A method and system for secure delivery of data elements in a communication network

By parsing business intent to generate policy abstractions, and combining multimodal signals and trust assessment models, security policies are dynamically adjusted, solving the problems of adaptability and response lag of data security policies in complex environments, and improving data flow efficiency and security.

CN122316718APending Publication Date: 2026-06-30BEIJING GUOXIN XINWANG COMM TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING GUOXIN XINWANG COMM TECH CO LTD
Filing Date
2026-04-02
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

Existing data security strategies are not well adapted to complex environments and have slow response times, making it difficult to balance data security and circulation efficiency.

Method used

By receiving and parsing business data access intent, generating policy abstractions, combining multimodal real-time behavioral signals and environmental risk data, using a trust assessment model to calculate dynamic trust scores, querying the business knowledge base to obtain control constraints, generating a collaborative control instruction set and dynamically updating it, thereby achieving adaptive adjustment of security policies.

Benefits of technology

It enables intent-driven generation of security policies, adaptive risk adjustment, and dynamic execution throughout the entire lifecycle, improving the efficiency and agility of data element circulation and use under the premise of security and compliance, and reducing manual management costs.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122316718A_ABST
    Figure CN122316718A_ABST
Patent Text Reader

Abstract

This invention discloses a secure delivery method and system for data elements in a communication network, relating to the field of communication information security. The method includes: receiving a requesting subject's intent to access business data; parsing and abstracting this intent to obtain a policy abstraction; acquiring the requesting subject's multimodal real-time behavioral signals, operation sequences, and current environmental risk data as trust indicators; calculating a current dynamic trust score based on the trust indicators and a preset trust assessment quantification model; querying a business knowledge base based on the policy abstract to obtain control constraints; generating a corresponding collaborative control instruction set through a policy reasoning engine; and distributing the collaborative control instruction set to relevant security components for collaborative work, dynamically updating the collaborative control instruction set, and completing secure data access and use. This solves the problems of poor adaptability and delayed response of existing data security policies in complex environments, and the difficulty in balancing data security and circulation efficiency.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of communication information security, and specifically to a method and system for secure delivery of data elements in a communication network. Background Technology

[0002] With the deepening development of the digital economy, data has become a key factor of production. In communication networks, ensuring the secure, efficient, and compliant delivery and use of data elements across entities and systems is fundamental to unlocking data value and empowering business innovation.

[0003] However, existing technologies largely rely on statically configured policy rules, making it difficult to flexibly adapt to specific business scenarios. The generation, verification, adjustment, and execution of policies are fragmented, failing to form a closed-loop, adaptive security capability. This results in data security policies having poor adaptability and delayed response in complex environments, making it difficult to balance data security and circulation efficiency.

[0004] Therefore, there is a need for a system that can automatically understand business intent, assess subject behavior and risk context in real time, and dynamically generate and adjust refined security strategies accordingly, thereby achieving intelligent and adaptive protection in the process of secure delivery of data elements. Summary of the Invention

[0005] This application provides a secure delivery method and system for data elements in a communication network, addressing the problems of poor adaptability and delayed response of existing data security strategies in complex environments, and the difficulty in balancing data security and circulation efficiency.

[0006] In view of the above problems, this application provides a method for secure delivery of data elements in a communication network.

[0007] In a first aspect, this application provides a method for secure delivery of data elements in a communication network, the method comprising: The system receives the business data access intent submitted by the requesting subject, parses and abstracts the business data access intent to obtain a strategy abstraction, which includes the requesting subject, operation, data object, and business purpose. The multimodal real-time behavioral signals, operation sequences, and current environmental risk data of the requesting subject are obtained as trust indicators. Based on the trust indicators and a preset trust assessment quantification model, the current dynamic trust score is calculated. Based on the strategy abstraction, query the business knowledge base to obtain the control constraints; Based on the policy abstraction, the dynamic trust score, and the control constraints, a corresponding set of collaborative control instructions is generated through the policy reasoning engine. The collaborative control instruction set is distributed to relevant security components for collaborative work, and the collaborative control instruction set is dynamically updated based on the latest dynamic trust score to complete secure access and use of data.

[0008] Secondly, the present invention provides a secure delivery system for data elements in a communication network, comprising: The intent parsing module is used to receive the business data access intent submitted by the requesting subject, parse and abstract the business data access intent to obtain the policy abstraction, which includes the requesting subject, operation, data object and business purpose; The dynamic trust assessment module is used to acquire the multimodal real-time behavioral signals, operation sequences and current environmental risk data of the requesting subject as trust indicators. Based on the trust indicators and the preset trust assessment quantification model, the module calculates the current dynamic trust score. The strategy constraint query module is used to query the business knowledge base based on the strategy abstraction to obtain control constraints. The strategy reasoning module is used to generate a corresponding set of collaborative control instructions based on the strategy abstraction, the dynamic trust score, and the control constraints through the strategy reasoning engine. The policy execution module is used to distribute the collaborative control instruction set to relevant security components for collaborative work, and dynamically update the collaborative control instruction set based on the latest dynamic trust score to complete the secure access and use of data.

[0009] One or more technical solutions provided in this application have at least the following technical effects or advantages: This application first receives and parses business data access intent to obtain a policy abstraction containing the requesting subject, operation, data object, and business purpose. This transforms dynamic business requirements described in natural language into machine-structured policy elements, resolving the difficulty of recognizing static security rules and dynamic business intents, and providing accurate input for subsequent intelligent decision-making. Second, by acquiring multimodal behavioral signals, operation sequences, and environmental risk data of the requesting subject in real time, and calculating dynamic trust scores based on a pre-set quantification model, a dynamic and quantifiable trust assessment mechanism is established. This mechanism can perceive abnormal changes in subject behavior patterns and risk fluctuations in the operating environment in real time, transforming the decision-making basis of security policies into a dynamic trust metric reflecting the real-time risk situation, enabling proactive identification and response to internal threats and environmental risks. Third, by querying the business knowledge base based on the policy abstraction to obtain control constraints, the application automatically injects external compliance requirements and internal data governance rules into the policy generation process, ensuring that the automatically generated policies naturally comply with regulations and organizational policies, reducing the risk of errors.

[0010] Then, based on policy abstraction, dynamic trust scores, and control constraints, a collaborative control instruction set is generated through a policy inference engine. This enables intelligent decision-making that integrates business intent, real-time risks, and compliance constraints. The control strength and method are adjusted in real time according to the dynamic trust score, generating a refined security execution plan adapted to the current risk environment, achieving precise matching of security control strength. Finally, the collaborative control instruction set is issued and executed, dynamically updated based on the latest dynamic trust score, coordinating the collaborative work of multiple heterogeneous security components. By monitoring changes in trust and risk and triggering dynamic policy corrections, dynamic execution of security policies is achieved. This ensures continuous security and controllability during data access while maximizing the efficiency and smoothness of business operations.

[0011] In summary, this application realizes intent-driven generation, risk adaptive adjustment, and full-cycle dynamic execution of security policies, effectively solving the problems of inaccurate security policy control, delayed response, and disconnection from business needs. While reducing manual management costs, it significantly improves the efficiency and agility of data element circulation and use under the premise of security compliance. Attached Figure Description

[0012] Figure 1 This is a flowchart illustrating a secure delivery method for data elements in a communication network according to this application. Figure 2 This is a schematic diagram of the structure of a secure delivery system for data elements in a communication network according to this application.

[0013] In the attached diagram, the components represented by each number are as follows: Intent parsing module 11; Dynamic trust assessment module 12; Policy constraint query module 13; Policy reasoning module 14; Policy execution module 15. Detailed Implementation

[0014] This application provides a secure delivery method for data elements in a communication network, which solves the problems of poor adaptability and delayed response of data security strategies in complex environments, and the difficulty in balancing data security and circulation efficiency.

[0015] The present invention will now be described in detail with reference to the accompanying drawings.

[0016] Example 1, as Figure 1 As shown, this application provides a method for secure delivery of data elements in a communication network, the method comprising: S10: Receive the business data access intent submitted by the requesting subject, parse and abstract the business data access intent to obtain a strategy abstraction, the strategy abstraction including the requesting subject, operation, data object, and business purpose; In this embodiment, the business data access intent is the purpose and operational request of the requesting subject to access specific data, expressed in natural language or a structured form. It is the core basis for driving the generation of security policies. Parsing and abstraction are processes that transform unstructured / semi-structured intent information into structured, machine-recognizable policy elements through technical means. Policy abstraction is the extraction and structured presentation of the core elements in the business access intent, which includes four dimensions: requesting subject, operation, data object, and business purpose.

[0017] Specifically, the requesting entity first submits a natural language intent, which is then received. The parsing process is then initiated: natural language processing technology is used to identify the requesting entity, operation, data object, and business purpose, and these elements are mapped to a pre-defined structured framework. Finally, a standardized strategy abstraction is generated, providing a clear business orientation for subsequent strategy generation.

[0018] Step S10 in the method provided in this application embodiment includes: The policy definition interface receives the business data access intent input by the request subject; The natural language processing model is invoked to perform semantic analysis on the business data access intent, identify and extract key entities and relationships, and the key entities include at least: request subject, operation, data object, and business purpose; The extracted key entities are mapped to a predefined strategy element framework to form a structured strategy abstraction.

