Building information security management system and method based on big data analysis

The building information security management system based on big data analysis uses an access control card swipe module to obtain account information, an authentication module to determine the authorized time period, and a camera module to automatically switch to the highest resolution to capture video. This solves the problem of delayed anomaly identification in the existing system and enables timely risk identification and efficient response.

CN122244984APending Publication Date: 2026-06-19SHENZHEN ZHONGGANG CONSTR ENG CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHENZHEN ZHONGGANG CONSTR ENG CO LTD
Filing Date
2026-01-28
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing building information security management systems lack automatic anomaly identification mechanisms based on time, space, and personnel roles, resulting in security personnel being unable to identify risks in a timely manner, system response being delayed, and the inability to automatically trigger video surveillance and access control permission adjustments, leading to a problem of delayed response to security incidents.

Method used

The building information security management system, which adopts big data analysis, obtains account information through the access control card swiping module, verifies the permission period through the verification module, automatically switches the camera module to the highest resolution to capture video, and generates risk instructions when abnormal behavior occurs, linking network access control and access control permission adjustment.

Benefits of technology

It significantly shortens the time from abnormal behavior to risk detection, improves the clarity and completeness of evidence collection, reduces the workload of security personnel, and enhances the system's real-time perception capabilities and response efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122244984A_ABST
    Figure CN122244984A_ABST
Patent Text Reader

Abstract

This invention proposes a building information security management system and method based on big data analysis. By outputting structured card-swiping events with account, time, and access control location identifiers on the access control card-swiping module side, and introducing abnormal time period judgment based on permission configuration and time windows on the verification module side, the system automatically triggers the camera module to capture video of the access control card-swiping location at the highest resolution upon risk identification. This transforms the access control system from a mere post-event recording tool into a comprehensive security management platform that proactively issues risk warnings and simultaneously solidifies key video evidence at the moment abnormal access behavior occurs. This significantly shortens the time from the occurrence of abnormal access behavior to risk detection, reduces the workload of manual review by security personnel and the risk of missed checks, and automatically upgrades the acquisition specifications of relevant cameras at the initial stage of abnormal behavior, improving the clarity and completeness of evidence collection in high-risk access scenarios.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of building information security management system technology, and in particular to a building information security management system and method based on big data analysis. Background Technology

[0002] In large parks, office buildings, and data centers, multi-level security protection is usually set up for different floors and functional areas. Among them, computer rooms and finance offices are often key protection areas, and access control systems are used to control personnel access.

[0003] Existing buildings commonly use card swiping, fingerprint or facial recognition as identity verification methods to configure the scope of permissions for ordinary employees and managers, the floors and room types they can enter, and record information such as the time of card swiping, the location of the access point and the result of opening the door through the access control controller to support daily management and subsequent query.

[0004] While existing access control systems can record a large amount of entry and exit data, in practice, most systems only store access control records as independent logs for post-event tracing and simple statistical analysis. When abnormal situations occur, such as ordinary employees entering sensitive areas like computer rooms at night, or the same access card appearing at distant access points within a very short period, traditional systems typically rely on security personnel to manually review access control records, video surveillance footage, and on-site conditions to determine if abnormal behavior exists. Due to the lack of an automatic anomaly identification mechanism based on time, space, and personnel role, the system cannot identify risks in a timely manner when abnormal entry and exit behavior occurs. Security personnel often only discover problems through post-event verification after a security incident has already occurred or caused losses.

[0005] Furthermore, existing building information security management systems have limited inter-system linkage capabilities. Abnormal entry and exit events generated by access control systems typically do not automatically trigger coordinated actions such as adjusting video surveillance parameters, tightening network access control, or dynamically adjusting access permissions. Security centers also rely heavily on manual alarm reception and manual issuance of handling instructions. When high-risk situations arise, such as unauthorized personnel swiping to open the server room door during prohibited hours, or access cards appearing at multiple remote access points within physically impossible time intervals, the system lacks the ability to automatically drive coordinated responses from the video surveillance system, network access control system, and access permission configuration based on abnormal access behavior. This can easily lead to delayed responses to abnormal behavior, hindering the timely prevention of suspicious individuals from entering other sensitive areas. Summary of the Invention

[0006] Therefore, it is necessary to propose a building information security management system and method based on big data analysis to address the above problems.

[0007] This application proposes a building information security management system based on big data analysis, the system comprising: The access control card swiping module is used to obtain the account information stored on the target card when the target card performs an access control card swiping operation. The verification module is used to obtain the corresponding permission time period based on the account information stored in the target card when an external card swipe operation occurs, and to determine whether the current card swipe time is in an abnormal time period. If so, a risk instruction is generated. The camera module executes the risk command to acquire video of the access control card swipe location at the highest resolution. In at least one embodiment of this application, the system further includes: The security verification module generates a notification signal and obtains the verification information of the higher-level authority when an external card swipe operation occurs, if the current card swipe time is outside the authorized time period of the target card.

