A security access and intelligent management system and method for an enterprise-level private material library box

By employing an outbound-only connection architecture, Thrift long polling, and dual-policy checks, combined with token quota management, the system addresses the issues of insufficient security isolation, poor real-time performance, and lack of AI resource management in enterprise content management, achieving enterprise-level content management with high security, real-time performance, and controllable costs.

CN122174243APending Publication Date: 2026-06-09FAZHENG INTELLIGENT TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
FAZHENG INTELLIGENT TECH CO LTD
Filing Date
2026-04-10
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing enterprise material management solutions suffer from insufficient security isolation, poor real-time performance, inconsistent policy execution, and lack of AI resource management, making it difficult to meet the security and real-time requirements of enterprise-level private deployments.

Method used

Employing an outbound-only connection architecture, Thrift long polling technology, dual policy checks, and token quota management, a secure, real-time, and controllable hybrid cloud media management system is built through HTTPS outbound connections, the Thrift binary protocol combined with the HTTP long polling mechanism, dual policy checks, and token quota management modules.

Benefits of technology

It achieves a zero-inbound-port design, second-level response latency, meets high security requirements, controls the cost of AI usage, provides a convenient experience consistent with pure SaaS, and reduces development costs.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122174243A_ABST
    Figure CN122174243A_ABST
Patent Text Reader

Abstract

The application discloses a kind of enterprise-level private material library box security access and intelligent management system and method, it is related to computer network and cloud computing technical field, system includes: Connector service module establishes HTTPS outbound connection and establishes communication channel, box end equipment publishes file class operation task or AI class operation task, cloud SaaS platform publishes operation instruction according to operation task, double strategy check module executes double security authentication according to file operation instruction, LLM calls proxy module sends call command according to AI operation instruction in specific deployment environment, Token quota management module calls large model according to call command when quota is sufficient, deducts Token usage amount.The application eliminates the risk of inbound attack by only outbound connection architecture, combined with long polling technology to achieve real-time response of seconds, and builds a safe, real-time and controllable hybrid cloud material management system.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of computer networks and cloud computing technology, and in particular to a secure access and intelligent management system and method for an enterprise-level private material library box. Background Technology

[0002] As enterprises deepen their digital transformation, their demand for managing material resources is increasing. Traditional material management solutions are mainly divided into two categories: purely on-premises deployment and purely cloud-based SaaS (Software as a Service).

[0003] While purely local deployment offers high data security, it comes with high maintenance costs and, due to local computing power limitations, makes it difficult to run large-scale AI models (such as large language models with hundreds of billions of parameters). Pure cloud-based SaaS, on the other hand, is convenient to use and has strong AI capabilities, but enterprises must upload sensitive materials to the cloud, posing a risk of data leakage and making it difficult to meet compliance requirements for industries that require specific permissions or are highly sensitive.

[0004] Existing hybrid cloud solutions combine the advantages of both, but typically suffer from the following serious drawbacks: First, there is insufficient security isolation: most solutions require enterprise firewalls to open inbound ports to allow cloud-based commands to be sent, directly exposing the internal network attack surface and making it vulnerable to port scanning and intrusion. Second, there is poor real-time performance: traditional task delivery often uses HTTP short polling mechanisms with polling intervals typically on the order of minutes, resulting in large task response delays that cannot meet the high real-time requirements of scenarios such as AI interaction. There is also inconsistent policy execution: security policies are usually only checked in the cloud and lack mandatory verification on the local side. Once the cloud is bypassed, local devices will be completely unprepared. Finally, in terms of AI resource management, there is a lack of fine-grained quota management for AI calls, which can easily lead to resource abuse and uncontrolled costs.

[0005] Therefore, proposing a secure access and intelligent management solution for an enterprise-level private material library box that can improve internal network security, reduce network latency, and control AI R&D costs, and solving the problems of deployment compatibility and cloud information retrieval, is a technical problem that urgently needs to be solved by those skilled in the art. Summary of the Invention

[0006] In view of this, the present invention provides a secure access and intelligent management system and method for an enterprise-level private material library box. Through an outbound-only connection architecture, it completely eliminates the risk of inbound attacks; combined with Thrift long polling technology, it achieves real-time response in seconds; and through dual policy checks and token quota management, it constructs a secure, real-time and controllable hybrid cloud material management system.