[0019] In this embodiment, the system first receives the business data access intent input by the requesting subject through a policy definition interface. The policy definition interface is a standardized interactive entry point provided by the system for the requesting subject to submit business data access intents. It supports natural language text input, form selection, or API calls, and serves as a unified channel for intent collection. Specifically, through the policy definition interface of the enterprise's internal system, natural language intents or rich text are input, and the system automatically associates the information with the identity of the business personnel to ensure the traceability of the intent submitter. Upon receiving the information, the interface immediately transmits it to the intent parsing module, completing the intent collection process.

[0020] For example, a bank loan officer, A, reviews a company's loan application and submits intent through the bank's policy definition interface. The interface automatically records officer A's identity and stores the intent information in a standardized intent database, providing clear and traceable raw data for subsequent parsing and avoiding the confusion of intent information caused by fragmented application channels.

[0021] Secondly, a natural language processing (NLP) model is invoked to perform semantic analysis on the business data access intent, identifying and extracting key entities and relationships. Key entities include at least: request subject identifier, operation verbs, data object descriptions, and business purpose statements. The NLP model is a semantic analysis model built on deep learning, possessing natural language understanding capabilities. It can identify entities, relationships, and semantic logic in text, achieving the transformation from unstructured text to structured information. Semantic analysis parses the meaning of natural language text, including identifying core information, inter-entity relationships, and contextual logic, and is the core process for extracting key information. Key entities are the elements carrying core information in the business data access intent, including request subject identifiers, operation verbs, data object descriptions, and business purpose statements.

[0022] Specifically, by invoking a natural language processing model, semantic analysis is performed on the intent text submitted by business personnel, transforming unstructured text into structured information. A confidence coefficient is introduced during the extraction process to characterize the reliability of the semantic match between the extracted key entities and the original text, reducing the interference of entity recognition errors on subsequent strategy mapping. Key entities are extracted using named entity recognition technology: request subject identifier, operation, data object description, and business purpose statement. Subsequently, relationship extraction technology is used to identify the relationships between entities: subject → operation → object, purpose, and non-core information is filtered out to ensure accurate extraction of key entities and relationships.

[0023] For example, a natural language processing model is invoked to analyze the intent text submitted by business person A: "To process customer B's return and refund application, it is necessary to read customer B's order payment information and logistics tracking records from October 2025, with an estimated access time of 30 minutes." Semantic analysis is performed, and key entities are extracted using named entity recognition technology: Request subject identifier: KF20230512, associated with Zhang San; Operation verb: "read"; Data object description: customer B's order payment information from October 2025, customer B's logistics tracking records; Business purpose statement: "Process customer A's return and refund application." Subsequently, relationship extraction technology is used to identify the relationships between entities, and non-core information with an estimated access time of 30 minutes is filtered out.

[0024] Finally, the extracted key entities are mapped to a predefined policy element framework, forming a structured policy abstraction. The predefined policy element framework is a predefined structured template used to standardize and logically associate the discrete semantic elements parsed from natural language: subject, operation, object, constraint, and purpose. Mapping involves filling the extracted key entities into specified dimension fields of the policy element framework according to their attributes, realizing the transformation from discrete entities to a structured framework. The structured policy abstraction is a machine-processable intent expression that conforms to the format requirements of the policy element framework, serving as the core bridge connecting business intent and security policy generation.

[0025] Specifically, key entities are extracted and populated into specified dimensions of the strategy element framework according to their attributes: request subject dimension, operation dimension, data object dimension, and business purpose dimension. The cosine similarity between the key entities and the field descriptions in the strategy element framework can be calculated using a pre-trained semantic model, and the mapping matching coefficient is adjusted based on the successful mapping records of the key entities in similar intent mappings in the past. After mapping, a structured strategy abstraction is formed and stored in a fixed format. The fields are clear and the format is uniform, allowing it to be directly read and processed by subsequent trust assessment and strategy reasoning modules.

[0026] For example, the extracted key entities are mapped to a predefined strategy element framework: Request Subject Dimension: Employee ID, Name, and Department; Operation Dimension: Read; Data Object Dimension: Customer B's logistics tracking record; Business Purpose Dimension: Processing Customer B's return and refund application. The semantic model calculates a similarity of 0.88 with the defined data object field, and the historical mapping accuracy for this type of entity is 0.95, so the overall mapping matching coefficient is set to 0.88 × 0.95 ≈ 0.84. For the entity "Processing Customer B's return and refund application," mapped to the business purpose dimension, the mapping matching coefficient is 0.91, the historical mapping accuracy is 0.92, and the mapping matching coefficient is 0.91 × 0.92 ≈ 0.84. After mapping, the dimensions and corresponding mapping matching coefficients are integrated to form a strategy abstraction and stored.

[0027] In summary, compared to existing technologies, this application's embodiments reduce the professional requirements for the requesting subject and increase the difficulty of policy generation by providing a standardized policy definition interface. Furthermore, by invoking a natural language processing model for semantic analysis and entity extraction, the accuracy and automation of intent parsing are ensured, avoiding the subjectivity and inefficiency of manual interpretation, and accurately capturing core semantic elements such as subject, operation, data object, and business purpose. The extracted entities are used to generate a unified policy abstraction, providing a standardized input format for all subsequent processing modules, realizing business-driven policy generation, and enabling security policies to accurately target business objectives.

[0028] S20: Obtain the multimodal real-time behavioral signals, operation sequences, and current environmental risk data of the requesting subject as a trust indicator, and calculate the current dynamic trust score based on the trust indicator and the preset trust assessment quantification model. In this embodiment, the multimodal real-time behavioral signal is a real-time data stream that is synchronously collected from different dimensions during the operation of the requesting subject and can reflect the subject's current operation status and intent; the operation sequence is a log record formed by the continuous operations executed by the requesting subject in the session in chronological order; the environmental risk data is the external environmental risk information when the requesting subject accesses the data; the trust assessment quantification model is an algorithm model built based on machine learning or deep learning, used to convert multi-dimensional trust indicators into quantified trust scores, with an output range of 0-100 points; the dynamic trust score is a trust quantification value that is calculated based on the real-time collected trust indicators and is dynamically updated with changes in the subject's behavior and environment, reflecting the current trustworthiness of the requesting subject.

[0029] After submitting the access intent, multimodal real-time behavioral signals, operation sequences, and current environmental risk data are collected as trust indicators; the preset trust assessment quantification model is input, compared with historical behavior baselines, and the current dynamic trust score is calculated.

[0030] Step S20 in the method provided in this application embodiment includes: During the requesting subject session, multimodal real-time behavioral signals are continuously collected, including: behavioral biometric signals, operation sequence logs, and environmental context information; Based on the collected multimodal real-time behavior signals, atomic operation events in the multimodal real-time behavior signals are identified, and the atomic operation events are subjected to time-series sorting, session segmentation and aggregation analysis to obtain operation sequence logs; Based on the collected multimodal real-time behavioral signals, the current environmental risk data in the multimodal real-time behavioral signals is identified, and the environmental risk level is obtained by comprehensively weighting and rating the identified current environmental risk data. The collected multimodal real-time behavioral signals are compared with the historical behavioral baseline of the corresponding requesting subject in real time to calculate the behavioral deviation. The behavioral deviation and environmental risk level are input into a pre-trained trust assessment quantification model using operation sequence logs, and the output is a continuously changing value within a preset range, which serves as the current dynamic trust score.

[0031] In this embodiment, multimodal real-time behavioral signals are continuously collected during the requesting subject's session, including behavioral biometric signals, operation sequence logs, and environmental context information. The behavioral biometric signals are behavioral data bound to the requesting subject's physiological characteristics, such as keyboard input rhythm, mouse click frequency, fingerprint verification information, and facial dynamic features, and are unique and cannot be copied. The operation sequence log is a record of continuous operations performed by the requesting subject during the session. The environmental context information is external environmental data when the requesting subject accesses data, including login IP address, device model, network type, geographical location, login time, and device security status.

[0032] The operation sequence log includes logging into the system, searching for the customer order number, clicking the payment information reading button, viewing logistics records, and submitting return review comments; the environment context information includes logging into the corporate intranet, device model, network type (corporate leased line), geographical location (company office area), device security status (no virus / no abnormal processes), and login time (normal working hours on a weekday).

[0033] Specifically, after platform business personnel submit their access intent through the policy definition interface, they enter the session phase and continuously collect multimodal real-time behavioral signals: behavioral biometric signals include the business personnel's keyboard input rhythm, mouse click interval, and facial dynamic features; For example, business personnel A submits an access intent through the policy definition interface, entering the session phase. From 9:30 AM on December 25, 2025, when they log into the customer service system, to 10:00 AM when they complete the return data processing, they continuously collect multimodal real-time behavioral signals: behavioral biometric signals include Zhang San's keyboard input rhythm: an average of 3.2 characters per second, with a deviation of ≤5% from the historical baseline; an average mouse click interval of 1.5 seconds / click; and facial dynamic features, with a 99.2% match between facial movements collected by the camera and historical verification data. The operation sequence log is as follows: 9:30 AM - logging into the customer service system; 9:31 AM - searching for the customer order number; 9:32 AM - clicking the payment information reading button; 9:33 AM - viewing the logistics records; and 9:34 AM - submitting return review opinions. The environmental context information is as follows: the login IP is the company intranet, the device model is the enterprise dedicated line, the geographical location is the company office area, the device security status is no virus / no abnormal processes, and the login time is the normal working hours of 9:00 AM to 6:00 PM on a weekday.

