Project whole-cycle information management method, system, device and storage medium

By generating data collection templates through the form designer component, constructing multi-level confidentiality task workflows, and generating electronic ledgers and risk warning heat maps, the problem of low efficiency in traditional information management is solved, realizing full-cycle automated management and risk warning, and improving the security and efficiency of information management.

CN122335201APending Publication Date: 2026-07-03BEIJING JUNMIAN TESTING & EVALUATION CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING JUNMIAN TESTING & EVALUATION CO LTD
Filing Date
2026-03-27
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Traditional information management methods are inefficient, rely on manual recording, and paper documents are prone to information omissions, tampering, or difficulties in tracing. There is a risk of leakage in the management of classified information, and existing technologies are insufficient in terms of risk warning and alerts.

Method used

The form designer component generates data collection templates for classified projects, constructs multi-level confidentiality task workflows, generates electronic ledgers and risk warning heatmaps, utilizes blockchain to build electronic ledgers, and combines the template designer component to generate standardized confidentiality files, achieving full-cycle automated management and risk warning.

Benefits of technology

It has achieved full-cycle information management efficiency improvement, adapted to different risk scenarios, ensured the immutability of the carrier's entire life cycle trajectory, and improved risk warning efficiency and information management security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122335201A_ABST
    Figure CN122335201A_ABST
Patent Text Reader

Abstract

This application relates to a method, system, device, and storage medium for information management throughout the entire project lifecycle. The information management method includes: generating a data collection template for classified projects using a form designer component and acquiring a basic project information set; the basic project information set includes personnel access data, carrier attribute data, and classified task type data; constructing a multi-level classified task workflow based on the classified task type data using a process designer component; generating an electronic ledger based on the carrier attribute data; generating a risk warning heatmap based on personnel access data and supervision and protection trigger strategies using a chart designer component; and, in response to receiving a project termination instruction, generating standardized classified files and performing electronic archiving using a template designer component based on the multi-level classified task workflow, electronic ledger, and risk warning heatmap. This application can improve the security and efficiency of classified project management.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of information management, and in particular to a method, system, device and storage medium for information management throughout the entire project lifecycle. Background Technology

[0002] With the development of information technology, the management of classified business consulting service projects faces many adjustments. For example, traditional management methods are inefficient, relying on manual records and paper document circulation, which can easily lead to information omissions, tampering, or difficulties in tracing. Furthermore, there are high confidentiality risks, with classified information at risk of leakage during storage, transmission, and use, such as using non-classified equipment to process classified information or cross-using storage media.

[0003] In the prior art, patent application CN102185695A discloses an information management system that encodes the original file and generates an encrypted file through an encoding unit. During normal operation, a decoding unit decodes the encrypted file into an editable display file, which is then stored in memory. Necessary editing is performed on the display file, and after editing, the encoding unit converts the display file back into an encrypted file and saves it in a data storage memory. This system can centralize information management across organizational and managerial levels, securely protect and manage information installed in various mechanical devices, reduce the burden of information management, prevent information leakage, and maintain / protect files, preventing damage, tampering, and alteration. However, this method still has shortcomings in the management of classified information, such as risk warning alerts.

[0004] Therefore, it is necessary to provide a method, system, equipment, and storage medium for information management throughout the entire project lifecycle. Summary of the Invention

[0005] This application provides a method, system, and storage medium for information management throughout the entire project lifecycle, thereby providing an integrated information technology management approach to improve the security and efficiency of managing classified projects.

[0006] Firstly, this application provides a method for information management throughout the entire project lifecycle, the method comprising:

[0007] The form designer component generates a data collection template for classified projects and obtains a basic information set for the project; the basic information set for the project includes personnel permission data, carrier attribute data, and classified task type data. Based on the confidentiality task type data, a multi-level confidentiality task workflow is constructed through the process designer component; the multi-level confidentiality task workflow includes a confidentiality responsibility allocation path, a centralized management approval chain, and a supervision and protection trigger strategy. An electronic ledger is generated based on the carrier attribute data; the electronic ledger records the entire lifecycle trajectory of the classified carrier, and the entire lifecycle trajectory includes the source identifier, the transfer path signature, the encrypted coordinates of the storage location, and the destruction timestamp; Based on the personnel permission data and the supervision and protection triggering strategy, a risk warning heat map is generated through the chart designer component; In response to receiving a project termination instruction, the template designer component generates a standardized confidentiality file based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap, and performs electronic archiving.

