Integrated multi-system engineering supervision full life cycle digital management and control platform
By integrating multiple systems into a digital management and control platform for the entire lifecycle of engineering supervision, and utilizing dynamic risk assessment and permission intersection constraint mechanisms, the platform solves the problem of permission penetration, achieves secure control of cross-domain aggregation and penetration analysis, and improves the platform's reliability and compliance.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SHAANXI TRAFFIC CONTROL ENG TECH CO LTD
- Filing Date
- 2026-03-27
- Publication Date
- 2026-06-23
AI Technical Summary
In the context of multi-system integration and centralized cockpit display, how to achieve cross-domain aggregation and penetration analysis capabilities while avoiding permission penetration issues caused by inconsistent permission models or improper processing of the aggregation layer has become an important technical issue that the digital management and control platform for the entire life cycle of engineering supervision urgently needs to solve.
The project adopts an integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision, including a cockpit management center, a multi-project management system, a supervisor behavior management system, an image data acquisition system, a management file system, and a knowledge base system. Through acquisition, fusion, evaluation, permission, and control modules, dynamic risk assessment and permission intersection constraints are achieved to ensure the intersection and security of permission control.
It effectively suppresses the risk of permission penetration, ensures that cross-department accounts do not see sensitive information that they should not be able to access when they are aggregated in a unified manner, improves the reliability and compliance of the platform, enables real-time monitoring and risk control, and enhances the verifiability and auditability of the secondary authorization logic of the aggregation layer.
Smart Images

Figure CN121920969B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of engineering construction management and information technology, and more specifically, to a digital management and control platform for the entire lifecycle of engineering supervision that integrates multiple systems. Background Technology
[0002] As engineering construction projects expand in scale and multi-project parallel management becomes the norm, digital platforms focused on quality, schedule, cost, and safety are gradually forming a technological landscape supported by multiple business applications. These applications, such as multi-project management, personnel behavior recording, image data collection, management document flow, and knowledge accumulation, operate independently but are centrally presented on a dashboard interface through interfaces or data aggregation. This architecture plays a positive role in improving information visualization and management efficiency, and also facilitates cross-departmental collaboration and leadership decision-making.
[0003] However, when multi-source data is uniformly aggregated and displayed in the dashboard or subjected to cross-domain queries, access control issues present new complexities. On the one hand, each business application typically establishes its own access control model based on its own business characteristics during the initial construction phase, resulting in differences in role division, data scope definition, and operational intensity control standards. On the other hand, to achieve a unified view and cross-domain analysis, the dashboard often needs to re-integrate and cache data from different sources. In this process, if merging is based solely on the widest permissions from a single source, or if the original access boundaries are not inherited synchronously during caching and query optimization, a so-called access penetration phenomenon may occur. That is, data that was originally restricted in a single application is unintentionally amplified or exposed across domains at the aggregation layer.
[0004] These types of issues are somewhat insidious. While access controls within a single application are typically clear and easy to test and verify, aggregation layers involve multiple sources, roles, and paths, and their "secondary authorization" logic is often scattered across multiple stages, including data aggregation, metric calculation, view rendering, and API calls, making it difficult to fully cover all test scenarios. If project files, images, or personnel activity data that should not be accessible are centrally displayed in the leadership view or under cross-departmental accounts, it not only poses data compliance and privacy risks but may also amplify the impact due to concentrated exposure, potentially leading to a company-wide risk event.
[0005] Therefore, in the context of multi-system integration and centralized cockpit display, how to achieve cross-domain aggregation and penetration analysis capabilities while avoiding permission penetration issues caused by inconsistent permission models or improper processing of the aggregation layer has become an important technical issue that the digital management and control platform for the entire life cycle of engineering supervision urgently needs to solve. Summary of the Invention
[0006] In view of the shortcomings of existing technologies, the purpose of this invention is to provide a digital management and control platform for the entire life cycle of engineering supervision that integrates multiple systems.
[0007] To achieve the above objectives, the present invention provides the following technical solution:
[0008] A multi-system integrated digital management platform for the entire lifecycle of engineering supervision, including a dashboard management center, a multi-project management system, a supervisory personnel behavior management system, an image data acquisition system, a management document system, and a knowledge base system; and also including:
[0009] The data acquisition module is used to collect supervisory behavior data, management document data, and on-site image data through mobile internet technology, and to collect environmental monitoring data and equipment operation data through Internet of Things technology, so as to form and transmit the collected data;
[0010] The fusion module is used to perform unified identification mapping, spatiotemporal alignment, semantic normalization and correlation modeling on the collected data, establish a correlation model that includes projects, work sites, personnel, equipment, events and time windows, and build a project database based on this model.
[0011] The assessment module is used to generate a request impact domain corresponding to the aggregate display or penetration query request based on the relationship model when an aggregate display or penetration query request is detected, and to calculate a dynamic risk value for the request impact domain.
[0012] The permission module is used to generate permission intersection policies from the preset permission policy library based on dynamic risk values, and to limit the permission intersection policies to the intersection of the permission constraints of each system within the request's impact domain, so as to determine the scope of accessible data and the scope of executable operations when performing aggregate display or penetrating query.
[0013] The control module is used to dynamically control the request impact domain based on dynamic risk values;
[0014] The cockpit is used to build a cockpit management center, which graphically displays the project database after processing by the permission module and the control module, so as to realize real-time monitoring, command and supervision of the quality, progress, cost and safety of the entire life cycle of engineering supervision.
[0015] Furthermore, the evaluation module generates the request impact domain based on the relationship model as follows: the aggregated display or penetrating joint query request is parsed into the target object, joint query path and time window; the target object is used as the seed node, and a graph traversal with a limited depth is performed along the joint query path in the relationship model to obtain the traversed nodes and their associated edges to form a candidate set; the candidate set is trimmed according to the project boundary, work point boundary and time window to obtain the request impact domain.
[0016] Furthermore, the assessment module calculates the dynamic risk value for the request impact domain as follows: First, a risk topology matrix of the request impact domain is constructed based on the correlation model. Then, the cross-level connection density, cross-project propagation order, sensitive field aggregation entropy, access behavior sequence deviation, and data link confidence decay are calculated. A graph diffusion transformation is performed on the cross-level connection density and cross-project propagation order to obtain the structural amplification coefficient. A nonlinear compression mapping is performed on the sensitive field aggregation entropy to obtain the identifiable amplification coefficient. A fractal scale reconstruction is performed on the access behavior sequence deviation to obtain the behavior anomaly coefficient. A cascaded decay integral is performed on the data link confidence decay to obtain the credibility reduction coefficient. The structural amplification coefficient and the identifiable amplification coefficient are coupled and superimposed, multiplied by the behavior anomaly coefficient, and then multiplied by the reciprocal of the credibility reduction coefficient to obtain the basic risk quantity. The basic risk quantity is then smoothed using time window convolution and corrected for abrupt amplification to output the dynamic risk value.
[0017] Furthermore, the risk topology structure of the request impact domain is constructed as follows: projects, work sites, personnel, equipment, events, and data objects within the request impact domain are abstracted as risk nodes, and the hierarchical relationships, calling relationships, data flow relationships, and permission dependency relationships between risk nodes are abstracted as risk edges to form a risk association network. Based on the sensitivity level, access frequency, cross-domain attributes, and historical anomaly records of the risk nodes, node weights are assigned to each risk node.
