A version chain-based fine-grained multi-modal intelligence management and control and security tracing method

By adopting a three-layer collaborative architecture of cloud, edge, and device and version chain technology, we have achieved real-time security management and traceability of fine-grained multimodal intelligence, which solves the problems of centralized risk and collusion attack in existing technologies and improves the security and real-time performance of intelligence management.

CN122160044APending Publication Date: 2026-06-05BEIHANG UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIHANG UNIV
Filing Date
2026-02-28
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing intelligence control methods suffer from single-point-of-failure risks due to centralized access management, abuse of permissions, security vulnerabilities in static attribute management, incomplete tracing, and difficulty in preventing collusion attacks, failing to meet the requirements of multi-entity collaborative access and real-time performance.

Method used

A three-layer collaborative architecture is constructed, combining multi-authoritative attribute management and version chain technology to achieve fine-grained encryption control and security traceability. Through versioned attribute management, multi-authoritative key sharding verification, and full lifecycle traceability, collusion attacks are prevented, and real-time and secure control of intelligence access is achieved.

Benefits of technology

It solves the problems of centralized risks, collusion risks, and insufficient traceability, and achieves security, real-time and accuracy of intelligence control, improves the reliability and scalability of the system, prevents collusion attacks, and supports dynamic attribute management and real-time updates.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160044A_ABST
    Figure CN122160044A_ABST
Patent Text Reader

Abstract

The present application relates to a kind of based on version chain's fine-grained multi-modal intelligence management and control and safety traceability method, comprising the following steps: S1: construct cloud edge end three-layer collaborative architecture, deploy multi-authority attribute management node, establish the infrastructure of version chain system;S2: design attribute management mechanism based on version chain, generate versioned attribute identification, bind intelligence access strategy with attribute version, realize fine-grained encryption control;S3: establish anti-collusion verification mechanism, combine multi-authority key fragmentation technology and version chain consistency check, prevent the collusion attack of user and authority node;S4: based on version chain full life cycle record, realize the full-process safety traceability of intelligence access, attribute change and key revocation, dynamically update multi-modal intelligence management and control risk state.The present application can realize intelligence management and control " encryption-verification-traceability " integration, realize attribute dynamic management and full-process safety traceability, greatly improve the security and reliability of intelligence management and control.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of multimodal intelligence security and access control technology, specifically involving a fine-grained multimodal intelligence management and security tracing method based on version chains. Background Technology

[0002] In the field of intelligence information management, intelligence, as core data with requirements of confidentiality, integrity, and availability, is widely used in key areas such as government affairs, military, finance, and scientific research. Its content encompasses core decision-making information, sensitive data, and technological achievements, and its forms include text, video, audio, and images. Once leaked, tampered with, or accessed without authorization, it will cause irreparable security risks and economic losses. Therefore, fine-grained access control and full-process traceability are core requirements for ensuring the security of multimodal intelligence. Existing intelligence management methods mostly adopt a centralized access control model, which has risks of single point of failure, excessive permissions, and abuse of permissions. It cannot adapt to the actual scenarios of hierarchical and classified intelligence management and multi-entity collaborative access, and cannot achieve precise access control based on intelligence classification and access subject attributes. Furthermore, in multi-entity collaborative scenarios, existing intelligence management methods lack anti-collusion capabilities, making it difficult to effectively detect, trace, and prevent collusive attacks between users and authoritative nodes, and unable to achieve dynamic tracking and auditing of attribute changes.

[0003] Currently, although Attribute-Based Encryption (CP-ABE) technology has been widely used for fine-grained access control, most existing CP-ABE solutions rely on static attribute management, which cannot dynamically synchronize after attribute changes, resulting in security vulnerabilities. The tracing technologies in existing CP-ABE solutions are mostly external, independent modules, not integrated with the core encryption verification logic, leading to incomplete tracing data and an inability to verify compliance. While some existing CP-ABE improvements have incorporated blockchain or version control technologies, most still treat them as external audit modules, lacking deep integration with the encryption logic. This results in delays in attribute status and key verification, failing to meet the real-time and security requirements of intelligence control. Therefore, existing CP-ABE solutions still have shortcomings in dynamic attribute management, multi-authority collaboration, and resistance to collusion attacks, and urgently need improvement. Summary of the Invention

[0004] To address the numerous technical problems of existing intelligence control solutions, this invention deeply integrates version chain with multi-authoritative attribute encryption technology to construct a three-layer collaborative architecture of cloud, edge, and terminal. Through versioned attribute management, multi-authoritative key sharding verification, and full lifecycle traceability of the version chain, it achieves integrated "encryption-verification-traceability" for intelligence control, effectively solving the problems of centralized risk, collusion risks, and insufficient traceability in existing technologies, and maximizing the satisfaction of the security, real-time, and accuracy requirements of intelligence control.

