An industrial internet operating system authentication method based on a multi-role security architecture

By employing a multi-role security architecture-based industrial internet operating system authentication method, role identifiers and business intents are extracted synchronously. Combined with physical thermodynamic state data, a dynamic authentication policy package is generated, which solves the problem of decoupling authentication from environmental monitoring and achieves collaborative protection of authentication security and physical system stability.

CN122247747APending Publication Date: 2026-06-19HANGZHOU TONGTAI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HANGZHOU TONGTAI TECH CO LTD
Filing Date
2026-04-29
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In industrial internet operating systems, the instantaneous thermal load caused by the decoupling of authentication and environmental monitoring systems cannot be perceived by security decisions. The environmental control system lacks the ability to predict the thermal impact of authentication behavior, and thus cannot collaboratively ensure authentication security and physical system stability.

Method used

A multi-role security architecture is adopted. The requester's role identifier and business operation intent are extracted synchronously through the security kernel to obtain the business criticality level and physical thermodynamic state data. Thermodynamically enhanced dynamic risk spectrum is used for thermodynamic mapping and calculation to generate dynamic authentication policy package, which includes authentication protocol and physical environment pre-control instructions to ensure the physical stability of the authentication process.

Benefits of technology

It effectively manages the implicit coupling risk between physical thermal effects and business logic, avoids local heat accumulation caused by high-concurrency authentication, ensures timely authentication of critical control commands, and collaboratively protects authentication security and physical system stability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247747A_ABST
    Figure CN122247747A_ABST
Patent Text Reader

Abstract

This application discloses an industrial internet operating system authentication method based on a multi-role security architecture, belonging to the field of computer technology. By performing thermodynamic mapping and calculation on business operation intentions, it can accurately predict the instantaneous heat load caused by authentication behavior. Based on the predicted heat load value and the business criticality level, it identifies the systemic risk path from heat load to business logic, thereby achieving effective management of the implicit coupling risk between physical heat effects and business logic. It integrates logical security strategies and physical resource control strategies to generate dynamic authentication strategy packages, which are then scheduled and executed in an atomic transaction manner, ensuring the physical stability and business continuity of the authentication process. Especially in high-density deployment scenarios such as enclosed data centers, it can effectively avoid local heat accumulation caused by high-concurrency authentication, ensure timely authentication of critical control commands, and achieve synergistic protection of authentication security and physical system stability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of computer technology, and in particular to an industrial internet operating system authentication method based on a multi-role security architecture. Background Technology

[0002] In industrial internet operating systems, relevant authentication technologies generally focus on digital identity verification and logical role permission verification, while environmental monitoring systems independently and passively start and stop cooling equipment based on temperature thresholds. The two are completely decoupled at the architecture and decision-making levels.

[0003] This fragmented architecture means that the instantaneous thermal load caused by authentication computation cannot be perceived by the security decision-making process, and the environmental control system also lacks the ability to predict the thermal impact of authentication behavior; the generation of authentication policies only relies on network layer and identity layer data, without integrating operational technology (OT) dimension information such as the health status of device hardware and the criticality of business work orders, making it difficult for the decision model to characterize the implicit coupling risk between physical thermal effects and business logic.

[0004] Therefore, in high-density deployment scenarios such as enclosed data centers, high-concurrency authentication can easily induce local heat accumulation, triggering equipment frequency reduction or protective shutdown, causing critical control command authentication to time out, forming a technical paradox that "strengthening logical security actually damages the physical reliability and business continuity of the system." Related technologies cannot achieve synergistic protection of authentication security and physical system stability. Summary of the Invention

[0005] This application provides an industrial internet operating system authentication method based on a multi-role security architecture, the technical solution of which is as follows: On the one hand, an industrial internet operating system authentication method based on a multi-role security architecture is provided, the method comprising: In response to an incoming authentication request, the security kernel synchronously extracts the requester's role identifier and business operation intent, obtains the associated business criticality level, and acquires the physical thermodynamic state and health status data of the target computing unit in real time. The requester role identifier, the business operation intent, the business criticality level, the physical thermodynamic state, and the health status data are jointly input into a thermodynamically enhanced dynamic risk map. Through the heat load digital twin integrated by the dynamic risk map, the business operation intent is thermodynamically mapped and calculated to obtain the predicted heat load value. Based on the predicted heat load value, the business criticality level, and the predefined cross-domain coupling relationships in the dynamic risk map, a risk assessment is performed to identify the systemic risk path from heat load to business logic; Based on the predicted heat load value and the systemic risk path, the collaborative decision-maker of the security kernel solves the logical security policy and physical resource control policy corresponding to the requester role identifier in an integrated manner to generate a dynamic authentication policy package. The dynamic authentication policy package encapsulates the adapted authentication protocol instruction sequence and the physical environment pre-control instruction sequence that is executed before the authentication protocol instruction sequence. The security kernel schedules and executes the dynamic authentication policy package in an atomic transaction manner to complete this authentication. Attached Figure Description

[0006] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0007] Figure 1 This is a schematic diagram of the implementation environment of an industrial internet operating system authentication method based on a multi-role security architecture provided in this application embodiment; Figure 2 This is a flowchart illustrating an industrial internet operating system authentication method based on a multi-role security architecture, as provided in an embodiment of this application. Figure 3 This is a flowchart of another industrial internet operating system authentication method based on a multi-role security architecture provided in this application embodiment; Figure 4 This is a flowchart of another industrial internet operating system authentication method based on a multi-role security architecture provided in the embodiments of this application; Figure 5 This is a flowchart of another industrial internet operating system authentication method based on a multi-role security architecture provided in the embodiments of this application; Figure 6 This is a flowchart of another industrial internet operating system authentication method based on a multi-role security architecture provided in this application embodiment. Detailed Implementation

[0008] To make the objectives, technical solutions, and advantages of this application clearer, the embodiments of this application will be described in further detail below with reference to the accompanying drawings.

[0009] In this application, the terms "first," "second," etc., are used to distinguish identical or similar items with essentially the same function. It should be understood that there is no logical or temporal dependency between "first," "second," and "nth," nor are there any restrictions on quantity or execution order.

[0010] It should be noted that the information (including but not limited to user device information, user personal information, etc.), data (including but not limited to data used for analysis, data stored, data displayed, etc.) and signals involved in this application are all authorized by the user or fully authorized by all parties, and the collection, use and processing of related data must comply with the relevant laws, regulations and standards of the relevant countries and regions.

[0011] Figure 1 This is a schematic diagram illustrating the implementation environment of an industrial internet operating system authentication method based on a multi-role security architecture, as provided in this application embodiment. (See attached diagram.) Figure 1 The implementation environment may include node 110 and system 140.

[0012] Node 110 is connected to system 140 via a wireless or wired network. Optionally, Node 110 can be a smartphone, tablet, laptop, desktop computer, etc., but is not limited to these. Node 110 has applications installed and running that support industrial internet operating system authentication based on a multi-role security architecture.

[0013] System 140 is a standalone physical server, a server cluster or distributed system consisting of multiple physical servers, or a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, Content Delivery Network (CDN), and big data and artificial intelligence platforms. System 140 can provide background services for applications running on node 110.

[0014] Traditional industrial internet operating system authentication technologies primarily focus on digital identity and logical permissions, while environmental monitoring systems operate independently, resulting in complete decoupling between the two in architecture and decision-making. This separation means that the instantaneous thermal load generated by authentication computation cannot be perceived by security decisions, and the environmental control system lacks the ability to predict authentication thermal impacts. Authentication policy generation fails to integrate operational technology dimensions such as device health status and business criticality, making it difficult to characterize the implicit coupling risks between physical thermal effects and business logic. In high-density deployment scenarios, high-concurrency authentication can easily lead to heat accumulation, impairing system physical reliability and business continuity, and failing to collaboratively ensure authentication security and system stability.

[0015] To address this, this application proposes an industrial internet operating system authentication method based on a multi-role security architecture. This method is executed by the security kernel of the industrial internet operating system. Upon receiving an authentication request, the security kernel simultaneously extracts the requester's role identifier and business operation intent, obtains the associated business criticality level, and acquires real-time physical thermodynamic and health status data of the target computing unit. The requester's role identifier, business operation intent, business criticality level, physical thermodynamic status, and health status data are jointly input into a thermodynamically enhanced dynamic risk map. Through a thermal load digital twin integrated into this dynamic risk map, the business operation intent is thermodynamically mapped and calculated to obtain a predicted thermal load value. Based on the predicted thermal load value, business criticality level, and predefined cross-domain coupling relationships in the dynamic risk map, a risk assessment is performed to identify systemic risk paths from thermal load to business logic. Based on the predicted thermal load value and systemic risk paths, the security kernel's collaborative decision-maker integrates the logical security policy and physical resource control policy corresponding to the requester's role identifier to generate a dynamic authentication policy package. The dynamic authentication policy package encapsulates the adapted authentication protocol instruction sequence and the physical environment pre-control instruction sequence, which executes prior to the authentication protocol instruction sequence. The security kernel schedules and executes the dynamic authentication policy package in an atomic transaction manner to complete this authentication.

[0016] For ease of understanding, the following explains some key terms in this embodiment: Security kernel: This refers to the module in an industrial internet operating system responsible for executing core security functions. It possesses high privileges and isolation, enabling direct access to underlying hardware resources and the execution of security policies. The security kernel is the carrier for this method, ensuring the integrity and security of the authentication process.

[0017] Requester Role Identifier: This refers to the identity or permission category of the entity initiating the authentication request within the industrial internet system. This identifier is used to distinguish different users, devices, or applications and serves as the basis for subsequent security policy determinations.

[0018] Business operation intent: refers to the specific business behavior or goal associated with the authentication request. It describes the type of operation the requester wishes to perform, the target resource, and the operation context, providing semantic information for assessing business impact and resource requirements.

[0019] Business criticality level: This refers to the degree of importance of a specific business operation to the overall functionality of the system, data integrity, or production continuity. This level is typically determined using a quantitative assessment model to measure the potential losses caused by business interruption or failure.

[0020] Physical thermodynamic state: refers to the real-time set of thermal parameters of the target computing unit and its physical environment. This includes, but is not limited to, temperature, power consumption, and heat dissipation efficiency, reflecting the current operating thermal environment of the device.

[0021] Health status data refers to the operational status indicators of the target computing unit hardware device. This includes CPU utilization, memory usage, I / O throughput, fan speed, error rate, etc., used to assess the device's performance degradation and potential failure risks.

[0022] Thermodynamically Enhanced Dynamic Risk Map: This refers to a graph-structured model that can reflect the coupling relationship between physical thermal effects and logical business risks in real time. The map integrates physical entities, logical entities, and the cross-domain coupling relationships between them, and can dynamically update the risk propagation status.

[0023] A digital twin of thermal load refers to a virtual model of a target computing unit and its physical environment, capable of simulating and predicting the thermal behavior of equipment under specific loads. It calculates the expected thermal load caused by operation through nonlinear state-space evolution deduction of physical constraints.

[0024] Predicted heat load value: This refers to the expected core temperature rise or heat accumulation of the target computing unit that may result from performing a specific operational task, calculated using a heat load digital twin. This value is used to quantify the thermal impact of the operation on the physical environment.

[0025] Systemic risk path: This refers to the risk propagation chain in a thermodynamically enhanced dynamic risk map, where predicted heat load is transmitted to critical business logic and the risk value exceeds a preset threshold. This path reveals how physical thermal effects impact business continuity.

[0026] Collaborative Decision Maker: This refers to the decision-making module within the security kernel responsible for integrating logical security policies and physical resource control policies. It generates an integrated authentication and environmental control scheme through multi-objective optimization algorithms, under both security and physical stability constraints.

[0027] Logical security policy: refers to a set of security rules at the logical level for authentication requests, including authentication, access control, and data encryption. It defines the strength of the authentication protocol, parameter configuration, and access control permissions.

[0028] Physical resource regulation strategy: refers to resource adjustment schemes targeting the target computing unit and its physical environment. This includes, but is not limited to, fan speed adjustment, coolant flow control, and power management, aiming to maintain system stability through physical means.

[0029] Dynamic authentication strategy package: This refers to an encapsulated package generated by the collaborative decision-maker, containing a sequence of authentication protocol instructions and a sequence of physical environment pre-control instructions. This strategy package is dynamically generated based on real-time risk assessment results and is used to guide the execution of this authentication process.

[0030] Authentication protocol instruction sequence: This refers to the set of specific protocol instructions in the dynamic authentication policy package used to perform identity authentication operations. These instructions are adapted according to logical security policy parameters to ensure the security of the authentication process.

[0031] Physical environment pre-control instruction sequence: This refers to the set of instructions in the dynamic authentication strategy package used to pre-adjust the physical environment of the target computing unit before the authentication operation. These instructions aim to reduce potential thermal load risks and ensure physical stability.

[0032] Atomic transaction mode: refers to an execution mechanism that ensures a group of operations either all succeed or all fail and roll back. In the authentication process, it guarantees the consistency between pre-controlled physical environment and authentication operations, avoiding the risks of intermediate states.

[0033] This embodiment provides an industrial internet operating system authentication method based on a multi-role security architecture. (See also...) Figure 2 This includes the following steps.

[0034] 201. When responding to an incoming authentication request, the security kernel is responsible for synchronously extracting the requester's role identifier and business operation intent, obtaining the associated business criticality level, and acquiring the physical thermodynamic state and health status data of the target computing unit in real time.

[0035] For example, the requester's role identifier and business operation intent can be manually entered by the requester through a user interface, and the security kernel will perform preliminary parsing upon receiving the information. The business criticality level can be pre-stored in a static configuration table, and the security kernel will look it up based on the type of business operation intent. The physical thermodynamic state and health status data of the target computing unit can be obtained by the security kernel through periodic polling of the temperature sensors and performance counters inside the computing unit.

[0036] 202. The requester's role identifier, business operation intent, business criticality level, physical thermodynamic state, and health status data are jointly input into a thermodynamically enhanced dynamic risk map. Through the heat load digital twin integrated by this dynamic risk map, the business operation intent is thermodynamically mapped and calculated to obtain the predicted heat load value.

[0037] For example, these input data can be passed to different analysis modules, one of which queries a predefined empirical heat load database for a corresponding heat load estimate as a predicted heat load value, based on the type of business operation intent.

[0038] 203. Based on the predicted heat load value, business criticality level, and predefined cross-domain coupling relationships in the dynamic risk map, perform risk assessment to identify the systemic risk path from heat load to business logic.

[0039] For example, risk assessment can be accomplished simply by comparing the predicted heat load value with a preset heat load threshold, and the business criticality level with a preset criticality threshold. If both exceed the threshold, the system is flagged as having a risk, without further identifying specific risk propagation paths.

[0040] 204. Based on the predicted heat load value and systemic risk path, the collaborative decision-maker of the security kernel solves the logical security policy and physical resource control policy corresponding to the requester role identifier in an integrated manner to generate a dynamic authentication policy package.

[0041] This dynamic authentication policy package encapsulates an adapted authentication protocol instruction sequence and a physical environment pre-control instruction sequence that executes prior to the authentication protocol instruction sequence. For example, the collaborative decision-maker can independently select a physical resource control scheme (such as turning on cooling fans) based on the predicted heat load value, and independently select a logical security policy (such as adopting a standard authentication protocol) based on the requester's role identifier. These independent policies are combined into a policy package, where the physical environment pre-control instruction sequence and the authentication protocol instruction sequence are arranged in a fixed order.

[0042] 205. The security kernel schedules and executes the dynamic authentication policy package in an atomic transaction manner to complete this authentication.

[0043] For example, the security kernel can execute the physical environment pre-control instruction sequence and the authentication protocol instruction sequence sequentially according to the order of instructions in the policy package. During execution, if an instruction fails, the security kernel can log an error, but will not automatically trigger a rollback operation; instead, it will continue executing subsequent instructions or terminate the process directly.

[0044] This embodiment deeply integrates authentication technology with an environmental monitoring system, solving the problems of decoupling authentication from environmental control, insufficient heat load prediction, and difficulty in identifying cross-domain risks in traditional solutions. By performing thermodynamic mapping and calculation on business operation intentions, the instantaneous heat load caused by authentication behavior can be accurately predicted. Based on the predicted heat load value and the business criticality level, the systemic risk path from heat load to business logic is identified, thereby achieving effective management of the implicit coupling risk between physical thermal effects and business logic. The integrated solution of logical security strategy and physical resource control strategy generates a dynamic authentication strategy package, which is scheduled and executed in an atomic transaction manner, ensuring the physical stability and business continuity of the authentication process. Especially in high-density deployment scenarios such as enclosed data centers, this method can effectively avoid local heat accumulation caused by high-concurrency authentication, ensure timely authentication of critical control commands, and achieve synergistic protection of authentication security and physical system stability.

[0045] In some of the embodiments described above in this application, a method is proposed to synchronously extract the requester's role identifier and business operation intent by the security kernel, obtain the associated business criticality level, and obtain the physical thermodynamic state and health status data of the target computing unit in real time, so as to support subsequent thermodynamically enhanced risk assessment and dynamic authentication strategy generation. However, in this process, how to accurately extract, obtain in real time and effectively integrate operational technology dimension information of this data to avoid physical risk transmission problems caused by the decoupling of authentication and environmental monitoring in related technologies, such as the deviation in heat load prediction caused by data asynchrony or inconsistent format, is a key challenge.

[0046] To address this, this application further proposes a method where the security kernel synchronously extracts the requester's role identifier and business operation intent, obtains the associated business criticality level, and acquires the target computing unit's physical, thermodynamic, and health status data in real time. (See [link to relevant documentation]). Figure 3 Its specific implementation includes: 301. Perform protocol parsing and semantic analysis on authentication requests to extract the requester's role identifier and business operation intent. Based on the business operation intent, query and determine the business criticality level from the business management system.

[0047] 302. By deploying multi-source sensing devices in the target computing unit and its physical environment, raw thermodynamic parameters and hardware operating indicators are collected synchronously, and the raw thermodynamic parameters and hardware operating indicators are preprocessed for time synchronization and standardization to generate physical thermodynamic state and health state data.

[0048] For example, in the process of parsing and semantically analyzing authentication requests to extract the requester's role identifier and business operation intent, the core lies in accurately identifying the sender's identity and the intended operation from the incoming authentication request. This can be achieved in several ways. For instance, a security kernel can employ a layered protocol parser to deconstruct the authentication request's protocol message layer by layer, separating authentication metadata (such as identity credentials and session IDs) and business semantic payloads (such as operation instructions and target resources). Through pattern matching, regular expressions, or pre-defined syntax rules, the original role identifier field is extracted from the authentication metadata and validated and mapped according to a pre-defined role specification library, thereby generating a standardized requester role identifier. Natural Language Processing (NLP) or structured data parsing is then performed on the business semantic payload, mapping it to predefined operation types, target resource identifiers, and operation contexts to form a structured business operation intent. Another approach is to utilize a machine learning-based semantic analysis model. This model, after training, can identify request patterns under different protocols and business scenarios, automatically extracting the requester's role identifier and business operation intent, and is particularly suitable for handling unstructured or semi-structured request content.

[0049] When querying and determining the business criticality level from the business management system based on business operation intent, the aim is to incorporate business-level importance into security decisions. This can be achieved as follows: The security kernel uses the extracted business operation intent (including operation type and target resource identifier) ​​as query conditions to send a request to the business management system. The business management system internally maintains a business criticality assessment model or configuration database. This model or database rates the criticality of different business operations and resource combinations based on business processes, Service Level Agreements (SLAs), compliance requirements, and historical data. For example, an operation modifying core production parameters might be rated as "high" criticality, while querying non-sensitive logs might be rated as "low." Upon receiving the query, the business management system executes the corresponding assessment logic and returns a quantified business criticality level to the security kernel. Alternatively, the business management system can provide an API interface. The security kernel calls these APIs, passing in the business operation intent. The business management system then dynamically calculates and returns the business criticality level of the operation based on a pre-defined business impact analysis framework. This level might be a discrete level (e.g., 1-5) or a continuous risk weight value.