[0018] Furthermore, each risk edge is assigned a weight based on the data transmission direction, cross-system level, and control chain length, and a weighted adjacency matrix is constructed based on the node weights and edge weights. A time window factor is introduced into the weighted adjacency matrix for temporal expansion, so that the matrix forms a multi-layer mapping structure under different time slices, thereby obtaining a risk topology matrix that simultaneously contains structural weights and time weights.
[0019] Furthermore, the method for generating permission intersection strategies from the preset permission policy library based on dynamic risk values is as follows: the dynamic risk values are mapped to the corresponding risk level ranges, and the permission constraint rule set bound to the risk level range is retrieved from the preset permission policy library; the role permissions, data access permissions, and operation permissions of each system within the request impact domain are checked and filtered in detail based on the permission constraint rule set to obtain the minimum common permission set that satisfies the security boundary conditions of each system, and the minimum common permission set is granularized and the operation level is limited to form the permission intersection strategy.
[0020] Furthermore, the permission constraint rule set includes role constraint rules, data range constraint rules, and operation intensity constraint rules.
[0021] Furthermore, the method of conducting item-by-item verification based on the permission constraint rule set includes: independently verifying the legality of role identity, consistency of permission source, compliance of data access scope, and permissibility of operation behavior, in order to eliminate permission items that exceed the risk level range limit.
[0022] Furthermore, the method of superimposed filtering based on the permission constraint rule set includes: after completing the independent verification, the permission items that have passed the verification are compared in multiple dimensions according to the role dimension, data object dimension, and operation type dimension, and the permission items that have permission conflicts, discontinuous authorization paths, or cross-system permission amplification are filtered in a progressive manner.
[0023] Furthermore, the dynamic control method for the request impact domain based on the dynamic risk value is as follows: the dynamic risk value is mapped to the control level, and differentiated control is applied to each risk node and risk edge in the request impact domain according to the level; including dynamically shrinking the range of accessible data, reducing the permission level of high-risk operations, increasing the secondary verification strength of sensitive nodes, implementing rate limiting and segmented authorization for cross-domain / cross-layer calls, and real-time blocking or downgrading to read-only for abnormal links; and gradually restoring authorization according to the time window smoothing rule when the dynamic risk value falls back.
[0024] Compared with the prior art, the present invention has the following beneficial effects:
[0025] This invention introduces a dynamic risk assessment and permission intersection constraint mechanism centered on the request impact domain into the multi-system data aggregation and cockpit centralized display link. This allows the aggregated display or penetrating joint investigation to obtain the accessible data range and executable operation range that match the request impact domain before execution. Moreover, this range is limited to the intersection of permission constraints from various sources, rather than taking the widest permission or relying on a single source. This mechanism can suppress the risk of permission penetration and prevent leaders' views or cross-department accounts from seeing sensitive information such as project documents, on-site video data, and the behavior trajectory of supervisors that should not be accessed during unified aggregation.
[0026] By automatically generating the request impact domain and calculating dynamic risk values for each aggregation display or penetration query request, the risk values are further mapped into executable hierarchical control instructions. Adaptive dynamic adjustment is implemented on the data range, display granularity, operation entry point, and cross-domain call relationship within the request impact domain, transforming access control from static preset to process-oriented governance that changes with risk: when the risk is low, multi-dimensional drill-down and cross-object correlation analysis based on unified standards are allowed to meet the efficiency of command and supervision; when the risk increases, the time window is automatically shortened, the desensitization intensity is increased, the high-risk operation permissions are reduced, and rate limiting and segmented confirmation are applied to cross-domain calls. Thus, in complex scenarios of multiple parallel projects, cross-level management, and cross-departmental collaboration, real-time monitoring and risk controllability are taken into account, avoiding the permission boundary amplification effect caused by "unified aggregation".
[0027] This invention creates a closed-loop linkage between permission intersection strategy generation, dynamic control action implementation, and cockpit graphical display. It also archives alarm triggering, penetration paths, permission pruning results, control level changes, abnormal link handling, and recovery processes at the time window level. This significantly enhances the verifiability and auditability of the aggregation layer's secondary authorization logic, reducing the hidden risks of the aggregation layer being most prone to errors and difficult to test. On one hand, any aggregation result can be traced back to its request's impact domain and the corresponding permission intersection boundary, facilitating the identification of misuse of the widest permissions or cache leaks. On the other hand, when risks subside, the display granularity and operational capabilities are restored in stages according to smoothing rules, avoiding frequent permission fluctuations caused by short-term volatility and ensuring the continuity of management experience and the consistency of governance strategies. For example, when cross-department accounts attempt to continuously penetrate multiple work sites and initiate centralized viewing of images and documents within a short period, if the dynamic risk value increases, export and batch operations are automatically restricted, only the summary status and handling summary are retained, and a complete trajectory is left for subsequent review, thereby improving the long-term reliability and compliance robustness of the platform. Attached Figure Description
[0028] Figure 1 A schematic diagram of the platform structure for a digital management and control platform that integrates multiple systems throughout the entire lifecycle of engineering supervision;
[0029] Figure 2 A schematic diagram of the overall processing flow of a digital management and control platform for the entire lifecycle of engineering supervision that integrates multiple systems;
[0030] Figure 3 This is a schematic diagram illustrating the process of generating the request influence domain for this invention;
[0031] Figure 4 This is a schematic diagram illustrating the linkage process of dynamic risk assessment, authority intersection constraints, and dynamic control in this invention. Detailed Implementation
[0032] Reference Figures 1 to 4 A digital management and control platform integrating multiple systems throughout the entire lifecycle of engineering supervision, including
[0033] This includes a leadership cockpit management center, a multi-project management system, a supervisory personnel behavior management system, an image data acquisition system, a management document system, and a knowledge base system;
[0034] The leadership cockpit management center obtains basic data input through the acquisition module, forms a project database that can be uniformly expressed through the fusion module, identifies the request impact domain and dynamic risk value of aggregated display or penetrating joint investigation requests through the evaluation module, and then outputs the display and joint investigation visibility and operability scope to the cockpit interface through the permission module and the control module.
[0035] Multi-project management system: As one of the important data sources of the acquisition module, it outputs project management-related data; after being uniformly identified and mapped and semantically normalized by the fusion module, it enters the project database; when the cockpit triggers cross-project aggregation display or penetration query, the evaluation module will include the relevant objects of the multi-project management system in the calculation of the request impact domain, and the permission module will constrain its visibility and operability scope according to the intersection principle.
[0036] Supervisory personnel behavior management system: Behavioral data enters the platform through the collection module, and the integration module establishes a correlation model with projects, work sites, events, time windows, etc.; when the joint inspection request touches on the personnel behavior link, the evaluation module includes the relevant nodes and edges into the request influence domain and calculates the dynamic risk value; the permission module restricts the scope of visible behavior and the scope of executable operations accordingly; the control module can implement flow restriction, secondary verification or downgrade of relevant links when the risk increases.
[0037] Image Data Acquisition System: This system focuses on the acquisition, transmission, and basic management of image data, and is not responsible for cross-system indicator aggregation or leadership presentation logic. When image data enters the project database and participates in joint investigations, it must adhere to the request impact domain boundary and permission intersection strategy, and must not exceed the data access and operation scope due to the necessity of image evidence collection. On-site image data is collected and transmitted by the acquisition module, and after spatiotemporal alignment and semantic normalization by the fusion module, it is associated with projects, work sites, events, personnel, etc. When aggregation display or penetrating joint investigation involves image nodes, the evaluation module includes them in the request impact domain and calculates dynamic risk values. The permission module can establish intersection constraints on image visibility clarity, exportable range, and searchable dimensions. The control module can implement rate limiting or downgrade to read-only for cross-domain calls and high-frequency access.