[0005] This invention provides a fine-grained multimodal intelligence management and security tracing method based on version chains, comprising the following steps: S1: Construct a three-layer collaborative architecture of cloud, edge, and terminal, deploy multiple authoritative attribute management nodes, classify multimodal intelligence into security levels and access attribute dimensions, and establish the basic architecture of the version chain system; S2: Design an attribute management mechanism based on version chains, generate versioned attribute identifiers, bind intelligence access policies with attribute versions, and realize fine-grained encrypted control of intelligence. S3: Establish an anti-collusion verification mechanism, combining multi-authority key sharding technology with version chain consistency verification to prevent collusion attacks between users and authoritative nodes; S4: Based on the full lifecycle record of the version chain, it realizes full-process secure traceability of intelligence access, attribute changes and key revocation, and dynamically updates the risk status of multimodal intelligence management.

[0006] The multimodal intelligence includes text, video, audio, and images.

[0007] Furthermore, S1 specifically includes the following steps: S1.1: Deploy the main version chain and global root of trust in the cloud, responsible for system parameter initialization, multi-authoritative node collaborative scheduling, full version data storage and auditing; S1.2: Lightweight replicas of the version chain are deployed on edge nodes, which are responsible for attribute version caching, encryption / decryption calculation offloading, and real-time verification of access requests; S1.3: The terminal node is responsible for attribute collection and identity binding, requests an attribute key with a version number from the authoritative node, and initiates an intelligence access request; S1.4: Divide the domain into multiple authoritative attribute domains, with each authoritative node independently managing a type of intelligence access attribute, generating attribute key shards, and realizing the decentralization and checks and balances of attribute management.

[0008] Furthermore, S2 specifically includes the following steps: S2.1: Versioned attribute identifier generation: Assign a unique identifier to each attribute, and generate a version number by combining the attribute update count, forming a versioned attribute identifier of attribute name#version number. The version number monotonically increases as the attribute changes. Specific implementation process: To ensure the uniqueness of attribute identifiers and the traceability of versions, the following formula is used to define the rules for generating attribute identifiers and version numbers: Let all access attributes in the system constitute a set. A : ; in, Representing the Class access attributes, for each class attribute Assign a unique and fixed attribute identifier. This identifier is used to distinguish different types of access attributes, and it cannot be repeated and remains unchanged throughout the user's lifetime. The attribute version number is generated using a monotonically increasing rule, and each attribute type is defined. The initial version number is This refers to the initial version of the attribute when it is created. When the attribute is updated, such as when attribute permissions are adjusted or the attribute scope is changed, the version number automatically increments. The formula for calculating the version number after the next update is: ,in For attributes No. The updated version number ensures the continuity and increment of the version number, which facilitates consistency verification of subsequent versions. Based on the above attribute identifiers and version numbers, the unified expression for versioned attribute identifiers is: ; in, The separator is used to clearly associate attribute names with their corresponding version numbers, and must satisfy the uniqueness constraint: if That is, different attribute types or That is, different attribute versions correspond to different versioned attribute identifiers. This ensures that each version's attributes have a unique identifier, providing a foundation for subsequent encryption control and traceability; S2.2: Version Chain Construction and Synchronization: Encapsulate attribute operations, including creation, update, and revocation, into on-chain transactions and store them on the chain in chronological order; After the cloud-based main version chain is generated, it is synchronized to lightweight replicas on each edge node to ensure global version consistency. To achieve the immutability and global consistency of the version chain, the construction, block generation, and chain synchronization processes of the version chain are defined using the following formula: First, construct the initial block of the version chain. Block 0 represents the genesis block: ; in, The hash value of the genesis block is calculated using a hash function. The timestamp for the generation of the genesis block. This refers to the initial set of system attributes and the initial version information of each attribute. , This indicates that the initial block has no preceding blocks and is the starting node of the version chain; When an attribute operation occurs in the system, the attribute operation is encapsulated as an on-chain transaction. Tx : ; in, The corresponding versioning attribute identifier for the operation; As an operation type, define: Creation operation Update operation Cancel operation ; The timestamp for the operation execution; A digital signature for the operating entity (authoritative node) is used to verify the legality and integrity of the operation; New blocks added to the version chain (No. Each block, hash value Hash m The calculation formula is: ; in, For the hash function, this preferred scheme uses the SHA-256 hash function. For string concatenation, For the previous block (the first) The hash value of (a block), For all attribute operations transactions included in the newly added block, formula (5) is used to ensure that the block hash value is strongly correlated with the transaction data of the previous block and this block, so as to realize that the block is immutable; Cloud-based main version chain Lightweight replicas of each edge node The consistency check formula is: ; in, For the cloud main version chain The hash value of each block, Lightweight replicas for edge nodes The hash value of each block; when equation (6) is true, it is determined that the edge node replica is synchronized with the cloud main chain; when equation (6) is false, the incremental synchronization mechanism is triggered to synchronize the missing transactions and blocks in the cloud main chain to the edge node until the hash values ​​of the two are consistent, so as to ensure the uniformity of the global version chain data; S2.3: Fine-grained multimodal intelligence encryption control: The intelligence owner defines the access policy, and edge nodes query the version chain to obtain the latest version of the current attribute, converting the policy into a versioned access policy; the CP-ABE algorithm is used to encrypt the intelligence based on the versioned policy, generating ciphertext with bound attribute versions for intelligence content including text, video, audio, and images; the encryption and decryption formulas of the CP-ABE algorithm are as follows: Encryption process: Let the plaintext of the intelligence be... Versioned access strategy is And bind the version attribute. The system public key is The encryption algorithm is represented as follows: ; Among them, ciphertext , To access the secret value corresponding to the tree node, It is a bilinear mapping. For group generators, Fragmenting the system master key It is a random secret value; Decryption process: Let the user key be... If the user attribute version is bound to the ciphertext Matches and satisfies the access policy The decryption algorithm is then expressed as: ; in, Fragment the key corresponding to the user attributes.