[0050] When simultaneously collecting raw thermodynamic parameters and hardware operating metrics through multi-source sensing devices deployed within the target computing unit and its physical environment, the core lies in acquiring comprehensive physical environment and device operating data. This can be achieved by deploying various types of sensors within the target computing unit (such as the CPU, GPU, and memory modules) and within its physical environment, such as the rack or server room. For example, temperature sensors (such as thermistors and thermocouples) can be deployed to monitor temperature distribution at different locations in real time. Humidity sensors and airflow sensors can be deployed to monitor the environmental microclimate. Power consumption sensors can be deployed to measure the device's real-time energy consumption. Hardware operating metrics such as CPU utilization, memory usage, disk I / O, network throughput, fan speed, and error logs can be collected by integrating device management interfaces (such as IPMI and SNMP) or APIs provided by the operating system. These multi-source sensing devices and interfaces work collaboratively in a distributed manner to ensure comprehensive coverage of the physical thermodynamic state and hardware health status.

[0051] The purpose of time synchronization and standardization preprocessing of raw thermodynamic parameters and hardware operating indicators to generate physical thermodynamic state and health status data is to ensure the availability and consistency of the collected data. Since multi-source sensing devices may have different sampling frequencies and data formats, time synchronization is necessary. For example, this can be achieved by aligning the timestamps of all data sources to a unified reference time using the Network Time Protocol (NTP), or by using data interpolation techniques to unify data from different sampling rates into a common time series. Standardization preprocessing includes unit conversion (e.g., standardizing temperature to degrees Celsius or Kelvin), dimensional normalization (e.g., scaling indicators of different ranges to between 0 and 1), missing value imputation (e.g., interpolation using historical data or adjacent data points), and outlier detection and handling. After these preprocessing steps, the raw, heterogeneous sensor data and hardware indicators are transformed into structured, uniformly formatted physical thermodynamic state data (e.g., average temperature, local hotspot temperature, heat flux density) and health status data (e.g., performance degradation indicators, fault prediction indicators), providing high-quality input for subsequent thermodynamic mapping and risk assessment.

[0052] The aforementioned technical solution enables protocol parsing and semantic analysis of authentication requests, thereby accurately extracting the requester's role identifier and business operation intent, providing accurate input for subsequent decision-making. Based on the business operation intent, the business criticality level is queried from the business management system, dynamically integrating business logic dimensions into security decisions, thus resolving the policy inaccuracies caused by neglecting business criticality in related technologies. Furthermore, by deploying multi-source sensing devices to synchronously collect raw thermodynamic parameters and hardware operating indicators, and performing time synchronization and standardized preprocessing, the real-time, accurate, and consistent nature of physical environment and hardware health data is ensured, effectively integrating operational technical information. This optimized data acquisition and preprocessing allows the system to comprehensively perceive the business impact and physical thermal shock of authentication behavior, laying a solid foundation for subsequent thermodynamic enhanced risk assessment and dynamic authentication strategy generation. This avoids thermal load prediction deviations caused by data fragmentation, asynchrony, or inconsistent formats, effectively preventing the transmission of thermal risks to business logic, and achieving synergistic protection of authentication security and physical system stability.

[0053] In some of the embodiments described above in this application, protocol parsing and semantic analysis are proposed to extract the requester's role identifier and business operation intent from the authentication request. However, in this process, due to the complex hierarchical structure of the protocol message and the ambiguity of the semantic payload, the role identifier extraction format may be incorrect or the business operation intent may be incompletely understood, thereby affecting the accuracy of subsequent business criticality level queries and overall risk assessment.

[0054] To address this, this application further proposes a method for performing protocol parsing and semantic analysis on authentication requests to extract the requester's role identifier and business operation intent. This method includes: performing layered parsing on the authentication request protocol message to separate authentication metadata and business semantic payload; extracting the original role identifier field from the authentication metadata and performing format validation and role mapping on the original role identifier field based on a pre-defined role identifier specification library to generate the requester's role identifier; performing semantic analysis on the business semantic payload, mapping the business semantic payload to predefined operation types and parameter sets, and querying a business context knowledge base to generate a structured business operation intent, which includes the operation type, target resource identifier, and current operation context.

[0055] For example, performing layered parsing on authentication request protocol messages separates authentication metadata from business semantic payloads. This aims to clearly divide an authentication request message, which may contain multiple layers of protocol encapsulation and mixed information, into two main parts according to its function and content attributes: authentication metadata for authentication and session management, and business semantic payloads carrying actual business instructions or data. This layered parsing effectively reduces the difficulty of processing complex messages, allowing subsequent processing of different types of information to be more focused and efficient. For instance, standard protocol stack parsing libraries (such as parsers based on the OSI model or TCP / IP model) can be used to identify and extract data from different protocol layers, thereby distinguishing authentication information in the application layer protocol header from business data in the message body. Alternatively, for custom protocols, predefined message structure description languages ​​(such as ASN.1, Protobuf) or pattern matching algorithms based on specific delimiters and keywords can be used to accurately identify and extract the authentication-related field set as authentication metadata and the business-related field set as business semantic payloads.

[0056] The original role identifier field is extracted from the authentication metadata, and format validation and role mapping are performed on the original role identifier field based on a pre-defined role identifier specification library to generate a requester role identifier. The purpose is to ensure that the role identifier obtained from the original authentication information is valid, compliant, and can be recognized and processed by the system. The original role identifier field may exist in various forms, such as user ID, group name, device serial number, etc. Format validation can check whether these fields conform to preset syntax rules, length limits, or character set requirements. For example, field format can be validated using regular expressions, or data type checks can be performed to ensure that it is the expected type. Role mapping converts the original, possibly non-standardized identifier into a unified requester role identifier with clear permission semantics within the system. This can be achieved by querying a pre-defined role identifier specification library, which can be a database table, a configuration file, or an LDAP directory, defining the correspondence between the original identifier and standard roles. For example, "admin_group" is mapped to "SystemAdministrator", and "sensor_001" is mapped to "DataCollector".

[0057] Semantic analysis is performed on the business semantic payload, mapping it to predefined operation types and parameter sets. This is then linked to a business context knowledge base to generate a structured business operation intent. This intent includes the operation type, target resource identifier, and current operation context. The aim is to accurately understand the requester's true intent from unstructured or semi-structured business data and transform it into structured information that the system can understand and process. Semantic analysis can employ various techniques. For example, for structured data (such as JSON and XML), predefined fields (such as "action," "target," and "value") can be directly extracted using a parser and mapped to predefined operation types (such as "read," "write," and "configuration") and parameter sets (such as "temperature value" and "valve number"). For unstructured or free text data, Natural Language Processing (NLP) techniques, such as keyword extraction, entity recognition, or intent classification, can be used to identify operation verbs, target objects, and related parameters. During the mapping process, by querying the business context knowledge base, the details of the business operation intent can be further enriched. For example, information such as the device type, region, and current status corresponding to the target resource identifier can be queried, or the meaning of the operation type in a specific business process can be queried, thereby generating a complete and structured business operation intent that includes the operation type, target resource identifier, and current operation context.

[0058] The above technical solution addresses the issues of inaccurate role identification extraction and incomplete understanding of business operation intent caused by the complexity of authentication request protocol messages. Layered parsing allows authentication metadata and business semantic payloads to be processed independently and accurately, avoiding information confusion. Format validation and role mapping of the original role identification field ensure the standardization and accuracy of the requester's role identification, eliminating errors caused by non-standard formats or semantic inconsistencies. In-depth semantic analysis of the business semantic payload, combined with a business context knowledge base, transforms ambiguous business requests into clear, structured business operation intents, comprehensively capturing operational details and providing high-quality, high-precision input data for subsequent business criticality level queries and thermodynamically enhanced dynamic risk assessments. This improves the authentication method's ability to understand request intents and the accuracy of risk assessments, thereby providing more reliable and refined security authentication guarantees for industrial internet operating systems.

[0059] In some of the embodiments described above in this application, a business criticality level is determined based on business operation intent to support risk assessment. However, in its implementation, the lack of a specific mechanism for dynamically extracting and calculating the criticality level from business operation intent may lead to inaccurate criticality levels, which cannot effectively reflect the business impact and thus affect the accuracy of risk assessment.

[0060] In response, this application further proposes a method for querying and determining the business criticality level from the business management system based on business operation intent. The specific steps include: Based on the target resource identifier and operation type specified in the business operation intent, initiate a related query to the business management system to obtain the business work order context information bound to the current operation.

[0061] Extract key attribute parameters from the business work order context information to assess the business impact.

[0062] Key attribute parameters are input into the business criticality assessment model, which performs multi-dimensional fusion calculations to generate a quantitative preliminary criticality level.

[0063] Based on the system-wide real-time security policy, the initial criticality level is verified and adjusted to determine the business criticality level.

[0064] The step of "initiating a related query to the business management system based on the target resource identifier and operation type specified in the business operation intent to obtain the business work order context information bound to the current operation" aims to proactively obtain business context data closely related to the current authentication request from the business management system by utilizing the specific, structured information in the business operation intent. This ensures the accuracy and real-time nature of subsequent critical assessments and avoids the limitations of judgments based on general or static rules. In one implementation, this can be achieved by constructing a business management system API interface. This interface receives the target resource identifier and operation type as input parameters and returns business work order context information matching these parameters. For example, when the operation type is "modify configuration" and the target resource identifier is "controller B of production line A," the API will query and return detailed information such as the current production work order and maintenance work order related to controller B. In another implementation, the security kernel can subscribe to the business event stream published by the business management system through a message queue or event bus. When an authentication request containing the target resource identifier and operation type is received, the security kernel can perform a matching query in the locally cached business work order snapshot based on this information, or send an asynchronous query request to the business management system to obtain the latest business work order context information.

[0065] The step of "extracting key attribute parameters from business work order context information for assessing business impact" aims to filter out specific data points or indicators that have a decisive impact on the assessment of business criticality from the acquired business work order context information. This helps to focus the assessment process, improve efficiency, and ensure that the assessment model uses only the most relevant information. In one implementation, a set of extraction rules or templates for key attribute parameters can be predefined. For example, for production work orders, key attribute parameters might include "work order priority," "estimated completion time," "value of products involved," and "scope of impact (e.g., number of production lines affected)." The system parses and extracts the values ​​of the corresponding fields from the original business work order context information (which may be a JSON object or XML document) according to these rules. In another implementation, a machine learning-based approach can also be used. By training a text analysis or information extraction model, the model can identify key entities and relationships in the business work order context information and map them to predefined key attribute parameters. For example, the model can identify keywords such as "urgent," "high risk," and "core business" from free text descriptions and convert them into quantified key attribute parameters.

[0066] The step of "inputting key attribute parameters into the business criticality assessment model, and performing multi-dimensional fusion calculations through the business criticality assessment model to generate a quantitative preliminary criticality level" utilizes a specially designed assessment model to comprehensively analyze and calculate the extracted key attribute parameters, thereby deriving an objective and quantitative preliminary business criticality level. This makes criticality assessment no longer dependent on subjective judgment, but based on data and models. In one implementation, the business criticality assessment model can be a weighted scoring model. Each key attribute parameter is assigned a weight and scored according to its value. For example, a "work order priority" of "urgent" may receive a high score, as may a high "impact on product value" score. After all scores are weighted and summed, a mapping function converts the total score into a quantitative criticality level (e.g., 1-5 levels, or 0-100 points). In another implementation, assessment models based on decision trees, neural networks, or fuzzy logic can also be used. These models can handle the nonlinear relationships and uncertainties between key attribute parameters. For example, a neural network model can learn the complex mapping relationship between key attribute parameters and business criticality levels in historical data, and thus output a preliminary predicted criticality level when given new key attribute parameters.

[0067] The step of "verifying and adjusting the initial criticality level based on the system-wide real-time security policy to determine the business criticality level" aims to combine the initial criticality level with the current overall security posture and policy of the system for verification and necessary adjustments. This ensures that the business criticality level not only reflects the attributes of the business itself but also considers the current security risks, compliance requirements, or special operating modes of the system, making it more adaptable and practical. In one implementation, the system-wide real-time security policy can include a series of rules, such as "when a large-scale cyberattack is detected, the criticality level of all operations involving core production data is increased by one level" or "during the system maintenance window, the criticality level of all non-emergency operations is decreased by one level." The verification and adjustment module will judge the initial criticality level according to these rules and adjust it upwards or downwards as needed. In another implementation, it can also be implemented through a policy engine. The policy engine receives the initial criticality level and the current system-wide security posture (such as threat intelligence, compliance status, system load, etc.) as input and infers based on a predefined set of policy rules (e.g., policies defined based on RBAC or ABAC models). The reasoning result may be an adjustment factor or a direct indication of the business criticality level.

[0068] The above technical solution provides a mechanism for dynamically and accurately determining the business criticality level. For example, by proactively initiating a related query to the business management system based on the target resource identifier and operation type in the business operation intent, the context information of the business work order bound to the current operation is obtained, ensuring the contextual relevance and real-time nature of the criticality assessment. Key attribute parameters for assessing business impact are accurately extracted from this work order context information, avoiding interference from irrelevant information and improving the efficiency and targeting of the assessment. These key attribute parameters are input into the business criticality assessment model for multi-dimensional fusion calculation, generating a quantitative preliminary criticality level, making the assessment results more objective and measurable. The preliminary criticality level is verified and adjusted based on the system's global real-time security policy, ensuring that the business criticality level adapts to the current overall security posture and operational requirements of the system. This dynamic and multi-dimensional fusion assessment method solves the problems of inaccurate criticality levels and inability to effectively reflect business impact in traditional methods. By providing a more precise business criticality level, this application can provide more accurate input for risk assessment in subsequent thermodynamically enhanced dynamic risk maps. This enables risk assessment to more accurately identify systemic risk paths transmitted from heat load to business logic, thereby guiding the collaborative decision-maker of the security kernel to solve the logical security policy and physical resource control policy corresponding to the requester role identifier in an integrated manner. This generates a more suitable and effective dynamic authentication policy package, achieving synergistic protection of authentication security and physical system stability, and avoiding the technical paradox of "strengthening logical security but damaging the physical reliability and business continuity of the system".

[0069] In some of the embodiments described above in this application, a method is proposed to perform thermodynamic mapping and calculation of business operation intentions using a digital twin of heat load to obtain predicted heat load values. However, in the process of its implementation, how to accurately generate a computing resource consumption pattern based on business operation intentions and integrate physical thermodynamic state and health state data to make accurate thermodynamic predictions in order to avoid the risk of heat accumulation is a problem that needs to be solved.

[0070] In response, this application further proposes to perform thermodynamic mapping and calculation of operational intentions using a digital twin of heat load integrated with a dynamic risk map, thereby obtaining predicted heat load values. (See [link to relevant documentation]). Figure 3 Specifically, it includes: Based on the authentication protocol type and session parameters corresponding to the business operation intent, a fine-grained load spectrum is generated to characterize the computing resource consumption pattern through protocol stack load analysis. The fine-grained load spectrum, real-time thermal state parameters from the physical thermodynamic state, and performance degradation indicators from the health state data are jointly embedded to construct a fused feature space for thermodynamic prediction. This fused feature space is input into a thermal load digital twin, driving the thermal load digital twin to perform a physically constrained nonlinear state-space evolution deduction, outputting a predicted thermal load value. This predicted thermal load value characterizes the expected core temperature rise caused by the authentication operation.

[0071] The generation of fine-grained load profiles to characterize computing resource consumption patterns aims to transform high-level business operation intentions into quantifiable, time-series computing resource demands. A fine-grained load profile is a quantitative representation that details the consumption patterns of CPU, memory, I / O, and network bandwidth by authentication operations within a specific time window. Protocol stack load analysis is a key technology for achieving this transformation. This method aims to predict the utilization of underlying computing resources during the execution of authentication protocols based on their characteristics and session parameters. For example, one implementation involves building a statistical model (such as a regression model or machine learning model) based on historical authentication operation performance monitoring data. Using the authentication protocol type and session parameters (such as concurrency and data volume) as input, it directly predicts resource consumption indicators such as CPU utilization, memory usage, and network throughput at different time granularities, forming a fine-grained load profile. Another implementation involves decomposing the authentication protocol into a series of standardized processing stages (such as handshake, encryption, data transmission, and database queries), and pre-testing and modeling the resource consumption of each stage under different parameters. When a new business operation intent is received, the pre-modeled stage resource consumption is combined according to its protocol type and session parameters, and its timing relationship is considered to generate a fine-grained load spectrum.

[0072] Furthermore, a fusion feature space for thermodynamic prediction is constructed by jointly embedding the fine-grained load spectrum, real-time thermal state parameters from the physical thermodynamic state, and performance degradation indicators from the health state data. Joint state embedding refers to the unified feature extraction, transformation, and fusion of data from different modalities and dimensions (such as computational load, temperature, and hardware health indicators) to form a high-dimensional feature vector that comprehensively represents the current state of the system. The fusion feature space is the mathematical space in which these feature vectors reside, providing a unified and rich input for subsequent thermodynamic prediction models. Its role is to overcome the problems of isolated data and incomplete information in traditional methods, providing more comprehensive contextual information for thermodynamic prediction. For example, one implementation involves extracting features from the fine-grained load spectrum (such as mean, variance, peak value, Fourier transform coefficients, etc.) to obtain a load feature vector. Real-time thermal state parameters (such as temperature and power consumption) are normalized. Performance degradation indicators (such as error rate and abnormal fan speed) are encoded or quantized. These processed feature vectors are directly concatenated into a high-dimensional vector and then normalized to form a feature point in the fused feature space. Another approach is to use autoencoders or variational autoencoders from deep learning to learn fine-grained load spectra, real-time thermal state parameters, and performance degradation indicators. Through training, the autoencoder can map these heterogeneous data into a low-dimensional shared latent space, which is the fused feature space. Its feature vectors can capture the inherent correlations and key information between different data sources.

[0073] The fused feature space is input into the thermal load digital twin, driving it to perform a physical constraint-based nonlinear state-space evolution deduction, outputting a predicted thermal load value. The thermal load digital twin is a virtual model of the target computing unit, capable of reflecting the thermodynamic state of the physical entity in real time and making predictions based on physical laws. The physical constraint-based nonlinear state-space evolution deduction refers to the digital twin using physical models such as heat conduction differential equations and heat capacity parameters, combined with nonlinear solution algorithms, to simulate the temperature change process of the computing unit under fine-grained load spectrum excitation. The predicted thermal load value is the output of this deduction, quantifying the core temperature rise that certification operations may cause, providing crucial data for subsequent risk assessment. Its role is to accurately predict the impact of certification operations on the equipment's thermal environment through precise physical simulation, avoiding performance degradation or failure due to heat accumulation. For example, one implementation integrates a precise three-dimensional geometric model and material thermophysical parameters of the target computing unit within the thermal load digital twin. When the fused feature space is input, the load information is converted into heat source distribution, and real-time thermal state parameters are used to initialize boundary conditions. Digital twins utilize finite element analysis software or solvers to perform transient thermal simulations based on the heat conduction equation, simulating the temperature field evolution during certification operations and extracting temperature rises at key points as predicted heat load values. Another approach is to construct a reduced-order model of the target computational unit using offline simulation or experimental data. This model can approximate the system's thermal behavior with lower computational costs. During online execution, the feature space is fused as input to the reduced-order model, and machine learning models are used to correct and optimize the model's output to capture nonlinear effects and dynamic changes. This allows for the rapid and accurate derivation of the temperature rise curve during certification operations, from which predicted heat load values ​​can be extracted.