[0038] The file system management module focuses on file archiving, retrieval, version control, and permission management. It does not directly handle on-site sensor data acquisition or equipment operation monitoring. When file content is used for aggregation display or cross-domain queries, the access and operation scope is determined by the permission intersection strategy generated by the permission module and is dynamically controlled by the regulation module. File data is collected by the acquisition module, and after unified identification mapping and semantic normalization by the fusion module, it enters the project database and is associated with projects, events, and time windows. The evaluation module calculates dynamic risk values when the query path touches on file links and aggregates sensitive fields. Based on this, the permission module restricts file visibility, download / editability, and other operation permissions. The regulation module can increase the strength of secondary verification or restrict cross-domain access when the risk increases.
[0039] The knowledge base system primarily focuses on the organization, retrieval, and referencing of knowledge. It does not replace the factual data source of the project database, nor does it serve as a bypass for cross-system data access. When its output is displayed in conjunction with project data, it is still subject to constraints related to the request's impact domain, permission intersection strategies, and dynamic adjustments. Knowledge entries can supplement the association between management documents and business events. After being incorporated into the relationship model by the fusion module, they establish reference relationships with projects, work points, events, and time windows. When aggregated display or penetrating queries require cross-object explanation or assisted location, the evaluation module will incorporate the relevant knowledge reference links into the request's impact domain and participate in dynamic risk value calculation. The permission module controls the visibility and referencing methods of knowledge, while the control module can restrict cross-domain association recommendations or implement stricter verification and access throttling for sensitive entries when risks increase.
[0040] And includes:
[0041] The data acquisition module is used to collect supervisory behavior data, management document data, and on-site video data through mobile internet technology, and to collect environmental monitoring data and equipment operation data through IoT technology, forming and transmitting the collected data. This unifies the original information scattered across different systems, carriers, and on-site stages into a single data acquisition chain, forming a sustainable and traceable digital foundation. On the one hand, mobile internet technology covers the supervisory behavior and on-site evidence collection of "people," ensuring that key business information such as behavior, documents, and images can be reported in a timely manner and maintaining business continuity. On the other hand, IoT technology covers the environmental and equipment status of "things," supplementing on-site risk perception and operational status data, providing objective and real-time data sources for subsequent correlation modeling, risk assessment, and command and control.
[0042] The fusion module performs unified identification mapping, spatiotemporal alignment, semantic normalization, and relational modeling on collected data. It establishes a relational model encompassing projects, work sites, personnel, equipment, events, and time windows, and builds a project database based on this model. This transforms the collected, multi-source, heterogeneous data into consistent, usable data with computable relationships. Unified identification mapping resolves inconsistencies in the numbering, name, and permission definitions of the same object across different systems. Spatiotemporal alignment aligns data of different frequencies and time scales (behavior, images, environment, equipment, etc.) to comparable time windows. Semantic normalization eliminates differences in field meaning and business definitions, ensuring data remains synonymous and source-dependent during cross-system aggregation. Furthermore, relational modeling organizes projects, work sites, personnel, equipment, events, and time windows into a traversable, customizable, and traceable relational model, supporting subsequent request impact domain generation, risk topology construction, and unified dashboard display. The project database serves as the carrier of the fusion results, enabling business queries, joint analysis, and process tracking to be completed on the same data foundation.
[0043] In one specific implementation, to achieve unified identification mapping, spatiotemporal alignment, semantic normalization, and correlation modeling of collected data, a correlation model including projects, work sites, personnel, equipment, events, and time windows is established, and a project database is built based on this model. The following steps are taken for implementation:
[0044] The unified identifier mapping construction process is implemented, and global object identifier generation rules are established for collected data from different sources. Unique codes are assigned to projects, work sites, personnel, equipment and events through the master data registry, and a mapping table between the original identifier and the global identifier is established. Different numbers of the same equipment in different data sources are mapped to the same global equipment identifier. For example, the number of the tower crane in the equipment operation data is compared with the equipment name in the field image data and mapped to a unified identifier to eliminate conflicts between heterogeneous identifiers from multiple sources.
[0045] The spatiotemporal alignment process is performed. Based on a unified time and spatial coordinate reference, the timestamps in the collected data are standardized and converted. The spatial attribution of geographical location and work site boundaries is determined. The data is then segmented and merged according to a preset time window granularity. For example, the supervision behavior data, environmental monitoring data and equipment operation data of a certain work site within the same hour are merged into the same time window unit, thereby ensuring that data of different frequencies can be compared under the same analysis scale.
[0046] Perform a semantic normalization transformation process, build a semantic comparison rule library across data sources, and uniformly transform different field names, units of measurement and business definitions. Perform standard enumeration mapping on the approval status in management file data, the shooting type in image data and the operation category in behavioral data. For example, unify "approved" and "approved" as "approved status", and unify "recording" and "taking pictures" as "image acquisition category" to ensure consistent semantic expression.
[0047] The process of performing relational modeling and database construction uses a unified identifier as nodes and hierarchical, calling, and data flow relationships as edges. Under the constraint of time windows, a multi-dimensional relational structure is constructed, with the project as the upper-level node, and work sites, personnel, equipment, and events linked downwards. Data fragments within each time window are attached to the corresponding event nodes, forming a traversable and customizable relational model. Data is then written into the project database according to the relational structure. For example, in a bridge construction project, this relational structure can be used to trace the personnel attendance records, equipment operating status, and environmental monitoring indicators associated with a concrete pouring event within a specific time window, achieving structured storage and unified query support.
[0048] The assessment module, upon detecting an aggregation display or penetration query request to the project database, generates a request impact domain corresponding to the request based on a relational model and calculates a dynamic risk value for the request impact domain. Before the access actions ("what to view, how deep to search, and where to cross") occur, it first clarifies the data boundaries and propagation scope that the request may reach and quantifies them into an actionable risk scale. Based on the relational model, the assessment module maps the objects, paths, and time windows involved in the aggregation display or penetration query request to the actual reachable set of related nodes and edges, thus forming the request impact domain. On this basis, it comprehensively calculates the structural characteristics, sensitive aggregation characteristics, access behavior characteristics, and link trust characteristics of the request impact domain, outputting a dynamic risk value. This dynamic risk value expresses the risk intensity of "this request at the current time, current path, and current scope," providing input for the generation and dynamic adjustment of permission intersection strategies, enabling the platform to have risk response capabilities that change with requests and behaviors.
[0049] In one specific implementation, to generate a request impact domain corresponding to the detected aggregate display or penetration query request to the project database, based on the relationship model, the following steps are taken:
[0050] The system performs semantic parsing and parameter normalization of requests, structurally decomposes aggregated display or penetrating query requests entering the project database, identifies target objects, query paths, and time windows, and standardizes the object types, relationship types, and time granularity in the query path. At the same time, it combines existing information security classification and the principle of minimum necessary access to set access levels and reachable relationship categories for subsequent traversal. For example, when a manager initiates a cross-object query on the quality issues of a bridge project in a certain month, the bridge project is identified as the target object, the quality event to relevant personnel to equipment operation records is identified as the query path, and a natural month is identified as the time window.
[0051] The seed node determination and depth limit setting process is performed. The corresponding node of the target object in the relationship model is used as the seed node. The depth limit is set according to the relationship category of the query path, the data sensitivity level, and the existing hierarchical protection requirements. Different upper limits of traversable levels are assigned to cross-project relationships, cross-level relationships, and highly sensitive field relationships. The depth limit setting is based on the principle of information minimization, hierarchical protection specifications, and conventional graph traversal complexity control technology to prevent unnecessary data diffusion and excessive connectivity. For example, cross-level relationships involving personnel behavior and equipment operation are limited to no more than three levels of propagation.