[0034] Secondly, based on the collected multimodal real-time behavioral signals, atomic operation events are identified within these signals. These atomic operation events are then subjected to temporal sequencing, session segmentation, and aggregation analysis to obtain an operation sequence log. The smallest granularity user operation unit that cannot be further divided by security logic can be a query submission, a data record read or modified, a file download request, or a click on a specific function button. Temporal sequencing arranges atomic operation events according to the chronological order of their occurrence. Session segmentation divides consecutive operation events into session phases, facilitating the focus on core operational steps. Aggregation analysis merges and statistically analyzes repeated or related operation events within the same phase, filtering redundant operations and retaining core behavioral characteristics.

[0035] Specifically, after collecting raw operation sequence logs over a certain period, such as one year, atomic operation events are identified; then, they are sorted chronologically; next, session segmentation is performed; finally, aggregation analysis is conducted. For data access phases without duplicate operations, core events are directly retained, ultimately forming the processed operation sequence logs. An aggregation analysis retention threshold parameter is used to determine whether to merge and retain duplicate operations within the session segmentation phase. Its purpose is to filter redundant operation records caused by system lag, user accidental touches, etc., retaining core operation characteristics that truly reflect the requester's intent, while avoiding excessive merging that could lead to the loss of abnormal behavior characteristics. The processed operation sequence logs clearly identify abnormal behavior, enabling the trust assessment model to quickly identify risks and reduce the probability of data leakage.

[0036] For example, if business personnel A performs an abnormal operation during a session, the multiple clicks on the download button will be merged into abnormal download attempts during the aggregation analysis, and the access to customer B's data will be marked as an unauthorized operation. If a credit approval business has an annual business cycle, and the system's baseline statistics on historical behavior show that the mean and standard deviation of the operational behavior characteristics tend to stabilize after accumulating 12 months of data.

[0037] Secondly, based on the collected multimodal real-time behavioral signals, the current environmental risk data in the multimodal real-time behavioral signals is identified. The identified current environmental risk data is comprehensively weighted and rated to obtain the environmental risk level. Here, the current environmental risk data is the specific risk facts directly detected or preliminarily identified in the environment; the environmental risk level is a quantitative classification result of the current access environment's security level, which may include low risk, medium risk, and high risk.

[0038] Specifically, current environmental risk data is extracted from environmental context information: login address, network type, device security status, geographical location, and login time. Then, a comprehensive weighting is performed, multiplying the risk value of each risk data point by its corresponding environmental risk data weight value and summing the results to obtain a weighted total score for environmental risk data. The weights can be set according to the degree of impact of the environmental risk data on the overall risk, distinguishing between key and non-key risk factors to avoid a single non-key factor excessively influencing the risk rating result; the total weight is 1.

[0039] Based on a preset risk rating system, the calculated current environmental risk data is rated to determine the current environmental risk level. This preset rating system can be based on pre-defined scoring benchmarks according to the severity of each risk factor, and can be combined with industry safety standards and the actual loss levels caused by historical risk events to assign values. For example, the preset rating system could be set as follows: a risk value of 6 to 10 when the device has a virus or high-risk vulnerability; a risk value of 7 when using public Wi-Fi; a risk value of 5 when logging in from an IP address in a high-risk overseas region; and a risk value of 2 when logging in outside of working hours. A total score of 0 is rated as low risk, a total score of 1-5 as medium risk, and a total score of 6-10 as high risk. For example, in the case of enterprise intranet access scenarios, based on historical data statistics and security expert assessments, the weighting coefficients for device security anomalies are set to 0.4, network type anomalies to 0.3, and login address anomalies to 0.3. If business personnel A logs into the system at 20:00 outside of working hours via public Wi-Fi (risk value 7), overseas IP address (risk value 5), and the device has a virus (risk value 6), then the comprehensive weighted total score = 6 × 0.4 + 7 × 0.3 + 5 × 0.3 = 6, which falls within the range of 6-10, and is rated as high risk.

[0040] Simultaneously, the collected multimodal real-time behavioral signals are compared in real time with the historical behavioral baseline of the corresponding requesting subject to calculate the behavioral deviation. The historical behavioral baseline is a behavioral characteristic benchmark model constructed based on the requesting subject's past normal conversation data, including the normal range of dimensions such as behavioral biometrics, operating habits, and environmental preferences; the behavioral deviation is the degree of deviation between the current multimodal real-time behavioral signal and the historical behavioral baseline.

[0041] Specifically, the process begins by retrieving the historical behavioral baseline of business personnel. The currently collected multimodal real-time behavioral signals are then compared to this baseline. A pre-defined algorithm calculates the deviation between the historical behavioral baseline's behavioral biometrics, operational habits, environmental preferences, and real-time behavioral characteristics. The baseline range represents the normal fluctuation range of each dimension of behavioral characteristics within the historical baseline; its function is to convert continuous behavioral characteristic values ​​into a binary representation of deviation or a benchmark for calculating the degree of continuous deviation. Based on the historical behavioral baseline, a statistical distribution fit is performed on each dimension of characteristics. The mean is used as the center, and a certain multiple of the standard deviation is used as the boundary of the normal interval. For example, the mean plus or minus 1.96 times the standard deviation is used as the 95% confidence interval; values ​​outside this interval are considered deviations.

[0042] Deviation = (Single-dimensional deviation value / Baseline range). The higher the behavioral deviation, the greater the deviation and the higher the risk. If multiple deviations exist, they are calculated separately and then summed with weights. The deviation weights are used to characterize the importance of different dimensions such as behavioral biometrics, operating habits, and environmental preferences in the deviation calculation, so that the deviation can focus on key behavioral features that contribute significantly to identity recognition. The deviation weights are determined based on the significance of each dimension's features in historical session data for identity differentiation, combined with the sensitivity of the business scenario.

[0043] For example, if business user A's operating habits are keyboard input rhythm and their environment preference is login device, with a keyboard input rhythm of 2.0 characters / second and a normal range of 2.4 to 3.6 characters / second, then the deviation of the keyboard input rhythm is approximately 0.33; the deviation of the login device is 1, and the weights of the two are 0.5 and 0.5 respectively. Therefore, the calculated behavioral deviation is approximately (0.33 × 0.5 + 1 × 0.5) ≈ 0.67, which can be judged as a high deviation.

[0044] Finally, the behavioral deviation and environmental risk level are input into the pre-trained trust assessment quantification model using the operation sequence log, and the output is a value that changes continuously within a preset range, which serves as the current dynamic trust score.

[0045] The trust assessment quantification model is a pre-trained machine learning / deep learning model that integrates three types of data—behavioral deviation, environmental risk level, and operation sequence logs—as input to output a quantified dynamic trust score. The behavioral deviation and environmental risk level are then input into the trust assessment quantification model via operation sequence logs, and the model performs calculations based on pre-trained logic to ultimately output the current dynamic trust score.

[0046] In step S20 of the method provided in this application embodiment, the trust assessment quantification model employs a risk tracing algorithm based on a time-series graph neural network and an attention mechanism, specifically including: A time-series heterogeneous graph is constructed from the multimodal real-time behavioral signals with timestamps collected within a certain time window. The node types in the time-series heterogeneous graph include request subject, device, operation, and data resource, and the edges represent different types of relationships and signal strength that changes over time. The temporal heterogeneous graph is embedded using a temporal graph neural network to learn the dynamic evolution trend of the request subject's behavior pattern and the dependencies between operations. Using a temporal heterogeneity graph, a comprehensive risk score is calculated based on the requesting subject's behavioral deviation, environmental risk level, and operation sequence. An attention mechanism is introduced to calculate the contribution weight of each dimension signal node and time slice in the temporal heterogeneous graph to the overall risk score of the current session, and an interpretable risk contribution report is generated. The dynamic trust score is calculated by subtracting the comprehensive risk score from the preset baseline trust score.

[0047] In this embodiment, the multimodal real-time behavioral signals with timestamps collected within a time window are first constructed into a temporal heterogeneous graph. The node types in the temporal heterogeneous graph include request subjects, devices, operations, and data resources, and the edges represent different types of relationships and signal strengths that change over time. The time window is a preset fixed time interval used to limit the collection range of multimodal real-time behavioral signals, ensuring the timeliness and relevance of the data. The temporal heterogeneous graph is a heterogeneous network graph containing a time dimension, composed of different types of nodes and edges between nodes. The attributes of the edges and nodes change over time, intuitively presenting the spatiotemporal correlation of multimodal signals. Node types are the core element classification in the temporal heterogeneous graph, including four categories: request subjects, devices, operations, and data resources. Edges represent the relationships connecting different nodes, the weight of the edge represents the signal strength of the relationship, and the attributes of the edge are dynamically updated over time.

[0048] Specifically, firstly, based on the acquisition range of multimodal real-time behavioral signals, a corresponding time window is set. Then, multimodal real-time behavioral signals are acquired over a past period, such as the past year. Multiple nodes are identified based on these signals. Subsequently, multiple edges are constructed according to the relationships between these nodes, and these edges are used to sequentially connect the nodes of the multimodal real-time behavioral signals. Finally, a time-series heterogeneous graph is constructed. The node types in the time-series heterogeneous graph can include: request subject nodes, device nodes, operation nodes, and data resource nodes. Request subject nodes represent business personnel information, device nodes represent device addresses and models, operation nodes represent the operation steps of business personnel, and data resource nodes represent business process records, etc. The edges are constructed based on the relationships between request subject nodes, device nodes, and operation nodes.