[0007] To achieve the above objectives, the present invention adopts the following technical solution: A secure access and intelligent management system for an enterprise-level private material library box includes a box-end device, a cloud SaaS platform, a Connector service module, a dual-policy check module, an LLM call proxy module, and a Token quota management module. The Connector service module is deployed in the box-end device, while the dual-policy check module, LLM call proxy module, and Token quota management module are deployed in the cloud SaaS platform. The LLM call proxy module and the Token quota management module are connected. The Connector service module enables the set-top device to establish an HTTPS outbound connection and communication channel with the cloud SaaS platform; the set-top device uses the Thrift binary protocol combined with the HTTP long polling mechanism to publish file operation tasks or AI operation tasks through the communication channel; the cloud SaaS platform publishes file operation instructions based on file operation tasks and AI operation instructions based on AI operation tasks. The dual-strategy check module is used to perform dual security verification based on file operation instructions, including local verification on the device and secondary verification on the cloud SaaS platform. LLM calls the proxy module to perform zero-intrusion interception and read environment variables. When the environment variable is a private deployment environment of the box, the request is forwarded to the cloud SaaS platform. When it is a direct deployment environment of the cloud SaaS, the call command is sent according to the AI ​​operation instructions. The Token quota management module is used to perform pre-quota checks. If the quota is insufficient, the command will be rejected. If the quota is sufficient, the large model API will be called according to the command and the token usage will be deducted.

[0008] The aforementioned system may optionally include: a firewall deployed on the communication channel; the box-side device, the cloud SaaS platform, and the Connector service module are also used to form an outbound-only connection architecture; The outbound connection architecture is as follows: the box-end device does not need to be configured with a fixed public IP address and deployed on the enterprise intranet; the enterprise firewall does not need to be configured with inbound rules; the cloud SaaS platform is deployed on the public network and does not actively initiate connections to the box-end device, but only distributes tasks through the communication channel.

[0009] In the aforementioned system, optionally, the Thrift binary protocol combined with the HTTP long polling mechanism is as follows: the set-top device initiates an HTTP long polling request; the cloud SaaS platform suspends the connection when there are no tasks to be executed; and issues instructions in Thrift binary format when there are tasks. The Thrift binary protocol is used to serialize and parse task packages, material thumbnails, and metadata.

[0010] In the above system, optionally, the security verification objects of the dual-policy inspection module are: path whitelist verification, file size threshold verification, and download permission switch verification.

[0011] In the above system, optionally, the first line of security verification by the dual-policy checking module is local verification on the box-end device, and the second line of security verification is secondary verification by the cloud SaaS platform. The dual-policy checking module is also used to reject file operations and record audit logs if either line of verification fails.

[0012] Optionally, in the above system, the LLM call proxy module can replace the standard SDK's calling method with the decorator pattern during the initialization phase to achieve zero-intrusion interception.

[0013] Optionally, the aforementioned system allows the set-top box to synchronize material indexes and thumbnails to the cloud-based SaaS platform at preset intervals, receive and execute file retrieval tasks issued by the cloud-based SaaS platform, and complete material uploads.

[0014] In the above system, optionally, the timeout for suspending the connection is 30 seconds, and the delay for sending commands in Thrift binary format is less than 1 second.

[0015] In the aforementioned system, optionally, HTTP long polling requests are the only channel through which user requests reach the box-side device.