[0008] In at least one embodiment of this application, the system further includes: When the abnormal behavior monitoring module detects card swiping behavior of the same target card at different access control points within a preset time period, it generates a restriction command and locks the target card. The access control card swiping module executes the restriction command to prevent unlocking.

[0009] A building information security management method based on big data analysis, applied to a building information security management system based on big data analysis as described in any one of the above-mentioned methods, the method comprising: When an external card is swiped, the account information stored on the target card at the access control point is obtained, and the target account information is generated. The period during which the target account information is granted permission is determined, and it is determined whether the period during which the permission is granted is an abnormal period. If so, a risk instruction is generated and executed to control the camera at the access control point to capture video of the card swipe location at the highest resolution.

[0010] In at least one embodiment of this application, the specific steps of determining whether the permission period for obtaining the target account information is in an abnormal period include: Establish an access control database based on user codes and access time periods; Parse the target account information to generate the target account user code; Map the target account user code to the permission management database to obtain the permission time period corresponding to the target account, and generate the target permission time period, which is the time period during which the target account can unlock the access control during working days; Determine whether the target permission period is in an abnormal period; if so, generate a risk instruction.

[0011] In at least one embodiment of this application, the step of determining whether the permission period for obtaining the target account information is an abnormal period further includes: If not, the above check will be performed again during the next card swipe operation.

[0012] In at least one embodiment of this application, the method further includes: When the card swiping behavior of the same target card is detected at different access control points within a preset time period, a restriction instruction is generated, the target card is locked, and the restriction instruction is executed to prevent unlocking.

[0013] In at least one embodiment of this application, the specific steps of generating a restriction command and locking the target card when card swiping behavior of the same target card is detected at different access control points within a preset time period, and executing the restriction command to prevent unlocking, further include: When card swiping behavior of the same target card is detected at different access control points within a preset time period, the access control location of the card swiping behavior within the preset time period is obtained, and a coordinate set is generated. Sort each coordinate in the coordinate set according to the time of the card swipe, and obtain the sorted coordinate set; Based on the sorted coordinate set, calculate the time required for the shortest path between the access control positions corresponding to two adjacent coordinate points to obtain the shortest time data; Obtain the time point of each card swipe, calculate the actual time interval data, and compare the actual time interval data with the shortest time data; If the time is less than the minimum time data, then the restriction instruction is generated.

[0014] In at least one embodiment of this application, the specific steps of obtaining the time point of each card swipe, calculating the actual time interval data, and comparing the actual time interval data with the shortest time data include: Sort the time points of the card swipe actions to obtain a sorted set of time points; Calculate the interval between each pair of adjacent time points in the sorted time point set to generate the actual time interval data.

[0015] In at least one embodiment of this application, the specific steps of obtaining the time point of each card swipe, calculating the actual time interval data, and comparing the actual time interval data with the shortest time data further include: Each time interval in the actual time interval data is compared with the corresponding time data in the shortest time data. If there is a time interval shorter than the corresponding time data, the restriction instruction is generated.

[0016] The building information security management system and method based on big data analysis implemented in this embodiment will have at least the following beneficial effects: The aforementioned building information security management system and method based on big data analysis outputs structured card-swiping events with account, time, and access control location identifiers on the access control card-swiping module side, introduces abnormal time period judgment based on permission configuration and time window on the verification module side, and automatically triggers the camera module to capture video of the access control card-swiping location at the highest resolution after identifying risks. This makes the access control system no longer just a recording tool for post-event query, but a comprehensive security management platform that can proactively issue risk warnings and simultaneously solidify key video evidence at the moment abnormal access behavior occurs.

[0017] It can significantly shorten the time from the occurrence of abnormal entry and exit behavior to the discovery of risks, reduce the workload of security personnel in manual review and the risk of missed checks. At the same time, it automatically upgrades the acquisition specifications of relevant cameras in the initial stage of abnormal behavior, avoiding the problem of blurry or missing key images due to low default resolution or recording not being turned on, thereby improving the clarity and completeness of evidence collection in high-risk entry and exit scenarios. Attached Figure Description

[0018] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0019] in: Figure 1 This is a structural block diagram of a building information security management system based on big data analysis in one embodiment; Figure 2 This is a flowchart of a building information security management method based on big data analysis in one embodiment; Figure 3 This is a flowchart of a building information security management method based on big data analysis in another embodiment; Figure 4 This is a flowchart of a building information security management method based on big data analysis in another embodiment.

[0020] Explanation of main component symbols 100. A building information security management system based on big data analytics; 110. Access control card reader module; 120. Verification module; 130. Camera module; 140. Security verification module; 150. Abnormal behavior monitoring module. Detailed Implementation

[0021] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0022] This application proposes a building information security management system 100 based on big data analysis, the system comprising: The access control card swiping module 110 is used to obtain the account information stored on the target card when the external target card performs an access control card swiping operation.