[0074] The above technical solution enables the precise generation of a fine-grained load spectrum characterizing computational resource consumption patterns based on the authentication protocol type and session parameters corresponding to the business operation intent, using protocol stack load analysis methods. This overcomes the load prediction bias caused by relying solely on network layer data in traditional methods. By jointly embedding the fine-grained load spectrum, real-time thermal state parameters from the physical thermodynamic state, and performance degradation indicators from the health state data, a fused feature space for thermodynamic prediction is constructed. This effectively integrates computational load, current thermal environment state, and hardware reliability information, providing a comprehensive and unified input foundation for thermodynamic prediction and solving the problem of data fragmentation. The fused feature space is input into a digital twin of the thermal load, driving it to perform a nonlinear state-space evolution deduction based on physical constraints, outputting predicted thermal load values. This ensures that the prediction results accurately characterize the expected core temperature rise caused by authentication operations, providing a reliable basis for subsequent risk assessment and dynamic authentication strategy generation. Thus, in the industrial internet operating system, synergistic protection of authentication security and physical system stability is achieved, effectively avoiding the technical paradox of "strengthening logical security but harming system physical reliability and business continuity."

[0075] In some of the embodiments described above in this application, a fine-grained load spectrum is proposed to characterize the computational resource consumption pattern by means of protocol stack load analysis. However, in its implementation, there is a challenge in how to accurately quantify the resource consumption pattern based on the authentication protocol type and session parameters to ensure the accuracy of the thermodynamic mapping, because the dynamic changes in protocol type and session parameters may cause the resource consumption estimate to become disconnected from the actual execution, affecting the reliability of thermal load prediction.

[0076] To address this, this application further proposes a method based on the authentication protocol type and session parameters corresponding to the business operation intent. This method generates a fine-grained load spectrum characterizing computational resource consumption patterns through protocol stack load analysis. The method includes: decomposing the authentication protocol type into a protocol stack to generate a sequence of protocol operations consisting of multiple atomic authentication operations arranged logically; querying a pre-defined resource consumption feature library for each atomic authentication operation in the sequence to obtain the computational resource consumption characteristics corresponding to each atomic authentication operation; determining the instantiation execution scale of the protocol operation sequence based on the session parameters in the business operation intent; adapting and extending the computational resource consumption characteristics of the multiple atomic authentication operations according to the instantiation execution scale; and superimposing the sequences over time to generate the fine-grained load spectrum.

[0077] For example, protocol stack decomposition of this authentication protocol type generates a sequence of protocol operations consisting of multiple atomic authentication operations arranged according to their execution logic. This protocol stack decomposition refers to breaking down a complex authentication protocol (e.g., OAuth 2.0, SAML, Kerberos, or TLS handshake protocol) into a series of smaller, more fundamental, and logically independent steps or phases. These steps are called atomic authentication operations, which are the smallest indivisible computational units in the protocol execution process, such as cryptographic computation, digital signature generation or verification, key exchange, credential database query, session state update, etc. One way to implement this protocol stack decomposition is to parse its message structure, state transition diagram, and message exchange flow according to the official specifications of the authentication protocol (such as RFC documents or industry standards), thereby identifying each independent message processing, algorithm execution, or data access operation as an atomic authentication operation. Another approach is to perform deep analysis and behavioral pattern recognition on the network traffic, system call traces, or internal function call chains during actual protocol execution, dividing continuous protocol execution behavior into discrete, independently analyzable atomic operation units. These atomic operations are arranged according to their logical execution order within the protocol, forming a protocol operation sequence.

[0078] For each atomic authentication operation in the protocol's operation sequence, a pre-built resource consumption feature library is queried to obtain the computational resource consumption characteristics corresponding to each atomic authentication operation. This resource consumption feature library is a pre-established database or knowledge base that stores resource consumption profiles for various atomic authentication operations under specific hardware platforms and software environments. These computational resource consumption characteristics are a set of metrics that quantify the computational resource requirements (such as CPU cycles, memory usage, I / O throughput, network bandwidth, energy consumption, etc.) of atomic operations. One method to obtain these characteristics is to accurately measure the actual resource consumption of each atomic authentication operation under different input parameters and load conditions in a controlled benchmark environment, and to build a mathematical model or lookup table to store this feature data. Another method is to collect historical performance monitoring data of the system when executing atomic operations and use machine learning algorithms (e.g., regression models, decision trees, or neural networks) to train this data, thereby learning and predicting the resource consumption characteristics of atomic operations.

[0079] Based on the session parameters in the business operation intent, the instantiation execution scale of the protocol operation sequence is determined. These session parameters are dynamic variables related to a specific authentication request or session, directly affecting the actual resource consumption of the authentication protocol. These parameters may include the number of concurrent sessions, single data load, encryption key length, and the number of factors in multi-factor authentication. Determining the instantiation execution scale means transforming the general resource consumption characteristics of atomic authentication operations into actual, overall resource requirements for the current authentication request based on these dynamic session parameters. One implementation is to directly map session parameters (e.g., the number of concurrent sessions and data load) into multipliers or incremental factors affecting resource consumption, adjusting the baseline consumption of atomic operations through simple mathematical operations. Another implementation is to input the session parameters as input to a pre-trained predictive model (e.g., a neural network or statistical model trained on historical data), which then calculates the comprehensive impact of these parameters on the overall resource consumption of the protocol operation sequence, thus obtaining the instantiation execution scale.

[0080] The computational resource consumption characteristics of the multiple atomic authentication operations are adapted and extended according to the instantiation execution scale, and then sequentially superimposed over time to generate this fine-grained load spectrum. This adaptation and extension refers to adjusting the computational resource consumption characteristics of each atomic authentication operation based on the determined instantiation execution scale. This may involve multiplying the baseline consumption by a concurrency factor, adding additional overhead due to increased data volume, or considering performance degradation caused by resource contention. Sequential superimposition over time means arranging and accumulating the resource consumption characteristics of each adapted and extended atomic operation on the time axis according to the actual execution order and duration of the atomic operations in the authentication protocol, thereby forming a continuous, time-resolved resource demand curve. Generating this fine-grained load spectrum yields a detailed, time-seriesd computational resource demand profile, which accurately characterizes the instantaneous resource requirements of the target computing unit during the execution of this authentication operation. One approach is to arrange and accumulate the adapted resource consumption characteristics of each atomic operation according to its occurrence order and duration on the time axis, based on the timing diagram or state transition diagram of the authentication protocol, forming a multi-dimensional timing vector. Another approach is to use a discrete event simulation method to simulate the execution flow of the protocol, accumulating the resource consumption of all currently active atomic operations at each simulation time step, thereby constructing a dynamic load spectrum.

[0081] The above technical solution decomposes complex authentication protocols into manageable atomic operations and, combined with a pre-built resource consumption feature library, provides objective and quantifiable resource consumption data for each atomic operation. Furthermore, by introducing session parameters from the business operation intent to dynamically determine the instantiation execution scale of the protocol operation sequence, this application can accurately adapt the baseline consumption of atomic operations to the actual execution conditions of the current authentication request, such as the number of concurrent sessions and data load. The adapted atomic operation resource consumption features are then sequentially superimposed over time to generate a highly refined, time-resolved fine-grained load spectrum. This load spectrum accurately captures the instantaneous demand and dynamic changes in computational resources during the execution of authentication operations, avoiding the problem of resource consumption estimation being out of sync with actual execution caused by dynamic changes in protocol type and session parameters in traditional methods. By providing such a precise characterization of computational resource consumption patterns, this application provides reliable and high-fidelity input for subsequent thermodynamic mapping and calculation, improving the accuracy of predicted heat load values. This enhances the entire authentication method's ability to identify the implicit coupling risks between physical thermal effects and business logic, laying a solid foundation for achieving coordinated protection of authentication security and physical system stability.

[0082] In some of the solutions described above in this application, the instantiation execution scale of the protocol operation sequence is determined to generate a fine-grained load spectrum. However, in this process, session parameters such as the number of concurrent sessions and the amount of data load per session are not fully quantified, resulting in inaccurate calculation of the instantiation execution scale and affecting the accuracy of thermal load prediction.

[0083] To address this, this application further proposes a method for determining the instantiation execution scale of a protocol operation sequence based on session parameters in the business operation intent. This method includes: extracting the number of concurrent sessions and the single data load from the session parameters; querying a pre-defined mapping table based on the number of concurrent sessions to determine the session concurrency multiplier; calling a pre-defined mapping function based on the single data load to determine the data processing complexity coefficient; and calculating the instantiation execution scale of the protocol operation sequence by applying the session concurrency multiplier and the data processing complexity coefficient based on the computational resource consumption characteristics of each atomic authentication operation in the protocol operation sequence.

[0084] For example, the session parameters refer to key information describing the characteristics of the current authentication session, obtained from the authentication request or through the business context. These parameters can be fields explicitly included in the authentication protocol message, such as the number of concurrent connections and packet size, or session attributes implicitly derived from business type, user level, etc. Their purpose is to provide specific and quantifiable session execution environment information for subsequent resource consumption assessment. The number of concurrent sessions refers to the number of authentication session requests the system needs to process simultaneously within a specific time window. This can be obtained directly from the authentication request metadata, such as by counting the number of requests arriving in a short period, or by reading from the client connection pool configuration. Another implementation is to estimate the peak concurrent sessions that may occur under the current business load through historical data analysis and predictive models. The single data load refers to the total amount of data that needs to be processed during one authentication operation. This can include the size of the authentication credentials, the length of the encryption key, the amount of session state information, etc. It can be obtained by parsing the data field size in the authentication protocol message, or by querying from the preset configuration based on the authentication type and security level.

[0085] This pre-configured mapping table is a pre-configured data structure used to store the correspondence between the number of concurrent sessions and the session concurrency multiplier. This mapping table can be a simple lookup table, for example, using the range of concurrent session counts as keys and the corresponding multiplier as values. It can also be a database table recording resource amplification coefficients at different concurrency levels. Its function is to provide a quantified resource consumption amplification factor based on the actual concurrency situation. The session concurrency multiplier is a dimensionless value used to characterize the amplification effect of concurrent sessions on computational resource consumption. For example, when the number of concurrent sessions reaches a certain threshold, due to the overhead of context switching, lock contention, etc., the actual resource consumption may not be a simple linear sum, but rather exhibit a non-linear growth. This multiplier can be pre-determined based on system benchmark data, rules of thumb, or simulation models.

[0086] This predefined mapping function is a predefined algorithm or mathematical model used to convert a single data load into a data processing complexity coefficient. This function can be a piecewise linear function, for example, a complexity coefficient of X when the data volume is within a certain range, and Y when it exceeds that range. It can also be a more complex nonlinear function, such as a polynomial or exponential function, to more accurately simulate the impact of data volume on processing complexity. Its purpose is to provide a quantified processing difficulty factor based on the size of the data load. This data processing complexity coefficient is a dimensionless numerical value used to characterize the degree of impact of a single data load on computational resource consumption. For example, processing 10KB of data may consume more CPU cycles and memory than processing 1KB of data; this coefficient quantifies this difference. This coefficient can be determined comprehensively based on factors such as the computational complexity of different data processing algorithms and data transfer overhead.

[0087] The computational resource consumption characteristics of each atomic authentication operation in this protocol operation sequence refer to the inherent computational resource requirements of each smallest, indivisible authentication step (i.e., atomic authentication operation) after decomposing the authentication protocol. These requirements include CPU time, memory usage, I / O operations, and network bandwidth. These characteristics are typically obtained through benchmarking, performance profiling, or empirical estimation and are stored in a resource consumption characteristic library. Their function is to serve as the basic unit for calculating the instantiation execution scale. Applying the session concurrency multiplier and the data processing complexity coefficient to calculate the instantiation execution scale of this protocol operation sequence involves combining the aforementioned quantification factors with the inherent resource consumption characteristics of atomic authentication operations, using multiplication, addition, or other compound operations to determine the total resource amount required for the entire protocol operation sequence under specific session parameters. For example, the baseline resource consumption of each atomic operation can be multiplied by the data processing complexity coefficient, and then the resource consumption of all operations can be expanded and summarized using the concurrency multiplier. The instantiation execution scale of this protocol operation sequence is a quantized result. It is a multi-dimensional vector that represents the total computing resources (such as CPU core time, memory capacity, network throughput, etc.) required to execute the entire authentication protocol sequence under the session parameters of the current authentication request.

[0088] The above technical solution enables the precise extraction of the number of concurrent sessions and the data load per instance from session parameters. These parameters are then transformed into quantified session concurrency multipliers and data processing complexity coefficients using a pre-defined mapping table and mapping function. This refined quantification method allows for full consideration of the actual impact of concurrency and data load on resource consumption when calculating the instantiation execution scale of protocol operation sequences, thus avoiding computational biases caused by insufficient parameter quantification in traditional methods. By applying these quantification factors to the computational resource consumption characteristics of each atomic authentication operation, this application generates a more accurate and detailed instantiation execution scale, providing high-quality input for the generation of fine-grained load spectra upstream. This improves the accuracy of the thermal load digital twin in thermodynamically mapping and calculating business operation intentions, making the predicted thermal load values ​​closer to reality and providing a solid foundation for subsequent risk assessment and dynamic authentication strategy generation. This helps the security kernel more accurately identify systemic risks transmitted from hot loads to business logic and generate more targeted dynamic authentication policy packages. This ensures the effective maintenance of the stability of the physical system and business continuity while ensuring the logical security of the industrial internet operating system, avoiding the technical paradox that "strengthening logical security may actually damage the physical reliability and business continuity of the system".

[0089] In some of the solutions mentioned above in this application, the instantiation execution scale is determined based on session parameters to predict the thermal load. However, the calculation of this process lacks specific operational details, resulting in insufficient and inefficient estimation of resource requirements. This fails to accurately reflect the actual impact of data load and concurrent sessions, thereby affecting the reliability of thermal load prediction.

[0090] To address this, this application further proposes a method to calculate the instantiation execution scale of the protocol operation sequence based on the computational resource consumption characteristics of each atomic authentication operation in the protocol operation sequence, using a session concurrency multiplier and a data processing complexity coefficient. Specifically, this includes: scaling the computational resource consumption characteristics of each atomic authentication operation in the protocol operation sequence using a data processing complexity coefficient to obtain operation characteristics corrected for data load; expanding the concurrency of the operation characteristics corrected for data load using a session concurrency multiplier to generate an instantiation operation feature sequence; and organizing and summarizing the resources of the instantiation operation feature sequence in a temporal manner to generate the instantiation execution scale of the protocol operation sequence, which is a multi-dimensional vector of computational resource requirements.

[0091] For example, when scaling the computational resource consumption characteristics of each atomic authentication operation in a protocol operation sequence using a data processing complexity coefficient to obtain the data load-corrected operation characteristics, this step aims to dynamically adjust the resource consumption of each atomic authentication operation based on the actual data load. The data processing complexity coefficient characterizes the degree of influence of unit data volume or data processing difficulty on resource consumption. For instance, the resource requirements of each atomic authentication operation can be directly amplified or reduced by multiplying the baseline computational resource consumption characteristics (such as CPU time, memory usage, I / O operations, etc.) with the data processing complexity coefficient. Another approach is to pre-define a piecewise function or lookup table to map the original resource consumption characteristics to different correction values ​​based on the range of the data processing complexity coefficient, thus reflecting nonlinear relationships more precisely.

[0092] When applying the session concurrency multiplier to the data load-corrected operation features to extend concurrency and generate an instantiated operation feature sequence, this step simulates the total resource requirements of multiple concurrent sessions executing simultaneously. The session concurrency multiplier reflects the aggregate effect of the number of concurrent sessions on resource consumption. One implementation is to directly multiply the data load-corrected operation features by the session concurrency multiplier to obtain the total resource requirements under ideal concurrency conditions. Another implementation is to introduce a decay factor or nonlinear function on top of simple multiplication to reflect the efficiency loss caused by resource sharing or contention in real-world concurrency scenarios, thereby generating a more realistic instantiated operation feature sequence.

[0093] When organizing and aggregating the instantiation operation feature sequence in a time-series manner to generate the instantiation execution scale of the protocol operation sequence, this step aims to integrate the individual atomic operation features, after data load correction and concurrency expansion, according to their execution order and temporal relationship in the protocol operation sequence, and aggregate them into a comprehensive, multi-dimensional computational resource requirement vector. One implementation is to accumulate the instantiation operation feature sequence according to its expected execution time slices. For example, summing the CPU, memory, and I / O requirements of all concurrent operations within each time slice to form a time-series resource requirement vector. Another implementation is to identify the critical paths in the protocol operation sequence through critical path analysis or event-driven simulation, and aggregate resources based on the operation features on the critical paths, while considering the parallel execution of non-critical path operations, to generate a multi-dimensional resource requirement vector with peak and average values ​​in the time dimension. This multi-dimensional vector can include various resource types such as CPU utilization, memory usage, network bandwidth, and disk I / O.

[0094] The above technical solutions can more accurately reflect the dynamic impact of data load on resource consumption, avoiding estimation bias caused by changes in data volume. They realistically simulate the resource requirements of multiple sessions executing simultaneously in high-concurrency scenarios, ensuring the accuracy of large-scale computations. By organizing and summarizing the instantiation operation feature sequences in a temporal manner, a comprehensive and structured multi-dimensional computational resource requirement vector can be generated, providing a more reliable foundation for subsequent thermodynamic mapping and risk assessment. This enables the security kernel to generate more accurate and adaptive dynamic authentication policy packages based on more accurate predicted thermal load values, effectively balancing logical security and physical stability. It avoids thermal load prediction bias caused by inaccurate resource requirement estimation, thereby improving the reliability and robustness of the entire industrial internet operating system authentication method.

[0095] In some embodiments described above in this application, a fusion feature space is proposed to integrate computational load, thermal state, and health state data to predict heat load. However, in its implementation, efficiently processing heterogeneous data and generating a unified feature representation to ensure the accuracy and reliability of thermodynamic predictions remains a challenge. For example, in related technologies, data sources are diverse (such as the temporal characteristics of load spectra, the physical dimensions of thermal parameters, and discrete events of health indicators). Direct integration can easily lead to inconsistent feature scales, information redundancy, or semantic loss, affecting the predictive model's ability to characterize the risk of heat load conduction.

[0096] To address this, this application proposes a method for jointly embedding fine-grained loading spectra, real-time thermal state parameters from physical thermodynamic states, and performance degradation indicators from health state data to construct a fused feature space for thermodynamic prediction. For example, this method includes the following steps: Sliding window statistics and frequency domain energy decomposition are performed on the fine-grained load spectrum to generate load feature embedding vectors that characterize the temporal properties of the computational load. Sliding window statistics aim to capture the dynamic changes in load over a specific time period. For example, a fixed-size sliding window (e.g., 5 seconds) can be used to calculate statistical moments (such as mean and standard deviation) of CPU utilization, memory access rate, and I / O operations. Alternatively, an adaptive sliding window can be used, its size adjusted according to the rate of load change, and percentiles (e.g., 25%, 50%, 75%) can be calculated to reflect the load distribution. Frequency domain energy decomposition reveals the periodic patterns and energy distribution of the load. For example, a Fast Fourier Transform (FFT) can be applied to the temporal load data within the sliding window to calculate the energy within a predefined frequency band (e.g., low frequencies for continuous loads and high frequencies for burst loads). Alternatively, wavelet transform can be used to decompose the load signal into different frequency components, extracting their energy coefficients or entropy values ​​to characterize transient and steady-state load characteristics. These processes effectively capture the dynamic characteristics of the computational load, avoiding the loss of time-series information caused by directly using the original load spectrum, and providing a stable input basis for heat load prediction.

[0097] Dimensional normalization and thermodynamic nonlinear mapping are performed on real-time thermal state parameters to generate thermal state embedding vectors characterizing the thermal environment of the equipment. Dimensional normalization aims to eliminate differences between different physical dimensions (e.g., Celsius temperature, watt power) to make them comparable. For example, Min-Max scaling can be used to map parameter values ​​to the [0,1] interval, or Z-score normalization can be used to make the mean 0 and the variance 1. Thermodynamic nonlinear mapping is used to capture the complex nonlinear relationships in the heat transfer process. For example, Sigmoid or Tanh activation functions can be applied to perform nonlinear transformations on the normalized thermal parameters, or a pre-trained shallow neural network layer can be used to learn nonlinear transformations based on historical thermal response data. Alternatively, a lookup table or piecewise linear function derived from the experimental thermal characteristic curve of the target computing unit can be consulted to map the normalized temperature value to a "thermal stress index" reflecting nonlinear degradation or performance impact. These processes can accurately characterize the thermal environment of the equipment, take into account the complex nonlinear relationships of thermodynamics, and prevent dimensional differences from affecting the comparability of features.