[0008] In some embodiments, the step of constructing a multi-level confidentiality task workflow based on the confidentiality task type data through a process designer component includes: Analyze the topological structure of the confidential task type data to generate a standard process framework; Obtain real-time threat values ​​and determine gateway aggregation modes based on the real-time threat values; the gateway aggregation modes include enabling XOR aggregation mode when the real-time threat value is greater than a preset high-risk threshold, enabling parallel aggregation mode when the real-time threat value is in the medium-risk range, and otherwise enabling multi-path aggregation mode. Based on the standard process framework and the gateway aggregation mode, the multi-level confidentiality task workflow is constructed through the process designer component.

[0009] In some embodiments, obtaining the real-time threat value includes: Obtain the carrier operation event sequence, and calculate the risk probability distribution of each event based on the carrier operation event sequence; Based on the risk probability distribution and geographic encryption coefficient of each event, the spatiotemporal security entropy value is calculated. The spatiotemporal security entropy value is input into a pre-trained security assessment model, and the output threat mapping result is used as the real-time threat value.

[0010] In some embodiments, the security assessment model is obtained in the following manner: Retrieve historical operation event data and corresponding security event tags; Based on the historical operation event data, extract the feature vector of the spatiotemporal security entropy value; The feature vector is nonlinearly transformed by an activation function to output the predicted threat mapping result. Based on the predicted threat mapping results and the security event labels, a loss function is constructed, and a multi-layer convolutional neural network is trained with minimizing the loss function as the optimization objective to obtain the security assessment model.

[0011] In some embodiments, generating an electronic ledger based on the carrier attribute data includes: Based on the carrier's unique identifier, carrier generation time, and encryption location information in the carrier attribute data, a randomly encrypted digital fingerprint is generated. The digital fingerprint and the project's operation log are written into the blockchain distributed ledger to generate the electronic ledger.

[0012] In some embodiments, generating a risk warning heatmap using a chart designer component based on the personnel permission data and the supervision and protection triggering strategy includes: Based on the aforementioned monitoring and protection triggering strategy, a three-dimensional security matrix is ​​constructed, including confidentiality, integrity, and availability dimensions. Extract the personnel permission vector based on the aforementioned personnel permission data; The three-dimensional security matrix and the personnel permission vector are weighted and fused, and the risk warning heat map is generated by the chart designer component based on the fusion result.

[0013] In some embodiments, in response to receiving a project termination instruction, the standardized confidentiality file is generated by the template designer component based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap, including: In response to receiving the project termination instruction, the template designer component generates structured parameters for the archived document based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap; Obtain a preset encryption algorithm and use the encryption algorithm to encrypt the structured parameters; The standardized confidential file is generated based on the encrypted structured parameters.

[0014] Secondly, this application provides an information management system for the entire project lifecycle, the system comprising: The data acquisition module is used to generate a data collection template for classified projects through the form designer component and to acquire a basic information set of the project; the basic information set of the project includes personnel permission data, carrier attribute data and classified task type data; The process design module is used to construct a multi-level confidential task workflow based on the confidential task type data through the process designer component; the multi-level confidential task workflow includes a confidentiality responsibility allocation path, a centralized management approval chain, and a supervision and protection trigger strategy. An electronic ledger generation module is used to generate an electronic ledger based on the carrier attribute data; the electronic ledger records the entire lifecycle trajectory of the classified carrier, and the entire lifecycle trajectory includes a source identifier, a transfer path signature, encrypted coordinates of the storage location, and a destruction timestamp. The chart design module is used to generate a risk warning heatmap based on the personnel permission data and the supervision and protection triggering strategy through the chart designer component; The template design module is used to respond to a project termination instruction by generating standardized confidentiality files and performing electronic archiving based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap through the template designer component.

[0015] Thirdly, an electronic device is provided, including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus; Memory, used to store computer programs; When a processor executes a program stored in memory, it implements the steps of the information management method for the entire project lifecycle as described in any embodiment of the first aspect.

[0016] Fourthly, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed by a processor, implements the steps of the information management method for the entire project lifecycle as described in any embodiment of the first aspect.