[0023] The verification module 120 is used to obtain the corresponding permission time period based on the account information stored in the target card when an external card swipe operation occurs, and to determine whether the current card swipe time is in an abnormal time period. If so, a risk instruction is generated.

[0024] The camera module 130 executes the risk instruction to acquire video of the access control card swipe location at the highest resolution.

[0025] Please refer to Figure 1 In this embodiment, by outputting structured card-swiping events with account, time, and access control location identifiers on the access control card-swiping module 110 side, and introducing abnormal time period judgment based on permission configuration and time window on the verification module 120 side, and automatically triggering the camera module 130 to capture access control card-swiping location video at the highest resolution after identifying the risk, the access control system is no longer just a recording tool for post-event query, but a comprehensive security management platform that can proactively issue risk warnings and simultaneously solidify key video evidence at the moment abnormal access behavior occurs.

[0026] It can significantly shorten the time from the occurrence of abnormal entry and exit behavior to the discovery of risks, reduce the workload of security personnel in manual review and the risk of missed checks. At the same time, it automatically upgrades the acquisition specifications of relevant cameras in the initial stage of abnormal behavior, avoiding the problem of blurry or missing key images due to low default resolution or recording not being turned on, thereby improving the clarity and completeness of evidence collection in high-risk entry and exit scenarios.

[0027] By using risk commands as trigger points, the system can also be easily extended to link with other security subsystems such as network access control systems and dynamic adjustment of access permissions, thereby enhancing the real-time perception capability, response efficiency, and protection depth of building information security management as a whole.

[0028] The building information security management system 100 based on big data analysis provided in this application is installed in the security network of a large park, office building or data center. The system includes an access control card swiping module 110, a verification module 120 and a camera module 130. Each module is connected via a local area network or a dedicated security network.

[0029] The access control card swiping module 110 includes a card reader installed at each access control point and an access control control unit connected to the card reader. When an external target card approaches or touches the access control position, the card reader collects the account information stored in the card. The access control control unit combines the access control point identifier, card swiping time and other data to parse and encapsulate the card swiping event, generate target account information with account identifier, time information and access control position identifier and send it to the verification module 120, so that the card swiping event enters the background analysis process in the form of structured data.

[0030] The verification module 120 can be deployed on the server of the building information security management platform. After receiving the target account information, it accesses the pre-established permission configuration database based on the target account information to obtain security policy data such as the permission time period, job role, and area corresponding to the target account. It compares the current card swipe time with the permission time period to determine whether the current card swipe time is in an abnormal time period for the account. When it is determined to be an abnormal time period, it generates a risk instruction carrying the account identifier, access control point location, timestamp, and risk type, and sends it to the camera module 130 and other subsystems that need to be linked to achieve automatic identification of abnormal behaviors such as ordinary employees attempting to enter the computer room at night.

[0031] The camera module 130 is connected to the camera and video management unit near the access control point. After receiving a risk command, it parses the corresponding access control location from the risk command, calls the camera bound to that access control location, switches the camera to the preset highest resolution and higher frame rate working mode, and enables the key recording strategy to capture dynamic images of the access control card swipe location and its surrounding area with the highest definition. Risk marks are added to the corresponding video clips to facilitate quick review and comprehensive analysis later. Thus, the system can automatically capture and mark high-definition on-site images simultaneously when it detects card swipe behavior during abnormal periods, providing intuitive and accurate image evidence for subsequent security analysis and handling.

[0032] In at least one embodiment of this application, the system further includes: The security verification module 140 generates a notification signal and obtains the verification information of the higher-level authority when an external card swipe operation occurs, if the current card swipe time is outside the authorized time period of the target card.

[0033] Please refer to Figures 2-4In this embodiment, when an external card swipe operation occurs, the access control card swipe module 110 uploads the target card's account information, access control point location, and swipe time to the verification module 120. The verification module 120 determines whether the current swipe time is an abnormal time period relative to the permission time period configured for the target card.

[0034] The security verification module 140 can receive the judgment result output by the verification module 120, or share the permission configuration data and judgment rules with the verification module 120. When it is detected that the current card swipe time is an abnormal time period relative to the permission time period of the target card, it automatically generates a notification signal and sends the notification signal to the client terminal of the person with the higher level of permission.

[0035] For example, the security supervisor's workstation, the shift leader's console, or the department head's mobile terminal can simultaneously include information such as account identifier, access control point location, card swipe time, and current risk level in the notification signal, so that personnel with higher-level authority can understand the context of abnormal card swipe behavior as soon as possible.