[0016] A secure access and intelligent management method for an enterprise-level private resource library box, used to implement a secure access and intelligent management system for an enterprise-level private resource library box as described in any of the preceding claims, includes the following steps: S1 connection establishment steps: The box-side device starts the Connector service, actively initiates an HTTPS outbound connection, and establishes a communication channel; S2 Task Monitoring Steps: The box-side device publishes file operation tasks or AI operation tasks through the communication channel using the Thrift binary protocol combined with the HTTP long polling mechanism; S3 command issuance steps: When the task type is a file operation task, issue a file operation command and execute S4; when the task type is an AI operation task, issue an AI operation command and execute S5. S4 Dual Validation Steps: Perform dual security verification according to the file operation instructions. If the verification passes, proceed with the file operation. If the verification fails, refuse to execute and record the audit log. Confirm the file operation result and execute S7. S5 agent invocation steps: Read environment variables; when the environment variables are cloud SaaS direct deployment environment, send invocation commands according to AI operation instructions. S6 quota management steps: Perform a quota pre-check; if the quota is insufficient, refuse to call the command; if the quota is sufficient, call the large model API according to the command and deduct the token usage; after the management is completed, confirm the AI ​​operation result. S7 Loop Reporting Steps: After the task is completed, the box-side device reports the file operation result or AI operation result and returns to S2.

[0017] As can be seen from the above technical solution, compared with the prior art, the present invention provides a secure access and intelligent management system and method for an enterprise-level private material library box, which has the following beneficial effects: (1) Extreme security: This invention establishes a one-way communication channel between the box device and the cloud SaaS platform through HTTPS outbound connection. The cloud SaaS platform does not actively initiate a connection to the box device, realizing a zero inbound port design. Unauthorized users cannot scan or connect to the box device on the intranet, meeting the highest level of network security compliance requirements for enterprise operation. (2) Real-time response: This invention utilizes the Thrift binary protocol combined with the HTTP long polling mechanism to control the delay of task distribution on the box terminal device to within 3 seconds, which is far superior to the minute-level delay of the traditional solution. The user experience is smooth and the efficiency of material management is improved. (3) Cost controllable: Before calling the large model API, the present invention performs a quota pre-check and rejects the call command of AI operation when the quota is insufficient. The quota management is accurate to the token level, which helps enterprises effectively control the cost of AI use and prevent budget overruns. (4) Developer-friendly: During the system initialization phase, the decorator pattern is used to replace the standard SDK's calling method, achieving a zero-intrusive interception design. This allows developers to focus on the underlying communication details without having to worry about the underlying communication details. A single codebase can be compatible with both SaaS and private deployments, reducing development costs and minimizing the financial expenditure on enterprise data management. (5) Consistent experience: In this invention, the box-end device synchronizes the material index and thumbnails according to a preset cycle, and completes the material upload according to the retrieval task. It supports direct retrieval of local offline materials in the cloud, providing a convenient experience consistent with pure SaaS. Attached Figure Description

[0018] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.

[0019] Figure 1This invention discloses a schematic diagram of a secure access and intelligent management system module for an enterprise-level private material library box; Figure 2 This is a schematic diagram of the overall architecture of a secure access and intelligent management system for an enterprise-level private material library box disclosed in an embodiment of the present invention; Figure 3 This is a schematic diagram of the active connection and Thrift long polling mechanism of the box-side device disclosed in an embodiment of the present invention; Figure 4 This is a schematic diagram of the dual-strategy check process in the file operation process disclosed in an embodiment of the present invention; Figure 5 This is a schematic diagram of the transparent proxy for LLM calls and the precise billing process based on tokens disclosed in an embodiment of the present invention; Figure 6 This is a schematic diagram illustrating the complete access and management process of the material library box as disclosed in an embodiment of the present invention; Among them, 1-Box terminal device, 2-Cloud SaaS platform, 3-Connector service module, 4-Dual policy check module, 5-LLM call proxy module, and 6-Token quota management module. Detailed Implementation

[0020] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0021] In this application, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. The terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes the element.

[0022] See Figure 1As shown, this invention discloses a secure access and intelligent management system for an enterprise-level private material library box, including a box-side device 1, a cloud-based SaaS platform 2, a Connector service module 3, a dual-policy check module 4, an LLM call proxy module 5, and a Token quota management module 6; the Connector service module 3 is deployed in the box-side device 1, and the dual-policy check module 4, the LLM call proxy module 5, and the Token quota management module 6 are respectively deployed in the cloud-based SaaS platform 2, with the LLM call proxy module 5 and the Token quota management module 6 connected.