[0049] Secondly, a temporal graph neural network is used to perform embedding learning on the temporal heterogeneous graph, learning the dynamic evolution trend of the request subject's behavioral patterns and the dependencies between operations. Embedding learning is the process of transforming nodes, edges, and temporal attributes in the temporal heterogeneous graph into low-dimensional dense vectors, enabling the graph structure data to be computed and analyzed by the model; the dynamic evolution trend of behavioral patterns refers to the changing patterns of the request subject's operational behavior during the session.

[0050] Specifically, the constructed temporal heterogeneous graph is input into a temporal graph neural network, and each node is transformed into a low-dimensional vector for node embedding. Temporal dependencies of operations are captured, normal behavioral evolution trends are identified, and strongly dependent operations are verified, leading to temporal feature learning. By comparing the temporal heterogeneous graph of historical sessions with the pattern evolution speed, the normality of behavioral patterns is determined, and dynamic trend analysis is performed. This yields the dynamic evolution trend and the dependencies between operations.

[0051] Next, using a temporal heterogeneous graph, a comprehensive risk score is calculated based on the requesting subject's behavioral deviation, environmental risk level, and operation sequence. This comprehensive risk score is a quantified risk value calculated using a pre-defined algorithm based on the embedding features of the temporal heterogeneous graph, behavioral deviation, environmental risk level, and operation sequence features, reflecting the overall risk level of the current session.

[0052] Specifically, based on the learning results of the temporal graph neural network, a comprehensive risk score is calculated by combining existing indicators: inputting current data, obtaining behavioral deviation, low-risk environmental risk level, temporal heterogeneous graph embedding features, and normal operation sequence dependencies; the comprehensive risk score is calculated by weighting, with the weights depending on the degree of influence of behavioral deviation, low-risk environmental risk level, temporal heterogeneous graph embedding features, and operation sequence dependencies on the comprehensive risk score, so that the comprehensive risk score can be dynamically adjusted according to the sensitivity of different risk dimensions to business scenarios. It can be set based on the statistical results of the correlation strength between each dimension and the final risk level in historical risk events, combined with the degree of attention paid to different risk sources by business security strategies.

[0053] Comprehensive risk score = behavioral deviation quantification value × behavioral deviation quantification value weight + environmental risk level quantification value × environmental risk level quantification value weight + embedded feature outlier × embedded feature outlier weight + operation dependency outlier × operation dependency outlier weight.

[0054] For example, if the behavioral deviation is 0.67, the quantitative value is 70, the environmental risk level is high risk, the quantitative value is 80, the embedded feature is abnormal, the quantitative value is 60, and the operation dependency is abnormal, the quantitative value is 50, and the weights of the behavioral deviation quantitative value, environmental risk level quantitative value, embedded feature abnormal value, and operation dependency abnormal value are set to 0.4, 0.3, 0.2, and 0.1 respectively, then the comprehensive risk score is 70×0.4+80×0.3+60×0.2+50×0.1=69 points.

[0055] Simultaneously, an attention mechanism is introduced to calculate the contribution weights of each dimension of signal nodes and time slices in the temporal heterogeneous graph to the overall risk score of the current session, and to generate an interpretable risk contribution report. The attention mechanism, a feature weighting mechanism in deep learning, can automatically identify the nodes, edges, and time slices that contribute the most to the overall risk score, focusing on core risk factors. The risk contribution report is a visual report generated based on the analysis results of the attention mechanism, clearly marking the contribution weights of each dimension of signal nodes and time slices to the overall risk, thus achieving risk interpretability. Each dimension of signal node refers to an entity or event in the temporal heterogeneous graph, and each node carries a feature vector of one dimension. A time slice is a discrete time period unit divided into continuous time axes at fixed intervals; the state of each signal node is sampled or aggregated within each time slice.

[0056] Analysis using an attention mechanism identifies signal nodes such as behavioral deviation and environmental risk level, as well as edges and time slices in the temporal heterogeneous graph, as the factors contributing most to the risk score. Nodes, edges, and time slices identified as anomalous are labeled, and their corresponding contribution weights are calculated. The attention contribution weight parameter characterizes the degree of contribution of each signal node, edge, and time slice in the temporal heterogeneous graph to the overall risk score. Based on the attention distribution learned during model training, the forward propagation contribution of each node, edge, and time slice is calculated using back-attribution. After normalizing the contribution, the contribution weight of each element is obtained. Finally, all anomalous nodes, edges, and their corresponding weights are integrated to obtain a risk contribution report. For example, when a pre-trained temporal graph attention model is called to analyze the current session, the attention contribution weights of the signals output by the model for each dimension are as follows: 0.52 for the node corresponding to behavioral deviation, 0.28 for the node corresponding to environmental risk level, 0.12 for the edge corresponding to operation dependency anomaly, and 0.08 for the node corresponding to embedding feature anomaly. At the same time, it is identified that the contribution weight of the continuously high behavioral deviation is 0.45.

[0057] Finally, the dynamic trust score is calculated by subtracting the comprehensive risk score from the preset baseline trust score. The preset baseline trust score is used as the current dynamic trust score by subtracting the comprehensive risk score from the preset baseline trust score.

[0058] Specifically, the preset baseline trust score parameter is used to represent the initial trust benchmark that the requesting subject possesses when no risky behavior has occurred. It provides a unified starting point for the dynamic trust score, enabling the trust score to reflect the degree of deviation of the current session from the ideal security state. It can be comprehensively set based on the stability of the requesting subject's historical behavior baseline, the security level of its position or role, the sensitivity of the business scenario, and the requirements of the organization's security policy. A hierarchical configuration method can be adopted to assign differentiated baseline trust scores to business subjects with different risk levels.

[0059] The preset dynamic trust score ranges from 0 to 100, with a minimum value of 0. For tasks with stable historical behavioral baselines, high job safety levels, and high data sensitivity, a baseline trust score of 80 can be set. For tasks with behavioral baselines still under construction and low data sensitivity, a baseline trust score of 60 is set. If the overall risk score exceeds the baseline trust score, the dynamic trust score is set to the lowest value, representing complete untrustworthiness. For example, when the overall risk score is 69 and the preset baseline trust score is 80, the dynamic trust score = 80 - 69 = 11, which is judged as low trustworthiness.

[0060] In this embodiment, multimodal behavioral signals are collected, analyzed, and compared in real time to obtain the user's current behavioral state and the risk environment they are in. Based on a temporal graph neural network and attention mechanism model, the behavioral signals are constructed into a temporal heterogeneous graph, enabling the model to learn dynamic evolution trends and complex dependencies between operations, thereby improving the accuracy and credibility of risk identification. Finally, a preset baseline trust score is calculated by subtracting the comprehensive risk score, allowing the trust score to respond in real time to changes in behavior and environment. This gives the security policy accurate risk perception capabilities, improving the security and credibility of the data access process.

[0061] S30: Based on the strategy abstraction, query the business knowledge base to obtain control constraints; In this embodiment, the business knowledge base is a structured database that stores information such as enterprise business rules, data security compliance requirements, and data classification and grading standards. It serves as the compliance and business basis for generating security policies. The control constraints are security control rules extracted from the business knowledge base that are abstracted and matched with the current policy.

[0062] Specifically, the process begins by accessing relevant data, then abstracting the data object and business purpose based on the strategy, querying the business knowledge base, and reading the accessed data to obtain the control constraints in the current scenario.

[0063] Step S30 in the method provided in this application embodiment includes: Obtain information on data classification and grading labels, compliance requirements, and minimum necessary usage scope related to the data object and business purpose.

[0064] In this embodiment, data classification and grading labels, compliance requirements, and minimum necessary usage information related to data objects and business purposes are obtained. Data classification and grading labels are metadata that standardizes and marks data assets based on data sensitivity and value. The strategy inference engine intelligently determines the intensity of control to be applied based on the retrieved data labels and dynamic trust scores, thereby achieving refined and automated data security governance. Compliance requirements are a set of structured rules pre-defined in the business knowledge base and associated with specific business purposes and data objects. Core content includes: operational restrictions, retention and audit obligations, and consent and notification status. Minimum necessary usage information is a precise subset of data and operational permission boundaries dynamically delineated from data assets based on specific business purposes and compliance principles.

[0065] Specifically, the sensitivity level thresholds in the data classification and grading labels are used to define the classification standards for data assets under different confidentiality and integrity requirements, allowing for the matching of differentiated security control measures to data with different sensitivities. The determination method is based on the security compliance standards of the business area involved in the data, the potential losses caused by data breaches, and industry best practices.

[0066] For example, technical protection standards include the requirement to use TLS 1.3 or higher protocols when transmitting data at this level. Operational restrictions include the need for de-identification of sensitive personal data and prohibition of outbound transfer of financial data. Retention and auditing obligations include the requirement to log all access activities for 180 days. Consent and notification status include the requirement that the use of the dataset has been authorized by the group, excluding individuals who have withdrawn their consent. Minimum necessary usage information includes the requirement that, for generating quarterly sales reports, aggregate queries on only three fields in the sales record table are permitted, and the results must be aggregated to the product level; outputting any individual customer identification fields is prohibited.

[0067] In this embodiment, data classification and grading tags, compliance requirements, and minimum necessary usage scope information related to the data object and business purpose are automatically obtained by querying the knowledge base, and key constraints are automatically introduced during the strategy reasoning stage. This eliminates the need for manual configuration of complex compliance rules, reducing the operational costs and error risks of compliance. Fine-grained control is implemented from the source of data access, allowing access only to the minimum data necessary to complete the task, reducing data exposure and enhancing the security and compliance of data use. Static compliance requirements are transformed into policy constraints that can be dynamically applied to specific business scenarios.