[0036] The security verification module 140 also provides a human-computer interaction interface or communication interface for the higher-level authorized personnel to provide feedback on verification information. For example, it can collect the opinions of the higher-level authorized personnel on the handling of this abnormal card swiping behavior through password confirmation, two-factor authentication, electronic signature, or pass and refuse operation buttons. The feedback results, operator identity and operation time are encapsulated into the verification information of the higher-level authorized personnel and written back to the building information security management platform for subsequent linkage strategies (such as whether to continue to allow access, whether to temporarily lock the card, whether to upgrade the alarm level).

[0037] When the system detects card-swiping behavior during abnormal periods, it automatically sends a notification to the next higher level of authorized personnel. This avoids the passive situation where security personnel need to regularly review a large number of access control logs and video recordings to discover problems, shortens the time from when an anomaly occurs to when management becomes aware of it, and improves the efficiency of anomaly detection.

[0038] In at least one embodiment of this application, the system further includes: When the abnormal behavior monitoring module 150 detects card swiping behavior of the same target card at different access control points within a preset time period, it generates a restriction command and locks the target card. The access control card swiping module 110 executes the restriction command to prevent unlocking.

[0039] Please refer to Figures 2-4 In this embodiment, when abnormal conditions are met, the abnormal behavior monitoring module 150 generates a restriction instruction. The restriction instruction carries the target card identifier to be locked, the abnormal time period, the list of access control points involved, and the restriction policy type. The restriction instruction is then sent to the access control card swiping module 110 and the access control controller simultaneously.

[0040] After receiving the restriction command, the access control card swiping module 110 updates the local permission cache, marks the target card as locked, and returns a prohibition result for any subsequent card swiping request for the target card at any access control point. At the same time, it can trigger an alarm prompt, thereby automatically freezing the card's access permission when it detects suspected card duplication, card theft, or abnormally frequent cross-area card swiping behavior.

[0041] The abnormal behavior monitoring module 150 performs real-time analysis and identification of the same card being swiped across multiple access control points within a preset time period at the system level. Once the abnormal conditions are met, it actively generates a restriction instruction and locks the target card, significantly shortening the time interval between the occurrence of abnormal behavior and the implementation of restriction measures. This prevents suspicious persons from continuing to enter more floors and sensitive areas by relying on abnormal cards before security has noticed them.

[0042] The restriction commands are uniformly issued from the backend and executed by the access control card swiping module 110 at each access control point. This ensures that the locking policy takes effect quickly within the building area, avoiding management loopholes where only a single access control point is blocked while other access control points can still be opened. It effectively improves the automatic prevention capabilities against high-risk access behaviors such as card duplication and card misuse, and enhances the overall building information security protection level.

[0043] Specifically, the access control card swiping module 110 reports structured event data such as the target card's account information, access control point identifier, and card swiping time to the backend each time a card is swiped. The abnormal behavior monitoring module 150 extracts fields such as card number, timestamp, and access control location from these data and constructs a sliding time window according to a preset time period.

[0044] For example, a window can be set for one minute, three minutes, or a time length defined by a security policy, and card swipe records can be aggregated by card number within that time window.

[0045] The abnormal behavior monitoring module 150 counts the number of access control points and the spatial distance between access control points for each target card within the current preset time period. When the same target card is detected to have multiple card swipes at different access control points within the preset time period, the behavior is marked as an abnormal card swipe mode. The module can determine whether the card swipe trajectory has physically unreasonable cross-regional movement based on parameters such as the actual distance of the access control points and the normal movement speed model.

[0046] A building information security management method based on big data analysis, applied to a building information security management system 100 based on big data analysis as described in any one of the above-mentioned methods, the method comprising: S101. When performing an external card swipe operation, obtain the account information stored in the target card at the access control point and generate the target account information.

[0047] S102. Obtain the permission period for the target account information, and determine whether the permission period is in an abnormal period.

[0048] S103. If so, generate a risk instruction and execute the risk instruction to control the camera at the access control point to capture video of the access control card swipe location at the highest resolution.

[0049] Please refer to Figures 2-4 In this embodiment, when an external card swipe operation occurs, the card reader at the access control point obtains the account information stored in the target card, such as the card number, user number, or other account identifiers that can uniquely identify the user.

[0050] The access control unit formats the account information along with parameters such as access point identification and card swipe time to generate target account information corresponding to the card swipe event, and sends the target account information to the verification module 120.

[0051] After receiving the target account information, the verification module 120 obtains the permission time period corresponding to the target account based on the access permission management database of the target account information. For example, the access time configuration of the account during different time periods such as weekdays, holidays, and night shifts. The current card swipe time is compared with the permission time period to determine whether the current card swipe time falls outside the normal access time range preset for the account, thereby determining whether it belongs to an abnormal time period.

[0052] When an abnormal time period is determined, the verification module 120 generates a risk instruction according to preset rules. The risk instruction carries information such as the target account identifier, access control point location, current time, and risk type, and sends the risk instruction to the camera module 130.