[0009] Furthermore, S3 specifically includes the following steps: S3.1: Multi-authority key fragment generation: After user identity information is verified by each authoritative node, each authoritative node independently generates a key fragment corresponding to the specified attributes. The key embeds the attribute version number and user identity identifier. The user's final key is composed of these fragments; a single authoritative node cannot generate a complete key. The specific formula is as follows: Assume the system exists An authoritative node, denoted as... User identification is The user's set of attributes is The corresponding attribute version is ; Each authoritative node Generated key fragments SK u,j for: ; in, for The master key fragment held satisfies , This is the system's master key. As an authoritative node The random number generated for this user; The user's final complete key is an aggregation of key fragments from each authoritative node, i.e. And it must satisfy the key aggregation verification formula. Only after successful verification is it considered a valid key; S3.2: Version Consistency Verification: When an edge node receives an intelligence access request, it extracts the attribute version number from the user key and compares it with the current version in the local version chain replica. If the versions do not match or the key has no valid version number, the access request is rejected. The specific verification formula is as follows: Let the attributes in the local version chain of the edge node be defined. The current latest version is User key Embedded attributes Version is Define the version consistency check function as follows: ; When satisfied Right now If the version verification passes, access verification can continue; if... Right now or If no valid version number is available, the verification fails and the access request is directly rejected. If a user has multiple attributes, then version verification for all attributes must pass. Otherwise, it will be judged as a version inconsistency; S3.3: Collusion Detection: Verify the legality of user attributes through attribute operation logs recorded in the version chain; if conflicting attribute versions are detected for the same user, or if an authoritative node issues attributes in violation of regulations, it is determined to be collusion, triggering an alert and blacklisting the relevant nodes.

[0010] Furthermore, S4 specifically includes the following steps: S4.1: Full lifecycle logging: All intelligence encryption policies, user access requests, attribute change records, and key revocation operations are written into the version chain. Each record includes a timestamp, operation subject, and version information to ensure that the data is immutable. S4.2: Security Traceability Inquiry: Through the block index of the version chain, trace the entire process of multimodal intelligence from encryption and access to destruction; locate the initiating entity of abnormal access behavior, the source of attribute version, and the operation records of authoritative nodes; S4.3: Dynamic Risk Status Update: Establish a dynamic risk assessment model, including three types of multimodal intelligence control risk assessment indicators, namely access compliance risk. Attribute version risk Collusion and early warning of risks The calculation formula is as follows: ; ; ; in, For the first The probability of violation per visit. ω i As a measure of intelligence value, This is the current attribute version. To request the version of the attribute, For attribute importance weights, The influence coefficient of abnormal behavior. This represents the number of abnormal operations. S4.4: Based on the risk assessment results, dynamically adjust the access control policy, isolate high-risk nodes, and automatically revoke expired attributes.

