content and permission tags as independent modules. Permission control can only be applied at the overall document level and cannot be applied down to the paragraph or entity level. This results in coarse-grained permission control, which may lead to information leakage risks, or overly strict permission filtering that may hinder knowledge acquisition. This invention embeds RBAC role identifiers and ABAC attribute tags as metadata into document nodes, paragraph nodes, and entity nodes during the knowledge parsing stage. This makes permission attributes an endogenous component of the knowledge graph rather than an external module. In the vector retrieval and permission filtering stages, knowledge retrieval and permission verification are processed in parallel, avoiding the inefficient mode of first retrieving all knowledge and then filtering it one by one. The permission-aware vector index structure, through joint vector encoding and modified distance metric functions, automatically penalizes and excludes knowledge nodes with mismatched permissions in similarity calculation. This fundamentally eliminates the architectural defects of the separation between knowledge representation and permission control, and achieves the organic unity of fine-grained permission control and efficient knowledge retrieval.
[0055] The second key technical idea of this invention is the synergistic application of a permission policy compression model and a thermodynamic entropy-based optimization algorithm. The ABAC model faces a combinatorial explosion problem as the number of policy rules increases exponentially with the increase in attribute dimensions. A single permission decision requires traversing millions of rules, leading to unacceptable response delays. Traditional rule simplification methods, relying on manually defined heuristic rules, struggle to guarantee functional equivalence and global optimality. This invention, through a permission policy compression model, first merges logically equivalent rules based on cosine similarity and truth table exhaustive search. Then, it uses a gradient boosting decision tree to compress the rule set into a tree-like decision structure. The hierarchical judgment mechanism of the decision tree transforms linear scanning into a logarithmic tree search. Subsequently, a thermodynamic entropy-based optimization algorithm quantifies the disorder of the policy set from a systems theory perspective. Through simulated annealing, a global search mechanism finds the policy configuration with the minimum entropy value while ensuring functional equivalence, eliminating logical conflicts and redundant conditions between rules. The synergistic effect of the two algorithms makes the policy set smaller while the logical relationships become clearer, significantly simplifying the computational path of permission decisions and ensuring the consistency of the judgment results.
[0056] The third key technical concept of this invention is a full-link auditing mechanism based on permission context fingerprints and operation log chains. Traditional auditing systems only record user access behavior and fail to track the permission flow of AI-generated content during secondary dissemination. When AI-generated answers are shared by users via APIs or used to create new documents, the system cannot re-verify the permissions for this dissemination behavior, leading to the security risk of high-secret information being leaked through low-permission channels. This invention adds permission context fingerprints when AI generates answers, binding the permission attribute summary of the source knowledge fragment on which the generated content is based and the session context identifier as indivisible metadata to the answer. The permission re-verification gateway parses the fingerprints during secondary dissemination to perform role matching and environmental difference calculation, realizing full lifecycle tracking of the permission attributes of generated content. The operation log chain constructs a linked chain structure using the SHA-256 hash algorithm. Any tampering with the logs will cause the hash value verification of all subsequent logs to fail. Combined with the multi-replica redundant storage of distributed ledgers and consensus algorithms, the integrity and non-repudiation of audit records are guaranteed, providing a reliable data foundation for accurate tracing of security incidents and determination of responsibility.
[0057] The synergistic effect of the three key technical approaches described above constitutes the complete technical system of this invention. The dynamic hypergraph knowledge storage model provides fine-grained objects for access control, enabling access decisions to be precise down to the paragraph and entity levels. The access policy compression model and thermodynamic entropy optimization algorithm provide algorithmic support for efficient decision-making, transforming the original decision-making process, which required traversing millions of rules, into a logarithmic complexity tree search and entropy minimization strategy configuration. The access context fingerprint and operation log chain provide end-to-end tracing capabilities for security management, filling the gap in traditional auditing systems' supervision of the secondary dissemination of AI-generated content. The combined effect of these three technologies enables this invention to achieve dynamic access decisions for employee role documents across multiple dimensions and contextual changes while ensuring efficient retrieval performance. This effectively addresses the unique security challenges of AI knowledge base management systems. Compared to existing solutions that simply overlay RBAC and ABAC models, this invention achieves a comprehensive improvement in the efficiency, granularity, dynamism, and auditability of access control through architectural innovation, algorithm optimization, and mechanism improvement. It provides a systematic solution for deploying AI knowledge bases in high-security scenarios such as confidential units.