[0053] After receiving the risk command, the camera module 130 parses the camera identifier corresponding to the access control card swipe location, controls the camera to switch from the normal monitoring mode to the preset highest resolution and higher frame rate mode, and simultaneously enables the key recording strategy to capture real-time video images of the access control card swipe location and its surrounding area with the highest clarity. The video clip is then marked and stored as a risk event, thereby simultaneously completing the identification of card swipe behavior during abnormal periods and the acquisition of high-definition images at the moment the card swipe event occurs.

[0054] The automatic anomaly identification process, which compares the account permission time period with the current card swipe time, enables the system to immediately determine that the card swipe behavior is abnormal when a regular employee swipes the card to open the computer room door at night, which is a high-risk scenario. This eliminates the need for security personnel to manually review a large number of access control records and surveillance footage afterward, effectively shortening the risk discovery time.

[0055] After detecting card swipes during abnormal periods, the system automatically issues a risk command, which triggers the camera module 130 to switch the corresponding camera to the highest resolution working mode and conduct key recording. This can significantly reduce the risk of blurry key images, missing details, or even no video available for review, thereby improving the clarity and completeness of evidence collection for security incidents.

[0056] In at least one embodiment of this application, the specific steps of determining whether the permission period for obtaining the target account information is in an abnormal period include: S201. Establish an access control database based on user codes and access time periods.

[0057] S202. Parse the target account information and generate the target account user code.

[0058] S203. Map the target account user code to the permission management database to obtain the permission time period corresponding to the target account, and generate the target permission time period, which is the time period during which the target account can unlock the access control during working days.

[0059] S204. Determine whether the target permission period is in an abnormal period. If so, generate a risk instruction.

[0060] Please refer to Figures 2-4 In this embodiment, the system first establishes an access control database based on the user code and the corresponding access time period. The access control database can be in the form of a relational database or a distributed key-value store. Each record includes at least the following fields: user code, job role, department, accessible floor / access point, and the start and end time period for card swiping on weekdays. This forms a standardized access time period configuration table for all personnel at the system level.

[0061] After an external card swipe operation occurs and target account information is generated, the verification module 120 parses the target account information, extracts the account identifier, and converts it into a target account user code that is consistent with the key value of the permission management database according to a predetermined rule. For example, by extracting the user segment from the card number, performing hash operation or encoding mapping on the original account, a user code that can be directly used for database indexing is generated.

[0062] Subsequently, the target account user code is mapped to the permission management database, the permission record corresponding to the user code is retrieved, the start and end time period during which the target account is authorized to unlock the access control during working days is obtained, and this time period is normalized into the target permission time period for subsequent comparison with the card swiping time.

[0063] In the actual judgment process, the system obtains the current card swipe time and compares the current time with the target permission time period. It can determine whether the current time falls outside the time interval of the target permission time period and regards the interval as an abnormal time period relative to the account.

[0064] The system verifies the target access time period by combining the high-risk time periods preset by the system (such as late at night, holiday shutdown periods, etc.). When it is determined that the current card swipe time belongs to an abnormal time period relative to the target account, the verification module 120 calls the judgment result of this embodiment, generates a risk instruction and attaches information such as the target account, access control point and risk type, and sends it to the camera module 130 and other security subsystems to trigger subsequent linkage actions.

[0065] It can quickly and accurately obtain the standard permission period of an account when a card swipe event occurs, avoiding misjudgments or omissions caused by manual memory or inconsistent table maintenance.

[0066] By dynamically generating target permission time periods from the database during weekday unlockable periods and using these as a benchmark to identify card-swiping behavior during abnormal periods, it is possible to make refined judgments on abnormal entry and exit behaviors during sensitive periods such as nighttime and holidays while ensuring smooth normal work operations, thereby reducing the false alarm rate caused by simply judging based on fixed blacklist and whitelist time periods.

[0067] In at least one embodiment of this application, the step of determining whether the permission period for obtaining the target account information is an abnormal period further includes: S205. If not, the above check will be performed again during the next card swipe operation.

[0068] Please refer to Figures 2-4 In this embodiment, whenever an external card swipe operation occurs at the access control point, the access control card swipe module 110 reports the target account information. The server-side verification module 120 and permission analysis submodule first obtain the target permission time period corresponding to the target account from the permission management database, and then compare the current card swipe time with the target permission time period to determine whether the current card swipe time belongs to an abnormal time period relative to the account.

[0069] If the determination result is negative, that is, the current card swipe time is within the target permission period or within the normal behavior period considered by the system, then in this embodiment, no risk instruction is generated. Instead, the card swipe behavior is recorded as a normal entry and exit record and written into the log or used for subsequent behavior model training. The verification module 120 then ends the detection process.

[0070] Subsequently, when the next external card swipe operation occurs, the system repeats the above detection process based on the new target account information, the current time, and the corresponding target permission period. This achieves a cyclical mechanism where, if not, the above detection is performed again in the next card swipe operation. This ensures that each card swipe event is independently included in the permission period and abnormal period determination process, without relying on manual periodic batch screening of historical records.