[0052] Perform a limited-depth graph traversal along the joint investigation path. Starting from the seed node in the relationship model, the traversal is carried out sequentially according to the determined limited depth and relationship category to obtain the traversed nodes and their associated edges. During the traversal, the propagation order, cross-domain identifier and time window overlap are recorded to form a candidate set containing object nodes and relationship edges. For example, in the joint investigation of the bridge project mentioned above, the quality event nodes, associated personnel nodes and equipment operation nodes within the corresponding time window are obtained and their relationship links are retained.
[0053] The candidate set boundary trimming and influence domain generation process is performed. The candidate set is trimmed in multiple dimensions according to project boundaries, work site boundaries, and time windows. Nodes and relationships that are outside the target project scope, outside the target work site scope, or do not overlap with the time windows are eliminated. At the same time, the continuity and traceability of the relationship links are maintained. Finally, a request influence domain that matches the aggregation display or penetration joint investigation request is formed. For example, in the joint investigation of bridge projects, only the relevant personnel behavior records and equipment operation records within the specified work site and time window of the project are retained, so as to obtain a request influence domain with clear boundaries, controllable scope, and usable for subsequent risk calculation and access control.
[0054] In one specific implementation, the following steps are taken to calculate the dynamic risk value for the request's impact domain:
[0055] The process involves constructing a risk topology matrix and extracting indicators. Based on a relational model, nodes and related edges within the request's impact domain are encoded into a risk topology matrix. Cross-level connection density, cross-project propagation order, sensitive field aggregation entropy, access behavior sequence deviation, and data link confidence decay are calculated on the matrix. Cross-level connection density characterizes the coupling strength between objects at different management levels; cross-project propagation order characterizes the number of propagation layers a request crosses along related edges across project boundaries; sensitive field aggregation entropy characterizes the identifiability gain after sensitive fields are aggregated within the same time window; access behavior sequence deviation characterizes the degree of deviation of the current access sequence from the historical baseline; and data link confidence decay characterizes the decrease in credibility of each link in the data acquisition, storage, and joint investigation path as the link length and evidence completeness increase.
[0056] The process involves solving for the structure and identifiable amplification factor, performing a spectral diffusion transformation on the cross-level connection density and cross-project propagation order, and calculating the propagation response of the original connection relationship within a limited step size to obtain the structure amplification factor. This amplifies the structural risks of high cross-level coupling and deep cross-project propagation. Simultaneously, a nonlinear compression mapping is performed on the aggregate entropy of sensitive fields. By applying compression to the high-entropy interval and enhancing the critical identifiable interval, the identifiable amplification factor is obtained, giving higher weight to combinations of a small number of sensitive fields when they approach the identifiable threshold.
[0057] The process involves solving for abnormal behavior and credibility reduction factors. The deviation of the access behavior sequence is reconstructed using fractal scale. The fluctuation characteristics of the access sequence at different time granularities are scaled to be consistent and the abnormal stability is extracted to obtain the behavior anomaly coefficient. This enables the effective identification of short-term high-frequency penetration joint investigation or atypical path jumps. At the same time, the confidence attenuation of the data link is cascaded attenuated integral. The evidence completeness, timestamp consistency and source consistency of each node are reduced and accumulated segment by segment along the joint investigation path of the request impact domain to obtain the credibility reduction coefficient, which is used to suppress the risk calculation bias formed on low credibility links.
[0058] The basic risk quantity is synthesized and processed using time windows. The structural amplification factor and the identifiable amplification factor are coupled and superimposed, then multiplied by the behavioral anomaly factor, and finally multiplied by the reciprocal of the confidence reduction factor to obtain the basic risk quantity. Subsequently, the basic risk quantity is smoothed using time window convolution to eliminate single-point noise, and abrupt amplification correction is applied to emphasize sudden increases in adjacent time windows. Finally, a dynamic risk value is output. For example, when a manager initiates a request within a week for a bridge project to trace quality events, then to personnel behavior records, and further to equipment operation records, if the associated structure shows a high cross-level connection density and an increased cross-project propagation order in the investigation path, and the aggregation of personnel identity and time / location fields leads to sensitive field aggregation entropy approaching the identifiable threshold, and the access behavior sequence shows short-term, high-frequency jumps deviating from the historical baseline while data links have missing evidence at some nodes, then the dynamic risk value will be significantly increased after the above steps. This provides a quantitative basis for the constraints on subsequent access and operation scopes.
[0059] In one optional implementation, to ensure the reproducibility and feasibility of calculating the dynamic risk value, the assessment module can formalize the request influence domain as a directed weighted graph and provide a set of feasible risk calculation definitions: Let the request influence domain be a directed weighted graph. , where the set of nodes It should at least include project nodes, work site nodes, personnel nodes, equipment nodes, event nodes, and data object nodes, and be an edge set. It must include at least membership edges, call edges, data flow edges, and permission dependency edges; for each node Assign weights to nodes The node weight is obtained by weighted normalization based on sensitivity level, access frequency, cross-domain attributes, and historical anomaly records; for each edge Assigning edge weights The edge weights are obtained by weighting and normalizing the data transmission direction, the cross-system hierarchical span, and the control chain length. The time window corresponding to the request is... and according to particle size Cut into Time slice Dimensionless processing can be achieved through normalization / standardization, and the following zero constant is used to prevent this. Desirable .
[0060] Based on the above formal representation, the dynamic risk value can be calculated as follows:
[0061] (1) Cross-level connection density One implementation is to map nodes to hierarchical label functions. Take the set of cross-level edges ,but ;
[0062] (2) Cross-project propagation order One implementation is as follows: Let the project attribution function be set. For the seed node of the target object To any node path Count the number of jumps across projects and take the maximum and minimum values. ;
[0063] in This is an indicator function.
[0064] (3) Aggregation entropy of sensitive fields One implementation is as follows: Let there be a set of sensitive fields. In each time slice Internally, the combined values of sensitive fields are bucketed (discretized) to obtain a discrete state set. and its probability Bucketing rules may optionally include: binning identity fields by de-identification prefix / hash prefix, binning location fields by grid encoding (e.g., GeoHash or equidistant grid), and binning time fields by... Align the bins; then ;
[0065] (4) Deviation of access behavior sequence One implementation involves creating a feature vector from the number of requests per unit time, penetration depth, cross-domain requests, export attempts, and failed authentication attempts. Based on historical baseline mean vector With covariance matrix Calculate Mahalanobis distance ;
[0066] in It can be obtained by directly inverting the matrix when it is invertible; when... In cases of irreversibility or pathological conditions, diagonal loading can be used. An alternative implementation, either a pseudo-inverse (Moore-Penrose) or a pseudo-inverse, is used to guarantee computability, and a threshold is set. To identify abnormal enhancements.
[0067] (5) Data link confidence attenuation One implementation is to: check each hop of the linked search path Assume completeness of evidence The attenuation weight is set in increments according to the number of times it crosses the system. (For example Then link confidence ;in It can be obtained by weighted summation and normalization of factors such as timestamp consistency, source signature verification, collection integrity, and approval chain completeness.
