An AI-enhanced network access control system

By integrating multi-dimensional features and biometric technology, the AI-enhanced network access control system solves the problems of static judgment and one-sided risk assessment in traditional systems, and achieves dynamic and accurate risk assessment and identity verification, thereby improving the intelligence and security of network access control.

CN122179212APending Publication Date: 2026-06-09SHIJIAZHUANG ANJIE FUTURE TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHIJIAZHUANG ANJIE FUTURE TECHNOLOGY CO LTD
Filing Date
2026-03-27
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Traditional network access control systems rely on static permission allocation and single-dimensional feature judgment, which cannot fully cover risk factors and lack the ability to identify new attack methods, resulting in insufficient defense capabilities and difficulty in adapting to dynamic network attack scenarios.

Method used

The AI-enhanced network access control system includes an access request collection module, an AI intelligent analysis module, a dynamic permission decision-making module, and a feedback optimization module. It uses a weighted summation algorithm to fuse multi-dimensional features for risk assessment and combines multimodal biometrics and AI anti-spoofing technology to achieve dynamic and precise access control.

Benefits of technology

It enhances the intelligence and security of network access control, enabling it to adapt to new types of network attacks, achieve dynamic and accurate risk assessment and authentication, and strengthen the system's defense capabilities.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179212A_ABST
    Figure CN122179212A_ABST
Patent Text Reader

Abstract

This invention proposes an AI-enhanced network access control system, characterized by comprising an access request acquisition module, an AI intelligent analysis module, a dynamic permission decision-making module, an access execution module, and a feedback optimization module. Through the collaborative work of multiple modules and combined with AI intelligent analysis technology, this invention effectively addresses the shortcomings of traditional network access control systems in static judgment and one-sided risk assessment, achieving dynamic, precise, and intelligent control of network access. The access request acquisition module uses SSL / TLS or the national cryptographic standard SM4 to encrypt information transmission, effectively preventing access request information from being tampered with or stolen, ensuring the security of information transmission. This invention can continuously adapt to new network attack scenarios, improving long-term defense capabilities, and comprehensively enhancing the intelligence, security, and adaptability of the network access control system. It can be widely applied in various fields with high network security requirements, such as finance, government affairs, and enterprises, and has good practicality and promotional value.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network security technology, and in particular to an AI-enhanced network access control system. Background Technology

[0002] With the rapid development and widespread application of computer network technology, networks have become the core support for the digital transformation of various industries. Network access control, as a core means of ensuring network security, directly relates to the security of network resources and data assets through its security and intelligence. Currently, network attacks are evolving towards automation, concealment, and large-scale operations, with new attack methods such as AI agents constantly emerging. Traditional network access control systems are no longer sufficient to meet the security protection needs of complex network environments. Therefore, developing a network access control system that integrates AI technology and possesses dynamic defense and adaptive optimization capabilities has become an important research direction in the field of network security.

[0003] Most existing network access control systems employ static permission allocation and fixed rule-based judgment, which can only achieve simple authentication and access interception. This results in technical problems such as incomplete risk assessment and insufficient defense capabilities. Specifically, traditional systems rely heavily on single-dimensional feature judgments for risk assessment, failing to comprehensively cover multiple risk factors such as the access subject, access environment, and access behavior. Furthermore, once permission rules are set, they remain fixed and cannot adapt to dynamically changing network attack scenarios. Simultaneously, traditional systems lack the ability to identify new attack methods such as deepfakes, making authentication security difficult to guarantee. They also cannot self-optimize based on historical access data and attack samples, causing their defense capabilities to gradually lag behind the development of attack technologies. This makes them unable to effectively intercept new network attacks and fails to meet the needs of sectors with high network security requirements, such as finance and government. Summary of the Invention