[0071] This ensures that the system detects each card swipe in real time based on the authorized time period, making anomaly identification a continuous process rather than relying on background scheduled tasks or manual spot checks.

[0072] When the judgment result is normal, the system will not generate unnecessary risk instructions or linkage actions, so as to avoid interfering with normal access behavior and avoid unnecessary consumption of computing and network resources, thereby maintaining the lightweight and stable operation of the system while ensuring the real-time detection.

[0073] In at least one embodiment of this application, the method further includes: When the card swiping behavior of the same target card is detected at different access control points within a preset time period, a restriction instruction is generated, the target card is locked, and the restriction instruction is executed to prevent unlocking.

[0074] In this embodiment, the system sets up abnormal behavior monitoring logic in the background to continuously receive the card swiping event stream reported by the access control card swiping module 110. Each card swiping event includes at least the account identifier of the target card, the access control point identifier, and the card swiping time.

[0075] The abnormal behavior monitoring logic uses a preset time period as the detection window, for example, set to several seconds to several minutes according to the size of the park and the distribution of buildings. All card swiping events are grouped by target card, and the card swiping trajectory of the same card at different access control points is counted within their respective time windows.

[0076] When the system detects that the same target card is swiped at multiple different access control points within the same preset time period, it identifies this behavior pattern as a high-risk situation of suspected card duplication, stolen card, or abnormal rapid movement across regions.

[0077] This triggers the abnormal behavior handling process in this embodiment, generates a restriction instruction, specifies the target card identifier to be restricted, the time period that triggered the abnormality, and the optional restriction policy identifier in the restriction instruction, and sends the restriction instruction to each access controller and access card swiping module 110.

[0078] After receiving a restriction command, the access control card swiping module 110 marks the corresponding target card as locked in the local cache. For subsequent card swiping requests initiated by the target card at any access control point, it will no longer allow access according to the regular permission table, but will directly provide a result of prohibiting unlocking based on the restriction command. At the same time, it can trigger a local audible and visual alarm or report an alarm event to the security platform. Thus, at the security level, when the same target card is detected to be swiped at different access control points within a preset time period, a restriction command is generated, the target card is locked, and the restriction command is executed to prohibit unlocking.

[0079] By adding trajectory monitoring across multiple access control points within a preset time period, and automatically generating restriction instructions, locking the target card, and prohibiting the card from being unlocked subsequently when the conditions are met, the system can automatically respond to abnormal cross-regional card swiping behavior as soon as it occurs, significantly shortening the time interval between the occurrence of abnormal behavior and the generation of control actions, and reducing the lag caused by relying on manual screening.

[0080] The restriction command takes effect uniformly throughout the entire building or the entire park, avoiding the security loophole of only prohibiting access at a single access point while other access points can still be opened by abnormal cards. This enhances the overall automatic prevention and control capabilities against risks such as card duplication and card misuse, and improves the intelligence and response efficiency of the building information security management system.

[0081] In at least one embodiment of this application, the specific steps of generating a restriction command and locking the target card when card swiping behavior of the same target card is detected at different access control points within a preset time period, and executing the restriction command to prevent unlocking, further include: S301. When the card swiping behavior of the same target card is detected at different access control points within a preset time period, the access control location of the card swiping behavior within the preset time period is obtained and a coordinate set is generated.

[0082] S302. Sort each coordinate in the coordinate set according to the time point of the card swiping behavior to obtain the sorted coordinate set.

[0083] S303. Calculate the time required for the shortest path between two adjacent coordinate points corresponding to the access control positions based on the sorted coordinate set, and obtain the shortest time data.

[0084] The time point of each card swipe is obtained, the actual time interval data is calculated, and the actual time interval data is compared with the shortest time data.

[0085] If the time is less than the minimum time data, then the restriction instruction is generated.

[0086] Please refer to Figures 2-4In this embodiment, when the background detects that the same target card is swiped at multiple access control points within a preset time period, the system first extracts all access control location identifiers related to the target card within the time period from the card swiping event stream, and converts each access control point into a coordinate point containing planar coordinates and floor information based on basic data such as building floor plan, floor elevation, and passage layout, thereby generating a coordinate set representing the distribution of the target card's card swiping locations within the preset time period.

[0087] Subsequently, the system sorts the coordinates in the coordinate set according to the time point corresponding to each card swipe, resulting in a coordinate sequence arranged in chronological order. This sequence reflects the entry and exit trajectory of the target card in the building space.

[0088] After obtaining the sorted set of coordinates, the system calculates the shortest movement time required on the physical path from the previous access control position to the next access control position for each pair of adjacent coordinate points in the sequence, taking into account the passable paths inside the building (such as corridors, stairs, elevators, connecting corridors, etc.) and the preset maximum reasonable movement speed of a human or an object carrying a card. These shortest movement times are then summarized into the shortest time data.