[0098] Discrete event quantization and health decay semantic encoding are performed on performance degradation indicators to generate health feature embedding vectors characterizing hardware reliability status. Discrete event quantization converts qualitative or event-driven metrics into numerical forms. For example, integer scores (0 for normal, 1 for warning, 2 for severe) can be assigned to different types of performance degradation events (such as abnormal fan speed, increased memory error count, and disk I / O latency peaks). Alternatively, a weighted summation method can be used to assign specific weights to each discrete event type (such as CPU throttling events and power fluctuations) based on event severity, and the weights are summed over a period of time to obtain the quantification index. Health decay semantic encoding aims to embed the meaning of hardware health status into the vector. For example, one-hot encoding can be used for different health states (such as healthy, degraded, and critical), or a pre-trained word embedding model can be used to map each health event or state (such as "CPU throttling" and "memory ECC error") to a dense vector in the semantic space to capture the relationships between different degradation types. These processes effectively reflect hardware reliability status, compensate for prediction bias caused by ignoring health factors, and ensure that features contain device degradation information.

[0099] The load feature embedding vector, the thermal state embedding vector, and the health feature embedding vector are concatenated across modalities to obtain a high-dimensional concatenated vector. This step achieves preliminary fusion of multimodal data by directly concatenating feature vectors from different sources (e.g., simple vector concatenation: [load vector|thermal state vector|health vector]) or by using weighted concatenation, multiplying each embedding vector by a learned or predefined weight before concatenation. This promotes the complementarity of load, thermal environment, and hardware health information and enhances the richness of the feature space.

[0100] Global feature normalization and dimensionality reduction are performed on the high-dimensional concatenated vector to obtain a unified fused feature representation, which is a feature point in the fused feature space. Global feature normalization ensures that all features in the high-dimensional vector have comparable scales. For example, Z-score normalization can be applied to all dimensions of the high-dimensional concatenated vector, or RobustScaler, which is insensitive to outliers, can be used for scaling. Dimensionality reduction aims to reduce the number of features to combat the curse of dimensionality and improve model efficiency. For example, Principal Component Analysis (PCA) can be used to project the high-dimensional vector to a low-dimensional subspace that preserves the maximum variance, or an autoencoder neural network can be used to learn a compressed, low-dimensional representation of the input high-dimensional vector through the encoder part. These processes simplify the input structure of the subsequent prediction model while retaining key information, making the feature space more compact and suitable for thermodynamic evolution calculations, thereby improving prediction efficiency and generalization ability.

[0101] The above technical solutions address the challenges of heterogeneous data processing and unified feature representation. For example, by performing sliding window statistics and frequency domain energy decomposition on fine-grained load spectra, the dynamic temporal characteristics of computational loads can be accurately captured. By normalizing the dimensions and performing thermodynamic nonlinear mapping on real-time thermal state parameters, the complex nonlinear state of the equipment's thermal environment can be accurately characterized. By performing discrete event quantization and health decay semantic encoding on performance degradation indicators, the reliability status of the hardware can be effectively reflected. These professionally processed load feature embedding vectors, thermal state embedding vectors, and health feature embedding vectors are then concatenated across modalities to form a comprehensive high-dimensional concatenated vector, achieving preliminary fusion of heterogeneous data. Further global feature normalization and dimensionality reduction processing yields a unified-dimensional fused feature representation. This representation, as a feature point in the fused feature space, not only eliminates scale inconsistencies, information redundancy, and semantic gaps between different data sources but also provides a compact, efficient, and information-rich input.

[0102] This fused feature space provides comprehensive and accurate input to the thermal load digital twin, enabling it to fully consider the complex interactions between computational activities, physical thermal responses, and hardware reliability when performing thermodynamic mapping and calculations, thus predicting thermal load values ​​more accurately. This fine-grained characterization of the implicit coupling risks between physical thermal effects and business logic allows subsequent risk assessments to identify systemic risk paths propagating from thermal load to business logic, thereby guiding the security kernel's collaborative decision-maker to generate more precise dynamic authentication policy packages. This helps avoid equipment frequency reduction or protective shutdown caused by instantaneous thermal loads resulting from authentication calculations, resolving the technical paradox of "strengthening logic security at the expense of system physical reliability and business continuity," and achieving synergistic protection of authentication security and physical system stability.

[0103] In some of the embodiments described above in this application, the thermal load digital twin needs to transform the fused feature space into a dynamic thermal response process that conforms to physical laws. However, existing thermal prediction methods mostly use static thresholds or simplified linear models, which cannot characterize the dynamic coupling relationship between the time-varying characteristics of the load and the physical process of heat conduction during the authentication operation. This results in the lack of time dimension evolution details (such as instantaneous peak value and heating rate) in temperature rise prediction, making it difficult to support the accurate identification of "thermal shock" risks and the generation of subsequent strategies.

[0104] To address this, this application further proposes inputting a fused feature space into a digital twin of the thermal load, driving the digital twin to perform a nonlinear state-space evolution deduction based on physical constraints, and outputting a predicted thermal load value, which includes a peak temperature rise value and a temperature rise rate index. For example, the method includes the following steps: inputting the fused feature space into the thermodynamic state evolution engine of the thermal load digital twin; performing a nonlinear time-step solution on the fused feature space based on the heat conduction differential equation and heat capacity parameters in the thermodynamic state evolution engine to generate a temperature rise time series during the authentication operation execution period; injecting a fine-grained load spectrum as a time-varying power excitation source into the thermodynamic state evolution engine during the nonlinear time-step solution process; and performing peak detection and rate of change analysis on the temperature rise time series to obtain a predicted thermal load value, which includes a peak temperature rise value and a temperature rise rate index.

[0105] The thermodynamic state evolution engine, which inputs the fused feature space into the thermal load digital twin, aims to provide comprehensive and unified initial conditions and driving data for subsequent thermodynamic simulations. The fused feature space, generated in the preceding steps, contains a comprehensive representation of the computational load, equipment thermal environment state, and hardware health state. The thermodynamic state evolution engine is the core computational unit of the thermal load digital twin, its primary responsibility being to simulate physical heat conduction processes. This engine can be a numerical solver based on finite element analysis (FEA) or the finite volume method (FVM), receiving the fused feature space as its initial and boundary condition inputs. Alternatively, it can be a simulation module based on a system-level thermal model (e.g., a lumped parameter model), where parameters in the fused feature space are mapped to the model's input variables.

[0106] Based on the heat conduction differential equation and heat capacity parameters in the thermodynamic state evolution engine, a nonlinear time-step solution is performed on the fused feature space to generate a temperature rise time series during the certification operation period. The aim is to strictly adhere to physical laws, dynamically and accurately simulate the impact of the certification operation on the equipment temperature, and capture instantaneous temperature changes. The heat conduction differential equation (e.g., Fourier's law) describes the transfer of heat within an object, while heat capacity parameters characterize the object's ability to absorb or release heat. Nonlinear time-step solution is a numerical method used to simulate nonlinear physical processes that change over time. The temperature rise time series is a record of the temperature change of the target computational unit during the certification operation. This solution process can employ explicit or implicit Euler methods, Runge-Kutta methods, or other numerical integration methods, combined with finite difference or finite element discretization, to iteratively solve the heat conduction equation. Alternatively, commercial or open-source computational fluid dynamics (CFD) software or thermal simulation toolkits can be used to configure the heat conduction model and material heat capacity parameters for transient thermal analysis.

[0107] In the nonlinear time-step solution process, a fine-grained load spectrum is injected into the thermodynamic state evolution engine as a time-varying power excitation source. Its role is to transform the dynamic computational load of the authentication operation into a physical heat source, driving the thermodynamic simulation and ensuring that the simulation results are synchronized with the actual power consumption changes of the operation. The fine-grained load spectrum characterizes the computational resource consumption pattern of the authentication operation in the time dimension and can be converted into instantaneous power consumption. A time-varying power excitation source means that the power of the heat source is not constant during the simulation but changes dynamically with time. In each time step iteration, the heat source terms (e.g., Joule heat generation rate) inside the thermodynamic state evolution engine can be dynamically updated based on the value in the fine-grained load spectrum at the current time point. Alternatively, the fine-grained load spectrum can be preprocessed into a series of discrete power pulses or functions as external excitation inputs to the thermodynamic simulation model.

[0108] Peak detection and rate of change analysis are performed on the temperature rise time series to obtain the predicted heat load value. This predicted heat load value includes the peak temperature rise and the rate of temperature change index. The purpose is to extract key heat load characteristics from the dynamic simulation results, providing a quantitative basis for subsequent risk assessment. It focuses not only on temperature but also on the drasticness of temperature changes. Peak detection identifies the highest temperature point in the time series, while rate of change analysis calculates how quickly the temperature changes over time. The predicted heat load value is a key indicator for comprehensively assessing the risk of thermal shock. Peak detection can be performed by traversing the temperature rise time series to find the maximum value. Rate of change analysis can be obtained by calculating the ratio of the temperature difference between adjacent time points to the time step length, or by using the slope of linear regression within a sliding window. Alternatively, signal processing techniques, such as wavelet transform or Fourier transform, can be used to analyze the frequency components and transient characteristics of the temperature rise time series, thereby extracting peak and rate of change information.

[0109] Through the aforementioned technical solutions, a crucial leap from static heat load estimation to complete heat conduction process simulation is achieved via dynamic evolution driven by physical mechanisms, improving the physical realism of predictions and the accuracy of risk identification. The fused feature space is input into the thermodynamic state evolution engine, providing a unified initial field encompassing load, thermal environment, and health state, laying the foundation for multi-source data collaborative simulation. Based on the heat conduction differential equation and heat capacity parameters, nonlinear time-step solutions are performed, strictly adhering to physical laws such as Fourier's law of heat conduction, numerically simulating the continuous evolution of the temperature field during the certification period, generating a high-time-resolution temperature rise time series, overcoming the shortcomings of empirical formulas that neglect thermal inertia and nonlinear effects. Fine-grained load spectra are dynamically injected into the solution process as time-varying power excitation sources, ensuring that the heat source power changes precisely with the certification operation sequence, realistically reproducing the physical causal chain of "certification load → instantaneous heat generation → heat conduction," and solving the prediction distortion problem caused by the disconnect between load and thermal response in related technologies. Peak detection and rate of change analysis of the temperature rise time series are performed, simultaneously outputting the peak temperature rise value (reflecting the heat accumulation limit) and the temperature rise rate of change index (characterizing the intensity of thermal shock), providing two-dimensional key parameters for risk assessment. For example, a high rate of change can trigger a "thermal shock risk" warning even if the peak value does not exceed the threshold, enhancing the ability to sensitively capture instantaneous thermal risks. This scheme deeply couples the first principles of thermodynamics with the time series of certification operations, making the prediction results not only "numerically accurate" but also "process reliable," providing a physically interpretable decision-making basis for the generation of dynamic certification strategies. It is the core technical fulcrum for achieving closed-loop synergy between "certification and thermal effects."

[0110] In some of the embodiments described above in this application, a thermodynamic state evolution engine is proposed to predict the heat load value. However, in its implementation, there is a lack of accurate modeling of the dynamic changes over time during the certification operation execution period, which makes it impossible to respond in real time to the instantaneous fluctuations of the load intensity. This results in inaccurate temperature rise prediction results, thereby affecting the reliability of subsequent risk assessment and physical control strategies.

[0111] To address this, this application further proposes a method for generating a temperature rise time series during the authentication operation execution period by performing nonlinear time-step solutions on the fused feature space based on the heat conduction differential equation and heat capacity parameters of the thermodynamic state evolution engine. This method includes: initializing the initial temperature field distribution of the thermodynamic state evolution engine based on the thermal state embedding vector contained in the fused feature space; setting the time step and total number of iterations for numerical solution based on the authentication operation execution period; performing multi-step iterative calculations starting from the initial temperature field distribution and following the steps at each time step iteration: extracting the instantaneous load intensity corresponding to the current time step from the fine-grained load spectrum and mapping it to the time-varying power excitation value of the current time step; transforming the heat conduction differential equation and the time-varying power excitation value into a system of nonlinear algebraic equations for the current time step according to a preset spatiotemporal discretization strategy; solving the system of nonlinear algebraic equations to update the temperature field distribution at the end of the current time step; and extracting and recording the core temperature value of the target computing unit from the updated temperature field distribution. After completing all iteration steps, all recorded core temperature values ​​are arranged in chronological order to generate a temperature rise time series during the authentication operation period.

[0112] For example, when initializing the initial temperature field distribution of the thermodynamic state evolution engine, this initial temperature field distribution serves as the starting point for the engine's temperature rise prediction. It characterizes the thermal environment state of the target computing unit before the authentication operation begins. By utilizing existing thermal state embedding vectors in the fusion feature space, the engine can accurately reflect comprehensive thermal information such as current device temperature, ambient temperature, and heat dissipation conditions, thus providing an accurate initial condition for subsequent nonlinear time-step solutions. For instance, key temperature parameters in the thermal state embedding vector (such as CPU core temperature and ambient temperature sensor data) can be directly mapped to corresponding nodes in the thermodynamic model and combined with a pre-defined temperature gradient model to generate the initial temperature field distribution. Alternatively, a machine learning model trained on historical data can be used, with the thermal state embedding vector as input, to predict and generate a more refined initial temperature field distribution. This model can capture more complex temperature distribution patterns.

[0113] Setting the time step and total number of iterations for numerical solutions are key parameters for controlling the simulation accuracy of the thermodynamic state evolution engine. The time step determines the granularity of time discretization during the simulation; a smaller time step can improve simulation accuracy but increases computational complexity. The total number of iterations determines the total simulation duration and should match the actual execution period of the authentication operation. For example, a fixed time step (e.g., 100 milliseconds or 1 second) can be preset based on the length of the authentication operation's execution period, and then the total number of iterations can be calculated as the authentication operation's execution period divided by the time step. Alternatively, an adaptive time step algorithm can be used, dynamically adjusting the step size based on the rate of temperature change. For example, a small step size can be used when temperature changes drastically, and a large step size when the change is gradual, to optimize computational efficiency while ensuring accuracy, and simultaneously ensuring that the total simulation duration covers the authentication operation's execution period.

[0114] When extracting the instantaneous load intensity corresponding to the current time step from the fine-grained load spectrum and mapping it to the time-varying power excitation value for the current time step, the fine-grained load spectrum details the computational resource consumption pattern of the authentication operation in the time dimension. At each time step, the instantaneous load intensity corresponding to the current time point needs to be extracted from the load spectrum and converted into the time-varying power excitation value required by the thermodynamic model. This excitation value represents the heat input generated by the authentication operation to the target computing unit at the current moment. For example, indicators such as CPU utilization and memory access volume in the fine-grained load spectrum can be directly mapped to the instantaneous power consumption of the target computing unit at the current time step, i.e., the time-varying power excitation value, through preset conversion coefficients or lookup tables. Alternatively, a detailed energy consumption model of the target computing unit can be established, which uses various resource consumption indicators in the fine-grained load spectrum as input to accurately calculate the instantaneous power at the current time step, thereby obtaining the time-varying power excitation value.

[0115] When the heat conduction differential equation and the time-varying power excitation value are transformed into a set of nonlinear algebraic equations for the current time step according to a preset spatiotemporal discretization strategy, the heat conduction differential equation describes the heat transfer law inside the object. To perform numerical solutions on a computer, it needs to be spatiotemporally discretized, that is, the continuous physical space and time are transformed into discrete grid points and time steps. Combined with the time-varying power excitation value of the current time step, these discretized equations constitute a set of nonlinear algebraic equations used to describe the heat balance and temperature change at the current time step. For example, the finite difference method (FDM) can be used, through methods such as central difference, forward difference, or backward difference, to approximate the spatial and temporal derivatives in the heat conduction differential equation into a set of discrete point difference forms, thus obtaining a set of linear or nonlinear algebraic equations. Alternatively, the finite element method (FEM) can be used, dividing the physical space of the target computational unit into multiple finite elements, approximating the temperature distribution within each finite element using an interpolation function, and transforming the heat conduction differential equation into a set of nonlinear algebraic equations through variational principles or weighted residual methods.

[0116] Solving the nonlinear algebraic equations and updating the temperature field distribution at the end of the current time step is a core step in numerical simulation. Its purpose is to calculate the temperature distribution of the target computational unit at the end of the current time step based on the heat input and boundary conditions. This updated temperature field distribution will serve as the initial condition for the next time step. For example, for nonlinear equation systems, an iterative Newton-Raphson method can be used to solve them, converging to a temperature field distribution that meets the accuracy requirements by continuously approximating the solution. Alternatively, in some cases, quasi-Newton methods (such as the BFGS algorithm) or conjugate gradient methods can be used to solve the nonlinear algebraic equation systems to improve solution efficiency and stability.

[0117] When extracting and recording the core temperature value of the target computing unit from the updated temperature field distribution, the core temperature value is a key indicator for measuring the thermal load status of the target computing unit, typically referring to the highest temperature of core components such as the CPU and GPU. After obtaining the complete temperature field distribution at each time step, it is necessary to identify and extract the temperature values ​​of these key points and record them for subsequent analysis and generation of temperature rise time series. For example, the core region of the target computing unit (such as the center of the CPU chip or hotspots of the memory module) can be predefined in the thermodynamic model, and the temperature values ​​of these predefined monitoring points can be directly read after each temperature field update. Alternatively, after each temperature field update, the region or point with the highest temperature can be identified by traversing the entire temperature field distribution and recorded as the core temperature value. This method can adapt to scenarios where the location of hotspots may change.

[0118] After completing all iteration steps, all recorded core temperature values ​​are arranged chronologically to generate a temperature rise time series for the authentication operation period. This is achieved by arranging the core temperature values ​​recorded at each time step in chronological order after all preset iteration steps are completed, thus forming a complete temperature rise time series. This series visually demonstrates the changing trend of the target computing unit's core temperature over time during the authentication operation. For example, during iteration, the core temperature values ​​extracted at each time step can be stored sequentially in an array or list. After iteration, this array or list becomes the chronologically arranged temperature rise time series. Alternatively, in addition to recording the core temperature values, corresponding timestamps can also be recorded, and these (timestamp, temperature value) pairs can be arranged in ascending order of timestamp to form a temperature rise time series with precise time information.

[0119] The above technical solutions overcome the problem of inaccurate temperature rise prediction in related technologies. For example, by accurately initializing the initial temperature field distribution, prediction distortion caused by initial condition deviations is avoided. By dynamically extracting the instantaneous load intensity from the fine-grained load spectrum and mapping it to time-varying power excitation values, the thermodynamic model can respond in real time to the instantaneous fluctuations of load intensity during the authentication process, thereby improving the dynamic accuracy of temperature rise prediction. This precise temperature rise time series provides a more reliable input for subsequent risk assessment, enabling the system to more accurately identify systemic risk paths transmitted from heat load to business logic. Furthermore, based on this accurate prediction result, the collaborative decision-maker can generate more precise physical resource control strategies, such as starting cooling equipment or adjusting fan speeds before the temperature rise reaches a critical value, thereby effectively preventing equipment from throttling or shutting down for protection due to overheating. This ensures the physical reliability and business continuity of the industrial internet operating system when performing high-concurrency authentication, achieving synergistic protection of authentication security and physical system stability.

[0120] In some of the embodiments described above in this application, risk assessment is proposed to identify systemic risk paths that are transmitted from heat load to business logic. However, in its implementation, the risk assessment may lack a mechanism to dynamically activate relevant entity vertices and perform multi-hop propagation calculations, resulting in inaccurate risk path identification and an inability to effectively capture the implicit coupling risk between heat load and business logic, thereby affecting the accuracy of subsequent strategy generation.