[0023] Connector service module 3 is used to enable the box-end device 1 to establish an HTTPS outbound connection and establish a communication channel with the cloud SaaS platform 2; the box-end device 1 is used to publish file operation tasks or AI operation tasks through the communication channel using the Thrift binary protocol combined with the HTTP long polling mechanism; the cloud SaaS platform 2 is used to publish file operation instructions according to file operation tasks and AI operation instructions according to AI operation tasks. Dual-strategy inspection module 4 is used to perform dual security verification based on file operation instructions, including local verification by the box-side device 1 and secondary verification by the cloud SaaS platform 2. LLM calls the proxy module 5 to perform zero-intrusion interception and read environment variables. When the environment variable is the box's private deployment environment, the request is forwarded to the cloud SaaS platform 2. When the environment is the cloud SaaS platform 2's direct deployment environment, the call command is sent according to the AI ​​operation instructions. The Token quota management module 6 is used to perform quota pre-checks. If the quota is insufficient, the command will be rejected. If the quota is sufficient, the large model API will be called according to the command and the token usage will be deducted.

[0024] Based on the above embodiments disclosed in this invention, in order to solve the problems of insufficient security isolation, poor real-time performance, insufficient policy execution, and lack of AI resource management in existing enterprise material resource management, referring to... Figure 2 This invention specifically employs an outbound connection-only architecture, Thrift long polling real-time task delivery, a dual policy checking mechanism, a zero-intrusive LLM call proxy, and Token quota fine-grained management to address the problems existing in the prior art.

[0025] Furthermore, Figure 2 In this context, the box-end device 1 is set up on the enterprise intranet and connects to the cloud SaaS platform 2 after passing through the firewall. The following section will combine... Figure 2 The core technical solution of the present invention will be discussed.

[0026] (1) Outbound connection only architecture

[0027] The terminal device 1 runs a persistent Connector service, proactively establishing an HTTPS outbound connection (port 443) with the cloud SaaS platform 2. The cloud SaaS platform 2 does not proactively initiate connections to the terminal device 1; it only distributes tasks through the established connection channel on the terminal device 1. This architecture eliminates the need for enterprises to apply for a fixed public IP address and requires no inbound firewall rules, fundamentally blocking external scanning and attacks on the internal network.

[0028] Optionally, the embodiments disclosed in this invention also include: a firewall deployed on the communication channel; the box-end device 1, the cloud SaaS platform 2, and the Connector service module 3 are also used to form an outbound-only connection architecture; The outbound connection architecture is as follows: the box device 1 does not need to be configured with a fixed public IP and is deployed on the enterprise intranet; the enterprise firewall does not need to be configured with inbound rules; the cloud SaaS platform 2 is deployed on the public network and does not actively initiate a connection to the box device 1, but only sends tasks through the communication channel.

[0029] (2) Thrift long polling real-time task distribution

[0030] To address the high latency issue of traditional polling, this invention employs the Thrift binary protocol combined with an HTTP long polling mechanism. A persistent Connector service is used to execute real-time Thrift long polling task distribution.

[0031] The long polling process is as follows: after the box device 1 initiates a request, the cloud SaaS platform 2 will suspend the connection if there is no task (up to 30 seconds), and will return immediately once a task is available, achieving millisecond-level response.

[0032] Compared to the JSON protocol, the Thrift protocol uses Thrift binary serialization, which is smaller in size and faster to parse, making it particularly suitable for transmitting large amounts of thumbnails and metadata in low-bandwidth environments.

[0033] Optionally, the Thrift binary protocol combined with the HTTP long polling mechanism works as follows: the set-top device 1 initiates an HTTP long polling request, the cloud SaaS platform 2 suspends the connection when there are no tasks to be executed, and issues instructions in Thrift binary format when there are tasks; the Thrift binary protocol is used to serialize and parse task packages, material thumbnails and metadata.

[0034] Furthermore, the embodiments disclosed in this invention also include: a timeout period of 30 seconds for suspending the connection, and a delay of less than 1 second for issuing commands in Thrift binary format.

[0035] Furthermore, HTTP long polling requests are the only channel through which user requests reach the box-side device 1.