[0089] The system extracts the time difference of each pair of adjacent card swipes from the card swipe event records and calculates the actual time interval data.

[0090] Finally, the system compares each actual time interval with the corresponding shortest time data one by one. When it detects that a certain actual time interval is less than the time required for the corresponding shortest path, it determines that the card swiping trajectory of the target card within the preset time period does not conform to the normal physical movement pattern and belongs to highly suspicious card copying or card theft behavior. Based on the condition being met, a restriction instruction is generated and sent to the access control side to lock the target card. The access control card swiping module 110 then prohibits the card from being unlocked subsequently according to the restriction instruction.

[0091] The system can objectively characterize the physical feasibility of a target card's entry and exit trajectory within a preset time period based on the actual structure of the building and reasonable movement speed. This effectively distinguishes between the different situations where the same card moves normally between adjacent access control points and the same card crosses a distant access control point within a physically impossible time interval, significantly reducing the false alarm rate caused by relying solely on time windows and frequency thresholds.

[0092] Once the actual time interval is found to be less than the time required for the shortest path, the system can automatically generate a restriction instruction and lock the target card without waiting for manual verification. This enhances the system's ability to prevent copied or stolen cards from being used to continuously attempt to enter multiple sensitive areas, thus improving its automatic defense capabilities against high-risk abnormal entry and exit behaviors.

[0093] In at least one embodiment of this application, the specific steps of obtaining the time point of each card swipe, calculating the actual time interval data, and comparing the actual time interval data with the shortest time data include: S304. Sort the time points of the card swiping behavior to obtain the sorted set of time points.

[0094] S305. Calculate the interval between each pair of adjacent time points in the sorted time point set to generate the actual time interval data.

[0095] Please refer to Figures 2-4 In this embodiment, the abnormal behavior monitoring logic extracts the time points corresponding to all card swiping behaviors of the target card within a preset time period from the card swiping event stream, sorts these time points according to their chronological order, and generates a sorted set of time points. This set reflects the time sequence of the target card entering and exiting each access control point within the time window.

[0096] Subsequently, the system sequentially takes each pair of adjacent time points from the sorted time point set, calculates the time difference between the next time point and the previous time point, and summarizes the obtained time differences to form the actual time interval data between adjacent card swiping behaviors of the target card within the preset time period.

[0097] For the card swiping trajectory of the same target card at different access control points, the system obtains a set of time interval sequences that correspond one-to-one with the sorted coordinate set. Subsequently, the actual time interval data can be compared item by item with the shortest time data obtained by modeling the building space path and movement speed to determine whether the card swiping trajectory meets the physical accessibility in the time dimension, thus providing an accurate time basis for whether to generate a restriction instruction and lock the target card.

[0098] By sorting the card swiping times of the same card within a preset time period and calculating the time interval between adjacent times one by one, the originally discrete and messy timestamps are transformed into structured time interval data, so that the actual time interval and the shortest path time form a one-to-one correspondence, thereby building a time judgment basis that can be directly quantified and compared at the algorithm level.

[0099] In at least one embodiment of this application, the specific steps of obtaining the time point of each card swipe, calculating the actual time interval data, and comparing the actual time interval data with the shortest time data further include: S306. Compare each time interval in the actual time interval data with the corresponding time data in the shortest time data.

[0100] S307. If there is a time interval shorter than the corresponding time data, then the restriction instruction is generated.

[0101] Please refer to Figures 2-4 In this embodiment, the multiple card swipes of the target card within a preset time period can be numbered in chronological order as the 1st swipe, the 2nd swipe, ... the nth swipe. The kth time interval in the actual time interval data is defined as the time difference from the kth swipe time to the (k+1)th swipe time.

[0102] Meanwhile, the kth time data in the shortest time data is defined as the theoretical shortest arrival time required to move from the access control position corresponding to the kth card swipe to the access control position corresponding to the (k+1)th card swipe, under the constraint of the accessible path inside the building.

[0103] Based on this, the abnormal behavior monitoring module 150 reads each time interval in the actual time interval data in turn and compares it with the corresponding time data in the shortest time data.

[0104] When any actual time interval is detected to be less than the corresponding shortest time data, it can be determined that the target card's movement speed between the two card swipes exceeds the upper limit of the reasonable movement capability within the building, which is a physically unreachable abnormal trajectory, and a restriction command is immediately generated.

[0105] The restriction instruction can include the identifier of the locked target card, the time period that triggered the anomaly, the access control location involved, and the restriction policy type. It is then sent to each access control controller and access control card reader module 110, whereby the access control front end marks the target card as locked and refuses to unlock it for any subsequent card reader requests. If necessary, it can also simultaneously push alarm information to the security center to prompt security personnel to check the scene and related videos.