[0068] S40: Based on the policy abstraction, the dynamic trust score, and the control constraints, a corresponding set of collaborative control instructions is generated through the policy reasoning engine; In this embodiment, the strategy reasoning engine is based on the rule reasoning core module, which can integrate strategy abstraction, dynamic trust score, and control constraints to automatically generate control instructions that meet business and security requirements; the collaborative control instruction set is a collection of instructions for execution by multiple security components output by the strategy reasoning engine. The instructions need to be executed collaboratively by different security components to achieve full-process control of data access.

[0069] Specifically, the strategy reasoning engine takes policy abstraction, dynamic trust score, and control constraints as input. Then, based on business objectives and the principle of minimum necessity, it determines the allowed execution operations and data scope limits; determines the security controls that need to be applied; and finally verifies them based on the dynamic trust score to generate the corresponding collaborative control instruction set.

[0070] Step S40 in the method provided in this application embodiment includes: The inputs to the strategy reasoning engine are strategy abstraction, dynamic trust score, data classification and grading labels, compliance requirements, and minimum necessary scope of use information; The reasoning process of the strategy reasoning engine is as follows: Based on business objectives and minimum necessary usage information, determine the specific set of operations that can be performed and the required subset of data fields; Based on the data classification and grading labels of the data fields, determine the security control actions that need to be applied; Based on the current dynamic trust score and environmental risk level, adjust the intensity and execution method of safety control actions and generate instruction templates; By integrating the above-mentioned specific operation sets, data field subsets, and instruction templates, a machine-readable collaborative control instruction set is generated.

[0071] In this embodiment of the application, the input to the strategy reasoning engine is strategy abstraction, dynamic trust score, data classification and grading labels, compliance requirements, and minimum necessary scope of use information.

[0072] Specifically, the decision-making basis input into the strategy reasoning engine includes five types of core data: strategy abstraction (i.e., core elements of business intent), dynamic trust score (i.e., the credibility of the subject), data classification and grading labels (i.e., data sensitivity), compliance requirements (i.e., laws, regulations and corporate systems), and minimum necessary scope of use information (i.e., data access boundaries). These data are synchronized to the strategy reasoning engine through a standardized interface to provide a complete basis for subsequent reasoning.

[0073] Subsequently, the strategy reasoning engine performs reasoning: first, based on the business purpose and the minimum necessary scope of use information, it determines the specific set of operations that can be performed and the required subset of data fields.

[0074] The specific operation set is used to define whether an operation is necessary to complete a specific business objective. Its purpose is to filter unnecessary operations from the candidate operation set, ensuring that the final granted operation permissions strictly adhere to the principle of minimum necessity. It can be set using a combination of rule engines and expert experience, based on a standardized business process list corresponding to the business objective, combined with frequency statistics of operation types in historical similar business requests, and prohibitions on operation types in compliance requirements.

[0075] The minimum necessary scope information in the data field subset is used to define whether a certain data field belongs to the minimum data range necessary to complete the business in a specific operational scenario. It can control the granularity of data access and avoid returning sensitive fields that are irrelevant to the business. It can be comprehensively judged based on the data usage requirement list corresponding to the business purpose, combined with the field-level sensitivity definition in the data classification and grading labels, and the constraints of the data minimization principle in compliance requirements.

[0076] Secondly, based on the data classification and grading labels of the data fields, the required security control actions are determined. These security control actions are specific security protection measures taken for data of different classification and grading levels, such as mandatory data anonymization and processing in a trusted environment. The higher the data sensitivity, the stricter the control actions. The strategy inference engine matches security control actions to order payment information and logistics records based on the data classification and grading labels. Control actions for order payment information and logistics records are strictly matched to their sensitivity levels to avoid resource waste or insufficient protection.

[0077] Furthermore, the intensity and execution method of safety control actions are adjusted according to the dynamic trust score and environmental risk level to generate instruction templates. If the dynamic trust score is high and the environmental risk level is low, the intensity of the safety control actions is weak and the execution method is simple. Conversely, the intensity of the safety control actions is strengthened and the execution method is increased.

[0078] Finally, by integrating the aforementioned specific operation sets, data field subsets, and instruction templates, a machine-readable collaborative control instruction set is generated. The instruction template is a predefined control instruction format, containing the instruction type, execution target, and parameters. The collaborative control instruction set is a collection of instructions generated after integrating the operation sets, data field subsets, and instruction templates; it is directly executable by each security component, possesses machine readability, and supports multi-component collaborative work. Specifically, all the generated instructions are integrated to obtain a collaborative control instruction set that clearly defines the tasks to be performed by each security component, for subsequent collaborative work.

[0079] Step S40 in the method provided in this application embodiment further includes: The generated collaborative control instruction set, the current system's security baseline policy, and the compliance requirements obtained from the business knowledge base are all transformed into formal logical propositions. Based on formal logic propositions, formal verification tools are used to automatically verify preset security attributes; If an attribute conflict is detected, the resolution engine is activated. Based on the risk contribution report from the risk tracing algorithm, the resolution engine prioritizes attempting to automatically repair the conflict through enhanced control actions. If automatic repair fails, an abnormal policy proposal requiring administrator approval is generated, and the direct issuance and execution of the collaborative control instruction set is prevented.

[0080] In this embodiment, the generated collaborative control instruction set, the current system's security baseline policy, and compliance requirements obtained from the business knowledge base are first transformed into formal logic propositions. Formal logic propositions are statements with explicit truth or falsity values ​​described using mathematical logic language, precisely expressing the logical relationship between policy rules and constraints. The security baseline policy is a predefined, mandatory set of minimum security standard rules that all dynamically generated policies must adhere to. The collaborative control instruction set must undergo formal verification against the security baseline policy to ensure that dynamic authorization does not violate the security baseline policy, ensuring automated security without loss of control.

[0081] Secondly, based on formal logic propositions, formal verification tools are used to automatically verify the preset security attributes. These formal verification tools are software tools based on logical reasoning algorithms that can automatically check the consistency between formal logic propositions and identify conflicts. The preset security attributes are a set of formally defined, inviolable core security and compliance rules. The verification objective is to ensure that the collaborative control instruction set meets these attributes and does not violate security baselines and compliance requirements.

[0082] For example, in a cross-border data analysis scenario: A preset security attribute stipulates that core R&D data must not be transmitted to overseas servers; the generation strategy is an intent-triggered instruction set that includes sending a copy of certain R&D data to an overseas computing cluster for analysis. Verification and conflict resolution involve a formal verification tool mapping this instruction set to a logical proposition: data D is transmitted to location L, and L is located overseas. This is compared with the security attribute, which prohibits data D from being transmitted overseas. Finally, in the detection and resolution phase, the formal verification tool immediately detects a logical conflict, determining that the strategy violates data flow compliance attributes. Subsequently, a resolution engine is activated, potentially correcting the analysis to be completed in a trusted execution environment within China, with only the anonymized results sent overseas.

[0083] Furthermore, if an attribute conflict is detected, the resolution engine is activated. Based on the risk contribution report from the risk tracing algorithm, the resolution engine prioritizes attempting to automatically repair the conflict through enhanced control actions. If automatic repair fails, an abnormal policy proposal that requires administrator review is generated, and the direct issuance and execution of the collaborative control instruction set is prevented.

[0084] Specifically, the conflict resolution engine's module for automatically repairing policy conflicts focuses on core conflict points based on risk contribution reports and resolves conflicts through enhanced control actions. The abnormal policy proposal, generated when automatic repair fails, is a draft policy that requires administrator review. It includes conflict details and repair suggestions to ensure policies are not executed incorrectly. The risk contribution report provides precise data for policy conflict resolution and enables stronger controls for high-risk sources.

[0085] If a conflict is detected in the collaborative control instruction set, the system initiates a conflict resolution process. The resolution engine invokes the risk contribution report to analyze the conflict points and performs automatic repair through enhanced control actions. The resolution engine adjusts the encryption algorithm, regenerates the instruction set, and verifies it again. If the conflict is resolved, the repair is successful. If the resolution engine cannot repair the conflict, it generates an abnormal policy proposal, marks the conflict points, proposes a suggested repair policy, and prevents the issuance of the collaborative control instruction set to avoid data security risks caused by erroneous policies.

[0086] In this embodiment, a logical reasoning process combines policy abstraction, dynamic trust scores, and control constraints. The scope of operations and data is determined based on business objectives and the minimum necessary usage range, ensuring a high degree of alignment between the policy and business goals. Basic security control actions are determined based on data classification and grading labels, establishing the foundation for risk-level management. Control strength is dynamically adjusted based on dynamic trust scores and environmental risk levels, achieving personalized and contextualized policy adaptation, allowing security control strength to flexibly scale with changes in risk. Subsequently, policy logic and automatic verification ensure compliance with preset security attributes, avoiding security vulnerabilities caused by policy logic errors. This guarantees business continuity, reduces manual intervention, and enables a policy controller with self-healing capabilities.

[0087] S50: The collaborative control instruction set is sent to the relevant security components for collaborative work, and the collaborative control instruction set is dynamically updated based on the latest dynamic trust score to complete the secure access and use of data.

[0088] In this embodiment, the security component is a functional module that implements data security control, including an access control component, a data encryption component, an audit component, an anomaly alarm component, etc.; the dynamic update of the collaborative control instruction set is to modify the issued instruction set in real time during the data access process according to the latest dynamic trust score and environmental changes, so as to ensure that the control strategy matches the current risk status.