[0011] Compared with the prior art, the beneficial effects of the present invention are as follows: 1. This invention constructs a three-layer collaborative architecture of cloud, edge, and terminal, combined with a multi-authoritative attribute management mode, to achieve attribute decentralization and checks and balances, thereby solving the single point of failure risk of traditional centralized management and control, and improving the reliability and scalability of the system. 2. This invention introduces version chain technology to achieve versioned management of the entire lifecycle of attributes, deeply binding intelligence access strategies with attribute versions. This effectively solves the problems of untimely attribute revocation, lack of traceability after revocation, and inability to synchronize revocation status in traditional attribute management, enabling fine-grained dynamic access control and effectively supporting real-time updates and revocation of attributes. 3. This invention designs a multi-authoritative key sharding and version consistency verification mechanism to prevent collusion attacks between users and authoritative nodes from the technical level in the core scenario of multi-subject and multi-authoritative collaboration in the field of intelligence sharing, thereby avoiding the illegal acquisition of intelligence during the sharing process and improving the security of intelligence sharing and management. 4. This invention achieves full-process traceability of intelligence by leveraging the immutability of the version chain, and, combined with a dynamic risk assessment model, promptly detects abnormal behavior, providing a basis for decision-making in intelligence security management.

[0012] The advantages of this invention over the prior art are shown in Table 1: Table 1 Attached Figure Description

[0013] Figure 1 This is a schematic diagram of the framework structure of a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chains of the present invention; Figure 2 This is a schematic diagram of a cloud-edge-device multi-authoritative version chain system architecture, representing a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chains of the present invention. Figure 3This is a schematic diagram of the versioned attribute management and intelligence encryption process of a preferred embodiment of the fine-grained multimodal intelligence control and security tracing method based on version chain of the present invention; Figure 4 This is a schematic diagram of the anti-collusion verification and access control process of a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chain of the present invention; Figure 5 This is a schematic diagram of the full-process traceability and risk assessment model of the version chain based fine-grained multimodal intelligence management and security tracing method of the present invention. Figure 6 This is a test diagram of the encryption and decryption time overhead under different numbers of attributes for a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chain of the present invention; Figure 7 This is a test graph showing the encryption and decryption time overhead of a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chain of the present invention under different file sizes; Figure 8 This is an ablation experiment diagram comparing the storage and synchronization overhead of the "cloud-edge-device version chain" and the existing "full blockchain" in a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chain of the present invention. Figure 9 The diagram shows the synchronization latency test between the "cloud-edge-device version chain" and the existing "full blockchain" in different network environments, representing a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chain of the present invention. Figure 10 This is a comparison chart of the encryption time complexity of a preferred embodiment of the fine-grained multimodal intelligence management and security tracing method based on version chains of the present invention and existing technical solutions. Figure 11 This is a comparison chart showing the decryption time complexity of a preferred embodiment of the version chain-based fine-grained multimodal intelligence management and security tracing method of the present invention with existing technical solutions. Detailed Implementation

[0014] To address the aforementioned problems in the prior art, preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0015] This invention provides a fine-grained multimodal intelligence control and security tracing method based on version chains, such as... Figure 1 As shown, it includes the following steps: S1: Construct a three-layer collaborative architecture of cloud, edge, and terminal, deploy multiple authoritative attribute management nodes, classify multimodal intelligence into security levels and access attribute dimensions, and establish the basic architecture of the version chain system; S2: Design an attribute management mechanism based on version chains, generate versioned attribute identifiers, bind intelligence access policies with attribute versions, and realize fine-grained encrypted control of intelligence. S3: Establish an anti-collusion verification mechanism, combining multi-authority key sharding technology with version chain consistency verification to prevent collusion attacks between users and authoritative nodes; S4: Based on the full lifecycle record of the version chain, it realizes full-process secure traceability of intelligence access, attribute changes and key revocation, and dynamically updates the risk status of multimodal intelligence management.

[0016] The multimodal intelligence includes text, video, audio, and images.