[0068] (6) Regarding coefficient synthesis, to correspond to processes such as “spectral diffusion transformation, nonlinear compression mapping, fractal scaling reconstruction, and cascaded attenuation integral”, at least one of the following feasible calculations can be provided:
[0069] Let the weighted adjacency matrix be The transition matrix is obtained by row normalization. Let the diffusion step size be... diffusion response matrix ;in The structural magnification factor can be defined as... ;in Representation matrix Norm, optionally implemented as a norm Summing the absolute values of all elements (or taking the maximum sum of the columns, both of which are common in this field) One of the norm definitions (the platform can preset one and solidify the definition). A nonlinear compression mapping is performed on the aggregated entropy of sensitive fields to obtain an identifiable amplification factor. At least one implementation of fractal scaling reconstruction of the deviation of access behavior sequences to obtain behavioral anomaly coefficients is: at different time granularities (e.g. ) calculation And take the weighted synthesis, or for After scaling and taking stability weights, we obtain... At least one implementation of obtaining the confidence reduction coefficient by cascading attenuation integration of the data link confidence attenuation is as follows: [This involves] converting the link confidence attenuation... As a reduction input, its reciprocal is used for reduction. Based on this, the basic risk level is obtained. ;
[0070] (7) To achieve time window convolution smoothing and abrupt amplification correction, the basic risk amount obtained for each time slice can be calculated. Using convolution kernel Smooth the surface to obtain the desired result. ; at the boundary When boundaries are exceeded, boundary values can be padded by truncation, mirroring, or copying. Further define the growth rate of adjacent slices. ;when Greater than the mutation threshold When, output Otherwise, output The final dynamic risk value is taken as follows: ;in Indicates will Cut off to Interval: If Pick ,like Pick Otherwise take .
[0071] (8) Example parameters can be: It can take anywhere from 10 minutes to 1 hour. It ranges from 2 to 4. It ranges from 0.6 to 0.9. The value ranges from 0.1 to 1.0. The range is 3 to 8. Historical quantiles (e.g., 0.7 quantile). The value ranges from 2.5 to 4.0. The value ranges from 0.3 to 0.8. The value ranges from 0.5 to 2.0. 2 to 5 can be selected. The value can be set to 100. Without changing the overall concept of this invention, the above parameters can be configured in combination with the project scale, data sensitivity level and historical baseline, so that the dynamic risk value calculation has at least one clear and feasible implementation path.
[0072] In one specific implementation, the following steps are taken to construct the risk topology structure of the request impact domain:
[0073] The process involves abstracting and assigning hierarchical weights to risk nodes. Projects, work sites, personnel, equipment, events, and data objects within the request's impact domain are uniformly abstracted as risk nodes. An attribute vector is created for each risk node, containing at least four elements: sensitivity level, access frequency, cross-domain attributes, and historical anomaly records. Sensitivity levels are categorized according to data classification and protection requirements; access frequency is statistically normalized based on the actual number of accesses within a preset time window; cross-domain attributes are identified based on whether the access crosses projects or management levels; and historical anomaly records are quantitatively scored based on past risk handling files. This assigns a comprehensive node weight to each risk node. For example, if a personnel node is associated with multiple work sites and has a history of abnormal access records, its node weight is increased accordingly.
[0074] The process involves abstracting and assigning weights to risk edges. The relationships between risk nodes—including hierarchical relationships, invocation relationships, data flow relationships, and permission dependencies—are abstracted into risk edges. Edge attribute vectors are constructed based on data transmission direction, cross-level span, and control chain length. Data transmission direction distinguishes between unidirectional and bidirectional risk propagation; cross-level span measures whether a risk crosses management levels or project boundaries; and control chain length indicates the number of approval or control steps in the actual business process. Each risk edge is then assigned a weight. For example, when a data object is invoked after multiple levels of approval, its control chain length increases, and the corresponding edge weight is adjusted accordingly.
[0075] The weighted adjacency matrix is constructed by using risk nodes as row and column indices and risk edge weights as matrix elements. The edge weights are weighted and superimposed with the node weights to construct a weighted adjacency matrix. Each element in the matrix reflects both the node's sensitivity and the strength of the relationship propagation. For example, when a highly sensitive data object is connected to another project work node through a cross-project data flow relationship, the value of the matrix element is significantly higher than that of a normal membership relationship.
[0076] The process involves introducing a time window factor and multi-layer mapping. A time window factor is incorporated into the weighted adjacency matrix to dynamically map changes in access frequency, anomaly record updates, and edge propagation intensity fluctuations across different time slices. The original two-dimensional weighted adjacency matrix is expanded along the time dimension into a multi-layer mapping structure, ensuring that each time layer corresponds to a structural weight matrix. Time-connecting weights are established between layers, forming a risk topology matrix that simultaneously incorporates structural and time weights. For example, within a monthly time window of a bridge construction project, if a device node experiences a sudden increase in access frequency accompanied by an increase in cross-domain call relationships during a specific week, the matrix weight of the corresponding time layer rises significantly, while other time layers remain stable. This multi-layer mapping structure accurately depicts the evolution trend of risk along the time dimension, providing a structured foundation for subsequent risk calculation and control.
[0077] The permission module generates permission intersection policies from a preset permission policy library based on dynamic risk values. These policies are then limited to the intersection of permission constraints across systems within the request's impact domain. This determines the accessible data and executable operations during aggregated displays or cross-system queries. The module converts risk assessment results into actionable access control measures, ensuring cross-system aggregated displays or cross-system queries are completed within security boundaries. Using dynamic risk values as triggers, the module extracts permission constraint logic matching the risk level from the preset permission policy library to form the permission intersection policy for the current request's impact domain. It emphasizes the "intersection" principle, meaning the policy must simultaneously satisfy the permission constraint boundaries of each system within the request's impact domain to prevent permission amplification or unauthorized penetration caused by aggregated displays or cross-system queries. Ultimately, the permission module outputs a clear scope of accessible data and executable operations, ensuring that dashboard displays and cross-system analysis meet business needs while adhering to minimum availability and minimum exposure requirements.
[0078] In one specific implementation, the following steps are taken to generate a permission intersection policy from a preset permission policy library based on dynamic risk values:
[0079] The process involves performing risk level mapping and rule set location processing, segmenting dynamic risk values according to preset risk level ranges. These risk level ranges can be progressively divided into low risk, medium risk, high risk, and extremely high risk, and each range is bound to a unique rule index identifier. Subsequently, the system retrieves the permission constraint rule set corresponding to the rule index identifier from the preset permission policy library. The permission constraint rule set includes at least role constraint rules, data range constraint rules, and operation intensity constraint rules, thereby converting the abstract risk quantification result into executable permission constraint input.
[0080] Perform item-by-item verification and boundary alignment processing. For each security domain source involved in the request's impact domain, read the boundary conditions and restrictions of their role permissions, data access permissions, and operation permissions, and verify them item by item according to the permission constraint rule set obtained in step one. Among them, the role constraint rule is used to limit the set of roles that can participate in the joint investigation and forcibly remove roles that do not meet the job separation or responsibility conflict constraints. The data scope constraint rule is used to limit the scope of accessible data domains and time windows. The operation intensity constraint rule is used to limit the types and intensity levels of operations that can be executed, such as only allowing querying and browsing, and prohibiting exporting, batch downloading, or secondary dissemination.
[0081] The process involves performing intersection overlay and minimum common permission calculation. The verified permission sets from various sources are overlaid and filtered. The minimum necessary principle is used to solve for the minimum common permission set that satisfies the boundary conditions of each security domain. The minimum common permission set is expressed as the intersection of three sets: role availability set, data visibility set, and operation availability set. During the solution process, cross-domain difference items are conservatively pruned to ensure that any permission simultaneously meets the minimum requirements of each security domain. For example, if a person has viewing permission in the engineering quality domain but only statistical viewing permission in the personnel behavior domain, the minimum common permission set should be automatically downgraded to the statistical viewing scope.