[0017] Compared with the prior art, the above-mentioned technical solutions provided in this application have the following advantages: (1) Improved efficiency of full-cycle management. The form designer component automatically generates collection templates, and the template designer component generates standardized archives with one click, eliminating manual recording and paper circulation, and realizing automated data collection and archiving. (2) Dynamically generated multi-level workflow based on confidential task type data, supporting parallel / XOR and other aggregation modes, and adaptable to different risk scenarios. (3) Electronic ledgers are constructed through digital fingerprints and blockchain ledgers to ensure that the trajectory of the carrier throughout its entire life cycle is tamper-proof. (4) The three-dimensional security matrix of confidentiality / integrity / availability and permission vector are integrated to generate heat maps to realize real-time risk positioning and improve the efficiency of information management risk warning. Attached Figure Description

[0018] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with the invention and, together with the description, serve to explain the principles of the invention.

[0019] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0020] Figure 1 A flowchart illustrating a project lifecycle information management method provided in this application embodiment; Figure 2 This is a schematic diagram of the process for generating a risk warning heatmap provided in an embodiment of this application; Figure 3 This is a schematic diagram of the process for generating standardized confidential files provided in an embodiment of this application; Figure 4 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0021] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0022] Figure 1 This is a flowchart illustrating a method for information management throughout the entire project lifecycle, provided as an embodiment of this application. In some embodiments, the process may include the following operations: Step 101: Generate a data collection template for classified projects using the form designer component, and obtain the basic information set of the project. The basic information set of the project includes personnel permission data, carrier attribute data, and classified task type data.

[0023] The Form Designer component is an online tool for designing and creating data collection forms by dragging and dropping HTML element components (such as text boxes and dropdown menus) to collect business data. For example, the Form Designer component could be the SDForm component, where users can drag and drop a text box component onto a web page to enter a project name, or use a dropdown menu component to select a confidentiality level.

[0024] The classified project data collection template is a predefined form structure used to standardize the collection of data related to classified projects. It is generated by a form designer component and includes fields for inputting basic project information. For example, a form template might include a project leader text box, a carrier type dropdown menu, and a classified task category radio button for uniformly collecting classified information.

[0025] The project basic information set is a collection of data that includes basic attribute information of classified projects, such as personnel access data, carrier attribute data, and classified task type data, for use in subsequent management processes. For example, datasets stored in the system might include personnel access data (user access levels), carrier attribute data (file storage location), and classified task type data (management category).

[0026] Personnel access data describes the access and operation permissions of users or roles within the system, used to control the scope of viewing, modifying, or managing confidential information. For example, the data might indicate that administrators can modify all data, while auditors can only view logs, with permission levels defined based on user roles.

[0027] Carrier attribute data describes the physical or logical properties of classified carriers (such as files or media), including information such as type, size, and location. For example, the attribute data of a PDF document might include: file size: 10MB, storage path: / secure / server1, encryption status: encrypted.

[0028] Confidentiality task type data represents different types of confidentiality management tasks in classified business operations, based on the classification of confidentiality service management, such as confidentiality responsibility, centralized management, and supervision and assurance. For example, data identifying task types as confidentiality responsibility allocation or supervision and assurance triggering is used to distinguish workflow construction.

[0029] In some embodiments, a form designer component can be used to create form templates online, which can then be used to collect and structure a set of basic project information. Specifically, users add HTML element components (such as text boxes or drop-down menus) through the drag-and-drop interface of the form designer component to define form fields. The system automatically validates the input data, and once validation is successful, a template is generated. Users can then input or import data through this template to form a set of basic project information.

[0030] The form designer component provides a visual design environment. User-defined fields are mapped to personnel permission data, carrier attribute data, and confidential task type data. The system collects information through data binding and stores it in the database.

[0031] For example, after logging into the system, a user can drag and drop a multi-line text component using the SDForm component to input personnel permission data (e.g., role: project manager, permission: approveable). A checkbox component is used to select carrier attribute data (e.g., carrier type: electronic document, attribute: encrypted storage), and a radio button component is used to specify the confidential task type data (e.g., task type: centralized management). After the user clicks submit, the system combines these inputs into a basic project information set and stores it in the project information table.

[0032] Step 102: Based on the confidential task type data, construct a multi-level confidential task workflow using the process designer component. The multi-level confidential task workflow includes a confidentiality responsibility allocation path, a centralized management approval chain, and a supervision and protection trigger strategy.

[0033] The process designer component is a tool based on the BPMN 2.0 standard for designing and modeling business processes. It supports customizing process objects (such as tasks and gateways) and extending functionality such as parallel approval or conditional branching. For example, the process designer component can be an SDFlom component, where users can drag and drop task elements on the interface to define approval steps or set up gateways for decision branches.