[0017] Optionally, such as Figure 2 As shown, S1 specifically includes the following steps: S1.1: Cloud Deployment: Deploy the main version chain and global root of trust in the cloud management center, responsible for system parameter initialization, coordinated scheduling of the six authoritative attribute management nodes, and full version data storage and auditing; among them, the global root of trust is used to verify the identity and legitimacy of each authoritative node, edge node, and terminal node, and the identity verification formula is as follows: ,in Digital signature for nodes, This is the node's public key; it must be verified before the node can access the system. S1.2: Edge Node Deployment: Five edge nodes are deployed in five government departments. Each edge node deploys a lightweight copy of the version chain, responsible for local attribute version caching, CP-ABE encryption / decryption computation offloading (reducing cloud load), and real-time verification of terminal node access requests. The connection between the edge nodes and the cloud-based main version chain uses an encrypted channel to ensure secure data transmission. The encryption formula is as follows: ,in For cloud public keys, To transmit data, Sign the edge nodes; S1.3: Terminal Node Deployment: Government staff terminals act as terminal nodes, responsible for collecting staff identity and attribute information (such as job level, department permissions, etc.) and binding them to the terminal nodes. The binding formula is as follows: ,in For user identification, This is a set of user attributes. After binding, it generates a unique user identity credential, which is used to apply for an attribute key with a version number from the authoritative node. S1.4: Multi-Authority Attribute Domain Division: Six authoritative nodes correspond to six attribute categories, forming six independent attribute domains. Each authoritative node independently manages the intelligence access attributes for its corresponding category, generating attribute key shards to achieve a decentralized and balanced approach to attribute management. The authoritative nodes collaborate and schedule with each other via the cloud, operating independently yet capable of mutual verification. The verification formula is as follows: This ensures the legitimacy of key fragmentation; Optionally, such as Figure 3 As shown, step S2 specifically includes the following steps: S2.1: Versioned Attribute Identifier Generation: Assign a unique identifier to each of the 6 types of attributes, and generate a version number by combining the attribute update count. The specific implementation formula is as follows: Let attribute set A for: ; Among them, the unique identifier of each type of attribute Initial version number of each attribute , No. Version number after the next update ; The expression for the versioning attribute identifier is: ; For example, the version identifier of "Intelligence Classification" after the second update is "Intelligence Classification #2", which satisfies the uniqueness constraint. ( or ); S2.2: Version Chain Construction and Synchronization: Encapsulate attribute creation, update, and reversal operations as transactions and upload them to the chain in chronological order; Initial Block (Genesis Block) Block 0 is: ; in, , , ; Attribute manipulation trading Tx : ; in, For creating, For updating, To be revoked; New block The hash value is: ; Cloud-based main version chain With each edge node replica The synchronization verification formula is: ; If the verification passes, synchronization is complete; otherwise, incremental synchronization is triggered. S2.3: Fine-grained intelligence encryption control: Intelligence owners, such as government intelligence administrators, define access policies. Edge nodes query local version chain copies to obtain the latest version of the current attribute and convert the policy into a versioned access policy. Version of bound attributes The CP-ABE algorithm is used for encryption, and the encryption / decryption formula is as follows: Encryption process: Set information to plaintext For sensitive government intelligence, the encryption algorithm is: ; in, , , A random secret value. , To access the secret value corresponding to the tree node; For example, access policies For "Department Permission #1 ∧Job Level #2 ∧Intelligence Classification #2", the set of versions bound to the ciphertext is... ; Decryption process: User key Satisfy attribute version and Matching and conforming When the decryption formula is: ; in, Fragment the key for the user's corresponding attributes; Optionally, such as Figure 4 As shown, step S3 specifically includes the following steps: S3.1: Multi-authority key fragment generation: After the user's identity information is verified by 6 authoritative nodes, each authoritative node independently generates a key fragment with corresponding attributes, embedding the attribute version number and user identity identifier. The specific implementation formula is as follows: Set user identity Attribute set Corresponding version Of the six authoritative nodes, only one is responsible for... , Two authoritative nodes ( , Generates key fragments on the first node, but not on the other nodes (no corresponding attribute). The generated key fragments are: ; in , It is a random number; The generated key fragments are: ; in , It is a random number; User's final complete key Key aggregation verification formula If the verification passes, the key is valid. A single authoritative node cannot generate a complete key (without other nodes). ), to achieve decentralization and resist collusion; S3.2: Version Consistency Verification: When an edge node receives a user intelligence access request, it extracts the version attribute from the user key and compares it with the current version in the local version chain replica. The specific implementation formula is as follows: In the local version chain of the edge node, Current version , Current version Version in user key , The version consistency check function is: ; Multi-attribute validation must meet the following requirements Verification passed; if the user key contains ,but Access request denied; S3.3: Conspiracy Detection: Verify the legality of user attributes through attribute operation logs recorded in the version chain; if conflicting attribute versions are detected for the same user, such as holding multiple versions simultaneously... and Or, authoritative nodes may issue documents with attributes that violate regulations, such as... Issuance If the key is fragmented, it is considered a conspiracy and an alert is triggered. The alert formula is: ; in, For conflict version number, This is a marker for violations; after issuing a warning, the relevant node will be blacklisted. Optionally, such as Figure 5 As shown, step S4 specifically includes the following steps: S4.1: Full Lifecycle Logging: Intelligence encryption policies, user access requests, attribute change records, and key revocation operations are all written into the version chain. Each record includes a timestamp, the operation subject, and version information, and is immutable; the record format is: ; in, Ensure the integrity of the records; S4.2: Security Source Tracing Query: Tracing the entire process of multimodal intelligence through the block index of the version chain; Source tracing query formula ,in For the plaintext hash value of the intelligence, It records all operations related to intelligence, from encryption and access to destruction, and can pinpoint the initiator of abnormal access, the source of attribute versions, and the operation records of authoritative nodes. S4.3: Dynamic Risk Status Update: Employs three multimodal intelligence-based risk assessment indicators, namely access compliance risk. Attribute version risk Collusion and early warning of risks The risk assessment model, including the three types of risk assessment indicators and the comprehensive risk value, are calculated using the following formulas: (1) Access compliance risks R 1: ; Among them: intelligence value weight , For the first The probability of violation for each visit is derived by fitting historical violation records with visit behavior characteristics, using the following formula: ; in, This refers to the user's historical number of violations. (This refers to the total number of historical visits by this user). (2) Attribute version risk R 2: ; Where: attribute importance weight , This is the current attribute version. Request the version of the attribute; For example, , ,but ; (3) Collaborative risk warning R 3: ; Among them: the influence coefficient of abnormal behavior , This represents the number of abnormal operations. Overall risk value: ,in , , ,satisfy ; The weighting factor for access compliance risk, The weighting coefficient for attribute version risk. Weighting coefficients for collaborative risk warning; setting risk thresholds. ,when At that time, it was determined to be high-risk; S4.4: Risk Response: Dynamically adjust access control policies based on the comprehensive risk value, especially for high-risk nodes ( Isolate the system using the following formula: ; Expired attributes (version numbers lower than the current latest version) are automatically revoked. Revocation formula: (when Once revoked, the key fragment corresponding to that version attribute will automatically become invalid.