[0036] Reference Figure 3 The device (i.e., device 1) initiates an HTTPS connection to establish a connection with the cloud SaaS platform (i.e., cloud SaaS platform 2). The cloud SaaS platform (i.e., cloud SaaS platform 2) accesses the task queue to check for pending tasks. If there are no tasks in the task queue, the connection to the cloud SaaS platform remains suspended. If there are tasks in the task queue, the cloud SaaS platform (i.e., cloud SaaS platform 2) returns the task data to the cloud SaaS platform (i.e., cloud SaaS platform 2). The device (i.e., device 1) immediately responds to the task. Thus, the connection and access actions between the device (i.e., device 1) and the cloud SaaS platform (i.e., cloud SaaS platform 2) implement a long polling mechanism. The device (i.e., device 1) responds to instructions issued by the cloud SaaS platform (i.e., cloud SaaS platform 2) in Thrift binary format, enabling the device (i.e., device 1) to respond quickly with a latency of less than 1 second. After responding to the Thrift binary instructions, the device (i.e., device 1) parses and executes the task, and after completion, reports the execution result to the cloud SaaS platform (i.e., cloud SaaS platform 2), and the next round of long polling begins.

[0037] (3) Dual-strategy inspection mechanism

[0038] This invention constructs a dual security defense line of "local + cloud".

[0039] The local verification on the box device 1 forms the first line of defense. Before performing file upload / download, the local Connector service forcibly checks the path whitelist (to prevent directory traversal), file size limit (to prevent DoS attacks), and download permission switch.

[0040] The cloud-based SaaS platform 2 performs secondary verification as a second line of defense. When receiving file streams, it re-verifies the inspection strategy of the box-end device 1 in the first line of defense, ensuring that even if the box-end device 1 is compromised or generated without authorization, the cloud-based SaaS platform 2 can still intercept illegal operations.

[0041] Optionally, the security verification objects of the dual-policy inspection module 4 are: path whitelist verification, file size threshold verification, and download permission switch verification.

[0042] Furthermore, the first line of security verification of the dual-strategy inspection module 4 is local verification by the box-end device 1, and the second line of security verification is secondary verification by the cloud SaaS platform 2. The dual-strategy inspection module 4 is also used to reject file operations and record audit logs if either line of verification fails.

[0043] Reference Figure 4The dual-policy check in this embodiment of the invention begins upon receiving an upload task request. The first line of defense of the dual-policy check mechanism comes into play, performing local verification on the box-side device 1 and conducting a policy check on the box-side (i.e., box-side device 1). Specifically, this includes checking the path whitelist, file size, and download permissions. Only when all three checks pass will the next step of uploading be performed. If any check fails, the system will prohibit uploading and record the access log.

[0044] After uploading, the second line of defense of the dual-strategy check mechanism is activated, which performs secondary verification on the file path and file size. If all of them pass, the file is stored in object storage. If any item fails, the cloud SaaS platform 2 will intercept and delete the fragment.

[0045] (4) Zero-intrusive LLM invocation agent

[0046] Reference Figure 5 To address the issue of the inability of the box-side device 1 to directly access the large model API, this invention implements a transparent proxy at the code level. During system initialization, the proxy layer uses the decorator pattern (a software design pattern) to replace the calling methods of the standard SDK (such as OpenAISDK), achieving zero-intrusion interception. Based on the startup parameters configured during deployment, the system distinguishes between the box-side (i.e., box-side device 1) and the SaaS-side (i.e., cloud-based SaaS platform 2). When the system runs in the private deployment environment of the box-side (i.e., box-side device 1), requests to call the large model are automatically encapsulated and forwarded to the cloud proxy interface. In the cloud-based SaaS deployment environment of the cloud-based SaaS platform 2, requests forwarded from the box-side (i.e., box-side device 1) are received and processed to call the large model API. The business code can seamlessly switch operating environments without any modification.

[0047] Optionally, during the initialization phase, the LLM call proxy module 5 uses the decorator pattern to replace the standard SDK's calling method, achieving zero-intrusion interception.

[0048] (5) Refined management of token quotas

[0049] To prevent the abuse of AI resources, the system implements token-based quota management in the cloud. Combined with... Figure 5 Before each call, the consumption is estimated and the quota is checked. After the call is completed, the token is deducted accurately using atomic operation (AtomicUpdate), which effectively avoids billing errors under concurrent calls.