[0089] The collaborative control instruction set is distributed to each security component. During data access, the dynamic trust score and environmental risks are continuously monitored: if there are no abnormal behaviors, the dynamic trust score is maintained and there is no need to update the collaborative control instruction set; if an abnormal behavior signal is triggered, the dynamic trust score is recalculated and the collaborative control instruction set is updated.

[0090] Step S50 in the method provided in this application embodiment includes: The strategy execution controller receives the cooperative control instruction set; Parse the collaborative control instruction set and distribute different sub-instructions to the corresponding security components according to the collaborative control instructions specified in the collaborative control instruction set; After each security component has completed its execution, it reports its status back to the policy execution controller. The policy execution controller summarizes the status of each component, confirms that the overall control command has been executed, and updates the session status.

[0091] In this embodiment, the policy execution controller first receives the collaborative control instruction set. The policy execution controller is the central scheduling module for the collaborative control instruction set, responsible for receiving, parsing, and distributing instructions, and summarizing execution status. It is the core hub connecting the policy inference engine and various security components, possessing instruction verification and component collaborative scheduling capabilities. After the collaborative control instruction set generated by the policy inference engine undergoes formal verification and is found to be conflict-free, it is sent to the policy execution controller via an encrypted interface. The controller first performs an integrity check on the instruction set, confirming that it contains sub-instructions from access control components, encryption components, and auditing components, and that no instructions are missing. After successful verification, the controller completes the reception, generates a unique instruction identifier for subsequent tracking, and records the reception time.

[0092] Secondly, the collaborative control instruction set is parsed, and different sub-instructions are distributed to the corresponding security components according to the collaborative control instructions specified in the instruction set. Instruction parsing is the process by which the policy execution controller breaks down the collaborative control instruction set into sub-instructions recognizable by each security component and extracts the execution parameters of the sub-instructions. Security components are functional modules responsible for specific security control tasks, including access control components, encryption components, auditing components, and authentication components.

[0093] Specifically, the policy execution controller parses the instruction set, breaks down the sub-instructions into access control component sub-instructions, encryption component sub-instructions, and audit component sub-instructions, and finally distributes the sub-instructions. Based on the sub-instruction identifier, the policy execution controller sends the access control sub-instruction to the access control component, the encryption sub-instruction to the encryption component, and the audit sub-instruction to the audit component, along with the instruction identifier.

[0094] Secondly, after each security component completes its execution, it reports its status to the policy enforcement controller. Component execution is the process by which a security component completes a specific security control task based on received sub-instructions; status feedback is the process by which a security component sends the execution results and details to the policy enforcement controller, and the feedback information includes the instruction identifier and execution time.

[0095] The access control component executes, and if identity verification is successful, it loads a subset of allowed data fields, records successful permission grant, and sends access instruction information to the controller. It then proceeds to execute the encryption component, enabling encrypted transmission, confirming encryption effectiveness, and sending encryption instruction information. Subsequently, the auditing component executes, initializing the operation log recording module, enabling real-time auditing, and sending audit instruction information. If identity verification fails, the access control component will report execution failure, authentication unsuccessful, and terminate subsequent operations.

[0096] For example, if the encryption component fails to complete encryption due to an algorithm malfunction, it will immediately report the execution failure to the controller, indicating an encryption algorithm initialization error. Upon receiving this information, the controller will send a termination permission grant instruction to the access control component to prevent unencrypted data from being accessed.

[0097] Finally, the policy execution controller aggregates the states of all components, confirms that the overall control commands have been executed, and updates the session state. The state aggregation is the process by which the policy execution controller integrates the feedback states of all security components to determine the overall execution result of the command set; the session state records the execution state of the current data access session and is used for subsequent dynamic updates of the command set.

[0098] Specifically, if the access control component, encryption component, and auditing component execute successfully, the entire instruction set is considered to have executed successfully. The controller updates the session state to indicate that authorization and encryption are complete. Simultaneously, the controller synchronizes the session state to the trust assessment module and policy inference engine, providing a basis for subsequent dynamic monitoring. If any component fails, the controller determines that a partial failure has occurred, updates the session state, and triggers an alarm to notify the administrator for investigation.

[0099] For example, if a component fails to execute, the controller determines that the audit part has failed, updates the session state to authorized, encrypted, or audit abnormal, and triggers an alarm to notify the security administrator to investigate.

[0100] Step S50 in the method provided in this application embodiment further includes: During the execution of collaborative control instructions, the latest dynamic trust score and environmental risk data from the trust assessment quantification model are continuously monitored, and environmental events are extracted based on the environmental risk data. When the dynamic trust score drops below the preset threshold, or when the extracted environmental event triggers the preset risk event, the policy reasoning engine is triggered in real time to dynamically correct the generated collaborative control instruction set based on the latest dynamic trust score and the current session state. The revised collaborative control instruction set is distributed to relevant security components to dynamically adjust policies for currently ongoing data access sessions.

[0101] In this embodiment, during the execution of collaborative control commands, the latest dynamic trust score and environmental risk data from the trust assessment quantification model are continuously monitored, and environmental events are extracted based on the environmental risk data. Continuous monitoring involves collecting the dynamic trust score output by the trust assessment quantification model and the environmental risk data fed back by the environmental risk perception module at fixed time intervals throughout the entire cycle of collaborative control command execution, ensuring real-time perception of risk changes. Environmental events are specific events with risk characteristics extracted from the environmental risk data. During the execution of collaborative control commands, continuous frequency monitoring is performed to obtain the dynamic trust score, environmental risk data, and extracted environmental events.

[0102] Secondly, when the dynamic trust score is detected to drop below a preset threshold, or when an extracted environmental event triggers a preset risk event, the policy inference engine is activated in real time. Based on the latest dynamic trust score and the current session state, the generated collaborative control instruction set is dynamically corrected. The preset threshold is a pre-defined dynamic trust score threshold set by the system. When the trust score falls below this value, the policy adjustment process is automatically triggered. Dynamic correction involves the policy inference engine adjusting the control strength and permission scope of the original collaborative control instruction set based on the latest dynamic trust score and the current session state.

[0103] After setting a dynamic trust score threshold, if the dynamic trust score decreases and an abnormal environment event is detected, and both trigger conditions are met, the policy inference engine is activated. The engine takes the current dynamic trust score, current session state, and original control constraints as input; retrieves the current dynamic correction instruction set, makes corrections, and adds new instructions for security assurance. This trigger mechanism ensures that the policy inference engine starts immediately when the risk reaches the threshold, achieving real-time linkage between risk and policy adjustments; and dynamically corrects the security policy based on the latest trust score and session state.

[0104] Finally, the revised collaborative control instruction set is distributed to relevant security components to dynamically adjust policies for ongoing data access sessions. The revised collaborative control instruction set is a set of instructions adapted to the current risk state by the policy inference engine, retaining the core business logic of the original instruction set while strengthening security control dimensions. Dynamic policy adjustment involves distributing the revised instruction set to each security component, replacing the original instruction set, and executing it to achieve real-time policy updates for ongoing sessions.

[0105] After receiving the revised instruction set, the policy enforcement controller immediately distributes it to all security components. Upon receiving the revised instruction, the access control component immediately suspends information access permissions and performs authentication. The auditing component, upon receiving the instruction, synchronously pushes the operation trajectory to the administrator's workbench. Upon receiving the instruction, the encryption component immediately adjusts its encryption algorithm. Finally, the adjusted dynamic policy takes effect, and the revised instruction set is switched for all security components. The current security policy is updated in real time, enabling rapid risk management.

[0106] For example, during the core data download process, business personnel A modifies the instruction set and distributes it to the download control component. The component immediately suspends the download task and requires business personnel to complete multi-factor authentication before continuing. This manages risks and prevents downloaded data from becoming invalid, thus avoiding duplicate business operations.

[0107] In this embodiment, a policy execution controller parses and distributes collaborative control instruction sets to various security components, collects execution feedback, and achieves collaborative management of heterogeneous security capabilities, solving the problem of lack of collaboration among traditional security components. By continuously monitoring the latest trust scores and environmental events during instruction execution and setting trigger thresholds, when risk deterioration or environmental changes are detected, the policy inference engine is triggered to re-determine, generate a revised collaborative control instruction set, and execute it immediately. This allows security policies to adjust preventative strategies in a timely manner. Ultimately, collaboratively executed security policies provide end-to-end protection, ensuring business continuity while providing real-time and accurate security protection.

[0108] The embodiments of this application, through the above specific implementation methods, achieve the following technical effects: In this embodiment, a standardized policy definition interface is first provided, reducing the professional requirements for the requesting subject and increasing the difficulty of policy generation. Furthermore, a natural language processing model is invoked for semantic analysis and entity extraction, ensuring the accuracy and automation of intent parsing, avoiding the subjectivity and inefficiency of manual interpretation, and accurately capturing core semantic elements such as subject, operation, data object, and business purpose. The extracted entities are used to generate a unified policy abstraction, providing a standardized input format for all subsequent processing modules, realizing business-driven policy generation, and enabling security policies to be accurately positioned against business objectives.

[0109] Secondly, by collecting multimodal behavioral signals and performing real-time analysis and comparison, the system obtains the user's current behavioral state and the risk environment they are in. Based on a temporal graph neural network and attention mechanism model, the behavioral signals are constructed into a temporal heterogeneous graph, enabling the model to learn dynamic evolution trends and complex dependencies between operations, thus improving the accuracy and credibility of risk identification. Finally, a preset baseline trust score is calculated by subtracting the comprehensive risk score, allowing the trust score to respond in real-time to changes in behavior and environment. This gives the security policy accurate risk perception capabilities and improves the security and flexibility of the data access process.