[0058] It should be noted that this invention also solves the following technical problem: In existing AI knowledge base permission control systems, when a user re-propagates generated answer content, the system cannot track changes in the permission attributes of the original knowledge nodes upon which the answer content depends. This results in knowledge content that has become invalid or whose access has been revoked still being propagated through answer copies, causing a failure in permission control. This invention generates the highest security level, department set, and required role list of all knowledge nodes referenced by the answer by attaching permission context fingerprint records to the answer content. When a user performs a secondary propagation operation, the permission re-verification gateway extracts the required role list from the permission context fingerprint and calculates the intersection with the authorized role list of the target operation. It then calculates the difference between the environmental attribute snapshot in the permission context fingerprint and the current environmental attributes. When the difference exceeds a threshold, the secondary propagation operation is rejected. This extends permission control from a single access to a knowledge node to the entire lifecycle propagation process of the answer content, solving the problem of permission control failure caused by secondary propagation of answers.
[0059] Furthermore, this invention addresses the technical problem of low retrieval efficiency caused by the independent operation of permission filtering and semantic similarity calculation in large-scale knowledge base vector retrieval scenarios. Traditional methods first recall candidate knowledge nodes based on semantic vectors and then verify permissions one by one, requiring invalid similarity calculations for a large number of nodes without access rights. This invention maps the RBAC role identifier and ABAC attribute label of knowledge nodes into permission-encoded vectors, concatenates them with semantic vectors to form a joint vector, and constructs a permission-aware vector index structure. During vector retrieval, a modified Euclidean distance metric function is defined to introduce a penalty coefficient for candidate nodes with mismatched permissions, causing nodes with mismatched permissions to automatically move to the back in the similarity ranking. By integrating permission filtering into the distance calculation process of vector retrieval, the computational overhead of post-permission verification is avoided, thus solving the efficiency problem caused by the separation of permission filtering and semantic retrieval.
[0060] Specifically, the principle of this invention is as follows: The invention solves this technical problem by decoupling the granularity of access control from the knowledge structure. Through a hypergraph model, access identifiers are independently embedded at different semantic levels, allowing access decisions to dynamically select the verification depth based on the sensitivity of the access target. For non-sensitive knowledge access requests that account for more than 80%, only a lightweight operation of role list matching is needed to complete the decision. For sensitive knowledge nodes, the access policy compression model uses feature vector encoding to uniformly map the multi-dimensional attributes of policy rules to a high-dimensional space. Cosine similarity is used to measure the functional equivalence between rules. This geometric distance-based similarity determination method can effectively identify rule pairs that, although different in expression, have completely identical logical functions. Exhaustive enumeration using a truth table... After verification, the rules are merged into a single rule, thereby significantly reducing the number of rules without changing the overall functionality of the policy set. The gradient boosting decision tree transforms the remaining rule set into a tree-shaped decision path, and each decision only needs to traverse the tree without traversing all rules. The Bloom filter quickly eliminates obviously mismatched rule branches through hash mapping, further shortening the decision path. The optimization algorithm based on thermodynamic entropy quantifies the disorder of the policy set into a computable objective function. By using the random search mechanism of simulated annealing, it escapes the local optimum trap and finds the configuration with the minimum rule complexity and conflict degree from a global perspective. This allows the policy set to achieve the simplest structural state while maintaining functional integrity, thus essentially solving the contradiction between the decrease in decision efficiency and the difficulty of policy maintenance caused by fine-grained access control.
[0061] The following provides a specific embodiment 1 of the present invention. The specific implementation of steps S01 and S02 in this embodiment 1 is the same as that described above, and will not be repeated in detail here. The specific implementation of other steps is described in detail below.
[0062] In the specific implementation of step S03, the query determination of the Bloom filter data structure is based on a multi-hash function mapping mechanism to identify the target knowledge node. Passed through 3 hash functions in sequence , , Mapping to bit array The formula for determining the different positions is as follows:
[0063] ;
[0064] In the formula, The result of the sensitivity determination is either 0 or 1, where 1 represents a sensitive knowledge node and 0 represents a non-sensitive knowledge node. For length is A bit array, where each element takes the value 0 or 1; , , Three independent hash functions; Identify the target knowledge node; It is the modulo operator; This is a function that takes the minimum value. When... When the value is 1, the permission policy compression model is triggered for in-depth ABAC analysis. When the value is 0, the matching result of RBAC role verification is used as the basis for permission determination.