[0050] Reference Figure 6 Based on the disclosed core technical solutions, the embodiments of the present invention work together to form a complete closed loop for secure access and intelligent management of the material library box as follows: Establishing a connection channel: When the box (i.e., box device 1) starts up, the Connector service proactively initiates an HTTPS outbound connection (port 443) to the cloud SaaS platform 2. After completing authentication via a TLS handshake, it maintains a persistent connection. No inbound ports need to be opened on the enterprise firewall.

[0051] Continuous task monitoring: After the connection is established, the box (i.e., box device 1) immediately initiates a Thrift long poll (POST / poll). When there are no tasks on the cloud SaaS platform 2, the connection is suspended for a maximum of 30 seconds. When there are tasks, they are immediately sent in Thrift binary format with a latency of less than 1 second. Long polling is the only channel for user requests to reach the box (i.e., box device 1) during the collaborative operation of various solutions.

[0052] Task type routing: After receiving a DeviceJob (batch / scheduled task), the box end (i.e., box end device 1) enters the corresponding processing branch according to the task type: When the task type is a file operation (upload / download / retrieval), a dual-policy check is triggered (i.e., the dual-policy check mechanism in the above embodiment): the box end (i.e., box end device 1) first performs a local check on the path whitelist, file size limit and download permission. If all three items pass, the transmission is executed. When the cloud SaaS platform 2 receives the data, it independently verifies it again. If any defense fails, it is immediately rejected and the audit log is recorded.

[0053] When the task type is an AI-related operation (content generation / intelligent retrieval), the LLM call proxy (i.e., the zero-intrusive LLM call proxy in the above embodiment) and Token quota management (i.e., the fine-grained Token quota management in the above embodiment) are triggered: the proxy layer of the box-side device 1 (running in the box's private deployment environment) transparently intercepts the SDK call of the business code and forwards it to the cloud SaaS platform 2; the cloud SaaS platform 2 performs a quota pre-check before calling the large model. If the quota is insufficient, it directly rejects the call (without incurring any fees). If the quota is sufficient, it proxies the call and atomically deducts the Token usage.

[0054] Results Report: After the task is completed, the box device 1 reports the results via POST / report, and then initiates the next round of long polling to enter the next loop.

[0055] Optionally, the embodiments disclosed in this invention further include: the box-end device 1 synchronizes the material index and thumbnails to the cloud SaaS platform 2 at a preset cycle, receives and executes the file retrieval task issued by the cloud SaaS platform 2, and completes the material upload.

[0056] Specifically, index synchronization includes: the set-top device 1 periodically (every 5 minutes by default) reports the local material index RemoteDriveItem via the Thrift protocol, including the filename, path, and a 160x160 pixel JPEG thumbnail. Figure 2 Number stream. The cloud only stores the index and thumbnails, not the original file.

[0057] The file retrieval process specifically includes: when a user clicks "Insert" on the cloud SaaS platform 2 interface, a REQUEST_FILE type task is generated in the cloud; after the box device 1 polls for this task, it first verifies the local security policy, and if successful, uploads the file to the pre-signed URL generated by the cloud SaaS platform 2; after the upload is completed, the cloud SaaS platform 2 automatically replaces the corresponding thumbnail with the high-definition original image for the user to edit.

[0058] Based on the above embodiments of the present invention, the following describes the various technical implementation methods of the secure access and intelligent management system for the enterprise-level private material library box disclosed in the present invention.

[0059] For Box-side Device 1: Box-side Device 1 runs a Python-based Connector service, with the core data structures defined in the Connector protocol definition file.

[0060] Task structure: Define the DeviceJob structure, which includes kind (task type, such as REQUEST_FILE), payload (load parameters), and status (status).

[0061] Policy structure: Defines the DevicePolicy structure, which includes security parameters such as allowed_roots (list of allowed root directories), max_file_size_mb (maximum allowed file size), and allow_full_download (whether to allow full downloads).

[0062] Communication Protocol: Thrift binary serialization protocol is used. Compared to the traditional JSON format, the binary data stream generated by the Thrift protocol is about 30% smaller, greatly improving the efficiency of transmitting large amounts of thumbnails and metadata in weak network environments.