[0004] In view of this, in order to solve the problems existing in the technical background, the present invention proposes an AI-enhanced network access control system. Specifically, it includes the following: An AI-enhanced network access control system, characterized by comprising an access request acquisition module, an AI intelligent analysis module, a dynamic permission decision module, an access execution module, and a feedback optimization module; the access request acquisition module collects access request information from access subjects; the AI ​​intelligent analysis module receives the information, performs risk assessment, and outputs the assessment result; the dynamic permission decision module generates access permission instructions based on the assessment result; the access execution module executes the corresponding access operation; the feedback optimization module collects execution data and feeds it back to the AI ​​intelligent analysis module to optimize the model; wherein, the AI ​​intelligent analysis module uses a weighted summation algorithm to calculate the risk score, the formula being... ; In the formula, R is the comprehensive risk score, and n is the number of feature dimensions. The weight of the i-th dimension and satisfying ; Standardize the score for the i-th dimension (0-100 points); the formula integrates multi-dimensional features to achieve accurate risk quantification, with weights... AI adaptively adjusts itself using historical data and attack samples, overcoming the shortcomings of traditional systems' static judgment and one-sided risk assessment.

[0005] In some embodiments of the present invention, the access request information includes the access subject identifier, access target resource information, access environment parameters and access behavior characteristics. The access request collection module uses SSL / TLS protocol or national cryptographic SM4 protocol to encrypt the transmission of information to prevent the information from being tampered with or stolen.

[0006] In some embodiments of the present invention, the AI ​​intelligent analysis module includes an identity authentication unit, a behavior anomaly detection unit, and a resource sensitivity assessment unit. The three work together to achieve comprehensive risk assessment and improve the system's intelligent defense capabilities.

[0007] In some embodiments of the present invention, the identity authentication unit employs multimodal biometrics combined with AI anti-spoofing technology, which can identify deepfake biometric data and ensure the accuracy of identity verification.

[0008] The above technical solution has the following beneficial effects: This invention, through multi-module collaborative operation and combined with AI intelligent analysis technology, effectively solves the shortcomings of traditional network access control systems in static judgment and one-sided risk assessment, achieving dynamic, precise, and intelligent control of network access. The access request collection module uses SSL / TLS or the national cryptographic standard SM4 to encrypt information transmission, effectively preventing access request information from being tampered with or stolen, ensuring the security of information transmission. The AI ​​intelligent analysis module integrates multi-dimensional features and achieves precise risk quantification through a weighted summation algorithm, with weights adaptively adjusted by AI based on historical data and attack samples. Simultaneously, by combining multimodal biometrics and AI anti-forgery technology, it can accurately identify deeply forged biometric data, significantly improving the accuracy of identity verification and the comprehensiveness of risk assessment. This invention can continuously adapt to new network attack scenarios, enhancing long-term defense capabilities and comprehensively improving the intelligence, security, and adaptability of the network access control system. It can be widely applied in various fields with high network security requirements, such as finance, government, and enterprises, and has good practicality and promotional value. Attached Figure Description

[0009] Figure 1 This is a schematic diagram of the structure of an AI-enhanced network access control system according to the present invention. Detailed Implementation

[0010] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0011] Example 1: See Figure 1 The illustrated AI-enhanced network access control system includes an access request acquisition module, an AI intelligent analysis module, a dynamic permission decision module, an access execution module, and a feedback optimization module. The access request acquisition module collects access request information from accessing entities. The AI ​​intelligent analysis module receives this information, performs a risk assessment, and outputs the assessment result. The dynamic permission decision module generates access permission instructions based on the assessment result. The access execution module executes the corresponding access operation. The feedback optimization module collects execution data and feeds it back to the AI ​​intelligent analysis module to optimize the model. The AI ​​intelligent analysis module uses a weighted summation algorithm to calculate the risk score, as shown in the formula: ; In the formula, R is the comprehensive risk score, and n is the number of feature dimensions. The weight of the i-th dimension and satisfying ; Standardize the score for the i-th dimension (0-100 points); the formula integrates multi-dimensional features to achieve accurate risk quantification, with weights... AI adaptively adjusts itself using historical data and attack samples, overcoming the shortcomings of traditional systems' static judgment and one-sided risk assessment.

[0012] Example 2, based on Example 1, in this example, the access request information includes the access subject identifier, access target resource information, access environment parameters, and access behavior characteristics. The access request collection module uses SSL / TLS protocol or the national cryptographic SM4 protocol to encrypt the transmitted information to prevent information from being tampered with or stolen. The AI ​​intelligent analysis module includes an identity authentication unit, a behavior anomaly detection unit, and a resource sensitivity assessment unit. These three work together to achieve comprehensive risk assessment and improve the system's intelligent defense capabilities. The identity authentication unit uses multimodal biometrics combined with AI anti-spoofing technology to identify deeply forged biometric data, ensuring the accuracy of identity verification.