[0018] The experimental verification and performance analysis of the above-mentioned preferred embodiments of the present invention are described in detail below with reference to the accompanying drawings: To verify the effectiveness and efficiency of the fine-grained multimodal intelligence management and security tracing method based on version chain of the present invention, a simulation test environment was constructed based on the cloud-edge-device three-layer collaborative architecture in step S1 for verification. 1. Self-computational overhead analysis: In view of the timeliness requirements of intelligence control, the computational overhead of the above-mentioned preferred embodiments of the present invention under different loads is evaluated.

[0019] like Figure 6 As shown, in the test scenario where the number of attributes increases from 5 to 50, the encryption time (Enc Time) and decryption time (Dec Time) increase linearly with the increase of the number of attributes. However, even under the complex strategy with 50 attributes, the encryption time is still around 500ms and the decryption time is less than 250ms. This test data shows that the present invention can meet the real-time requirements of fine-grained access control.

[0020] like Figure 7 As shown, the performance of the test file size is increased from 10 bits to 20,000 bits in an exponential and then linear manner. Since the present invention adopts a hybrid encryption mechanism (i.e., CP-ABE encryption of symmetric key and symmetric algorithm encryption of data), the increase in file size mainly affects the symmetric encryption part, and the overall encryption and decryption time increases slowly, thus verifying the feasibility of the present invention in processing the encrypted transmission of large-capacity multimodal intelligence data.

[0021] 2. Architecture Ablation and Storage Efficiency Analysis: To verify the necessity of the "cloud-edge-device three-layer collaborative architecture" and the "version chain lightweight replica" design, an architecture ablation experiment was set up to compare the present invention (VC-CPABE) with the traditional full blockchain architecture (Full Blockchain) that does not adopt the lightweight design.

[0022] like Figure 8 As shown in (a), in terms of daily storage overhead, the full blockchain architecture requires 2290KB, while the method of this invention reduces it to 234KB; in terms of synchronization overhead per update, the full blockchain requires 2100 bytes, while the method of this invention requires only 256 bytes, which is mainly due to the deployment of lightweight replicas of edge nodes and incremental synchronization mechanisms.