[0110] Furthermore, by querying the knowledge base, the system automatically retrieves data classification and grading tags, compliance requirements, and minimum necessary usage information related to the data object and business purpose, and automatically introduces key constraints during the strategy reasoning stage. This eliminates the need for manual configuration of complex compliance rules, reducing the operational costs and error risks associated with compliance. It also enables fine-grained control over data access from its source, allowing access only to the minimum data necessary to complete the task, reducing data exposure and enhancing the security and compliance of data use. Static compliance requirements are transformed into policy constraints that can be dynamically applied to specific business scenarios.

[0111] Simultaneously, through a logical reasoning process, strategy abstraction, dynamic trust scores, and control constraints are combined. The scope of operations and data is determined based on business objectives and the minimum necessary usage range, ensuring a high degree of alignment between strategy and business goals. Basic security control actions are determined based on data classification and grading labels, establishing the foundation for risk-level management. Control strength is dynamically adjusted based on dynamic trust scores and environmental risk levels, achieving personalized and contextualized policy adaptation, allowing security control strength to flexibly scale with changes in risk. Subsequently, through strategy logic and automatic verification, it is ensured that preset security attributes are not violated, avoiding security vulnerabilities caused by policy logic errors. This ensures business continuity, reduces manual intervention, and achieves a self-healing strategy controller.

[0112] Ultimately, the policy execution controller parses and distributes collaborative control instruction sets to various security components, collects execution feedback, and achieves collaborative management of heterogeneous security capabilities, solving the problem of lack of collaboration among traditional security components. By continuously monitoring the latest trust scores and environmental events during instruction execution and setting trigger thresholds, when risk deterioration or environmental changes are detected, the policy inference engine is triggered to re-determine, generate a revised collaborative control instruction set, and execute it immediately. This allows security policies to adjust preventative strategies in a timely manner. Ultimately, collaboratively executed security policies provide end-to-end protection, ensuring business continuity while providing real-time and accurate security protection.

[0113] Example 2, as Figure 2As shown, based on the same inventive concept as the secure delivery method for data elements in a communication network provided in Embodiment 1, this embodiment of the invention also provides a secure delivery system for data elements in a communication network, comprising: The intent parsing module 11 is used to receive the business data access intent submitted by the requesting subject, parse and abstract the business data access intent to obtain the policy abstraction, which includes the requesting subject, operation, data object and business purpose. The dynamic trust assessment module 12 is used to acquire the multimodal real-time behavioral signals, operation sequences and current environmental risk data of the requesting subject as trust indicators, and to calculate the current dynamic trust score based on the trust indicators and the preset trust assessment quantification model. The strategy constraint query module 13 is used to query the business knowledge base based on the strategy abstraction to obtain control constraint conditions. The strategy reasoning module 14 is used to generate a corresponding set of collaborative control instructions based on the strategy abstraction, the dynamic trust score and control constraints through the strategy reasoning engine. The policy execution module 15 is used to distribute the collaborative control instruction set to relevant security components for collaborative work, and dynamically update the collaborative control instruction set based on the latest dynamic trust score to complete the secure access and use of data.

[0114] In one embodiment, the intent parsing module 11 is used for: The policy definition interface receives the business data access intent input by the request subject; The natural language processing model is invoked to perform semantic analysis on the business data access intent, identify and extract key entities and relationships, and the key entities include at least: request subject identifier, operation verb, data object description, and business purpose statement; The extracted key entities are mapped to a predefined strategy element framework to form a structured strategy abstraction.

[0115] In one embodiment, the dynamic trust assessment module 12 is used for: During the requesting subject session, multimodal real-time behavioral signals are continuously collected, including: behavioral biometric signals, operation sequence logs, and environmental context information; Based on the collected multimodal real-time behavior signals, atomic operation events in the multimodal real-time behavior signals are identified, and the atomic operation events are subjected to time-series sorting, session segmentation and aggregation analysis to obtain operation sequence logs; Based on the collected multimodal real-time behavioral signals, the current environmental risk data in the multimodal real-time behavioral signals is identified, and the environmental risk level is obtained by comprehensively weighting and rating the identified current environmental risk data. The collected multimodal real-time behavioral signals are compared with the historical behavioral baseline of the corresponding requesting subject in real time to calculate the behavioral deviation. The behavioral deviation and environmental risk level are input into a pre-trained trust assessment quantification model using operation sequence logs, and the output is a continuously changing value within a preset range, which serves as the current dynamic trust score.

[0116] The trust assessment quantification model employs a risk attribution algorithm based on temporal graph neural networks and attention mechanisms, specifically including: A time-series heterogeneous graph is constructed from the multimodal real-time behavioral signals with timestamps collected within a certain time window. The node types in the time-series heterogeneous graph include request subject, device, operation, and data resource, and the edges represent different types of relationships and signal strength that changes over time. The temporal heterogeneous graph is embedded using a temporal graph neural network to learn the dynamic evolution trend of the request subject's behavior pattern and the dependencies between operations. Using a temporal heterogeneity graph, a comprehensive risk score is calculated based on the requesting subject's behavioral deviation, environmental risk level, and operation sequence. An attention mechanism is introduced to calculate the contribution weight of each dimension signal node and time slice in the temporal heterogeneous graph to the overall risk score of the current session, and an interpretable risk contribution report is generated. The dynamic trust score is calculated by subtracting the comprehensive risk score from the preset baseline trust score.

[0117] In one embodiment, the policy constraint query module 13 is used for: Obtain information on data classification and grading labels, compliance requirements, and minimum necessary usage scope related to the data object and business purpose.

[0118] In one embodiment, the strategy reasoning module 14 is used for: The inputs to the strategy reasoning engine are strategy abstraction, dynamic trust score, data classification and grading labels, compliance requirements, and minimum necessary scope of use information; The reasoning process of the strategy reasoning engine is as follows: Based on business objectives and minimum necessary usage information, determine the specific set of operations that can be performed and the required subset of data fields; Based on the data classification and grading labels of the data fields, determine the security control actions that need to be applied; Based on the current dynamic trust score and environmental risk level, adjust the intensity and execution method of safety control actions and generate instruction templates; By integrating the above-mentioned specific operation sets, data field subsets, and instruction templates, a machine-readable collaborative control instruction set is generated.

[0119] In one embodiment, the strategy reasoning module 14 is further configured to: The generated collaborative control instruction set, the current system's security baseline policy, and the compliance requirements obtained from the business knowledge base are all transformed into formal logical propositions. Based on formal logic propositions, formal verification tools are used to automatically verify preset security attributes; If an attribute conflict is detected, the resolution engine is activated. Based on the risk contribution report from the risk tracing algorithm, the resolution engine prioritizes attempting to automatically repair the conflict through enhanced control actions. If automatic repair fails, an abnormal policy proposal requiring administrator approval is generated, and the direct issuance and execution of the collaborative control instruction set is prevented.

[0120] In one embodiment, the policy execution module 15 is used to: The strategy execution controller receives the cooperative control instruction set; Parse the collaborative control instruction set and distribute different sub-instructions to the corresponding security components according to the collaborative control instructions specified in the collaborative control instruction set; After each security component has completed its execution, it reports its status back to the policy execution controller. The policy execution controller summarizes the status of each component, confirms that the overall control command has been executed, and updates the session status.

[0121] In one embodiment, the policy execution module 15 is further configured to: During the execution of collaborative control instructions, the latest dynamic trust score and environmental risk data from the trust assessment quantification model are continuously monitored, and environmental events are extracted based on the environmental risk data. When the dynamic trust score drops below the preset threshold, or when the extracted environmental event triggers the preset risk event, the policy reasoning engine is triggered in real time to dynamically correct the generated collaborative control instruction set based on the latest dynamic trust score and the current session state. The revised collaborative control instruction set is distributed to relevant security components to dynamically adjust policies for currently ongoing data access sessions.

[0122] Compared to existing technologies, this embodiment first provides a standardized policy definition interface through the intent parsing module 11, reducing the professional requirements for the requesting subject and increasing the difficulty of policy generation. Furthermore, it invokes a natural language processing model for semantic analysis and entity extraction, ensuring the accuracy and automation of intent parsing, avoiding the subjectivity and inefficiency of manual interpretation, and accurately capturing core semantic elements such as subject, operation, data object, and business purpose. The extracted entities are used to generate a unified policy abstraction, providing a standardized input format for all subsequent processing modules, realizing business-driven policy generation, and enabling security policies to be accurately positioned against business objectives.

[0123] Secondly, the dynamic trust assessment module 12 collects multimodal behavioral signals for real-time analysis and comparison to obtain the user's current behavioral state and the risk environment they are in. Based on a temporal graph neural network and attention mechanism model, the behavioral signals are constructed into a temporal heterogeneous graph, enabling the model to learn dynamic evolution trends and complex dependencies between operations, thus improving the accuracy of risk identification and enhancing credibility. Finally, the preset baseline trust score is calculated by subtracting the comprehensive risk score, allowing the trust score to respond in real-time to changes in behavior and environment. This gives the security policy accurate risk perception capabilities and improves the security and flexibility of the data access process.