[0013] Example 3, based on Example 1, in this example, the access request acquisition module serves as the system's information input terminal, capturing all network access requests initiated by the accessing subject in real time and comprehensively collecting access request information. The access request information includes the accessing subject identifier, access target resource information, access environment parameters, and access behavior characteristics. The accessing subject identifier is used to distinguish different access initiators, the access target resource information is used to clarify the location and type of network resource that the accessing subject wants to access, the access environment parameters are used to record scenario data such as device information, network environment, and geographical location at the time of access initiation, and the access behavior characteristics are used to capture behavioral data such as the accessing subject's operating habits, access frequency, and access duration.

[0014] In this embodiment, the access request collection module uses SSL / TLS protocol or the national cryptographic SM4 protocol to encrypt the transmitted access request information. By establishing a secure encrypted transmission channel, the information is prevented from being tampered with, stolen or intercepted during transmission, ensuring that the collected access request information is transmitted to the AI ​​intelligent analysis module in a true and complete manner.

[0015] The AI ​​intelligent analysis module receives encrypted access request information transmitted from the access request collection module. It first decrypts the encrypted information and then performs a comprehensive risk assessment on the decrypted access request information. This module includes an identity authentication unit, a behavior anomaly detection unit, and a resource sensitivity assessment unit. These three units work together to achieve a comprehensive risk assessment. The identity authentication unit uses multimodal biometrics combined with AI anti-spoofing technology. By collecting multimodal biometric data such as the user's face and voiceprint, it uses AI anti-spoofing algorithms to identify deepfake biometric data, effectively defending against attacks such as AI face-swapping and high-definition video re-encoding, ensuring the accuracy of identity verification. The behavior anomaly detection unit analyzes the user's access behavior characteristics and compares them with a normal behavior baseline formed by the AI ​​model through historical data training to identify abnormal access behaviors that deviate from the normal baseline. The resource sensitivity assessment unit grades the sensitivity of the accessed target resources to determine the access risk level of different resources. The AI ​​intelligent analysis module uses a weighted summation algorithm to calculate a comprehensive risk score, the formula of which is: ; In the formula, R is the comprehensive risk score, and n is the number of feature dimensions. The weight of the i-th dimension and satisfying ; Standardize the score for the i-th dimension (0-100 points); the formula integrates multi-dimensional features to achieve accurate risk quantification, with weights... AI adaptively adjusts itself using historical data and attack samples, overcoming the shortcomings of traditional systems' static judgment and one-sided risk assessment.

[0016] This formula integrates multiple dimensions of features, including identity verification, abnormal behavior, and resource sensitivity, to achieve precise risk quantification, and the weights are... AI adaptively adjusts its approach based on historical access data and known attack samples, eliminating the need for human intervention. This overcomes the shortcomings of traditional systems' static judgment and one-sided risk assessment. The AI ​​intelligent analysis module outputs a comprehensive risk score and risk assessment conclusion as the evaluation result to the dynamic permission decision module. The dynamic permission decision module receives the evaluation result from the AI ​​intelligent analysis module and, combined with the system's preset security policies and resource access rules, performs a threshold judgment on the comprehensive risk score. If the comprehensive risk score is below the preset security threshold, the access request is considered secure, generating an access permission instruction that allows access and clearly defining the scope of resources and operational permissions for the accessing subject. If the comprehensive risk score is above or equal to the preset security threshold, the access request poses a security risk, generating an access denial instruction. If the comprehensive risk score is within the preset intermediate threshold range, the access request has potential risks, generating an access restriction instruction that limits the accessing subject's operational scope and access duration. Simultaneously, the dynamic permission decision module transmits the generated access permission instructions to the access execution module in real time.