[0065] In the specific implementation of step S04, the permission policy compression model first extracts the feature dimensions of each rule in the ABAC policy rule set and calculates the cosine similarity between rules, as expressed in the following formula:
[0066] ;
[0067] In the formula, For rules With rules The cosine similarity between them ranges from 0 to 1; For rules The 3D eigenvalues; For rules The 3D eigenvalues; This is the feature dimension index, with values ranging from 1 to 256; The index of the first rule; This is the index for the second rule. When At that time, rules are merged into a single rule after logical equivalence verification. The permission decision result generated by the simplified decision model is obtained through logical operations, as expressed in the following formula:
[0068] ;
[0069] In the formula, This is the permission judgment result, and its value can be 0 or 1, where 1 indicates that access is allowed and 0 indicates that access is denied. The decision function for gradient boosting decision trees; The matching result for RBAC role verification, with a value of 0 or 1; Access time, in seconds; This is an IP address string; The equipment safety status is scored, with a value ranging from 0 to 100. This is a string containing geographic location information.
[0070] In the specific implementation of step S05, the permission policy optimization algorithm based on thermodynamic entropy calculates the complexity and conflict degree of each rule in the simplified decision model. The complexity formula is expressed as follows:
[0071] ;
[0072] In the formula, For the first The complexity of the rules; For the first The number of attribute conditions contained in a rule; For the first The nesting depth of logical operators in each rule. The conflict degree formula is expressed as follows:
[0073] ;
[0074] In the formula, For rules With rules The degree of conflict between them; For rules With rules The volume of the overlapping region in the attribute space; For rules The volume of the covered region in the attribute space; For rules The volume of the covered region in the attribute space. The formula for calculating the total entropy of the strategy set is as follows:
[0075] ;
[0076] In the formula, The total entropy value of the strategy set; The total number of rules in the strategy set; This is the complexity weighting coefficient, with an empirical value of 0.4; Here, represents the conflict level weighting coefficient, with an empirical value of 0.6. The formula for calculating the acceptance probability during simulated annealing optimization is as follows:
[0077] ;
[0078] In the formula, This represents the probability of accepting the perturbation operation, ranging from 0 to 1. The increment of entropy after the disturbance is calculated using the following formula: ,in This represents the total entropy of the policy set after the perturbation operation. The total entropy of the policy set before the perturbation operation; This refers to the current temperature parameter. It is a natural exponential function. The temperature decay formula is expressed as follows:
[0079] ;
[0080] In the formula, For the first Temperature during cycle iteration; For the first Temperature during cycle iteration; For iteration round index; initial temperature Set it to 100.
[0081] In the specific implementation of step S06, the permission-aware vector index structure construction process maps the RBAC role identifiers and ABAC attribute tags of document nodes, paragraph nodes, and entity nodes into 16-dimensional permission encoding vectors, which are then concatenated with the 768-dimensional semantic vectors of the corresponding knowledge nodes to form a 784-dimensional joint vector. The formula is expressed as follows:
[0082] ;
[0083] In the formula, It is a 784-dimensional joint vector; It is a 768-dimensional semantic vector; This is a 16-dimensional permission encoding vector; the semicolon indicates a vector concatenation operation. The modified Euclidean distance metric function formula is expressed as follows:
[0084] ;
[0085] In the formula, For the modified Euclidean distance; For querying the joint vector of users; This is the joint vector of the candidate knowledge nodes; For the query vector Dimensional components; The first candidate vector Dimensional components; This is the semantic vector dimension index, with values ranging from 1 to 768; For the query vector Dimensional components; The first candidate vector Dimensional components; This is the joint vector dimension index, with values ranging from 769 to 784; This is the distance penalty coefficient, applied when the permission encoding vector matches. The value is 1, when the permission encoding vector does not match. The value is 10.
[0086] In a specific implementation of step S07, the permission re-verification gateway calculates the difference between the environment attribute snapshot in the permission context fingerprint and the current environment attributes, expressed by the following formula:
[0087] ;
[0088] In the formula, For environmental attribute differences; The current access time is in seconds. The access time recorded in the permission context fingerprint, in seconds; This is the maximum normalized time difference, with a default value of 86400 seconds. This is a geographic distance calculation function that uses the Haversine formula to calculate the spherical distance between the geographic coordinates corresponding to two IP addresses, in kilometers. The current IP address; The IP address recorded in the permission context fingerprint; This represents the maximum normalized geographic distance, with a default value of 20,000 kilometers. Rate the current safety status of the equipment; Score the device security status recorded in the permission context fingerprint; This is the maximum score for the device's safety status; the default value is 100. To determine the sign of the absolute value. When If a secondary propagation operation is rejected, an operation log record is generated. The operation log record adopts a chained hash structure, and the hash value of the current operation log record is calculated using the following formula:
[0089] ;
[0090] In the formula, The hash value recorded in the current operation log; For secure hashing algorithm 256; The hash value of the previous operation log record; This is the current timestamp; User identification; Identify the target knowledge node; Operation type; A snapshot of environment properties; This serves as an identifier for the access control policy. This represents the content recorded in the current operation log; vertical bars indicate string concatenation operations.