[0106] By comparing the actual time interval between two consecutive card swipes with the theoretical shortest arrival time calculated under the constraints of the actual building structure and path, the physically impossible movement is transformed into a clear numerical judgment condition. As long as any time interval is less than the corresponding shortest time, the restriction command is automatically triggered and the card is locked. This allows for identification and handling as soon as abnormal cross-regional card swipes occur, effectively preventing abnormal cards from being used to attempt to enter other sensitive areas.

[0107] At the same time, since the comparison is between the shortest time of each segment and the corresponding path, rather than simply using a uniform fixed time threshold, it also avoids false alarms for normal behavior of reasonable and rapid movement between adjacent access control points inside the building.

[0108] The system has developed a rigorous and automatic ability to judge abnormal card swipe trajectories in both time and space dimensions, which significantly reduces the post-event verification pressure on security personnel, improves the accuracy and response speed of anomaly identification, and enhances the overall effectiveness of the building information security management system in preventing high-risk access behaviors such as card duplication and card misuse.

[0109] The embodiments described above are merely examples of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these modifications and improvements all fall within the protection scope of this application.

Claims

1. A building information security management system based on big data analysis, characterized in that, The system includes: The access control card swiping module is used to obtain the account information stored on the target card when the target card performs an access control card swiping operation. The verification module is used to obtain the corresponding permission time period based on the account information stored in the target card when an external card swipe operation occurs, and to determine whether the current card swipe time is in an abnormal time period. If so, a risk instruction is generated. The camera module executes the risk command to acquire video of the access control card swipe location at the highest resolution.

2. The building information security management system based on big data analysis according to claim 1, characterized in that, The system also includes: The security verification module generates a notification signal and obtains the verification information of the higher-level authority when an external card swipe operation occurs, if the current card swipe time is outside the authorized time period of the target card.

3. The building information security management system based on big data analysis according to claim 1, characterized in that, The system also includes: When the abnormal behavior monitoring module detects card swiping behavior of the same target card at different access control points within a preset time period, it generates a restriction command and locks the target card. The access control card swiping module executes the restriction command to prevent unlocking.

4. A building information security management method based on big data analysis, applied to a building information security management system based on big data analysis as described in any one of claims 1 to 3, characterized in that, The method includes: When an external card is swiped, the account information stored on the target card at the access control point is obtained, and the target account information is generated. The period during which the target account information is granted permission is determined, and it is determined whether the period during which the permission is granted is an abnormal period. If so, a risk instruction is generated and executed to control the camera at the access control point to capture video of the card swipe location at the highest resolution.

5. The building information security management method based on big data analysis according to claim 4, characterized in that, The specific steps for determining whether the period of time for obtaining the target account information is an abnormal period include: Establish an access control database based on user codes and access time periods; Parse the target account information to generate the target account user code; Map the target account user code to the permission management database to obtain the permission time period corresponding to the target account, and generate the target permission time period, which is the time period during which the target account can unlock the access control during working days; Determine whether the target permission period is in an abnormal period; if so, generate a risk instruction.

6. The building information security management method based on big data analysis according to claim 4, characterized in that, The step of determining whether the permission period for obtaining the target account information is an abnormal period further includes: If not, the above check will be performed again during the next card swipe operation.

7. The building information security management method based on big data analysis according to claim 4, characterized in that, The method further includes: When the card swiping behavior of the same target card is detected at different access control points within a preset time period, a restriction instruction is generated, the target card is locked, and the restriction instruction is executed to prevent unlocking.

8. The building information security management method based on big data analysis according to claim 7, characterized in that, The specific steps of generating a restriction command and locking the target card when card swiping behavior of the same target card is detected at different access control points within a preset time period, and executing the restriction command to prevent unlocking, further include: When card swiping behavior of the same target card is detected at different access control points within a preset time period, the access control location of the card swiping behavior within the preset time period is obtained, and a coordinate set is generated. Sort each coordinate in the coordinate set according to the time of the card swipe, and obtain the sorted coordinate set; Based on the sorted coordinate set, calculate the time required for the shortest path between the access control positions corresponding to two adjacent coordinate points to obtain the shortest time data; Obtain the time point of each card swipe, calculate the actual time interval data, and compare the actual time interval data with the shortest time data; If the time is less than the minimum time data, then the restriction instruction is generated.

9. The building information security management method based on big data analysis according to claim 8, characterized in that, The specific steps of obtaining the time point of each card swipe, calculating the actual time interval data, and comparing the actual time interval data with the shortest time data include: Sort the time points of the card swipe actions to obtain a sorted set of time points; Calculate the interval between each pair of adjacent time points in the sorted time point set to generate the actual time interval data.

10. The building information security management method based on big data analysis according to claim 8, characterized in that, The specific steps of obtaining the time point of each card swipe, calculating the actual time interval data, and comparing the actual time interval data with the shortest time data further include: Each time interval in the actual time interval data is compared with the corresponding time data in the shortest time data. If there is a time interval shorter than the corresponding time data, the restriction instruction is generated.