[0121] To address this, this application further proposes a risk assessment method, which includes: performing a risk assessment based on predicted heat load values, business criticality levels, and predefined cross-domain coupling relationships in a dynamic risk map to identify systemic risk paths that propagate from heat load to business logic. For example, see... Figure 4 The method includes the following steps: 401. Based on the predicted heat load value and business criticality level, activate the associated physical entity vertices and logical entity vertices in the thermodynamically enhanced dynamic risk map.

[0122] The predicted heat load value is the expected core temperature rise caused by the authentication operation, quantifying the degree of thermal impact of the authentication behavior on the physical environment. For example, this value can be a specific temperature value (e.g., a core temperature increase of 5°C) or a temperature rise rate indicator (e.g., 0.1°C per second). The business criticality level characterizes the importance of the business operation or the potential business impact of its failure. For example, it can be a quantitative level from low to high (e.g., levels 1-5) or a semantic label (e.g., "non-critical," "general," "important," "critical," "urgent"). Thermodynamically enhanced dynamic risk graph is a graph database or knowledge graph that represents physical and logical entities in the system with nodes (vertices), and the interactions and dependencies between these entities with edges (coupling relationships). It integrates a thermodynamic model to simulate the conduction of heat in the physical system and its impact on the logical system. This graph is "dynamic," meaning its structure and attributes can be updated based on real-time data. Physical entity vertices represent specific hardware components or physical areas in the industrial internet system, such as CPU cores, GPU units, memory modules, entire server nodes, or specific racks or server room areas. Logical entity vertices represent software components, services, applications, or business processes running on these physical entities, such as microservices, container instances, database services, control algorithm modules, or specific business functions (e.g., production scheduling, quality inspection). Activating these vertices means, based on the current authentication request and prediction results, marking physical and logical entity vertices directly related to or potentially affected by the current authentication operation as active and assigning them initial risk attributes. For example, these vertices can be marked as active by setting a Boolean flag or updating a status attribute in the graph, while the predicted heat load value is directly assigned to the corresponding physical entity vertex as its initial risk intensity, and the business criticality level is assigned to the relevant logical entity vertex as its risk impact weight.

[0123] 402. Based on the predefined cross-domain coupling relationship in the dynamic risk map, use the predicted heat load value as the initial risk intensity and the business criticality level as the risk impact coefficient to perform multi-hop risk propagation calculation.

[0124] In the dynamic risk graph, predefined cross-domain coupling relationships refer to connections established during graph construction that describe the interdependencies and influences between physical and logical entities, as well as between logical entities themselves. These relationships can be explicitly defined graph edge types, such as "runs_on" indicating that a logical service runs on a physical server, "depends_on" indicating that one logical service depends on another, and "influences" indicating that the thermal state of one physical component influences another. These relationships are typically defined during graph initialization through system configuration, topology discovery, or expert knowledge. The initial risk intensity is the starting point for risk propagation calculations, quantifying the severity of the initial thermal shock represented by the predicted heat load value. For example, the predicted peak temperature rise or rate of temperature change can be directly used as the initial risk intensity, or it can be mapped to a standardized risk score. The risk impact coefficient is a weighting factor used to adjust the degree of risk impact on a specific entity during propagation. For example, for a logical entity vertex, its risk impact coefficient can be directly determined by its business criticality level (e.g., the higher the level, the larger the coefficient). For physical entity vertices, a preset baseline influence coefficient can be used, reflecting the physical component's sensitivity to heat load or the potential impact of its failure. Multi-hop risk propagation calculation is an iterative algorithm that simulates the process of risk spreading hop-by-hop along coupling relationships in the graph, starting from an initial source (such as a physical entity affected by heat load). In each propagation, the risk intensity is adjusted and accumulated based on the characteristics of the coupling relationship (such as propagation attenuation rate) and the risk influence coefficient of the target entity until a preset propagation termination condition is reached (e.g., reaching the maximum number of propagation hops or the risk intensity falling below a certain threshold), thus obtaining the comprehensive risk value for each entity.

[0125] 403. Based on the results of risk propagation calculation, identify the paths where the risk value exceeds the preset threshold and connects the physical entity vertex and the key business logic vertex, as systemic risk paths.

[0126] The result of risk propagation calculation is a set of comprehensive risk values ​​for all evaluated entities in the graph, reflecting the degree of risk each entity may face under the current heat load shock. For example, it could be a list containing all vertex IDs and their corresponding risk scores. A preset threshold is a pre-defined risk value limit used to filter out entities or paths whose risk levels reach or exceed the system's acceptable range. This threshold can be a fixed value (e.g., a risk score greater than 7) or dynamically adjusted based on the system's current operating status. Critical business logic vertices refer to logical entities in an industrial internet system that are critical to business continuity, security, or performance; impairment of their functionality would lead to serious consequences. These vertices are typically explicitly marked as "critical" in the system configuration, or their business criticality level reaches the highest level. The process of identifying systemic risk paths usually involves filtering out critical vertices whose comprehensive risk value exceeds the preset threshold after the risk propagation calculation is completed. Then, starting from these filtered physical entity vertices, a path search algorithm (e.g., based on a variation of depth-first search or breadth-first search) is used to find all paths in the dynamic risk graph connecting to critical business logic vertices with the same risk value exceeding the threshold. These paths will be evaluated based on the comprehensive risk value of all vertices on the path, and the candidate paths with the highest risk assessment value will be selected as the systemic risk paths from heat load to business logic.

[0127] The above technical solution accurately identifies systemic risk paths from heat load to business logic. By dynamically activating physical and logical entity vertices related to authentication requests and combining predicted heat load values ​​and business criticality levels as initial risk parameters, the targeted and comprehensive nature of risk assessment is ensured. This allows the system to consider risks from both physical heat effects and business importance dimensions simultaneously, avoiding the one-sidedness of single-dimensional assessment. Utilizing predefined cross-domain coupling relationships in the dynamic risk graph to perform multi-hop risk propagation calculations can simulate the complex transmission process of risk between the physical and logical domains, quantifying the diffusion effect of risk in the system. This overcomes the limitations of traditional methods that separate physical and logical risks, and more realistically reflects the potential impact of heat load on business in the industrial internet environment. By identifying paths where risk values ​​exceed preset thresholds and connect physical entity vertices to critical business logic vertices, this application clearly reveals the potential impact mechanism of heat load on critical business logic, providing accurate risk basis for the subsequent collaborative decision-making unit of the security kernel to generate dynamic authentication policy packages. This effectively avoids systemic risks caused by heat load accumulation and ensures a collaborative balance between authentication security and physical system stability in the industrial internet operating system.

[0128] In some of the solutions mentioned above in this application, the associated physical entity vertices and logical entity vertices in the thermodynamically enhanced dynamic risk map are proposed to prepare for risk propagation calculation. However, in its implementation, the assignment of the initial risk intensity and impact weight may be inaccurate, resulting in inaccurate risk propagation calculation and failure to effectively identify the systemic risk path of heat load transmission to business logic.

[0129] To address this, this application further proposes a method to activate associated physical and logical entity vertices in a thermodynamically enhanced dynamic risk graph based on predicted heat load values ​​and business criticality levels. For example, the method includes: locating the physical entity vertex corresponding to the target computing unit specified in the authentication request within the thermodynamically enhanced dynamic risk graph, and assigning the predicted heat load value as the initial risk intensity of the physical entity vertex. Locating the logical entity vertex associated with the business operation intent within the thermodynamically enhanced dynamic risk graph, and assigning the business criticality level as the risk impact weight of the logical entity vertex. Based on predefined cross-domain coupling relationships in the dynamic risk graph, activating the cross-domain coupling edges connecting physical and logical entity vertices, and initializing the risk propagation attenuation coefficient of the cross-domain coupling edges.

[0130] Thermodynamically enhanced dynamic risk graph is a graph data structure that reflects the complex coupling relationship between the physical layer (thermodynamic state) and the logical layer (business operations, security policies) in an industrial internet operating system in real time. It not only includes traditional logical entities (such as users, applications, data, and policies) and physical entities (such as servers, sensors, and cooling equipment) and their interconnections, but also incorporates thermodynamic parameters, health status data, and their impact mechanisms on risk propagation. This graph can be built on graph databases (such as Neo4j and JanusGraph), where nodes represent physical or logical entities, and edges represent the relationships between them. Thermodynamic enhancement is reflected in the inclusion of real-time thermal state and health indicators in node attributes, and heat conduction and risk propagation attenuation coefficients in edge attributes. Alternatively, it can be implemented using an in-memory graph structure or a distributed graph computing framework (such as Apache Giraph and GraphX). Through predefined data models and interfaces, physical sensor data, business management system data, and security policy data are injected into and updated in real time to update the node and edge attributes in the graph, enabling it to dynamically evolve to reflect changes in system state.

[0131] The location and authentication request identifies the physical entity vertex corresponding to the target computing unit, aiming to accurately identify the physical resources involved in the authentication request and provide accurate physical location for subsequently identifying predicted heat load values ​​as risk sources. The security kernel can maintain a physical resource mapping table that associates the unique identifier of the target computing unit (such as IP address, MAC address, device serial number) with the physical entity vertex ID in the thermodynamically enhanced dynamic risk graph. When an authentication request is received, the target computing unit identifier is parsed from the request, and then the corresponding physical entity vertex is located by querying this mapping table. Alternatively, the security kernel can also directly perform attribute matching queries in the graph based on the target computing unit's attributes (such as device type, deployment location, and functional role) to find matching physical entity vertices.

[0132] Assigning the predicted heat load value as the initial risk intensity of a physical entity vertex directly quantifies the previously calculated predicted heat load value into the physical-level risk source intensity, ensuring the accuracy of the physical basis of the risk assessment. Specifically, the predicted heat load value (e.g., represented by a core temperature rise value or a rate of temperature change index) can be directly stored as an attribute value of the physical entity vertex and labeled as "initial risk intensity." This value can be a floating-point number representing the immediate thermal risk level faced by the physical entity due to the authentication operation. Alternatively, a mapping function can be designed to convert the predicted heat load value into a standardized or normalized risk intensity score (e.g., a risk index from 0 to 100), and then this score can be assigned to the initial risk intensity attribute of the physical entity vertex.

[0133] Locating the logical entity vertex associated with the business operation intent is a step aimed at identifying the business logic entity corresponding to the authentication request, providing accurate logical positioning for subsequent application of business criticality level as a risk impact weight. The security kernel can query a pre-built business-logic entity mapping rule base based on information such as the operation type and target resource identifier in the business operation intent. For example, if the business operation intent is "access database A," then the logical entity vertex representing "database A" in the graph is located. Alternatively, semantic matching can be performed using a business context knowledge base. After semantic analysis, the business operation intent can be associated with predefined logical entity vertices in the graph, such as business processes, application modules, and data objects, thereby finding the most relevant logical entity vertex.

[0134] Assigning the business criticality level as a risk impact weight to the logical entity vertex quantifies the business criticality level into a logical-level risk impact weight. This ensures that risk propagation calculations fully consider the importance of the business and avoid over-responding to non-critical business aspects. In practice, the business criticality level (e.g., high, medium, low, or a quantified level of 1-5) can be directly stored as an attribute value for the logical entity vertex and labeled as "risk impact weight." This value will be used to adjust the degree to which the logical entity is affected by risk during risk propagation. Alternatively, based on the business criticality level, a predefined weighting function can be used to convert it into a floating-point number between 0 and 1, which will then serve as the risk impact weight.

[0135] The predefined cross-domain coupling relationships in the dynamic risk graph refer to the edges connecting physical entity vertices and logical entity vertices in the thermodynamically enhanced dynamic risk graph. These edges represent how changes in the physical layer's state affect the logical layer's business operations, and how operations at the logical layer react upon the physical layer. These relationships are pre-established based on system architecture, physical laws, and business process analysis. These relationships can be represented as specific edge types in the graph, such as "physical impact on logic," "resource dependency," and "heat conduction impact on performance." Each edge type can be associated with different attributes, such as propagation direction, propagation delay, and attenuation function. Furthermore, these relationships can also be defined through a rule engine or expert knowledge base, for example, "when the server temperature exceeds X degrees, the performance of the database service running on it decreases by Y%."

[0136] Activating cross-domain coupling edges connecting physical entity vertices and logical entity vertices is a step designed to clarify the physical-logical risk propagation paths that may be triggered by this authentication operation, thus establishing effective propagation channels for subsequent multi-hop risk propagation calculations. In the graph, edges that are directly or indirectly connected to located physical and logical entity vertices and have a cross-domain coupling relationship can be changed from "inactive" to "active." This can be achieved by updating the edge's "activation status" attribute. Alternatively, based on a predefined set of rules, when a specific physical and logical entity vertex is activated, all eligible cross-domain coupling edges between them are automatically identified and activated.

[0137] Initialize the risk propagation attenuation coefficient for cross-domain coupling edges. This step sets up an attenuation mechanism for risk propagation during the physical-logical cross-domain process, ensuring the authenticity and rationality of risk propagation and preventing unlimited amplification or unreasonable propagation of risks. Based on the type of cross-domain coupling relationship and the preset physical-logical conduction characteristics, each active cross-domain coupling edge can be assigned an initial risk propagation attenuation coefficient (e.g., a floating-point number between 0 and 1). For example, the attenuation coefficient for direct heat conduction may be higher, while the attenuation coefficient for indirect influences through the software layer may be lower. Furthermore, the initialization of the attenuation coefficient can also be based on historical data or expert experience.

[0138] The above technical solutions enable the precise activation of relevant vertices and edges in the thermodynamically enhanced dynamic risk graph, laying a solid foundation for subsequent risk propagation calculations. For example, directly assigning the predicted heat load value as the initial risk intensity of a physical entity vertex allows for accurate quantification of physical thermal shocks as risk sources, avoiding the disconnect between physical state and security decisions in traditional methods. Assigning the business criticality level as the risk impact weight of a logical entity vertex ensures that risk propagation calculations fully consider the importance of the business, avoiding over-response to non-critical business operations, thus making risk assessment results more business-oriented. Furthermore, activating and initializing the risk propagation attenuation coefficient based on predefined cross-domain coupling relationships clarifies the specific path and intensity variation law of physical heat load transmission to business logic, solving the problem of difficulty in characterizing the implicit coupling risk between physical thermal effects and business logic in traditional security architectures. These precise initialization and activation operations improve the accuracy and reliability of the dynamic risk map in identifying systemic risk paths that are transmitted from heat load to business logic. This provides a more refined and comprehensive risk situation awareness for subsequent risk assessment and dynamic authentication strategy generation, thereby effectively avoiding the technical paradox that "strengthening logic security may actually harm the physical reliability and business continuity of the system."

[0139] In some of the solutions mentioned above in this application, multi-hop risk propagation calculations are proposed to assess risk propagation and identify systematic risk paths. However, in the implementation process, risk propagation may not effectively handle the propagation attenuation characteristics and the differences in risk impact coefficients of different vertex types, resulting in inaccurate risk value calculations and affecting the accurate identification of systematic risk paths.

[0140] To address this, this application further proposes a method based on predefined cross-domain coupling relationships in a dynamic risk map. Using predicted heat load values ​​as the initial risk intensity and business criticality levels as the risk impact coefficients, multi-hop risk propagation calculations are performed. Specifically, this includes: using the predicted heat load value as the current risk intensity at the source point, propagating risk from physical entity vertices along cross-domain coupling relationships to adjacent vertices. Based on the predefined propagation attenuation characteristics of the cross-domain coupling relationships, the current risk intensity during propagation is attenuated to obtain the post-propagation risk intensity received by adjacent vertices. The post-propagation risk intensity is then fused with the risk impact coefficients corresponding to adjacent vertices to generate a comprehensive risk value for each adjacent vertex. If the adjacent vertex is a logical entity vertex, the risk impact coefficient is determined based on the business criticality level. If it is a physical entity vertex, the risk impact coefficient uses a preset baseline value. The comprehensive risk value is then used as the new risk intensity, and the risk propagation, attenuation, and fusion calculation operations are iteratively performed until a preset propagation termination condition is met, generating a risk propagation calculation result containing the comprehensive risk values ​​of each vertex.

[0141] The current risk intensity, using the predicted heat load value as the source point, propagates risk from the physical entity vertex along cross-domain coupling relationships to adjacent vertices. This means using the predicted heat load value, representing the expected core temperature rise caused by the authentication operation, as the starting intensity for risk propagation. Starting from the physical entity vertex representing the physical device or computing unit in the dynamic risk graph, the risk information is transmitted to its directly connected adjacent vertices along pre-modeled cross-domain coupling relationships connecting vertices of entities from different domains. The predicted heat load value can be a quantified indicator such as temperature, temperature rise rate, or heat power density. Physical entity vertices can be servers, edge computing devices, or sensors. Cross-domain coupling relationships can be the deployment relationship between physical devices and software modules, or the dependency relationship between software modules and business functions. In implementation, a graph traversal algorithm (such as breadth-first search or depth-first search) can be used, starting from a specified physical entity vertex and traversing along predefined cross-domain coupling edges, assigning the predicted heat load value as the initial risk intensity to the source point. Alternatively, a proxy-based simulation method can be used, where each vertex is treated as a proxy. When a physical entity vertex receives the predicted heat load value, it transmits the risk information to its directly connected adjacent vertices according to a preset propagation rule.

[0142] Based on the predefined propagation attenuation characteristics of cross-domain coupling relationships, the current risk intensity during propagation is attenuated to obtain the post-propagation risk intensity received by adjacent vertices. Propagation attenuation refers to the property that the intensity of a risk decreases as it propagates from one vertex to another, depending on the properties of the connecting edges, reflecting the loss or buffering effect of risk transmission. For example, through multi-layered abstraction or isolation mechanisms, the risk intensity will naturally decrease. In implementation, an attenuation coefficient (e.g., a floating-point number between 0 and 1) can be preset for each cross-domain coupling relationship, and the current risk intensity is multiplied by this attenuation coefficient during risk propagation. Alternatively, based on the type of cross-domain coupling relationship (e.g., physical connection, logical dependency, data flow, etc.) and the distance or complexity it carries, the attenuation value can be calculated using a predefined attenuation function (such as an exponential or logarithmic attenuation function) and subtracted from the current risk intensity.

[0143] The risk intensity after propagation is calculated by fusing it with the risk impact coefficient of adjacent vertices to generate a comprehensive risk value for those vertices. If the adjacent vertex is a logical entity vertex, the risk impact coefficient is determined based on its business criticality level. If it is a physical entity vertex, a preset benchmark value is used. The risk impact coefficient quantifies the sensitivity of a specific vertex to risk or the extent of its potential impact in a risk event, reflecting the importance of different entities at the business or physical level. The business criticality level is a quantitative assessment of the importance of business operations or the logical entities they depend on; for example, it may be divided into high, medium, and low levels, or expressed numerically. The preset benchmark value is a standard risk impact coefficient set for physical entity vertices; it can be a fixed value or a default value pre-configured based on factors such as the type of physical equipment and the deployment environment. The fusion calculation combines the risk intensity after propagation with the risk impact coefficient of that vertex to obtain a comprehensive risk value for that vertex. In implementation, a weighted summation method can be used; for example, comprehensive risk value = (risk intensity after propagation × weight 1) + (risk impact coefficient × weight 2), where weight 1 and weight 2 are preset fusion weights. Alternatively, a multiplicative model can be used, for example, the overall risk value = risk intensity after propagation × (1 + risk impact coefficient), or the overall risk value = risk intensity after propagation × risk impact coefficient, depending on how the risk impact coefficient is defined.