[0091] To better understand and implement this invention, a specific application scenario of the invention is provided below as Example 2: To verify the effectiveness of the invention, technicians built a test environment and conducted practical application tests by simulating the AI knowledge base management system of a confidential research institution. This research institution possesses a knowledge base containing 3850 technical documents, covering various types such as project reports, patent documents, technical specifications, and experimental data. The documents are classified into four levels: public, internal, secret, and confidential, involving 12 business departments and 47 user groups with different roles. Technicians first constructed a dynamic hypergraph knowledge storage model for the knowledge base, parsing the 3850 documents into 12450 paragraph nodes and 28760 entity nodes. A three-layer structure of document nodes, paragraph nodes, and entity nodes was established in the graph database. Relationships between nodes were established through hyperedges, generating a total of 87320 hyperedge records. During the permission metadata embedding stage, document-level RBAC role identifiers and ABAC attribute tags are configured for each document node. There are 285 document nodes with a confidential classification, 892 document nodes with a secret classification, 1473 document nodes with an internal classification, and 1200 document nodes with a public classification. The permission tags of paragraph nodes and entity nodes are inherited from their respective document nodes and are refined and adjusted according to content sensitivity.
[0092] Technicians configured a pre-defined list of sensitive data, storing 1177 document node identifiers classified as confidential and secret, 4230 entity node identifiers involving core technologies, and 2680 paragraph node identifiers marked as highly sensitive into a Bloom filter. The Bloom filter's hash function count was set to 3, and the bit array length was set to... The false positive rate was controlled at 0.8%. During the training phase of the permission policy compression model, the technical staff collected 8,560 rules from the historical ABAC policy rule base. Each rule contained an average of 3.2 user attribute dimensions, 2.8 resource attribute dimensions, 2.4 environment attribute dimensions, and 1.6 logical operator nesting depths. Ten million simulated access requests were generated as training samples, as shown in Table 1.
[0093] Table 1. Statistical Table of ABAC Strategy Rules
[0094]
[0095] The permission policy compression model's policy rule feature extraction layer encodes 8560 rules into 256-dimensional feature vectors. The rule similarity calculation layer calculates the cosine similarity between rules, filtering out 1820 rule pairs with a cosine similarity higher than 0.85. After verifying logical equivalence using a truth table exhaustive search method, 1340 redundant rules are merged, reducing the rule set size from 8560 to 7220. The decision tree construction layer uses the merged rule set as training samples to build a gradient boosting decision tree. The learning rate is set to 0.1, the maximum tree depth is set to 8, and the minimum number of samples per leaf node is set to 50. After 500 iterations, the accuracy on the validation set reaches 96.7%, and the recall reaches 94.3%. The Bloom filter construction layer combines and hashes all attributes that may lead to access denial into a Bloom filter to quickly eliminate mismatched rules.
[0096] Technicians then applied a permission policy optimization algorithm based on thermodynamic entropy to further optimize the simplified decision-making model. The complexity of each rule was calculated, with an average complexity of 5.12 and a standard deviation of 2.84. The conflict degree between rules was also calculated, with an average conflict degree of 0.067. The initial total entropy of the policy set was 42580. The simulated annealing optimization process started at 100°C. In each iteration, a rule was randomly selected for perturbation operations, including deleting redundant attribute conditions, merging logical operators, and splitting composite rules. After 3200 iterations, the temperature decreased to 0.98°C, the total entropy of the policy set decreased to 31240, the rule set size was further reduced from 7220 to 5890, and the number of logical conflicts between rules decreased from 215 to 38. Figure 2 As shown, the total entropy of the strategy set shows a trend of first decreasing rapidly and then converging slowly with the number of iterations. The rate of decrease of entropy slows down significantly after 1800 iterations, and finally reaches a stable state after 3200 iterations.