[0023] like Figure 9 As shown in (b), in the synchronization latency test under different network environments (LAN, WAN-Good, WAN-Avg, WAN-Poor), even in the case of a poor WAN environment, the synchronization latency of the present invention is still controlled within 200ms, which is lower than the real-time threshold of 250ms, thus verifying the performance advantage of the edge offloading scheme of the present invention in actual deployment.

[0024] 3. Comparative analysis of the present invention with existing technical solutions: The time complexity of the present invention is compared with that of existing attribute-based encryption schemes (Niu et al., Peñuelas, Lu et al. and BSW07 scheme).

[0025] Depend on Figure 10 and Figure 11 It can be seen that the time overhead of the existing BSW07 scheme increases significantly linearly with the number of attributes; while the slope of the time overhead curve of the Ours scheme of this invention is smaller with the number of attributes, and its performance is significantly better than the existing BSW07 and Peñuelas schemes. Compared with the superior Lu et al. and Niu et al. schemes, the present invention maintains the same level of computational efficiency while introducing security features such as "version number embedding" and "anti-collusion verification". This shows that the present invention enhances the traceability and anti-collusion capabilities of the entire process without introducing a significant computational burden, thus achieving a balance between security and efficiency.

[0026] The above preferred embodiments are only used to explain and illustrate the present invention. Any permutation and combination scheme made by those skilled in the art based on the above preferred embodiments shall be within the protection scope of the present invention.

Claims

1. A fine-grained multimodal intelligence control and security tracing method based on version chains, characterized in that, Includes the following steps: S1: Construct a three-layer collaborative architecture of cloud, edge, and terminal, deploy multiple authoritative attribute management nodes, classify multimodal intelligence into security levels and access attribute dimensions, and establish the basic architecture of the version chain system; S2: Design an attribute management mechanism based on version chains, generate versioned attribute identifiers, bind intelligence access policies with attribute versions, and realize fine-grained encrypted control of intelligence. S3: Establish an anti-collusion verification mechanism, combining multi-authority key sharding technology with version chain consistency verification to prevent collusion attacks between users and authoritative nodes; S4: Based on the full lifecycle record of the version chain, it realizes full-process secure traceability of intelligence access, attribute changes and key revocation, and dynamically updates the risk status of multimodal intelligence management.

2. The fine-grained multimodal intelligence management and security tracing method based on version chains according to claim 1, characterized in that, S1 specifically includes the following steps: S1.1: Deploy the main version chain and global root of trust in the cloud, responsible for system parameter initialization, multi-authoritative node collaborative scheduling, full version data storage and auditing; S1.2: Lightweight replicas of the version chain are deployed on edge nodes, which are responsible for attribute version caching, encryption / decryption calculation offloading, and real-time verification of access requests; S1.3: The terminal node is responsible for attribute collection and identity binding, requests an attribute key with a version number from the authoritative node, and initiates an intelligence access request; S1.4: Divide the domain into multiple authoritative attribute domains, with each authoritative node independently managing a type of intelligence access attribute, generating attribute key shards, and realizing the decentralization and checks and balances of attribute management.