[0144] The comprehensive risk value is used as the new risk intensity. Risk propagation, attenuation, and fusion calculations are iteratively performed until a preset propagation termination condition is met, generating a risk propagation calculation result containing the comprehensive risk values ​​of each vertex. Iterative execution refers to repeating the above steps of risk propagation, attenuation, and fusion calculations, using the comprehensive risk value calculated in the previous round as the starting risk intensity for the next round of propagation, until a specific condition is met. The preset propagation termination condition is a rule used to control the number or range of iterations in the risk propagation calculation. The result of the risk propagation calculation is a dataset containing the comprehensive risk values ​​of all relevant vertices in the dynamic risk graph. In implementation, termination conditions may include: reaching a preset maximum number of propagation hops (e.g., no more than 5 hops); terminating when all risk intensities to be propagated are below a preset minimum risk threshold; or terminating when all reachable vertices in the graph have been visited once. When generating the result, the updated vertex comprehensive risk values ​​in each iteration can be stored in a data structure (such as a hash table or list), and this data structure can be output. Alternatively, the comprehensive risk value attribute can be directly updated in each vertex object of the graph, and the result can be obtained by traversing the graph after the calculation is complete.

[0145] The above technical solutions address the issues of inadequate handling of propagation attenuation characteristics and differences in risk impact coefficients for different vertex types in multi-hop risk propagation calculations, thereby improving the accuracy of risk assessment and the reliability of systemic risk path identification. For example, using the predicted heat load value as the source of the current risk intensity and propagating risk from physical entity vertices ensures that the starting point of risk assessment is closely linked to the actual source of the physical heat load, allowing for accurate capture of the potential transmission effect of heat load on business logic. Attenuating risk intensity based on predefined propagation attenuation characteristics of cross-domain coupling relationships simulates the natural dissipation process of risk in complex systems, avoiding overestimation of risk intensity and making the risk value closer to reality. Furthermore, the propagated risk intensity is fused with the risk impact coefficients corresponding to adjacent vertices, and the risk impact coefficients are determined based on whether the adjacent vertex is a logical entity vertex or a physical entity vertex, using either the business criticality level or a preset benchmark value. This differentiated processing fully considers the differences in the sensitivity and importance of different types of entities to risk. Logical entity vertices are more sensitive to risk due to the business criticality they carry, while physical entity vertices are assessed using standardized benchmark values, making risk assessment more targeted and refined. By using the comprehensive risk value as the new risk intensity for iterative propagation, attenuation, and fusion calculation until the preset propagation termination condition is met, this solution can comprehensively cover the systemic risk paths that may be caused by heat load and generate risk propagation calculation results containing the comprehensive risk values ​​of each vertex. This provides accurate and comprehensive data support for subsequent identification of systemic risk paths that are transmitted from heat load to business logic, effectively avoiding misjudgments or omissions caused by inaccurate risk assessments. This ensures the physical reliability and business continuity of the industrial internet operating system in the face of thermal shock scenarios such as high-concurrency authentication.

[0146] In some of the solutions mentioned above in this application, a systemic risk path is identified based on the results of risk propagation calculation to assess risk. However, in this process, there may be problems such as inaccurate identification, low efficiency, or inability to effectively integrate the risk values ​​of each vertex on the path, resulting in an incomplete risk path assessment and affecting the accuracy of the risk assessment.

[0147] To address this, this application further proposes a method for identifying systemic risk paths based on the results of risk propagation calculations, where the risk value exceeds a preset threshold and connects physical entity vertices with key business logic vertices. This method includes: selecting key vertices from the risk propagation calculation results whose comprehensive risk value exceeds a preset threshold; in a dynamic risk graph, starting from physical entity vertices and using the logical entity vertices among the selected key vertices as potential endpoints, tracing back along cross-domain coupling relationships; for each candidate path obtained through tracing, calculating a path risk assessment value, which integrates the comprehensive risk values ​​of all vertices on the path; and identifying the candidate paths with the highest path risk assessment values ​​as systemic risk paths.

[0148] For example, when selecting critical vertices from the risk propagation calculation results that have a comprehensive risk value exceeding a preset threshold, this step aims to focus risk analysis on nodes with significant risk levels, thereby improving analysis efficiency and optimizing resource allocation. For instance, this can be achieved by iterating through the comprehensive risk values ​​of all vertices in the risk propagation calculation results and comparing them to a preset risk threshold; any vertex with a comprehensive risk value higher than or equal to this threshold is marked as a critical vertex. This threshold can be dynamically adjusted based on system security policies, business criticality requirements, or historical risk data. Alternatively, a tiered selection mechanism can be employed. For example, the preset threshold can be set to multiple levels, and critical vertices of different levels can be selected based on the threshold of each level, allowing subsequent path tracing to prioritize based on risk level.

[0149] In a dynamic risk graph, starting from physical entity vertices and ending at logical entity vertices among the selected key vertices, reverse path tracing along cross-domain coupling relationships aims to trace the possible physical sources of identified key risk points (especially logical-level risks), thereby revealing the specific path through which risks propagate from the physical to the logical level. Reverse tracing ensures that the physical root cause of logical risks is found, rather than merely focusing on the surface manifestations of the risk. For example, breadth-first search (BFS) or depth-first search (DFS) algorithms can be used to traverse the graph backwards from each selected logical entity vertex along predefined cross-domain coupling edges until a physical entity vertex is reached. During the traversal, all vertices and edges traversed are recorded, forming candidate paths. Alternatively, the path query functionality of graph databases, such as the Cypher query language, can be utilized to directly construct query statements, specifying the starting node type (logical entity vertex), ending node type (physical entity vertex), and path direction (reverse), and limiting the path to traversing cross-domain coupling relationships, thereby efficiently obtaining all candidate paths that meet the conditions.

[0150] For each candidate path identified through tracing, a path risk assessment value is calculated. This calculation integrates the combined risk values ​​of all vertices along the path. This step aims to quantitatively evaluate each identified potentially risky path to determine its overall risk level. By integrating the combined risk values ​​of all vertices along the path, the cumulative risk effect of the path can be more comprehensively reflected, avoiding the one-sidedness of judging based solely on the risk value of a single vertex. For example, the path risk assessment value can be defined as the weighted sum of the combined risk values ​​of all vertices along the path, where the weights can be allocated based on the importance, type (physical or logical), or role of the vertex in the path, or its role in risk propagation. Alternatively, a product model or exponential decay model can be used to calculate the path risk assessment value. For example, the combined risk values ​​of all vertices along the path can be multiplied, or a decay factor can be introduced during the propagation process to simulate the cumulative and attenuating effects of risk along the propagation chain.

[0151] The candidate paths with the highest path risk assessment values ​​are identified as the systemic risk paths. This step aims to identify the critical risk transmission paths with the greatest impact on the system and requiring the highest priority from among numerous candidate risk paths. By selecting the path with the highest assessment value, limited resources can be ensured to be invested in addressing the most urgent and potentially destructive risks. For example, all candidate paths can be sorted in descending order of their path risk assessment values, and the top N paths can be selected as the systemic risk paths, where N is a preset integer. Alternatively, a dynamic threshold can be set, such as selecting paths whose path risk assessment values ​​exceed the average of all paths by a certain percentage, or selecting paths whose assessment values ​​reach a certain absolute high-risk threshold.

[0152] The above technical solution addresses the problems of inaccurate identification, low efficiency, and ineffective integration of risk values ​​at each vertex along a path when identifying systemic risk paths based on risk propagation calculations. For example, by screening key vertices whose comprehensive risk value exceeds a preset threshold, the focus of risk analysis can be concentrated on high-risk areas, avoiding ineffective calculations for low-risk or irrelevant vertices and improving the efficiency of risk identification. Starting with physical entity vertices and using the screened key logical entity vertices as potential endpoints, reverse path tracing along cross-domain coupling relationships ensures the integrity and accuracy of the risk propagation path, enabling an understanding of the logical risk generation mechanism from its physical roots. By calculating the path risk evaluation value of each candidate path and integrating the comprehensive risk value of each vertex along the path, a comprehensive quantitative assessment of the risk path is achieved, avoiding the one-sidedness of isolated vertex risk assessments and making the risk assessment results more convincing. The candidate paths with the highest path risk assessment values ​​are identified as systemic risk paths, enabling the system to prioritize the handling of the risks that have the greatest and most urgent impact on business. This optimizes the allocation of risk response resources, thereby improving the accuracy of risk assessment and decision-making efficiency of the entire industrial internet operating system authentication method, and effectively ensuring the synergy between authentication security and physical system stability.

[0153] In some of the solutions mentioned above in this application, a dynamic authentication strategy package is generated based on the predicted heat load value and the systemic risk path. However, in the process of its implementation, the collaborative optimization of logical security strategy and physical resource control strategy is not effectively integrated, resulting in inaccurate definition of authentication protocol strength adjustment boundary and environmental control target. It is unable to dynamically adapt to changes in heat load and the transmission of business risks, thus making it difficult to avoid the risk of equipment frequency reduction or business interruption caused by heat accumulation.

[0154] To address this, this application further proposes a method that, based on predicted heat load values ​​and systemic risk paths, uses a collaborative decision-maker within a security kernel to integrate and solve for the logical security policy and physical resource control policy corresponding to the requester's role identifier, generating a dynamic authentication policy package. See [link to relevant documentation]. Figure 5 The method specifically includes: 501. Based on the predicted heat load value and the systemic risk path, generate a set of logical safety policy adjustment constraints and a set of physical resource regulation targets.

[0155] The logical security policy adjustment constraint set characterizes the boundary of authentication protocol strength adjustment, referring to the allowed range or boundary conditions for adjusting the authentication protocol strength during the authentication process. Its function is to limit parameters such as the complexity, encryption strength, and number of authentication factors of the authentication protocol, so as to avoid unnecessary consumption of computing resources and increased heat load due to excessive security measures while ensuring security. For example, an upper and lower limit for the authentication protocol strength level can be defined, such as a minimum requirement of two-factor authentication and a maximum allowable requirement of three-factor authentication combined with biometrics, or the minimum and maximum key lengths of the encryption algorithm can be specified. Furthermore, the allowable range of parameters such as the authentication protocol's timeout and number of retries can be dynamically set according to the business criticality level and predicted heat load value. The physical resource control target set characterizes the control amplitude and scope of environmental control resources, referring to the set of parameters for environmental control operations required to address predicted heat load for the target computing unit and its physical environment. Its function is to clarify the amplitude, scope, and duration of the control measures (such as cooling and ventilation) that the environmental control system should take, so as to effectively reduce or control the heat load and ensure the stable operation of physical equipment. For example, you can set the ideal operating temperature range for the target computing unit, and the cooling power or fan speed that the cooling system should achieve when the predicted heat load reaches a certain threshold. You can also specify the physical area that needs to be regulated (e.g., a server rack, a server cluster), and the expected range of changes in environmental parameters such as temperature and humidity within that area.

[0156] 502. Input the set of logical security policy adjustment constraints, the set of physical resource regulation targets, and the baseline security policy corresponding to the requester's role identifier into the multi-objective collaborative optimization module of the collaborative decision-maker, perform joint solution of security constraints and physical stability constraints, and output logical security policy parameters and physical resource regulation parameters.

[0157] The collaborative decision-maker is a core component of the security kernel, responsible for integrating information from different dimensions (logical security, physical environment, business criticality, etc.) and performing comprehensive analysis and decision-making. Its role is to achieve synergistic protection of logical security and physical stability, avoiding the negative impact of single-dimensional decision-making. For example, the collaborative decision-maker can be a software module based on a rule engine or expert system, capable of initially filtering and matching input parameters according to preset priorities and association rules. Alternatively, it can be an intelligent module using machine learning models (such as reinforcement learning or multi-objective optimization algorithms), capable of learning from historical data and predicting the optimal strategy combination. The multi-objective collaborative optimization module is a functional unit within the collaborative decision-maker, specifically designed to handle decision problems with multiple conflicting or related optimization objectives. Its role is to optimize physical stability as much as possible while satisfying security constraints, or to maximize security strength while ensuring physical stability, thereby finding a balanced and optimal strategy combination. For example, the Pareto optimization algorithm can be used to find a set of non-dominated solutions (Pareto optimal solutions) such that one objective cannot be improved without sacrificing another. Alternatively, a weighted sum method or goal programming can be used to transform multiple objective functions into a single objective function for optimization. The weights can be dynamically adjusted based on business criticality or system priority. Jointly solving for security constraints and physical stability constraints is then performed. This step aims to find the optimal policy parameters that satisfy all constraints, considering both logical security requirements and physical environment stability, through mathematical optimization or intelligent decision-making algorithms. This solves the problem of the separation between security and physical environment decision-making in traditional methods. For example, the logical security policy adjustment constraint set and the physical resource control objective set can be transformed into hard or soft constraints for the optimization problem, combined with a baseline security policy as initial conditions, and solved using mathematical optimization methods such as linear programming, nonlinear programming, or integer programming. Alternatively, heuristic algorithms (such as genetic algorithms or particle swarm optimization algorithms) or metaheuristic algorithms can be used to search for solutions that satisfy the constraints and optimize the objective function in a multi-dimensional parameter space. The output logical security policy parameters are specific values ​​or configuration items obtained after joint solving, used to guide the generation of authentication protocol instruction sequences. Their function is to precisely define the protocol strength, encryption algorithm, authentication factor, etc., required for this authentication to adapt to the current heat load and risk situation. For example, it could be a structured data packet containing specific values ​​such as authentication protocol type (e.g., TLS 1.2, TLS 1.3), cipher suite (e.g., AES256-GCM-SHA384), number of authentication factors (e.g., single-factor, double-factor), and session timeout. Alternatively, it could be an identifier pointing to a predefined security policy template ID, along with incremental parameters for fine-tuning that template. The output physical resource control parameters are specific values ​​or configuration items obtained through joint solving, used to guide the generation of pre-control instruction sequences for the physical environment.Its function is to precisely define the control measures that need to be taken for the physical environment before the certification, such as starting and stopping cooling equipment, adjusting fan speed, and setting air conditioning temperature, to ensure that the physical environment can withstand the heat load brought by the certification operation. For example, it can be a structured data packet containing specific values ​​such as target device identifier (e.g., rack ID, server node ID), control type (e.g., cooling, ventilation), control range (e.g., fan speed percentage, target temperature value), and control duration. Alternatively, it can be a script or command sequence containing a series of environmental control instructions that can be directly sent to the environmental control system for execution.

[0158] 503. Generate the authentication protocol instruction sequence based on the logical security policy parameters, generate the physical environment pre-control instruction sequence based on the physical resource control parameters, and encapsulate the authentication protocol instruction sequence and the physical environment pre-control instruction sequence into the dynamic authentication policy package according to the preset timing rules.

[0159] The first step, generating authentication protocol instruction sequences based on logical security policy parameters, transforms abstract logical security policy parameters into executable, concrete authentication protocol instructions. This ensures that the security policy can be correctly understood and executed by the authentication system. For example, a protocol instruction generator can dynamically assemble or select appropriate authentication protocol message templates based on the protocol type and security configuration in the logical security policy parameters, and fill in specific parameters to form an instruction sequence. Alternatively, it can match the most suitable protocol template from a pre-set authentication protocol library based on the parameters, perform necessary parameterization, and generate an instruction sequence. The second step, generating physical environment pre-control instruction sequences based on physical resource control parameters, transforms abstract physical resource control parameters into executable, concrete environmental control instructions. This ensures that the physical environment can be adjusted according to the expected control objectives. For example, an environmental control instruction generator can generate control instructions conforming to the interface specifications of a specific environmental control system based on information such as device identification, control amplitude, and duration in the physical resource control parameters. Alternatively, it can match the corresponding instruction template from a pre-set environmental control instruction template library based on the parameters, perform parameterization, and generate an instruction sequence. Preset timing rules refer to the execution order and time relationship of the physical environment pre-control instruction sequence and the authentication protocol instruction sequence when executing the dynamic authentication policy package. Its purpose is to ensure that physical environment pre-control takes precedence over authentication operations, thereby effectively avoiding thermal shocks to the physical environment caused by authentication operations. For example, it can be stipulated that the physical environment pre-control instruction sequence must be fully executed and environmental readiness feedback received before the authentication protocol instruction sequence can begin execution. Alternatively, a time window can be set, requiring the physical environment pre-control instruction sequence to complete within a specific time period before the authentication protocol instruction sequence begins. The dynamic authentication policy package is a composite data structure that encapsulates the authentication protocol instruction sequence and the physical environment pre-control instruction sequence. Its purpose is to schedule and execute the decision results of logical security and physical control as a whole, realizing an integrated authentication process. For example, it can be a JSON or XML format data package containing two sub-sequences (physical environment pre-control sequence and authentication protocol sequence), along with execution timing metadata. Or it can be an executable script file containing physical environment control commands and authentication protocol commands arranged in a preset timing order.

[0160] The above technical solution addresses the problem of traditional methods failing to integrate logical security strategies and physical resource control strategies for collaborative optimization in industrial internet operating system authentication methods. For example, by generating a set of logical security strategy adjustment constraints and a set of physical resource control targets based on predicted heat load values ​​and systemic risk paths, this application can accurately define the adjustable boundaries of the authentication protocol strength and the magnitude and range of environmental control. This is due to the prediction of instantaneous heat loads that may be triggered by authentication operations and the identification of systemic risks from heat load transmission to business logic, thus providing real-time and accurate data support for subsequent strategy optimization and avoiding strategy failures caused by ambiguous boundaries. These constraint sets, target sets, and the baseline security strategies corresponding to the requester's role identifiers are input into the multi-objective collaborative optimization module of the collaborative decision-maker to perform joint solutions of security constraints and physical stability constraints, and output logical security strategy parameters and physical resource control parameters. This process, through multi-objective optimization algorithms, integrates security and stability requirements, maximizing the maintenance of physical device operational stability while ensuring authentication security, achieving a collaborative balance in parameter output, effectively preventing risk imbalances caused by a single constraint, and avoiding the technical paradox of "strengthening logical security but damaging system physical reliability and business continuity." An authentication protocol instruction sequence is generated based on the output logical security policy parameters, and a physical environment pre-control instruction sequence is generated based on physical resource control parameters. These two sequences are then encapsulated into a dynamic authentication policy package according to preset timing rules. This encapsulation method ensures that the physical environment pre-control instruction sequence is executed before the authentication protocol instruction sequence. This allows the physical environment (such as the cooling system) to be adjusted in advance before high-concurrency or high-intensity authentication operations, effectively preventing thermal shocks that may occur during authentication. This ensures timely authentication of critical control instructions and improves the system's physical reliability and business continuity.

[0161] In some of the embodiments described above in this application, a set of logical security policy adjustment constraints and a set of physical resource regulation targets are proposed to provide input for collaborative decision-making. However, in the implementation process, there is a lack of specific mechanisms to dynamically calculate the adjustment boundary and environmental regulation parameters of the certification protocol strength based on the predicted heat load value and the systemic risk path, which may result in inaccurate constraints and targets, affecting the accuracy and physical stability of the integrated solution.

[0162] To address this, this application further proposes a method for generating a set of logical security policy adjustment constraints and a set of physical resource regulation targets based on predicted heat load values ​​and systemic risk paths. Specifically, the method includes: calculating an adjustable upper limit for the authentication protocol strength based on the predicted heat load value using a first pre-set mapping model; calculating an adjustable lower limit for the authentication protocol strength based on the business criticality level associated with the systemic risk path using a second pre-set mapping model; generating a set of logical security policy adjustment constraints based on the adjustable upper and lower limits; extracting the physical entity vertices involved from the systemic risk path to determine the corresponding set of target physical regions; calculating the required environmental regulation parameters for each target physical region using a third pre-set mapping model based on the predicted heat load value and the set of target physical regions; and generating a set of physical resource regulation targets based on the set of target physical regions and the environmental regulation parameters.

[0163] The predicted heat load value is a quantitative representation of the expected core temperature rise caused by the certification operation. Its purpose is to serve as input for thermodynamic risk assessment and guide physical environment control. This predicted heat load value can be obtained in several ways. For example, it can be obtained by simulating the thermal effects of the certification operation under a specific hardware configuration using physics-based thermodynamic simulation software. Alternatively, it can be obtained by using sensor data deployed on the target computing unit, combined with machine learning algorithms, to learn from historical load and temperature change patterns and predict the heat load that future certification operations may cause. Another option is to directly estimate the heat load generated by the certification operation based on its type, scale, and current ambient temperature using pre-established empirical formulas or lookup tables.