[0097] The technical staff constructed a permission-aware vector index structure, mapping RBAC role identifiers and ABAC attribute labels of document nodes, paragraph nodes, and entity nodes to 16-dimensional permission encoding vectors. A pre-trained language model was used to encode the text content of nodes into 768-dimensional semantic vectors, which were then concatenated to form a 784-dimensional joint vector. A hierarchical navigable small-world graph algorithm was employed to construct the vector index, with a maximum connection count of 16, a dynamic candidate list length of 200, and a hierarchy parameter of 0.5. The completed index occupied 8.6GB of memory. In vector retrieval testing, the staff simulated 5000 user query requests with query text lengths between 10 and 150 characters. User roles included 12 types such as R&D engineers, project managers, technical experts, and department heads, and user permission levels included Level 1, Level 2, Level 3, and Level 4. The retrieval process defined a modified Euclidean distance metric. Standard Euclidean distance was used for the 768-dimensional semantic vector, while a penalty coefficient of 10 was introduced for the 16-dimensional permission encoding vector, causing candidate knowledge nodes with mismatched permissions to automatically shift backward in the similarity ranking. Figure 3 As shown, compared with the traditional recall-then-filter scheme, the permission-aware vector index structure reduces the average retrieval time from 285 milliseconds to 127 milliseconds while maintaining the same retrieval accuracy, and improves retrieval efficiency by 55.4%.
[0098] Technicians conducted full-link security enhancement tests for the secondary dissemination of AI-generated content. In 1200 AI question-and-answer sessions, the AI generation module generated answer content based on the set of knowledge nodes that users have the right to access. On average, each session referenced 5.8 knowledge nodes, and the distribution of the highest security level of the referenced nodes is shown in Table 2.
[0099] Table 2. Distribution of the highest-density nodes cited in AI-generated answers.
[0100]
[0101] The permission fingerprint generation module attaches a permission context fingerprint to each generated answer. This fingerprint includes a unique session identifier, generation timestamp, user role, access time, IP address, device security status, geographic location information, highest security level, department set, and a list of required roles. The SHA-256 algorithm is used to hash the permission context fingerprint to obtain a 256-bit hash value. Technical personnel simulated 380 secondary propagation operations, including sharing answers via API, using answers to create new documents, and forwarding answers to external email addresses. The permission re-verification gateway intercepted all secondary propagation operations and performed permission re-verification. It extracted the required role list from the permission context fingerprint and calculated the intersection with the authorized role list of the target operation. The difference between the environmental attribute snapshot and the current environmental attributes was calculated. The difference calculation included a weighted sum of the access time difference, IP address geographic location difference, and device security status change, with weighting coefficients set to 0.3, 0.4, and 0.3, respectively. In 380 secondary dissemination operations, 87 were rejected because the intersection of the required role list and the authorized role list was empty, and 43 were rejected because the difference exceeded 0.3, resulting in a rejection rate of 34.2%. This effectively prevented the leakage of highly classified information through low-privilege channels. Figure 4 As shown, the distribution of environmental attribute differences exhibits a clear bimodal characteristic. The differences in compliant operations are concentrated between 0.1 and 0.25, while the differences in suspicious operations are concentrated between 0.35 and 0.65. The difference threshold of 0.3 is a reasonable setting.
[0102] Technicians constructed an immutable chain of operation logs, recording all data access, permission decisions, content generation, and secondary propagation operations. Each operation log entry includes the hash value of the previous entry, the current timestamp, user identifier, target knowledge node identifier, operation type, environment attribute snapshot, permission policy identifier, and the hash value of the current log entry's content. During testing, 28,750 operation log entries were generated. The hash values were calculated using the SHA-256 algorithm and formed into a chain structure. These log entries were written to a distributed ledger storage system, employing triple-replica redundant storage and a consensus algorithm to ensure consistency. Technicians simulated a log tampering attack, attempting to modify the user identifier of operation log entry 18,560. The system immediately detected the hash value verification failure of operation log entries 18,561 to 28,750, triggering a security alert and recording the tampering location. Figure 5 As shown, the operation log chain integrity verification process verifies the continuity of the hash chain one by one, starting from the genesis log. Under normal circumstances, the hash value verification pass rate of all logs is 100%. After a tampering attack occurs, the verification of all logs after the tampered log fails, and the system can accurately locate the tampered position as the 18560th log.
[0103] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in the present invention should be included within the scope of protection of the present invention.