[0063] For LLM zero-intrusion proxies: a transparent proxy layer based on the decorator pattern is implemented in LLM proxy module 5 as follows: Environment awareness: When the system starts, it reads environment variables to determine the current deployment environment (private box deployment environment or cloud SaaS direct deployment environment). The decorator pattern takes effect during the initialization phase in both deployment environments, the only difference being the runtime branch: in the private box deployment environment, request forwarding is triggered, while in the cloud SaaS direct deployment environment, it is called directly.

[0064] Method hijacking: Automatically replaces standard methods such as openai.Client.chat.completions.create during system initialization.

[0065] Transparent forwarding: Intercepted requests are serialized and forwarded to the cloud LLM proxy interface via HTTP POST. The request header carries the X-Device-Key as the device identity credential, eliminating the need to hardcode the key in the code.

[0066] Streaming support: Fully supports the Server-SentEvents (SSE) protocol, forwarding the streaming response from the cloud to the local caller as is, maintaining the smoothness of the typewriter effect.

[0067] For token quota management implementation: See [reference] Figure 5 The cloud-based SaaS platform 2 achieves precise quota control through the Django model: Model fields: Add the token_quota (total quota) and used_tokens (used amount) fields to the Device table.

[0068] Check logic: Before processing the LLM request, first calculate whether used_tokens + estimated_input exceeds token_quota. If it overflows, return 403 Forbidden directly.

[0069] Atomic Update: After the LLM call completes, an atomic database update operation is performed using Django's F() expression: Device.objects.filter(pk=device_id).update(used_tokens=F('used_tokens')+real_usage).

[0070] This approach effectively avoids billing loss issues caused by race conditions in high-concurrency scenarios.

[0071] and Figure 1 Corresponding to the system shown, this invention also discloses a secure access and intelligent management method for an enterprise-level private material library box, used to achieve, for example... Figure 1 The system shown includes the following steps: S1 connection establishment steps: The box-side device 1 starts the Connector service, actively initiates an HTTPS outbound connection, and establishes a communication channel; S2 Task Monitoring Steps: The box-side device 1 publishes file operation tasks or AI operation tasks through the communication channel using the Thrift binary protocol combined with the HTTP long polling mechanism; S3 command issuance steps: When the task type is a file operation task, issue a file operation command and execute S4; when the task type is an AI operation task, issue an AI operation command and execute S5. S4 Dual Validation Steps: Perform dual security verification according to the file operation instructions. If the verification passes, proceed with the file operation. If the verification fails, refuse to execute and record the audit log. Confirm the file operation result and execute S7. S5 agent invocation steps: Read environment variables. When the environment variables are cloud SaaS platform 2 direct deployment environment, send invocation commands according to AI operation instructions. S6 quota management steps: Perform a quota pre-check; if the quota is insufficient, refuse to call the command; if the quota is sufficient, call the large model API according to the command and deduct the token usage; after the management is completed, confirm the AI ​​operation result. S7 Loop Reporting Steps: After the task is completed, the box-side device 1 reports the file operation result or AI operation result and returns to S2.

[0072] The above description of the disclosed embodiments enables those skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A secure access and intelligent management system for an enterprise-level private resource library box, characterized in that, It includes a set-top box device, a cloud SaaS platform, a Connector service module, a dual policy check module, an LLM call proxy module, and a Token quota management module. The Connector service module is deployed in the set-top box device, while the dual policy check module, LLM call proxy module, and Token quota management module are deployed in the cloud SaaS platform. The LLM call proxy module and the Token quota management module are connected. The Connector service module enables the set-top device to establish an HTTPS outbound connection and communication channel with the cloud SaaS platform; the set-top device uses the Thrift binary protocol combined with the HTTP long polling mechanism to publish file operation tasks or AI operation tasks through the communication channel; the cloud SaaS platform publishes file operation instructions based on file operation tasks and AI operation instructions based on AI operation tasks. The dual-strategy check module is used to perform dual security verification based on file operation instructions, including local verification on the device and secondary verification on the cloud SaaS platform. LLM calls the proxy module to perform zero-intrusion interception and read environment variables. When the environment variable is a private deployment environment of the box, the request is forwarded to the cloud SaaS platform. When it is a direct deployment environment of the cloud SaaS, the call command is sent according to the AI ​​operation instructions. The Token quota management module is used to perform pre-quota checks. If the quota is insufficient, the command will be rejected. If the quota is sufficient, the large model API will be called according to the command and the token usage will be deducted.