[0164] Systemic risk paths describe the potential risk chain from thermal load to business logic, revealing how physical thermal shocks affect upper-level business logic. Their role is to provide a basis for adjusting security strategies, ensuring physical stability and business continuity. Systemic risk paths can be identified using various methods. For example, a dynamic risk graph containing physical entities, logical entities, and their coupling relationships can be constructed, and risk propagation calculations can be performed on this graph. Alternatively, expert knowledge bases and causal reasoning engines can be used to analyze the potential correlation between physical failures and business interruptions, thereby deriving risk paths. Furthermore, big data analysis of historical failure data and business interruption events can be used to uncover implicit correlation patterns between physical thermal load and business logic risks, thus identifying systemic risk paths.

[0165] The logical security policy adjustment constraint set is used to characterize the set of boundary parameters for adjusting the authentication protocol strength. Its role is to ensure that the authentication strength meets security requirements while maintaining physical stability. This constraint set can include an adjustable upper and lower limit value for the authentication protocol strength, forming a range, such as [minimum strength, maximum strength], or a set of discrete allowable strength levels. Alternatively, it can be a function or rule set that dynamically calculates the allowable adjustment range based on the current system state.

[0166] The physical resource regulation target set is a set of parameters characterizing the regulation amplitude and range of environmental regulation resources. Its function is to guide the environmental control system to perform precise and forward-looking physical environment pre-control. This target set can include a set of target physical regions and the environmental regulation parameters required for each region, such as fan speed, coolant flow rate, and air conditioning temperature setting. It can also be a list containing information such as device ID, regulation amount, and duration, or an optimization objective function aimed at minimizing energy consumption while meeting heat dissipation requirements.

[0167] The first pre-defined mapping model is a pre-established mathematical model or rule set used to map predicted heat load values ​​to adjustable upper limits of certification protocol strength. Its function is to quantify the physical impact of heat load into adjustment constraints for logical security policies. This model can be based on a regression model or lookup table trained using empirical data and thermodynamic simulation results. Alternatively, it can be based on an analytical function derived from the physical heat conduction equation, considering the equipment's heat resistance limit. Or, it can be based on fuzzy logic or an expert rule system to map different heat load levels to different protocol strength upper limits.

[0168] The second pre-built mapping model is a mathematical model or rule set pre-established to map business criticality levels to an adjustable lower limit for authentication protocol strength. Its purpose is to ensure that the authentication strength is not lower than the minimum security level required for business criticality. This model can be based on a decision tree or hierarchical mapping table constructed from security policy specifications and Business Impact Analysis (BIA) results. Alternatively, it can be based on a risk assessment matrix, associating business criticality with potential losses to determine the minimum security strength. Or, it can use a machine learning model to learn the relationship between historical security incidents and business criticality to predict the minimum strength.

[0169] The third pre-defined mapping model is a pre-established mathematical model or rule set used to map predicted heat load values ​​to the target physical region set as the environmental control parameters required for each region. Its function is to achieve precise and localized control of the physical environment. This model can be a neural network model trained based on computational fluid dynamics (CFD) simulation results or actual test data. It can also be a control algorithm designed based on heat balance equations and PID control theory, or an optimization model built based on regional heat density distribution and cooling equipment performance parameters.

[0170] The target physical region set is the actual physical spatial range corresponding to the physical entity vertices involved in heat load impact, extracted from the systemic risk path. Its purpose is to clearly identify the specific physical locations requiring environmental control, enabling precise intervention. This set can be a group of equipment rack IDs, server node IDs, or data center area identifiers. It can also be spatial coordinates or regional boundaries determined through a Geographic Information System (GIS) or physical topology map, or local hotspot areas obtained through sensor network data analysis.

[0171] Environmental control parameters are specific values ​​or instructions used to guide the operation of environmental control equipment, such as fan speed, coolant flow rate, and air conditioning set temperature. Their function is to achieve precise control of environmental factors such as temperature and humidity in a target physical area. These parameters can be specific values, such as fan speed percentage, coolant pump power, and air conditioning set temperature. They can also be control instructions, such as "turn on cooling unit A" or "increase fan B speed to X%". Alternatively, they can be dynamically adjusted control curves or strategies.

[0172] The above technical solution enables the dynamic and accurate calculation of the adjustment boundary of the authentication protocol strength and environmental control parameters based on predicted heat load values ​​and systemic risk paths. For example, through the first pre-set mapping model, the adjustable upper limit of the authentication protocol strength can directly reflect the potential impact of predicted heat load on the physical system, effectively avoiding equipment instability caused by excessive heat load. Through the second pre-set mapping model, combined with the business criticality level associated with the systemic risk path, the adjustable lower limit of the authentication protocol strength can be dynamically determined, thereby ensuring that the authentication strength is not lower than the minimum security level required by business importance, effectively preventing logical risks caused by insufficient authentication strength. The resulting logical security policy adjustment constraint set integrates both heat load and business criticality factors, providing a quantitative and reliable adjustment boundary for subsequent collaborative decision-making. In addition, by extracting the physical entity vertices involved from the systemic risk path, the set of target physical areas requiring environmental control can be accurately identified, achieving targeted control. Combined with the third pre-set mapping model, based on the predicted heat load value and the set of target physical areas, the required environmental control parameters for each target physical area can be calculated, ensuring that environmental control can accurately match the actual thermal shock requirements. The generated set of physical resource control targets provides specific and actionable guidance for the pre-control of the physical environment. The introduction of these mechanisms enables the collaborative decision-maker to obtain more accurate and dynamic inputs when performing integrated solutions, improving the accuracy and effectiveness of dynamic authentication strategy package generation. This effectively maintains the stability and business continuity of the physical system while ensuring logical security, avoiding the technical paradox that "strengthening logical security may actually harm the physical reliability and business continuity of the system."

[0173] In some of the solutions mentioned above in this application, a joint solution of security constraints and physical stability constraints is proposed to generate strategy parameters in an integrated manner. However, in its implementation, how to ensure that the solution process is efficient, prioritizes physical stability, and satisfies the constraints in order to avoid potential risks is a challenge.

[0174] To address this, this application further proposes a specific method for jointly solving security constraints and physical stability constraints, outputting logical security policy parameters and physical resource regulation parameters. The set of logical security policy adjustment constraints and the set of physical resource regulation objectives, along with the baseline security policy, are transformed into constraints and objective functions for a multi-objective optimization problem. For example, this step aims to model policy requirements and objectives of different natures in a unified manner to facilitate processing by the optimization algorithm. For instance, these constraints and objectives can be represented by defined mathematical functions, where the set of logical security policy adjustment constraints can be transformed into a series of inequalities or equality constraints, limiting the range of values ​​for parameters such as authentication protocol strength and encryption algorithm strength. The set of physical resource regulation objectives can be transformed into part of the objective function, aiming to minimize energy consumption and maximize heat dissipation efficiency. The baseline security policy can then be added as a hard constraint or penalty term. Alternatively, a rule-based transformation engine can be used to map high-level policy descriptions into algebraic expressions or logical predicates recognizable by the optimization model. For example, "authentication strength not lower than medium" can be transformed into a lower limit constraint for a certain parameter, and "core temperature not exceeding a threshold" can be transformed into an upper limit constraint for physical resource regulation parameters.

[0175] The multi-objective collaborative optimization module of the collaborative decision-maker is invoked to perform iterative solutions to the multi-objective optimization problem, generating a solution set containing multiple candidate policy parameter pairs. Each candidate policy parameter pair includes a candidate logical security policy parameter and a candidate physical resource regulation parameter. This step aims to find a set of solutions that satisfy all constraints and optimize multiple objectives through the solution process. For example, multi-objective evolutionary algorithms, such as NSGA-II or SPEA2, can be used. These algorithms can simultaneously optimize multiple conflicting objectives and generate a Pareto optimal solution set. Alternatively, traditional multi-objective optimization methods such as weighted sum methods and ε-constraint methods can be used to explore different solutions by adjusting weights or constraints, or heuristic or metaheuristic algorithms (such as particle swarm optimization and simulated annealing) can be combined to accelerate the solution process.

[0176] Next, based on a preset physical stability priority decision criterion, Pareto front screening is performed on the candidate policy parameter pairs in the solution set to select the candidate policy parameter pairs with the optimal physical stability index that also satisfy the set of constraints for adjusting the logical safety policy. The purpose of this step is to select from multiple candidate solutions according to a preset priority (i.e., physical stability priority) to ensure that the policy guarantees both physical stability and safety requirements. For example, Pareto front screening can be based on predefined physical stability indices (such as core temperature, power consumption, fan speed, etc.) to prioritize solutions that perform best on these indices. The selected solutions are further checked to ensure they satisfy the set of constraints for adjusting the logical safety policy, thus ensuring a safety baseline. Alternatively, a comprehensive evaluation function can be defined, which assigns higher weights to physical stability indices and includes a penalty term for adjusting the logical safety policy, and then the solution that optimizes the comprehensive evaluation function value is selected from the Pareto front.

[0177] The selected candidate logical security policy parameters are output as the logical security policy parameters, and the selected candidate physical resource control parameters are output as the physical resource control parameters. This step outputs the optimal policy parameters obtained through optimization for subsequent instruction generation. For example, the logical security policy parameters and physical resource control parameters from the selected candidate policy parameter pairs can be directly extracted as output. These parameters can be specific values, configuration items, or instruction codes. Before output, format conversion or encapsulation can be performed, such as packaging the parameters into JSON objects or XML files, so that downstream modules (such as the authentication protocol instruction generation module and the physical environment pre-control instruction generation module) can parse and use them.

[0178] Through the above technical solution, the logical security policy adjustment constraint set, the physical resource regulation target set, and the baseline security policy are transformed into a multi-objective optimization problem, providing a structured and unified framework for decision-making and overcoming the limitations of fragmented or sequential decision-making. The iterative solution process generates a solution set containing multiple candidate policy parameter pairs, enabling a comprehensive exploration of the trade-off between logical security and physical stability, ensuring that a wide range of potential policies are considered. More importantly, Pareto front screening based on a preset physical stability priority decision criterion ensures that the selected policy prioritizes the physical reliability of the system while strictly adhering to the logical security policy adjustment constraint set, effectively avoiding the technical paradox of potentially compromising system physical reliability and business continuity due to enhanced logical security. The output logical security policy parameters and physical resource regulation parameters, as an integrated policy, guarantee the consistency and executability of the decision, thereby achieving unified and proactive response to dynamic operating conditions and ensuring the coordinated protection of authentication security and physical system stability by the industrial internet operating system.

[0179] In some of the embodiments described above in this application, a sequence of authentication protocol instructions based on logical security policy parameters is proposed to generate dynamic authentication policy packages. However, in the implementation process, the generation of the authentication protocol instruction sequence may lack a structured and efficient method, resulting in inaccurate or inefficient protocol generation, which affects the reliability and timeliness of the authentication process.

[0180] To address this, this application further proposes a method for generating authentication protocol instruction sequences based on logical security policy parameters. This method includes: parsing the logical security policy parameters to extract the protocol strength level and security parameter configuration values; matching a target authentication protocol template from a pre-set authentication protocol template library based on the protocol strength level; and filling the target authentication protocol template with the security parameter configuration values ​​to generate the authentication protocol instruction sequence.

[0181] For example, in the step of parsing logical security policy parameters and extracting protocol strength levels and security parameter configuration values, the aim is to clarify the specific requirements of the authentication protocol and avoid ambiguity or misconfiguration. This can be achieved by using a structured parser, such as a JSON or XML parser, to parse the logical security policy parameters, identify predefined fields, and thus extract the protocol strength level (e.g., low, medium, high security levels, or specific encryption algorithm strengths such as AES-128, AES-256) and security parameter configuration values ​​(e.g., key length, hash algorithm type, session timeout, retry limit, etc.). Alternatively, text analysis techniques based on regular expressions or pattern matching can be used to identify and extract protocol strength level identifiers and security parameter key-value pairs that conform to specific patterns from unstructured or semi-structured logical security policy parameter text.

[0182] In the step of matching a target authentication protocol template from a pre-defined authentication protocol template library based on the protocol strength level, this process utilizes standardized templates to ensure the correctness of the protocol infrastructure and allows for dynamic matching to adapt to different security levels. The pre-defined authentication protocol template library can be a database or file system that stores various predefined authentication protocol templates, each associated with one or more protocol strength levels. The system performs an exact or best match within the library based on the extracted protocol strength level, selecting the template that best meets the requirements. For example, if the protocol strength level is "high," a template supporting TLS 1.3 and mutual authentication will be matched. Furthermore, this template library can also be organized hierarchically or using tags. When a protocol strength level is received, the system filters out all matching templates based on that level, and then further refines the selection based on other auxiliary information (such as the target computing unit type, business operation intent, etc.) to determine a target authentication protocol template.

[0183] In the step of filling the target authentication protocol template with security parameter configuration values ​​to generate the authentication protocol instruction sequence, this operation ensures that the protocol details are accurately implemented, reduces manual configuration errors, and accelerates the protocol generation process. The target authentication protocol template typically contains placeholders or variables to receive specific security parameter configuration values. The system uses a template engine or string replacement mechanism to precisely fill the extracted security parameter configuration values ​​(such as keys, certificate paths, algorithm parameters, etc.) into the corresponding positions in the template, thereby generating an executable authentication protocol instruction sequence. Alternatively, the authentication protocol template can be a programmable script or configuration code snippet. The system passes the security parameter configuration values ​​as input parameters to this script or code, which dynamically generates an instruction sequence conforming to a specific protocol specification. For example, it can generate an OpenSSL command-line instruction sequence or API call sequence containing specific cipher suites, key exchange algorithms, and authentication mechanisms.

[0184] The above technical solution provides a structured and efficient method for generating authentication protocol instruction sequences. By parsing logical security policy parameters, the specific requirements of the protocol can be clearly defined, avoiding ambiguity or misconfiguration and ensuring that the generated protocol conforms to the policy intent. Based on the protocol strength level, the target authentication protocol template is matched from a pre-built authentication protocol template library. The standardized templates in the pre-built library ensure the correctness of the protocol's basic structure while allowing dynamic matching to adapt to different security levels, improving generation efficiency and accuracy. Precisely filling the security parameter configuration values ​​into the target authentication protocol template ensures accurate implementation of protocol details, reduces manual configuration errors, and accelerates the protocol generation process. This allows the generated authentication protocol instruction sequence to accurately match logical security policy parameters, thereby improving the reliability and timeliness of the authentication process. It solves the potential problems of insufficient structure, low efficiency, and inaccuracy in the authentication protocol generation process, thus enhancing the overall effectiveness of dynamic authentication policy packages and the security and robustness of industrial internet operating system authentication methods.

[0185] In some of the solutions mentioned above in this application, a sequence of physical environment pre-control instructions is generated based on physical resource regulation parameters to achieve environmental regulation. However, in this process, due to the lack of specific parameter parsing and instruction sorting mechanisms, the environmental control instructions may be inaccurate or disordered, and cannot effectively cope with the thermal shock caused by the certification operation.

[0186] To address this, this application further proposes a method for generating a sequence of pre-control commands for the physical environment based on the physical resource control parameters, comprising: parsing the physical resource control parameters to extract the target control equipment identifier, control amplitude value, and control duration; generating environmental control equipment control commands based on the target control equipment identifier, the control amplitude value, and the control duration; and sorting the environmental control equipment control commands according to a preset control timing rule to generate the sequence of pre-control commands for the physical environment.

[0187] For example, when parsing the physical resource control parameters and extracting the target control device identifier, control amplitude value, and control duration, this step aims to decompose the high-level physical resource control parameters into operable, fine-grained control elements. The target control device identifier clarifies the specific device that needs to be controlled, such as a specific cooling fan, air conditioning unit, or heat dissipation module. The control amplitude value quantifies the degree of adjustment the device should make, such as a percentage of fan speed or a specific change in the temperature setpoint. The control duration specifies the length of time the adjustment should be maintained. This refined parameter extraction is the foundation for achieving precise environmental control and can effectively avoid control deviations caused by parameter ambiguity. For example, the physical resource control parameters can be encapsulated in a structured data format (such as JSON or XML). The system can directly extract the corresponding device identifier, amplitude value, and duration fields from this structured data using a predefined parser and data pattern. Alternatively, the physical resource control parameters can also be semi-structured text information. The system can use a rule-based parsing engine, employing pattern matching or keyword recognition technology, to extract the required control parameters from the text.

[0188] When generating control commands for environmental control devices based on the target control device identifier, the control amplitude value, and the control duration, this step transforms the extracted, specific control parameters into commands that can be directly understood and executed by the environmental control device. This ensures that abstract control intentions can be accurately translated into actual actions in the physical world, thereby achieving effective intervention in the environment. For example, the system can maintain a command template library, pre-setting corresponding command formats for different types of environmental control devices. When the target control device identifier is received, the system matches the corresponding device template and fills the control amplitude value and control duration into the corresponding positions in the template, generating control commands that conform to the device communication protocol. As another example, the environmental control device may receive commands by providing a standard application programming interface (API) or listening to a specific message queue. The system then encapsulates the control amplitude value and control duration into a request body or message payload conforming to the API specification based on the target control device identifier and sends it to the target device via the network.

[0189] When generating a physical environment pre-control instruction sequence by sorting the control commands of the environmental control equipment according to preset control timing rules, this step aims to ensure that multiple environmental control equipment control commands (if any) can be executed in a logically reasonable and efficient order. Correct command sorting avoids conflicts between commands, optimizes control effects, and ensures that the physical environment reaches the expected stable state before the authentication operation begins. For example, each environmental control equipment control command can be assigned a timestamp or priority when generated. The system sorts the commands according to these attributes, either chronologically or by priority, to ensure that critical pre-control operations are executed in a timely manner. Furthermore, for complex control scenarios involving the collaborative work of multiple devices, the system can construct a dependency graph between commands and use a topological sorting algorithm to determine the execution order of commands, ensuring that subsequent commands are executed only after all preconditions are met, thus forming an ordered physical environment pre-control instruction sequence.

[0190] The above technical solution refines the generation process of physical environment pre-control command sequences, solving the problems of inaccurate and disordered timing of environmental control commands. Specifically, by accurately analyzing the physical resource regulation parameters, the specific equipment to be controlled, the intensity of regulation, and the duration of regulation can be accurately identified from the regulation parameters, laying the foundation for generating targeted commands and avoiding control deviations caused by parameter ambiguity. Environmental control equipment control commands are generated based on the extracted specific parameters, ensuring a high degree of match between the command content and regulation requirements, preventing vague or invalid commands, and improving control accuracy. The generated environmental control equipment control commands are sorted according to preset regulation timing rules, ensuring a reasonable command execution order, avoiding command conflicts or execution chaos, and guaranteeing an orderly and efficient regulation process. Overall, these features work synergistically to achieve precise and orderly environmental regulation, effectively preventing the thermal shock risks that may be caused by certification operations. This enables the security kernel to ensure that the physical environment has been fully prepared and optimized through the physical environment pre-control instruction sequence before the authentication protocol instruction sequence is executed when scheduling and executing dynamic authentication policy packages. This improves the physical reliability and business continuity of the system while ensuring logical security, avoiding the technical paradox that "strengthening logical security may actually harm the physical reliability and business continuity of the system".

[0191] In some of the solutions mentioned above in this application, dynamic authentication strategy packages are scheduled and executed in an atomic transaction manner to ensure the overall reliability of the authentication process. However, this process lacks an atomicity guarantee mechanism for pre-controlling the physical environment and executing authentication operations, which may lead to the failure of the environment control state to be restored in time or the execution of authentication operations before the physical environment is ready when authentication fails, thereby increasing the risk of system heat accumulation and the potential for business continuity interruption.