[0082] The process involves granular pruning and operation-level restriction. The minimum public permission set is further granularized and restricted at both the data and operation levels. Data granularity pruning includes field-level anonymization, record-level filtering, aggregation-level replacement, and time-level coarsening. Operation-level restrictions include frequency limits, penetration level limits, export disabling, and enhanced secondary verification. This forms a permission intersection strategy that can be directly applied to the current request. For example, when a manager initiates a penetration query for a bridge project within a one-week time window, and the dynamic risk value is mapped to a high-risk range, the permission intersection strategy can limit the visible data to aggregated indicators and key event summaries within the specified work site and time window. Partial anonymization is performed on personnel identity fields, allowing only single-item viewing and disabling export. Simultaneously, the level of continuous penetration queries is limited to no more than two levels, and secondary verification is triggered for access to highly sensitive data objects. This achieves consistent minimum authorization across security domains while meeting business verification requirements.
[0083] In one specific implementation, to ensure that the "permission intersection strategy" can be implemented even when the permission models of multiple systems are inconsistent, the permission module can uniformly map the permissions of different source systems to an intermediate representation and find the intersection according to a conservative composition rule, as follows:
[0084] (1) Unified access control intermediate representation (quadruple / sixtuple)
[0085] Any source system Permission items are uniformly represented as permission tuples: ;in: User / account / role / organizational unit identifier; The resource scope must include at least {Project ID, Work Point ID, Object Type, Object ID, Time Window}. : A collection of operation types, such as {browse, query, penetrate, export, download, edit, share}; Constraints, such as frequency limits, penetration level limits, secondary verification requirements, and rate limiting ratios; Data granularity includes field level, record level, aggregation level, and resolution level (for images); Authorization path evidence / approval chain / source credibility information is used for "consistency of authorization source" verification.
[0086] (2) Examples of mapping from each system to the intermediate representation
[0087] File system (ACL / RBAC): This will link "directory / file" "Read / Write / Download" mapped to File object type and object ID; mapping "Download / External Distribution" to high-risk. .
[0088] Imaging system: Maps "View thumbnail / original image, resolution level, export" to... Clarity level and Export.
[0089] Behavioral system: Mapping "trajectory details / statistical summary" to... (Details / Statistics) and (Query / penetrate).
[0090] (3) Intersection solution principle (conservative composition: stricter priority)
[0091] The set of source systems involved in the request's impact domain Each of these sets of available permissions is obtained. Intersection strategy The solution follows these principles: Resource scope: Intersection is taken (intersection of projects / work sites / time windows / object sets). If any source does not cover the resource, it is removed. Operation set: Intersection is taken, and if there are conflicts (e.g., A allows export, B prohibits export), "prohibition takes precedence"; Constraints: The strictest constraint is chosen (e.g., minimum frequency limit, maximum secondary verification requirement, minimum penetration level limit); Granularity: Coarser granularity or stronger desensitization is chosen (maximum field desensitization strength, minimum usable image clarity level). This can be formally represented as: , and according to Regulations. Among them... This indicates that permission items from different source systems are standardized and deambigued using a unified intermediate representation.
[0092] (4) Conflict identification and progressive filtering (provide executable rules)
[0093] Progressive filtering is executed when any of the following conditions are met:
[0094] a) Access conflict: same For the same of Mutual exclusion exists; handling: disable conflict. If necessary, it can be downgraded to read-only or aggregate level;
[0095] b) Discontinuous authorization path: Missing / Incomplete approval chain / Unreliable source; Solution: Narrow down (Time window / work point) and perform a second check; if it still does not meet the requirements, it will be rejected.
[0096] c) Cross-system permission amplification: A system that only allows statistical viewing is mistakenly interpreted as allowing detailed viewing / export; Solution: Force the amplification. Downgraded to statistics and export / batch operations are prohibited.
[0097] (5) Output strategy structure (for execution and auditing)
[0098] The intersection strategy output is: ;in Record the triggering reasons for each cut / downgrade (conflict / missing evidence / increased risk level, etc.) to facilitate subsequent auditing and review.
[0099] In one specific implementation, to perform item-by-item verification and superimposed filtering of role permissions, data access permissions, and operation permissions based on the permission constraint rule set, in order to eliminate permission items that exceed the risk level range limit and form a set of usable permissions, the following steps are adopted:
[0100] The execution rule input parameter solidification and verification baseline construction process solidifies the permission constraint rule set into an executable verification list according to the risk level range, and expresses the permission items to be verified as a four-tuple containing role identity, permission source chain, data object scope and operation type. At the same time, a baseline table of prohibited items, downgraded items and items requiring enhanced verification corresponding to the risk level is established so that subsequent verification has a consistent judgment caliber.
[0101] Independent verification processes are performed, with separate checks on the legitimacy of role identities, consistency of permission sources, compliance of data access scope, and permissibility of operational behaviors. The role identity legitimacy check verifies whether the role is within the allowed role set and whether there are any conflicts of responsibility or violations of job separation. The permission source consistency check verifies whether the authorization path is traceable and meets the requirements of approval chain integrity and source credibility. The data access scope compliance check verifies whether the project boundaries, work site boundaries, and time window boundaries fall within the rule-limited range and implements field-level restrictions on access to sensitive fields. The operational behavior permissibility check verifies the only allowed operation categories and intensity levels and restricts high-intensity behaviors such as batch processing, exporting, and linked calls, thereby eliminating obviously out-of-bounds permission items in advance.
[0102] Multi-dimensional overlay comparison and progressive filtering are performed. After independent verification, the verified permission items are compared and contrasted in three dimensions: role, data object, and operation type. Three high-risk scenarios are identified and handled: First, permission conflict, where the same role has mutually exclusive restrictions on the same data object in different sources, and stricter restrictions are applied; second, discontinuous authorization path, where the permission source chain has a break at the cross-domain connection or lacks necessary approval evidence, and is downgraded or removed; third, cross-domain permission amplification, where a role only has statistical viewing in one source but is deduced to have detailed viewing or export capabilities in another source, and progressive filtering is performed, prioritizing downgrading the operation intensity, then narrowing the data scope, and if the conditions are still not met, the permission item is removed.
[0103] The execution result convergence and executable permission set output processing performs consistent convergence on the permission items after progressive filtering, outputting a set of available permissions that simultaneously meet the risk level range restrictions and various boundary conditions. Each permission item is accompanied by an explanation of its effective scope and triggering conditions. For example, in a scenario of penetrating and linking a bridge project, if the initiator has detailed viewing permissions for engineering quality data but only statistical viewing permissions for personnel behavior data, and the current risk level is in the medium to high range, then after independent verification, it is allowed to enter the comparison set. After superimposed comparison, the export and batch query permissions will be automatically removed, and personnel-related fields will be changed to partially anonymized statistical displays. At the same time, if it is found that the authorization path lacks necessary approval nodes, it will be further downgraded to only being able to view event summaries, thereby satisfying business verification while avoiding cross-domain permission amplification.
[0104] The control module is used to dynamically control the request impact domain based on dynamic risk values. After the permission boundaries are determined, it further implements dynamic control over the access intensity, access rhythm, and key links of the request impact domain as the risk changes, ensuring that the platform has controllability and risk resistance capabilities in complex joint query and high-concurrency display scenarios. The control module uses dynamic risk values as the basis for control, applying differentiated control to risk nodes and risk edges within the request impact domain. When the risk increases, it can shrink the access scope, operation intensity, cross-domain calls, etc., limit the rate, segment authorization, or trigger blocking / downgrade to read-only. When the risk decreases, it gradually recovers according to the time window smoothing rules, enabling the system to achieve "dynamic controllability, on-demand opening, and risk self-adaptation" without disrupting existing business processes.