2. The secure access and intelligent management system for an enterprise-level private material library box according to claim 1, characterized in that, Also includes: Firewalls are deployed on the communication channel; the box-side devices, cloud SaaS platform, and Connector service module are also used to form an outbound-only connection architecture. The outbound connection architecture is as follows: the box-end device does not need to be configured with a fixed public IP address and deployed on the enterprise intranet; the enterprise firewall does not need to be configured with inbound rules; the cloud SaaS platform is deployed on the public network and does not actively initiate connections to the box-end device, but only distributes tasks through the communication channel.

3. The secure access and intelligent management system for an enterprise-level private material library box according to claim 1, characterized in that, The Thrift binary protocol combined with the HTTP long polling mechanism works as follows: the set-top device initiates an HTTP long polling request; the cloud SaaS platform suspends the connection when there are no tasks to be executed; and issues instructions in Thrift binary format when there are tasks. The Thrift binary protocol is used to serialize and parse task packages, material thumbnails, and metadata.

4. The secure access and intelligent management system for an enterprise-level private material library box according to claim 1, characterized in that, The security verification objects of the dual-policy inspection module are: path whitelist verification, file size threshold verification, and download permission switch verification.

5. The secure access and intelligent management system for an enterprise-level private material library box according to claim 1, characterized in that, The dual-strategy check module's security verification first line of defense is local verification on the set-top device, and the second line of defense is secondary verification by the cloud SaaS platform. The dual-strategy check module is also used to reject file operations and record audit logs if either line of defense fails verification.

6. The secure access and intelligent management system for an enterprise-level private material library box according to claim 1, characterized in that, During the initialization phase, the LLM call proxy module uses the decorator pattern to replace the standard SDK's calling methods, achieving zero-intrusion interception.

7. The secure access and intelligent management system for an enterprise-level private material library box according to claim 1, characterized in that, Also includes: The set-top device synchronizes material indexes and thumbnails to the cloud SaaS platform at preset intervals, receives and executes file retrieval tasks issued by the cloud SaaS platform, and completes material upload.

8. The secure access and intelligent management system for an enterprise-level private material library box according to claim 3, characterized in that, Also includes: The timeout for suspending a connection is 30 seconds, and the latency for sending commands in Thrift binary format is less than 1 second.

9. The secure access and intelligent management system for an enterprise-level private material library box according to claim 3, characterized in that, HTTP long polling requests are the only channel through which user requests reach the device at the box end.

10. A method for secure access and intelligent management of an enterprise-level private resource library box, characterized in that, To implement a secure access and intelligent management system for an enterprise-level private material library box as described in any one of claims 1-9, the system includes the following steps: S1 connection establishment steps: The box-side device starts the Connector service, actively initiates an HTTPS outbound connection, and establishes a communication channel; S2 Task Monitoring Steps: The box-side device publishes file operation tasks or AI operation tasks through the communication channel using the Thrift binary protocol combined with the HTTP long polling mechanism; S3 command issuance steps: When the task type is a file operation task, issue a file operation command and execute S4; when the task type is an AI operation task, issue an AI operation command and execute S5. S4 Dual Validation Steps: Perform dual security verification according to the file operation instructions. If the verification passes, proceed with the file operation. If the verification fails, refuse to execute and record the audit log. Confirm the file operation result and execute S7. S5 agent invocation steps: Read environment variables; when the environment variables are cloud SaaS direct deployment environment, send invocation commands according to AI operation instructions. S6 quota management steps: Perform a quota pre-check; if the quota is insufficient, refuse to call the command; if the quota is sufficient, call the large model API according to the command and deduct the token usage; after the management is completed, confirm the AI ​​operation result. S7 Loop Reporting Steps: After the task is completed, the box-side device reports the file operation result or AI operation result and returns to S2.