Claims
1. A method for supporting RBAC+ABAC permission control of an AI knowledge base, characterized in that, A dynamic hypergraph knowledge storage model is constructed, which parses knowledge documents into document nodes, paragraph nodes, and entity nodes. Many-to-many relationships between nodes are established through hyperedges. Document-level RBAC role identifiers and document-level ABAC attribute tags are embedded in document nodes, paragraph-level RBAC role identifiers and paragraph-level ABAC attribute tags are embedded in paragraph nodes, and entity-level RBAC role identifiers and entity-level ABAC attribute tags are embedded in entity nodes. Upon receiving a knowledge access request initiated by a user, the intelligent permission adjudication engine performs RBAC role verification and ABAC environment attribute collection in parallel. The system matches the target knowledge node of the knowledge access request with a pre-set sensitive data list. For non-sensitive knowledge nodes, the matching result is used as the basis for permission decision based on RBAC role verification. For sensitive knowledge nodes, the system performs ABAC deep analysis on the permission policy compression model. The permission policy compression model identifies logically equivalent rules through cosine similarity calculation and merges them. It constructs a gradient boosting decision tree and uses a Bloom filter to exclude mismatched rules to generate a simplified decision model. The permission policy optimization algorithm based on thermodynamic entropy adjusts the policy parameters through simulated annealing optimization and outputs the policy configuration with the minimum entropy value to generate the final permission decision. Among them, document-level RBAC role identifiers include a list of allowed roles; document-level ABAC attribute tags include a security classification identifier, an effective time range, and a department identifier; paragraph-level RBAC role identifiers include a list of allowed roles; paragraph-level ABAC attribute tags include a security classification identifier, an effective time range, and a department identifier; entity-level RBAC role identifiers include a list of allowed roles; entity-level ABAC attribute tags include a security classification identifier, an effective time range, and a department identifier. The pre-set sensitive data list includes a list of document identifiers with a security classification of confidential or higher, a list of entity identifiers involving core technologies, and a list of paragraph identifiers marked as highly sensitive. The structure of the permission policy compression model is a multi-level compression architecture based on gradient boosting decision trees. The first layer is the policy rule feature extraction layer, which encodes the user attribute dimension, resource attribute dimension, environment attribute dimension and logical operator type of each ABAC policy rule into a 256-dimensional feature vector. The second layer is the rule similarity calculation layer, the third layer is the rule merging layer, the fourth layer is the decision tree construction layer, and the fifth layer is the Bloom filter construction layer.
2. The method of claim 1, wherein, The dynamic hypergraph knowledge storage model uses a graph database as the underlying storage engine. Document nodes store document identifier, document title, document creation time and document metadata information. Paragraph nodes store paragraph identifier, paragraph text content and paragraph position index. Entity nodes store entity identifier, entity name and entity type label. Hyperedge records start node identifier, end node identifier, association type and association strength value.
3. The method of claim 1, wherein, The intelligent permission adjudication engine is deployed as an independent microservice. RBAC role verification is achieved by querying whether the user role exists in the allowed access role list of the target knowledge node. ABAC environment attribute collection is completed through a hierarchical attribute caching system. User department attributes are cached locally with a 24-hour expiration time, while IP address attributes are cached at the nearest edge node with a 5-minute expiration time.
4. The method of claim 2, wherein, The ABAC environment attribute collection obtains access time, IP address, device security status and geographical location information. When a user logs in, the background asynchronously prefetches the user's department attribute, user's job attribute and user's permission level attribute and caches them in memory key-value store.
5. The method according to claim 4, characterized in that, The permission policy compression model extracts the user attribute dimension, resource attribute dimension, environment attribute dimension, and logical operator type of each rule in the ABAC policy rule set, calculates the cosine similarity between rules, and merges rule pairs with a cosine similarity higher than 0.85 into a single rule after verifying their logical equivalence.
6. The method according to claim 5, characterized in that, Each leaf node of the gradient boosting decision tree represents a permission decision result. The Bloom filter construction layer combines all attributes that may lead to access denial into the Bloom filter using hash mapping. The simplified decision model performs logical operations on the matching results of RBAC role verification with the access time, IP address, device security status and geographical location information obtained from ABAC environment attribute collection to generate permission decision results.
7. The method according to claim 6, characterized in that, The permission policy compression model utilizes a loss balance algorithm based on multi-task uncertainty weighting. It introduces a learnable uncertainty parameter for both the rule equivalence verification task and the decision prediction task, models the uncertainty parameter as log-variance, and uses the exponential reciprocal of the uncertainty parameter as the weighting coefficient for the loss of each sub-task in the joint loss function. During training, the gradient updates both the model parameters and the uncertainty parameter simultaneously.