[0105] In one specific implementation, to dynamically adjust the request impact domain based on dynamic risk values, enabling access control to adaptively adjust with changes in risk, the following four steps are adopted:
[0106] The process of performing risk level mapping and control level determination maps dynamic risk values to corresponding control levels according to a preset piecewise function. Control levels can be divided into routine monitoring level, prudent control level, enhanced control level and strict restriction level. A set of differentiated control parameters is predefined for each control level, including data contraction coefficient, operation degradation threshold, verification enhancement coefficient and call flow restriction ratio, thereby transforming continuously changing risk quantities into executable hierarchical control instructions.
[0107] Differentiated control measures are applied to risk nodes and risk edges. Within the request impact domain, risk nodes are the control objects and risk edges are the propagation channels. According to the control level, dynamic shrinking of the accessible data range, reduction of high-risk operation permission level, and enhancement of secondary verification strength of sensitive nodes are implemented. Rate limiting and segmented authorization mechanisms are applied to cross-domain or cross-layer call relationships. Among them, data range shrinking includes shortening the time window, enhancing field desensitization, and controlling the upper limit of the number of records. Operation degradation includes downgrading high-intensity operations such as batch processing and export propagation to single query or read-only access. Enhanced secondary verification includes adding identity verification factors and behavior confirmation links. Rate limiting and segmented authorization include proportionally limiting the data flow across projects or management levels and requiring segmented confirmation and authorization.
[0108] The system performs abnormal link identification and real-time handling. Links within the request's impact domain that exhibit abnormal access behavior sequences, abrupt changes in permission paths, or an abnormal increase in cross-domain propagation order are marked in real time. When the dynamic risk value is at the enhanced control level or above, the system triggers real-time blocking or automatically downgrades such abnormal links to read-only status and records the handling trajectory for subsequent auditing. For example, in a bridge construction project, when managers continuously penetrate and inspect multiple work sites within a short period of time and attempt to export highly sensitive data, if the dynamic risk value rises to the strict restriction level, the system automatically reduces the accessible time window, prohibits export operations, and implements rate limiting and segmented confirmation for cross-project data calls.
[0109] The system performs risk fallback and smooth recovery processing. When the dynamic risk value is detected to gradually fall back to a lower range over multiple consecutive time windows, the system restores the shrunken data range and downgraded operation permissions in stages according to the time window smoothing rules. The recovery order prioritizes restoring low-sensitivity data and low-intensity operations, then restores cross-domain call limits, and finally restores the access capabilities of high-sensitivity nodes. During the recovery process, the system continuously monitors the stability of the behavior to prevent frequent oscillations caused by short-term fluctuations. This achieves closed-loop dynamic control of the request impact domain, enabling the authorization status to shrink and recover in an orderly manner as the risk changes.
[0110] The dashboard serves as the leadership dashboard management center, graphically displaying the project database processed by the permission and control modules. This enables real-time monitoring, command, and supervision of quality, schedule, cost, and safety throughout the entire project supervision lifecycle. Key indicators, process evidence, and risk profiles in the project database are uniformly visualized through the leadership dashboard management center, ensuring that the displayed results have been processed by the permission and control modules, guaranteeing "compliance in display and controllable through joint verification" from the source. The dashboard provides real-time monitoring and situational awareness capabilities, focusing on core management objectives such as quality, schedule, cost, and safety throughout the entire project supervision lifecycle. This allows managers to access comprehensive information across projects, work sites, and systems from a single view. It also supports closed-loop management of command and supervision, ensuring consistent data sources and verifiable display standards for problem discovery, evidence tracing, responsibility identification, and process tracking.
[0111] In one specific implementation, to construct a cockpit management center and graphically display the project database after permission processing and dynamic adjustment, so as to realize real-time monitoring, command, and supervision of quality, schedule, cost, and safety throughout the entire life cycle of engineering supervision, the following steps are adopted:
[0112] The data access and visualization standards are solidified. The accessible data in the project database, after permission trimming, field anonymization, scope narrowing, and operation degradation, is used as the sole data source. A unified indicator standard and dimension dictionary is established. The dimensions include at least project, work point, time window, professional category, risk level, and responsible entity. Calculation rules, refresh cycles, and anomaly thresholds are defined for the four core indicators of quality, schedule, cost, and safety. At the same time, the access scope identifier and control level identifier attached to each data point are included in the display metadata to ensure that the graphical presentation is consistent with the authorization boundaries.
[0113] The system performs multi-dimensional situational analysis and hierarchical view generation, generating views according to a unified hierarchical structure of global situational analysis, project overview, work site penetration, and incident handling. The global situational analysis layer presents the overall operational status with regional heat, risk distribution, and resource load; the project overview layer presents the project health with milestone Gantt charts, cost curves, and quality defect trends; the work site penetration layer presents on-site details with process links, key equipment status, and personnel arrival trajectories; and the incident handling layer presents the handling progress with problem closure links and supervision deadline countdowns. Consistent drill-down and backtracking rules are set between each layer of views to ensure that the indicator caliber and time window remain consistent when users switch between different levels.
[0114] The system performs real-time monitoring and coordinated command and supervision, continuously detecting triggering conditions such as quality exceeding limits, schedule delays, cost deviations, and safety alarms. When the triggering conditions are met, a traceable alarm card and impact range label are generated in the graphical interface. The display granularity and operable access points are automatically adjusted according to the control level. For example, at a high control level, only aggregated indicators and event summaries are displayed and export and batch operation access are restricted. At a low control level, more granular work point details and handling evidence can be viewed. At the same time, each alarm provides a handling path prompt with command guidelines, suggestions for responsible parties, and suggestions for supervision time limits, realizing a visual closed loop from discovery to handling.
[0115] The system performs full lifecycle archiving and review assessment, archiving alarm triggers, permission pruning results, dynamic control actions, handling process trajectories, and conclusion evidence within time windows during the monitoring process. This creates review and comparison views that can be retrieved by project stage. These views are used to assess the evolution of quality defects, the transmission of schedule deviations, the attribution of cost changes, and the convergence effect of safety risks at different stages. For example, when a bridge project transitions from pile foundation construction to superstructure construction, the control center can compare the density of quality defects and the frequency of safety alarms in the two stages, overlaying the display of whether the supervision loop cycle has shortened. Under the constraints of permissions and controls, a usable command panel is presented to the manager, thereby achieving real-time monitoring, command, and supervision of the entire lifecycle of engineering supervision under the premise of clear authorization boundaries and controllable risks.
[0116] In one optional implementation, to avoid incomplete permission boundary inheritance due to cache reuse, index acceleration, or front-end rendering during the cockpit aggregation display or penetration query process, thereby causing permission penetration or cache leakage, the platform can introduce a cache leakage prevention mechanism strongly bound to the permission intersection strategy in the cockpit management center, as follows:
[0117] (1) Caching object classification: The cockpit cache includes at least the indicator aggregation cache, the joint query result cache, the image index cache, the file index cache and the session situation cache; among them, the joint query result cache shall not directly cache the original detailed data that has not been clipped, but only cache the results after being clipped by the permission intersection strategy or the derivative results after irreversible desensitization (such as aggregation statistics, summary, and abbreviated index).