[0017] The access execution module receives access permission instructions transmitted by the dynamic permission decision module and executes the corresponding access operations according to the instructions. If the instruction is to allow access, a secure access channel is established for the access subject, allowing it to access the target network resources within the authorized scope. If the instruction is to deny access, the access request is directly intercepted, preventing the access subject from establishing a connection with the target resource. If the instruction is to restrict access, the access subject's access behavior is monitored in real time to ensure that it does not exceed the authorized scope. At the same time, the access execution module will feed back the execution results, access duration, operation content, and other execution data of the access operation to the feedback optimization module in real time.

[0018] The feedback optimization module continuously collects execution data transmitted by the access execution module, including the execution status of access permission instructions, the actual risks of access behavior, and anomalies such as false or missed interceptions. This data is organized and analyzed to extract effective feature information, which is then fed back to the AI ​​intelligent analysis module. The AI ​​intelligent analysis module uses this feedback data to update the training sample set, retrain the risk assessment model, and adaptively adjust the weights w_i of each dimension in the weighted summation algorithm. This optimizes the recognition accuracy of units such as identity authentication and abnormal behavior detection, enabling the system to continuously adapt to new network attack scenarios and changes in access behavior, thereby continuously improving the accuracy of risk assessment and the rationality of access control.

[0019] This application example demonstrates intranet access within the financial industry. An employee initiates an access request to the core accounting system. The system collects request information including the employee's identity, access target, office terminal information, and operational behavior, and transmits this information encrypted via the SM4 protocol to the AI ​​intelligent analysis module. The module evaluates the employee from three dimensions: identity, behavior, and resource sensitivity. Assuming n=3, the AI ​​adaptively adjusts the weights w1=0.5, w2=0.3, and w3=0.2, with standardized scores for each dimension: s1=90, s2=85, and s3=95. The calculated R = 0.5×90 + 0.3×85 + 0.2×95 = 90.5. This score is below the financial industry's preset security threshold of 95. The dynamic permission decision module generates an access permission instruction, the access execution module establishes an encrypted access channel and limits the scope of operations, and the feedback optimization module collects the access data to provide a basis for subsequent model weight adjustments and risk assessment optimization.

[0020] The basic principles and main features of the present invention have been described above. Those skilled in the art should understand that the present invention is not limited to the above embodiments. The embodiments and descriptions in the specification are only illustrative of the principles of the present invention. Various changes and modifications can be made to the present invention without departing from the spirit and scope of the present invention. All such changes and modifications fall within the scope of the present invention as claimed. The scope of protection of the invention is defined by the appended claims and their equivalents.

Claims

1. An AI-enhanced network access control system, characterized by, It includes an access request collection module, an AI intelligent analysis module, a dynamic permission decision module, an access execution module, and a feedback optimization module; the access request collection module collects access request information from the accessing subject; the AI ​​intelligent analysis module receives the information, performs risk assessment, and outputs the assessment results; The dynamic permission decision module generates access permission instructions based on the evaluation results; the access execution module executes the corresponding access operation; the feedback optimization module collects execution data and feeds it back to the AI ​​intelligent analysis module to optimize the model; wherein, the AI ​​intelligent analysis module uses a weighted summation algorithm to calculate the risk score, the formula is as follows: ; where R is the composite risk score, n is the number of feature dimensions, is the weight of the ith dimension and satisfies ; Standardize the score for the i-th dimension (0-100 points); the formula integrates multi-dimensional features to achieve accurate risk quantification, with weights... AI adaptively adjusts itself using historical data and attack samples, overcoming the shortcomings of traditional systems' static judgment and one-sided risk assessment.

2. The AI-enhanced network access control system according to claim 1, characterized in that, The access request information includes the access subject identifier, access target resource information, access environment parameters, and access behavior characteristics. The access request collection module uses SSL / TLS protocol or the national cryptographic SM4 protocol to encrypt the transmission of information to prevent the information from being tampered with or stolen.

3. The AI-enhanced network access control system according to claim 1, characterized in that, The AI ​​intelligent analysis module includes an identity authentication unit, a behavior anomaly detection unit, and a resource sensitivity assessment unit. The three work together to achieve comprehensive risk assessment and enhance the system's intelligent defense capabilities.

4. The AI-enhanced network access control system according to claim 3, characterized in that, The identity authentication unit employs multimodal biometrics combined with AI anti-spoofing technology, which can identify deeply forged biometric data and ensure the accuracy of identity verification.