[0124] Furthermore, through the strategy constraint query module 13, the knowledge base is automatically queried to obtain data classification and grading tags, compliance requirements, and minimum necessary usage scope information related to the data object and business purpose. Key constraints are automatically introduced during the strategy reasoning stage. This eliminates the need for manual configuration of complex compliance rules, reducing operational costs and error risks associated with compliance. Fine-grained control over data access from its source is implemented, allowing access only to the minimum data necessary to complete the task, reducing data exposure and enhancing data security and compliance. Static compliance requirements are transformed into dynamic strategy constraints applicable to specific business scenarios.

[0125] Simultaneously, through the strategy reasoning module 14, a logical reasoning process is employed to combine strategy abstraction, dynamic trust scores, and control constraints. The scope of operations and data is determined based on business objectives and the minimum necessary usage range, ensuring a high degree of alignment between the strategy and business goals. Basic security control actions are determined based on data classification and grading labels, establishing the foundation for risk-level management. Control strength is dynamically adjusted based on dynamic trust scores and environmental risk levels, achieving personalized and contextualized policy adaptation, allowing security control strength to flexibly scale with changes in risk. Subsequently, through strategy logic and automatic verification, it is ensured that preset security attributes are not violated, avoiding security vulnerabilities caused by strategy logic errors. This ensures business continuity, reduces manual intervention, and achieves a self-healing strategy controller.

[0126] Finally, through the policy execution module 15, the collaborative control instruction set is parsed and distributed to various security components according to the policy execution controller, and execution feedback is collected. This achieves collaborative management of heterogeneous security capabilities, solving the problem of lack of collaboration among traditional security components. By continuously monitoring the latest trust scores and environmental events during instruction execution and setting trigger thresholds, when risk deterioration or environmental changes are detected, the policy inference engine is triggered to re-determine, generate a revised collaborative control instruction set, and execute it immediately. This enables the security policy to adjust its prevention strategy in a timely manner. Ultimately, the collaboratively executed security policy provides full-process protection, ensuring business continuity while providing real-time and accurate security protection.

Claims

1. An adaptive data security policy generation method based on intent and continuous trust assessment, characterized in that, The method includes: The system receives the business data access intent submitted by the requesting subject, parses and abstracts the business data access intent to obtain a strategy abstraction, which includes the requesting subject, operation, data object, and business purpose. The multimodal real-time behavioral signals, operation sequences, and current environmental risk data of the requesting subject are obtained as trust indicators. Based on the trust indicators and a preset trust assessment quantification model, the current dynamic trust score is calculated. Based on the strategy abstraction, query the business knowledge base to obtain the control constraints; Based on the policy abstraction, the dynamic trust score, and the control constraints, a corresponding set of collaborative control instructions is generated through the policy reasoning engine. The collaborative control instruction set is distributed to relevant security components for collaborative work, and the collaborative control instruction set is dynamically updated based on the latest dynamic trust score to complete secure access and use of data.

2. The method according to claim 1, characterized in that, The business data access intent is parsed and abstracted to obtain a policy abstraction, including: The policy definition interface receives the business data access intent input by the requesting subject; The natural language processing model is invoked to perform semantic analysis on the business data access intent, identify and extract key entities and relationships, and the key entities include at least: request subject identifier, operation verb, data object description, and business purpose statement; The extracted key entities are mapped to a predefined strategy element framework to form a structured strategy abstraction.

3. The adaptive data security policy generation method based on intent and continuous trust assessment according to claim 1, characterized in that, The system acquires the multimodal real-time behavioral signals, operation sequences, and current environmental risk data of the requesting entity as trust indicators. Based on these trust indicators and a preset trust assessment quantification model, it calculates the current dynamic trust score, including: During the requesting subject session, multimodal real-time behavioral signals are continuously collected, including: behavioral biometric signals, operation sequence logs, and environmental context information; Based on the collected multimodal real-time behavior signals, atomic operation events in the multimodal real-time behavior signals are identified, and the atomic operation events are subjected to time-series sorting, session segmentation and aggregation analysis to obtain operation sequence logs; Based on the collected multimodal real-time behavioral signals, the current environmental risk data in the multimodal real-time behavioral signals is identified, and the environmental risk level is obtained by comprehensively weighting and rating the identified current environmental risk data. The collected multimodal real-time behavioral signals are compared with the historical behavioral baseline of the corresponding requesting subject in real time to calculate the behavioral deviation. The behavioral deviation and environmental risk level are input into a pre-trained trust assessment quantification model using operation sequence logs, and the output is a continuously changing value within a preset range, which serves as the current dynamic trust score.

4. The adaptive data security policy generation method based on intent and continuous trust assessment according to claim 3, characterized in that, The trust assessment quantification model employs a risk attribution algorithm based on a temporal graph neural network and an attention mechanism, specifically including: A time-series heterogeneous graph is constructed from the multimodal real-time behavioral signals with timestamps collected within a certain time window. The node types in the time-series heterogeneous graph include request subject, device, operation, and data resource, and the edges represent different types of relationships and signal strength that changes over time. The temporal heterogeneous graph is embedded using a temporal graph neural network to learn the dynamic evolution trend of the request subject's behavior pattern and the dependencies between operations. Using a temporal heterogeneity graph, a comprehensive risk score is calculated based on the requesting subject's behavioral deviation, environmental risk level, and operation sequence. An attention mechanism is introduced to calculate the contribution weight of each dimension signal node and time slice in the temporal heterogeneous graph to the overall risk score of the current session, and an interpretable risk contribution report is generated. The dynamic trust score is calculated by subtracting the comprehensive risk score from the preset baseline trust score.

5. The adaptive data security policy generation method based on intent and continuous trust assessment according to claim 1, characterized in that, Query the business knowledge base to obtain control constraints, including: data classification and grading labels, compliance requirements, and minimum necessary scope of use information related to data objects and business purposes.

6. The adaptive data security policy generation method based on intent and continuous trust assessment according to claim 1, characterized in that, Based on the aforementioned policy abstraction, the dynamic trust score, and control constraints, a corresponding collaborative control instruction set is generated through the policy inference engine, including: The inputs to the strategy reasoning engine are strategy abstraction, dynamic trust score, data classification and grading labels, compliance requirements, and minimum necessary scope of use information; The reasoning process of the strategy reasoning engine is as follows: Based on business objectives and minimum necessary usage information, determine the specific set of operations that can be performed and the required subset of data fields; Based on the data classification and grading labels of the data fields, determine the security control actions that need to be applied; Based on the current dynamic trust score and environmental risk level, adjust the intensity and execution method of safety control actions and generate instruction templates; By integrating the above-mentioned specific operation sets, data field subsets, and instruction templates, a machine-readable collaborative control instruction set is generated.

7. The adaptive data security policy generation method based on intent and continuous trust assessment according to claim 6, characterized in that, After generating the collaborative control instruction set, a policy security attribute conflict detection process based on formal verification is also included, specifically: The generated collaborative control instruction set, the current system's security baseline policy, and the compliance requirements obtained from the business knowledge base are all transformed into formal logical propositions. Based on formal logic propositions, formal verification tools are used to automatically verify preset security attributes; If an attribute conflict is detected, the resolution engine is activated. Based on the risk contribution report from the risk tracing algorithm, the resolution engine prioritizes attempting to automatically repair the conflict through enhanced control actions. If automatic repair fails, an abnormal policy proposal requiring administrator approval is generated, and the direct issuance and execution of the collaborative control instruction set is prevented.

8. The adaptive data security policy generation method based on intent and continuous trust assessment according to claim 1, characterized in that, The collaborative control instruction set is distributed to relevant security components for collaborative operation, including: The strategy execution controller receives the cooperative control instruction set; Parse the collaborative control instruction set and distribute different sub-instructions to the corresponding security components according to the collaborative control instructions specified in the collaborative control instruction set; After each security component has completed its execution, it reports its status back to the policy enforcement controller. The policy execution controller summarizes the status of each component, confirms that the overall control command has been executed, and updates the session status.

9. The adaptive data security policy generation method based on intent and continuous trust assessment according to claim 1, characterized in that, And dynamically update the collaborative control instruction set based on the latest dynamic trust score, including: During the execution of collaborative control instructions, the latest dynamic trust score and environmental risk data from the trust assessment quantification model are continuously monitored, and environmental events are extracted based on the environmental risk data. When the dynamic trust score drops below the preset threshold, or when the extracted environmental event triggers the preset risk event, the policy reasoning engine is triggered in real time to dynamically correct the generated collaborative control instruction set based on the latest dynamic trust score and the current session state. The revised collaborative control instruction set is distributed to relevant security components to dynamically adjust policies for currently ongoing data access sessions.

10. A secure delivery system for data elements in a communication network, characterized in that, The system is used to implement a secure delivery method for data elements in a communication network according to any one of claims 1-9, the system comprising: The intent parsing module is used to receive the business data access intent submitted by the requesting subject, parse and abstract the business data access intent to obtain the policy abstraction, which includes the requesting subject, operation, data object and business purpose; The dynamic trust assessment module is used to acquire the multimodal real-time behavioral signals, operation sequences and current environmental risk data of the requesting subject as trust indicators. Based on the trust indicators and the preset trust assessment quantification model, the module calculates the current dynamic trust score. The strategy constraint query module is used to query the business knowledge base based on the strategy abstraction to obtain control constraints. The strategy reasoning module is used to generate a corresponding set of collaborative control instructions based on the strategy abstraction, the dynamic trust score, and the control constraints through the strategy reasoning engine. The policy execution module is used to distribute the collaborative control instruction set to relevant security components for collaborative work, and dynamically update the collaborative control instruction set based on the latest dynamic trust score to complete the secure access and use of data.