[0118] (2) Cache key binding: The cache key of any cache object must be bound to at least the user identity and the authorization context. The cache key can be defined as follows: ;
[0119] in This indicates string concatenation. Represents a hash function; To request the digest hash of the set of nodes and the set of edges in the affected domain, Sign the permission policy library version or the intersection policy. The risk level is mapped to the dynamic risk value; through the above binding, the cache cannot be reused across different users, different risk levels, different request impact domains, and different policy versions.
[0120] (3) Risk change failure and downgrade recalculation: When the dynamic risk value crosses the risk level range or the control level changes, triggering and , The relevant query results cache is immediately invalidated; the index aggregation cache is downgraded and recalculated (only the aggregation level / de-identified level data is retained); the image / file index cache only retains the irreversible index (object ID set, summary and watermark abbreviated index), and permission intersection clipping and granularity limitation are re-executed on the next request.
[0121] (4) End-side transmission and secondary diffusion suppression: The data packets transmitted from the cockpit to the front end carry , Expiry date With visibility range identifier; the front end is only for display and linkage, and detailed data must not be persisted. For data packets at high risk levels, enable irreversible field desensitization, low-resolution / watermarked image thumbnails, disable batch download and export entry points, and trigger secondary verification or directly disable secondary dissemination behaviors such as sharing / copying.
[0122] (5) Server-side consistency verification: All downstream drilling, linkage, and penetration requests must carry In the context of the session, the server performs policy signature consistency verification, risk level consistency verification, and impact domain consistency verification before returning the result. If any verification fails, a downgrade result is returned or access is denied, and an audit log is recorded.
[0123] (6) Auditing: Time window-level archiving of cache hits / invalidations / recalculations, policy pruning reasons, export / download attempts, and cross-domain call rate limiting and blocking actions to support the tracing and review of the links that are "most prone to errors in the aggregation layer and are not easily covered by tests", thereby reducing the risk of permission penetration and cache leakage caused by incomplete cache inheritance from a mechanism perspective.
[0124] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A digital management and control platform for the entire lifecycle of engineering supervision that integrates multiple systems, characterized in that: This includes a cockpit management center, a multi-project management system, a supervisory personnel behavior management system, an image data acquisition system, a management document system, and a knowledge base system; and also includes: The data acquisition module is used to collect supervisory behavior data, management document data, and on-site image data through mobile internet technology, and to collect environmental monitoring data and equipment operation data through Internet of Things technology, so as to form and transmit the collected data; The fusion module is used to perform unified identification mapping, spatiotemporal alignment, semantic normalization and correlation modeling on the collected data, establish a correlation model that includes projects, work sites, personnel, equipment, events and time windows, and build a project database based on this model. The assessment module is used to generate a request impact domain corresponding to the aggregate display or penetration query request based on the relationship model when an aggregate display or penetration query request is detected, and to calculate a dynamic risk value for the request impact domain. The evaluation module generates the request impact domain based on the relationship model as follows: the aggregated display or penetrating joint query request is parsed into the target object, joint query path and time window; the target object is used as the seed node, and a graph traversal with a limited depth is performed along the joint query path in the relationship model to obtain the traversed nodes and their associated edges to form a candidate set; the candidate set is trimmed according to the project boundary, work point boundary and time window to obtain the request impact domain. The permission module is used to generate permission intersection policies from the preset permission policy library based on dynamic risk values, and to limit the permission intersection policies to the intersection of the permission constraints of each system within the request's impact domain, so as to determine the scope of accessible data and the scope of executable operations when performing aggregate display or penetrating query. The control module is used to dynamically control the request impact domain based on dynamic risk values; The method of dynamically adjusting the request impact domain based on dynamic risk values is as follows: the dynamic risk values are mapped to adjustment levels, and differentiated controls are applied to each risk node and risk edge within the request impact domain according to the level; this includes dynamically shrinking the range of accessible data, reducing the permission level of high-risk operations, increasing the secondary verification strength of sensitive nodes, implementing rate limiting and segmented authorization for cross-domain / cross-layer calls, and real-time blocking or downgrading to read-only for abnormal links; and gradually restoring authorization according to the time window smoothing rule when the dynamic risk value falls back; The cockpit is used to build a cockpit management center, which graphically displays the project database after processing by the permission module and the control module, so as to realize real-time monitoring, command and supervision of the quality, progress, cost and safety of the entire life cycle of engineering supervision.
2. The integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision as described in claim 1, characterized in that, The assessment module calculates the dynamic risk value of the request impact domain by first constructing a risk topology matrix of the request impact domain based on the relationship model, and then calculating the cross-level connection density, cross-project propagation order, sensitive field aggregation entropy, access behavior sequence deviation, and data link confidence decay. The structural amplification factor is obtained by performing a spectral diffusion transformation on the cross-level connection density and cross-project propagation order; the identifiable amplification factor is obtained by performing a nonlinear compression mapping on the aggregate entropy of sensitive fields; the behavior anomaly factor is obtained by performing fractal scale reconstruction on the deviation of access behavior sequences; the credibility reduction factor is obtained by performing a cascaded attenuation integral on the confidence attenuation of data links; the structural amplification factor and the identifiable amplification factor are coupled and superimposed, multiplied by the behavior anomaly factor, and then multiplied by the reciprocal of the credibility reduction factor to obtain the basic risk quantity. The basic risk value is smoothed by time window convolution and corrected by abrupt amplification to output a dynamic risk value.
3. The integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision as described in claim 2, characterized in that, The risk topology structure of the request impact domain is constructed as follows: projects, work sites, personnel, equipment, events and data objects within the request impact domain are abstracted as risk nodes, and the hierarchical relationships, calling relationships, data flow relationships and permission dependencies between risk nodes are abstracted as risk edges to form a risk association network. Based on the sensitivity level, access frequency, cross-domain attributes and historical anomaly records of the risk nodes, node weights are assigned to each risk node.
4. The integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision as described in claim 3, characterized in that, Each risk edge is assigned a weight based on the data transmission direction, cross-system level, and control chain length. A weighted adjacency matrix is constructed based on the node weights and edge weights. A time window factor is introduced into the weighted adjacency matrix for temporal expansion, so that the matrix forms a multi-layer mapping structure under different time slices, thereby obtaining a risk topology matrix that simultaneously contains structural weights and time weights.
5. The integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision as described in claim 1, characterized in that, The method for generating permission intersection strategies from the preset permission policy library based on dynamic risk values is as follows: the dynamic risk values are mapped to the corresponding risk level ranges, and the permission constraint rule set bound to the risk level range is retrieved from the preset permission policy library; the role permissions, data access permissions, and operation permissions of each system within the request's impact domain are checked and filtered in detail based on the permission constraint rule set, to obtain the minimum common permission set that satisfies the security boundary conditions of each system, and the minimum common permission set is granularized and the operation level is limited to form the permission intersection strategy.
6. The integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision as described in claim 5, characterized in that, The permission constraint rule set includes role constraint rules, data range constraint rules, and operation intensity constraint rules.
7. The integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision as described in claim 5, characterized in that, The method of conducting item-by-item verification based on the permission constraint rule set includes: independently verifying the legality of role identity, consistency of permission source, compliance of data access scope, and permissibility of operation behavior, in order to eliminate permission items that exceed the risk level range limit.
8. The integrated multi-system digital management and control platform for the entire lifecycle of engineering supervision as described in claim 5, characterized in that, The method of superimposed filtering based on the permission constraint rule set includes: after completing the independent verification, the permission items that have passed the verification are compared in multiple dimensions according to the role dimension, data object dimension and operation type dimension, and the permission items with permission conflicts, discontinuous authorization paths or cross-system permission amplification are filtered progressively.