[0192] To address this, this application proposes a method where a secure kernel schedules and executes a dynamic authentication policy package using atomic transactions to complete the authentication process. See [link to relevant documentation]. Figure 6 The method includes: 601. The security kernel creates and maintains the atomic transaction context for this authentication, and registers the dynamic authentication policy package to the atomic transaction context.

[0193] 602. Based on the execution order defined in the dynamic authentication strategy package, prioritize scheduling and executing the physical environment pre-control instruction sequence, send control instructions to the target environmental control system, and continuously monitor the feedback from the environmental control system until a confirmation signal indicating that environmental control is ready is received.

[0194] 603. After confirming the pre-control of the physical environment, schedule and execute the authentication protocol instruction sequence to complete the identity authentication operation and generate the authentication execution result.

[0195] 604. Perform transaction finalization operations based on authentication results: If authentication is successful, commit the atomic transaction context and output an authentication pass signal. If authentication fails, trigger transaction rollback, send an environmental control reset command to the environmental control system, and output an authentication failure signal.

[0196] To address this, the security kernel establishes a logical transaction boundary that encapsulates all relevant steps of the authentication operation into an indivisible unit. The atomic transaction context is the carrier of this logical unit, recording and managing the transaction's lifecycle and state. Registering the dynamic authentication policy package to this context means that the physical environment pre-control instruction sequence and authentication protocol instruction sequence contained in the policy package are all included in the unified management scope of this transaction. For example, the security kernel can allocate a dedicated memory area to store transaction context information, including the transaction ID, status flags, and associated instruction sequence pointers. Alternatively, the security kernel can utilize its internal process or thread management mechanism to create an independent transaction management process or thread for each authentication request, which is responsible for maintaining the corresponding atomic transaction context.

[0197] In this step, the security kernel strictly follows the pre-defined execution priorities in the dynamic authentication policy package to initiate intervention in the physical environment. The physical environment pre-control command sequence aims to adjust the target computing unit and its environment to a physical state suitable for authentication operations by sending specific control commands to the target environmental control system (e.g., cooling system, ventilation system, etc.). After sending the commands, the security kernel does not simply assume that the control is complete, but continuously and actively listens to or queries the response of the environmental control system until it receives a clear confirmation signal indicating that the environment has reached the pre-control ready state. For example, the security kernel can use a polling mechanism to periodically send status query requests to the environmental control system and parse the returned status messages to determine whether it is ready. Alternatively, after completing the control, the environmental control system can proactively send an asynchronous notification or interrupt signal to the security kernel, indicating that the environment is ready.

[0198] Once the security kernel receives a confirmation signal that the physical environment is ready, it immediately initiates the execution of the authentication protocol instruction sequence. This instruction sequence contains all the logical steps and interactive processes required to complete identity authentication, such as credential exchange, cryptographic negotiation, and identity verification. By executing these instructions, the system verifies the identity of the requester and generates the execution result of this authentication based on the verification result. This result serves as the basis for subsequent transaction finalization operations. Specifically, the security kernel can call the built-in authentication module or external authentication service interface to perform a series of network communications and cryptographic operations according to the requirements of the instruction sequence to complete the identity authentication process. Alternatively, the authentication protocol instruction sequence can be executed line by line by the interpreter, with each instruction corresponding to an authentication sub-step, until the entire authentication process is completed.

[0199] This step is the decision point for atomic transactions. Based on the authentication execution result generated in the previous step, the security kernel determines the overall status of this authentication. If authentication is successful, it means that both physical environment pre-control and logical authentication have been successfully completed. The security kernel will commit the atomic transaction context, confirm the permanence of all operations, and send an authentication pass signal to the external system. Conversely, if authentication fails, the security kernel will initiate a transaction rollback mechanism, undoing all operations executed in this transaction, specifically sending an environmental control reset command to the environmental control system to restore the physical environment to its state before the transaction began, while simultaneously outputting an authentication failure signal. For example, when a transaction is committed, the security kernel can update the internal state table and release transaction resources. When a transaction is rolled back, the security kernel can generate and send a reset command that is the opposite of the physical environment pre-control command sequence based on a pre-recorded rollback log or reverse operation list, ensuring the atomic restoration of the environment state, for example, restoring the cooling system to its default operating mode.

[0200] The above technical solution encapsulates physical environment pre-control and logical authentication operations into an atomic transaction, uniformly scheduled and managed by the security kernel. By creating and maintaining the atomic transaction context, the integrity and consistency of the entire authentication process are ensured, avoiding the risk of partial execution while partial non-execution. Prioritizing the execution of the physical environment pre-control instruction sequence and continuously monitoring its readiness status solves the problem of executing authentication operations before the physical environment is ready, preventing system risks caused by uncontrolled environmental thermal loads from the outset. The transaction finalization operation based on the authentication result commits the transaction upon successful authentication, ensuring all operations take effect. Upon authentication failure, a transaction rollback is triggered, and an environmental control reset instruction is sent to the environmental control system, ensuring the physical environment can be restored to its initial state in a timely and reliable manner. This avoids the risk of thermal accumulation and business continuity interruption caused by untimely restoration of the environmental control state. This atomic scheduling and execution mechanism improves the robustness and reliability of the industrial internet operating system's authentication process, achieving synergistic protection of authentication security and physical system stability.

[0201] The following example will provide a more detailed explanation of the above technical solution: In a smart manufacturing plant, a core industrial robot control unit needs to authenticate a remote firmware upgrade request from a maintenance engineer (User A). This control unit is deployed in a sealed cabinet, and its operating environment is temperature-sensitive. Traditional authentication methods only focus on User A's identity and permissions. Once authentication is successful, the firmware upgrade operation is executed. This high computational load can cause the control unit to overheat, triggering overheat protection mechanisms such as frequency throttling or shutdown, affecting production continuity. This method aims to solve this problem, achieving synergistic protection between authentication security and physical system stability.

[0202] When user A initiates a firmware upgrade authentication request that reaches the security kernel of the industrial internet operating system, the security kernel responds immediately. Simultaneously, the security kernel performs protocol parsing and semantic analysis on the authentication request, extracting user A's requester role identifier (e.g., "maintenance engineer") and business operation intent (e.g., "upgrade firmware for the robot control unit"). Based on this business operation intent, the security kernel queries the business management system to determine the business criticality level of this firmware upgrade operation; for example, it may be assessed as "high criticality." In parallel, the security kernel uses multi-source sensors deployed in the robot control unit and its physical environment to collect raw thermodynamic parameters (e.g., core temperature, ambient temperature) and hardware operating indicators (e.g., CPU utilization, fan speed) in real time, and performs time synchronization and standardization preprocessing to generate the current physical thermodynamic state data and health status data of the robot control unit.

[0203] The security kernel extracts the requester role identifier, business operation intent, business criticality level, physical thermodynamic state data, and health status data, and inputs them into a thermodynamically enhanced dynamic risk map. This dynamic risk map integrates a thermal load digital twin. After receiving the business operation intent, the thermal load digital twin performs thermodynamic mapping and calculation on it. For example, based on the authentication protocol type and session parameters (e.g., data transmission volume, number of concurrent connections) corresponding to the firmware upgrade operation, it generates a fine-grained load spectrum to characterize the computing resource consumption pattern through protocol stack load analysis methods. This fine-grained load spectrum, real-time thermal state parameters from the physical thermodynamic state, and performance degradation indicators from the health status data are jointly embedded to construct a fused feature space for thermodynamic prediction. This fused feature space is input into the thermal load digital twin, driving it to perform a physical constraint-based nonlinear state space evolution deduction and output a predicted thermal load value. This value characterizes the expected core temperature rise caused by performing the firmware upgrade authentication operation; for example, the predicted core temperature will rise by 5 degrees Celsius.

[0204] After obtaining the predicted heat load value, the system performs a risk assessment based on this value, the business criticality level, and predefined cross-domain coupling relationships in the dynamic risk graph. For example, a predicted temperature rise of 5 degrees Celsius might cause a decrease in the CPU frequency of the robot control unit, while firmware upgrades, as a highly critical business operation, have strict requirements on CPU performance. The system activates the physical entity vertices corresponding to the robot control unit and the logical entity vertices associated with the firmware upgrade operation in the dynamic risk graph. Using the predicted heat load value as the initial risk intensity and the business criticality level as the risk impact coefficient, multi-hop risk propagation calculations are performed. In this way, the system can identify systemic risk paths that propagate from heat load to business logic, such as "high heat load -> CPU frequency reduction -> firmware upgrade timeout -> production line shutdown." This contrasts sharply with traditional methods that only focus on logical vulnerabilities while ignoring the impact of the physical environment.

[0205] Based on the predicted heat load value and the identified systemic risk paths, the collaborative decision-maker of the security kernel begins to work, solving the logical security policy and physical resource control policy corresponding to User A's requester role identifier in an integrated manner. For example, the systemic risk path indicates that directly executing authentication may lead to physical overheating and service interruption. The collaborative decision-maker generates a set of logical security policy adjustment constraints (e.g., the adjustable range of authentication protocol strength) and a set of physical resource control objectives (e.g., the control amplitude of the cooling system). It inputs these constraints and User A's baseline security policy into the multi-objective collaborative optimization module to perform a joint solution of security constraints and physical stability constraints. Through Pareto front screening, the system selects the policy parameter pair that is optimal in terms of physical stability index and satisfies the set of logical security policy adjustment constraints, and outputs logical security policy parameters (e.g., reducing the encryption strength of the authentication protocol and shortening the session timeout time) and physical resource control parameters (e.g., starting the rack cooling fan to 80% power in advance for 10 minutes). Based on these parameters, the system generates a dynamic authentication policy package, which encapsulates the adapted authentication protocol instruction sequence and the physical environment pre-control instruction sequence executed before the authentication protocol instruction sequence. This integrated decision-making avoids the traditional separation between logical security and physical control, and achieves synergistic optimization of the two.

[0206] The secure kernel schedules and executes the dynamic authentication policy package using atomic transactions to complete the authentication. The secure kernel prioritizes scheduling and executing the physical environment pre-control instruction sequence, sending control instructions to the target environment control system, such as pre-starting the rack cooling fans. Only after receiving a confirmation signal that the environment control is ready does the secure kernel schedule and execute the authentication protocol instruction sequence to complete the authentication operation for user A. If authentication is successful, the atomic transaction context is committed, and an authentication pass signal is output, allowing the firmware upgrade operation to continue. If authentication fails, a transaction rollback is triggered, sending an environment control reset instruction to the environment control system to restore the cooling fans to their initial state, and an authentication failure signal is output. This atomic transaction ensures tight coupling between physical environment pre-control and logical authentication, avoiding the risks associated with performing authentication operations when the physical environment is not ready, thus effectively guaranteeing the synergy between authentication security and physical system stability.

[0207] All of the above-mentioned optional technical solutions can be combined in any way to form the optional embodiments of this application, and will not be described in detail here.

[0208] The above are merely optional embodiments of this application and are not intended to limit this application. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application.

Claims

1. An industrial internet operating system authentication method based on a multi-role security architecture, characterized in that, The method is executed by the security kernel of the Industrial Internet operating system, and the method includes: In response to an incoming authentication request, the security kernel synchronously extracts the requester's role identifier and business operation intent, obtains the associated business criticality level, and acquires the physical thermodynamic state and health status data of the target computing unit in real time. The requester role identifier, the business operation intent, the business criticality level, the physical thermodynamic state, and the health status data are jointly input into a thermodynamically enhanced dynamic risk map. Through the heat load digital twin integrated by the dynamic risk map, the business operation intent is thermodynamically mapped and calculated to obtain the predicted heat load value. Based on the predicted heat load value, the business criticality level, and the predefined cross-domain coupling relationships in the dynamic risk map, a risk assessment is performed to identify the systemic risk path from heat load to business logic; Based on the predicted heat load value and the systemic risk path, the collaborative decision-maker of the security kernel solves the logical security policy and physical resource control policy corresponding to the requester role identifier in an integrated manner to generate a dynamic authentication policy package. The dynamic authentication policy package encapsulates the adapted authentication protocol instruction sequence and the physical environment pre-control instruction sequence that is executed before the authentication protocol instruction sequence. The security kernel schedules and executes the dynamic authentication policy package in an atomic transaction manner to complete this authentication.

2. The method according to claim 1, characterized in that, The process of synchronously extracting the requester's role identifier and business operation intent from the security kernel, obtaining the associated business criticality level, and acquiring the physical thermodynamic state and health status data of the target computing unit in real time includes: The authentication request is parsed and semantically analyzed to extract the requester's role identifier and the business operation intent. Based on the business operation intent, the business criticality level is queried and determined from the business management system. By deploying multi-source sensing devices in the target computing unit and its physical environment, raw thermodynamic parameters and hardware operating indicators are collected synchronously, and the raw thermodynamic parameters and hardware operating indicators are preprocessed for time synchronization and standardization to generate the physical thermodynamic state and health state data.

3. The method according to claim 1, characterized in that, The heat load digital twin integrated through the dynamic risk map performs thermodynamic mapping and calculation on the business operation intention to obtain the predicted heat load value, including: Based on the authentication protocol type and session parameters corresponding to the business operation intent, a fine-grained load spectrum is generated to characterize the computing resource consumption pattern through the protocol stack load analysis method. The fine-grained load spectrum, the real-time thermal state parameters in the physical thermodynamic state, and the performance degradation indicators in the health state data are jointly embedded to construct a fusion feature space for thermodynamic prediction. The fused feature space is input into the thermal load digital twin, which drives the thermal load digital twin to perform a nonlinear state-space evolution deduction based on physical constraints, and outputs the predicted thermal load value. The predicted thermal load value is used to characterize the expected core temperature rise caused by performing the authentication operation.

4. The method according to claim 3, characterized in that, Based on the authentication protocol type and session parameters corresponding to the business operation intent, a fine-grained load spectrum is generated using a protocol stack load analysis method to characterize the computing resource consumption pattern, including: The authentication protocol type is decomposed into a protocol stack to generate a sequence of protocol operations consisting of multiple atomic authentication operations arranged according to execution logic; For each atomic authentication operation in the protocol operation sequence, a pre-set resource consumption feature library is queried to obtain the computational resource consumption features corresponding to each atomic authentication operation; Based on the session parameters in the business operation intent, determine the instantiation execution scale of the protocol operation sequence; The computational resource consumption characteristics of the multiple atomic authentication operations are adapted and extended according to the instantiation execution scale, and then sequentially superimposed in the time dimension to generate the fine-grained load spectrum.

5. The method according to claim 3, characterized in that, The step of inputting the fused feature space into the heat load digital twin, driving the heat load digital twin to perform a nonlinear state-space evolution deduction based on physical constraints, and outputting the predicted heat load value includes: The fused feature space is input into the thermodynamic state evolution engine of the thermal load digital twin; Based on the heat conduction differential equation and heat capacity parameters in the thermodynamic state evolution engine, a nonlinear time-step solution is performed on the fused feature space to generate a temperature rise time series during the authentication operation execution period. During the nonlinear time-stepping solution process, the fine-grained load spectrum is injected into the thermodynamic state evolution engine as a time-varying power excitation source. Peak detection and rate of change analysis are performed on the temperature rise time series to obtain the predicted heat load value, which includes the peak temperature rise value and the rate of change index of temperature rise.

6. The method according to claim 1, characterized in that, The risk assessment, based on the predicted heat load value, the business criticality level, and the predefined cross-domain coupling relationships in the dynamic risk map, identifies the systemic risk paths from heat load to business logic, including: Based on the predicted heat load value and the business criticality level, activate the associated physical entity vertices and logical entity vertices in the thermodynamically enhanced dynamic risk map; Based on the predefined cross-domain coupling relationships in the dynamic risk map, the predicted heat load value is used as the initial risk intensity, and the business criticality level is used as the risk impact coefficient to perform multi-hop risk propagation calculation; Based on the results of risk propagation calculations, paths that exceed a preset threshold and connect the physical entity vertex with the critical business logic vertex are identified as the systemic risk paths.

7. The method according to claim 6, characterized in that, The step of performing multi-hop risk propagation calculation based on the predefined cross-domain coupling relationships in the dynamic risk map, using the predicted heat load value as the initial risk intensity and the business criticality level as the risk impact coefficient, includes: Using the predicted heat load value as the current risk intensity of the source point, the risk propagates from the physical entity vertex along the cross-domain coupling relationship to adjacent vertices; Based on the predefined propagation attenuation characteristics of the cross-domain coupling relationship, the current risk intensity during propagation is attenuated to obtain the post-propagation risk intensity received by the adjacent vertex. The risk intensity after propagation is fused with the risk impact coefficient corresponding to the adjacent vertex to generate a comprehensive risk value for the adjacent vertex. If the adjacent vertex is a logical entity vertex, the risk impact coefficient is determined based on the business criticality level; if it is a physical entity vertex, the risk impact coefficient adopts a preset benchmark value. The comprehensive risk value is used as the new risk intensity. The risk propagation, attenuation and fusion calculation operations are performed iteratively until the preset propagation termination condition is met, and the result of risk propagation calculation containing the comprehensive risk value of each vertex is generated.

8. The method according to claim 1, characterized in that, Based on the predicted heat load value and the systemic risk path, the collaborative decision-maker of the security kernel performs an integrated solution to the logical security policy and physical resource control policy corresponding to the requester role identifier, generating a dynamic authentication policy package, including: Based on the predicted heat load value and the systemic risk path, a logical security policy adjustment constraint set and a physical resource regulation target set are generated. The logical security policy adjustment constraint set is used to characterize the authentication protocol strength adjustment boundary, and the physical resource regulation target set is used to characterize the regulation amplitude and scope of environmental regulation resources. The logical security policy adjustment constraint set, the physical resource regulation target set, and the baseline security policy corresponding to the requester role identifier are input into the multi-objective collaborative optimization module of the collaborative decision-maker to perform joint solution of security constraints and physical stability constraints, and output logical security policy parameters and physical resource regulation parameters. The authentication protocol instruction sequence is generated based on the logical security policy parameters, the physical environment pre-control instruction sequence is generated based on the physical resource control parameters, and the authentication protocol instruction sequence and the physical environment pre-control instruction sequence are encapsulated into the dynamic authentication policy package according to a preset timing rule.

9. The method according to claim 8, characterized in that, The process of generating a set of logical safety policy adjustment constraints and a set of physical resource regulation targets based on the predicted heat load value and the systemic risk path includes: Based on the predicted heat load value, the adjustable upper limit of the authentication protocol strength is calculated using the first preset mapping model; based on the business criticality level associated with the systemic risk path, the adjustable lower limit of the authentication protocol strength is calculated using the second preset mapping model; based on the adjustable upper limit and the adjustable lower limit, the logical security policy adjustment constraint set is generated. Extract the physical entity vertices involved from the systemic risk path and determine the corresponding set of target physical regions; based on the predicted heat load value and the set of target physical regions, calculate the environmental control parameters required for each target physical region using a third preset mapping model; and generate the set of physical resource control targets based on the set of target physical regions and the environmental control parameters.

10. The method according to claim 1, characterized in that, The process of the security kernel scheduling and executing the dynamic authentication policy package in an atomic transaction manner to complete this authentication includes: The security kernel creates and maintains the atomic transaction context for this authentication, and registers the dynamic authentication policy package to the atomic transaction context; According to the execution order defined in the dynamic authentication strategy package, the physical environment pre-control instruction sequence is scheduled and executed first, control instructions are sent to the target environmental control system, and the feedback of the environmental control system is continuously monitored until a confirmation signal indicating that the environmental control is ready is received. After confirming the pre-control of the physical environment, the authentication protocol instruction sequence is scheduled and executed to complete the identity authentication operation and generate the authentication execution result. Based on the authentication execution result, a transaction finalization operation is performed: if authentication is successful, the atomic transaction context is submitted and an authentication pass signal is output; if authentication fails, a transaction rollback is triggered, an environmental control reset command is sent to the environmental control system, and an authentication failure signal is output.