3. The fine-grained multimodal intelligence control and security tracing method based on version chains according to claim 1, characterized in that, S2 specifically includes the following steps: S2.1: Versioned Attribute Identifier Generation: A unique identifier is assigned to each attribute, and a version number is generated by combining the attribute update count, forming a versioned attribute identifier of attribute name#version number. The version number monotonically increases as the attribute changes; the specific formula is as follows: Let attribute set A for: ; in, Representing the Class access properties, for each property Assign a unique fixed identifier ; Set attribute The initial version number is The version number monotonically increases after each attribute update, the 1st... The version number after the next update is ; Versioned attribute identifiers are uniformly represented as: ; in, The separator is used to associate attribute names with their corresponding version numbers, and must satisfy a uniqueness constraint: if or ,but ; S2.2: Version Chain Construction and Synchronization: Attribute operations, including creation, update, and revocation, are encapsulated as on-chain transactions and stored on the chain in chronological order. After the main version chain is generated in the cloud, it is synchronized to lightweight replicas on each edge node to ensure global version consistency. The specific formula is as follows: Let the initial block of the version chain be... Block 0 is: ; in, The initial block hash value, This is the initial timestamp. This includes the initial set of attributes and version information. This indicates that the initial block has no preceding blocks; Attribute operations are encapsulated as on-chain transactions Tx : ; in, For versioning attribute identification; The operation type is specified, including Create=0, Update=1, and Undo=2. For operation timestamp; Sign the document for the entity performing the operation; New addition Block hash value Hash m The calculation formula is: ; in, For hash functions, For string concatenation, Perform operations on the attributes contained in the newly added block; Cloud-based main version chain Lightweight replicas of each edge node The consistency check formula is: ; in, For the cloud main version chain The hash value of each block, Lightweight replicas for edge nodes The hash value of each block; when equation (6) is true, it is determined that the versions are synchronized; otherwise, incremental synchronization is triggered until the two are consistent. S2.3: Fine-grained multimodal intelligence encryption control: The intelligence owner defines the access policy, and edge nodes query the version chain to obtain the latest version of the current attribute, converting the policy into a versioned access policy; the CP-ABE algorithm is used to encrypt the intelligence based on the versioned policy, generating ciphertext with bound attribute versions for intelligence content including text, video, audio, and images; the encryption and decryption formulas of the CP-ABE algorithm are as follows: Encryption process: Let the plaintext of the intelligence be... Versioned access strategy is And bind the version attribute. The system public key is The encryption algorithm is represented as follows: ; Among them, ciphertext To access the secret value corresponding to the tree node, It is a bilinear mapping. For group generators, Fragmenting the system master key It is a random secret value; Decryption process: Let the user key be... If the user attribute version is bound to the ciphertext Matches and satisfies the access policy The decryption algorithm is then expressed as: ; in, Fragment the key corresponding to the user attributes.

4. The fine-grained multimodal intelligence control and security tracing method based on version chains according to claim 1, characterized in that, S3 specifically includes the following steps: S3.1: Multi-authority key fragment generation: After user identity information is verified by each authoritative node, each authoritative node independently generates a key fragment corresponding to the specified attributes. The key embeds the attribute version number and user identity identifier. The user's final key is composed of these fragments; a single authoritative node cannot generate a complete key. The specific formula is as follows: Assume the system exists An authoritative node, denoted as User identification is The user's set of attributes is The corresponding attribute version is ; Each authoritative node Generated key fragments SK u,j for: ; in, for The master key fragment held satisfies This is the system's master key. authoritative node The random number generated for this user; The user's final complete key is an aggregation of key fragments from each authoritative node, i.e. And it must satisfy the key aggregation verification formula. Only after successful verification is it considered a valid key; S3.2: Version Consistency Verification: When an edge node receives an intelligence access request, it extracts the attribute version number from the user key and compares it with the current version in the local version chain replica. If the versions do not match or the key has no valid version number, the access request is rejected. The specific verification formula is as follows: Let the attributes in the local version chain of the edge node be defined. The current latest version is User key Embedded attributes Version is Define the version consistency check function as follows: ; When satisfied Right now If the version verification passes, access verification can continue; if... Right now or If no valid version number is available, the verification fails and the access request is directly rejected. If a user has multiple attributes, then version verification for all attributes must pass. Otherwise, it will be judged as a version inconsistency; S3.3: Collusion Detection: Verify the legality of user attributes through attribute operation logs recorded in the version chain; if conflicting attribute versions are detected for the same user, or if an authoritative node issues attributes in violation of regulations, it is determined to be collusion, triggering an alert and blacklisting the relevant nodes.

5. The fine-grained multimodal intelligence control and security tracing method based on version chains according to claim 1, characterized in that, S4 specifically includes the following steps: S4.1: Full lifecycle logging: All intelligence encryption policies, user access requests, attribute change records, and key revocation operations are written into the version chain. Each record includes a timestamp, operation subject, and version information to ensure that the data is immutable. S4.2: Security Traceability Inquiry: Through the block index of the version chain, trace the entire process of multimodal intelligence from encryption and access to destruction; locate the initiating entity of abnormal access behavior, the source of attribute version, and the operation records of authoritative nodes; S4.3: Dynamic Risk Status Update: Establish a dynamic risk assessment model, including three types of multimodal intelligence control risk assessment indicators, namely access compliance risk. Attribute version risk Collusion and early warning of risks The calculation formula is as follows: ; ; ; in, For the first The probability of violation per visit. ω i As a measure of intelligence value, This is the current attribute version. To request the version of the attribute, For attribute importance weights, The influence coefficient of abnormal behavior. This represents the number of abnormal operations. S4.4: Based on the risk assessment results, dynamically adjust the access control policy, isolate high-risk nodes, and automatically revoke expired attributes.