[0034] A multi-level confidentiality task workflow is a hierarchical business process model used to manage classified tasks. It includes multiple sub-process levels to ensure that confidentiality tasks are executed step by step. For example, a workflow may include a first-level confidentiality responsibility assignment, a second-level centralized management and approval, and a third-level monitoring and assurance triggering.

[0035] A confidentiality responsibility assignment path is a specific path in a workflow that specifies how confidentiality responsibilities are assigned to different personnel or roles, including responsibility transfer and confirmation steps. For example, the path defines the assignment of responsibility from the department head to the specific responsible person and records the assignment path signature.

[0036] The centralized management approval chain is a sequential approval process involving multiple approval nodes for reviewing and approving centralized management tasks. For example, the approval chain includes an initial review by the security officer, a secondary review by the supervisor, and each approval node requires an electronic signature.

[0037] Monitoring and assurance triggering policies are policy rules that define the conditions under which monitoring and assurance activities are triggered, such as based on risk thresholds or time events. For example, a policy might be set to trigger a monitoring alarm when the storage location of the carrier is abnormal.

[0038] In some embodiments, the workflow structure can be determined based on confidentiality task type data, and a process designer component can be used to design and implement multi-level workflows, including confidentiality responsibility allocation paths, centralized management approval chains, and monitoring and safeguard triggering strategies. Specifically, the system parses confidentiality task type data (such as confidentiality responsibility allocation type), the process designer component provides a graphical interface for dragging and dropping BPMN elements (such as tasks or gateways), users define paths, approval chains, and policy rules, and the system can compile them into an executable workflow.

[0039] The workflow is built using data-driven confidentiality task types. The workflow designer component maps the data to workflow objects, generating multi-level logical paths to ensure the workflow meets confidentiality management requirements. For example, if the confidentiality task type data is a centralized management approval chain, the user can use the SDFlom component to drag and drop a sequential task element to build the approval chain (e.g., from the initial review node to the final review node), set conditional path branches for automatic routing based on input data, and add a supervision and protection trigger strategy element to define rules that trigger an alarm task if the carrier attribute data is abnormal. After the workflow is built, it is deployed to the business logic layer.

[0040] In some embodiments, constructing a multi-level confidentiality task workflow based on the confidentiality task type data through a process designer component may include the following operations: S10, parse the topological structure of the confidential task type data and generate a standard process framework.

[0041] The topology of classified task type data is a network structure describing the internal relationships within the classified task type data, including the hierarchical relationships and connection methods between task nodes. For example, the topology of a centralized management approval chain may be a tree-like hierarchy (such as initial review → secondary review → final review), and the confidentiality responsibility allocation path may be a star-shaped structure (such as the central node being the responsible entity, radiating to multiple execution nodes).

[0042] The standard process framework is a standardized business process skeleton generated based on the topology, including basic task nodes, sequential relationships, and placeholders, but without the addition of dynamic logic. For example, the framework may include fixed node sequences (such as start event → task node 1 → task node 2 → end event) and predefined swimlanes (such as the responsible department swimlane).

[0043] In some embodiments, the system parses the connection relationships (such as node hierarchy) of confidential task type data and automatically maps them to BPMN2.0 standard elements (such as tasks and events) to generate a basic framework without dynamic logic.

[0044] The system reads confidential task type data through the data access layer, and the business logic layer parses its topology, converting it into a framework template recognizable by the process designer component. For example, confidential task type data may be a centralized management approval chain with a three-level linear approval topology (initial review → secondary review → final review). After parsing, the system generates a standard process framework, which includes three nodes arranged in sequence: initial review task, secondary review task, and final review task, along with corresponding submission and completion events.

[0045] S11: Obtain real-time threat values ​​and determine the gateway aggregation mode based on the real-time threat values.

[0046] The gateway aggregation modes include XOR aggregation mode when the real-time threat value is greater than a preset high-risk threshold, parallel aggregation mode when the real-time threat value is in the medium-risk range, and multi-path aggregation mode otherwise.

[0047] The real-time threat value is a dynamic numerical value that quantifies the current security risk and is derived from system monitoring data (such as the number of abnormal accesses and carrier location offset alarms). For example, a threat value of 0.85 (ranging from 0 to 1) is calculated by weighting the number of unauthorized accesses and the number of abnormal storage locations in the audit log.

[0048] Gateway aggregation mode is the aggregation logic of task nodes controlled by the process gateway, which determines the merging method of multi-path processes.

[0049] The XOR aggregation mode allows only a single path that meets the conditions to continue execution, while other paths are terminated. For example, in high-risk situations, only the fast approval path is activated, while redundant paths are disabled.

[0050] Parallel aggregation mode requires all branch paths to complete before proceeding to subsequent tasks. For example, in medium-risk scenarios, all approval nodes are required to complete the review in parallel.

[0051] Multi-path aggregation mode means that execution can continue once any branch path is completed. For example, in low-risk scenarios, the action takes effect as soon as any approval node is approved.

[0052] The preset high-risk threshold and medium-risk range are pre-defined numerical boundaries used to classify risk levels (e.g., high-risk threshold = 0.8, medium-risk range = [0.4, 0.8]).

[0053] In some embodiments, the latest threat values ​​can be read from a monitoring system or database (such as querying an audit log table to calculate a risk score).

[0054] In some embodiments, real-time threat values ​​can also be obtained in the following ways: S111, Obtain the carrier operation event sequence, and calculate the risk probability distribution of each event based on the carrier operation event sequence.

[0055] The carrier operation event sequence is a collection of classified carrier operation behaviors recorded in chronological order. Each event includes attributes such as operation type, timestamp, and operation subject.

[0056] A risk probability distribution describes the numerical distribution of the likelihood of a security risk occurring in each operational event, typically represented by a probability value (0~1). For example, the risk probability of a file transfer event is 0.7 (indicating high risk), and the risk probability of a file storage event is 0.2 (indicating low risk).

[0057] In some embodiments, operational events can be extracted from the electronic ledger's entire lifecycle trajectory and sorted by time to form a sequence. A preset risk rule base is matched based on the event type, historical risk data for similar events is statistically analyzed, and a probability distribution is generated by combining the rules.

[0058] S112, Calculate the spatiotemporal security entropy value based on the risk probability distribution and geographical encryption coefficient of each event.

[0059] The geographic encryption coefficient is a numerical value that quantifies the security of the storage location. It is generated from the encrypted coordinates of the storage location in the carrier attribute data and reflects the strength of the physical location's confidentiality.

[0060] Spatiotemporal security entropy is a composite security indicator that integrates time, space, and risk probability. The higher the entropy value, the greater the uncertainty (risk) of the system.

[0061] In some embodiments, an event risk probability set can be extracted: {P1, P2, ..., Pn}, and an associated geographic encryption coefficient: {G1, G2, ..., Gn}. High-risk events with low geographic encryption coefficients will significantly increase the entropy value. For each event, its risk probability is multiplied by the location security vulnerability (1 - geographic encryption coefficient), and the results of all events are summed.

[0062] For example, for event 1: risk probability = 0.8, geographical encryption coefficient = 0.3, then the contribution value = 0.8 × (1 - 0.3) = 0.56; Event 2: Risk probability = 0.4, geographical encryption coefficient = 0.9, then contribution value = 0.4 × (1 - 0.9) = 0.04. Spatiotemporal security entropy value = 0.56 + 0.04 = 0.60.

[0063] S113, input the spatiotemporal security entropy value into the pre-trained security assessment model, and output the threat mapping result as the real-time threat value.

[0064] Security assessment models are mathematical models trained using machine learning. They take entropy values ​​as input and output a standardized threat level (such as a real value between 0 and 1). For example, neural network models are trained on the correspondence between historical entropy values ​​and actual data breaches.

[0065] The threat mapping result is a normalized threat value output by the model, which is used as a real-time threat value for subsequent processes. For example, if the input entropy value is 0.6, the model output threat value is 0.85 (mapped to the high-risk range).

[0066] In some embodiments, historical data can be used to train the model.

[0067] In some embodiments, the security assessment model is obtained in the following manner: S20, obtain historical operation event data and corresponding security event tags.

[0068] Historical operation event data is a sequence record of past operations involving classified carriers, including fields such as time, operation type, and equipment.

[0069] Security event tags are binary identifiers that indicate whether a historical operation led to a security event (e.g., 0 = no data leak, 1 = data leak occurred). For example, tag data [Event ID:001, Tag:1] indicates that the transmission operation caused an information leak.

[0070] In some embodiments, historical event sequences can be extracted from electronic ledgers or audit logs. Tags are generated based on the security event results recorded by the associated monitoring and assurance module.

[0071] S21, based on historical operation event data, extract the feature vector of spatiotemporal security entropy value.

[0072] Multi-layer convolutional neural networks (CNNs) can be used to extract feature vectors of spatiotemporal security entropy. A multi-layer CNN is a deep learning model that automatically extracts data features through multiple convolutional operations and is suitable for sequence data processing (such as time series). For example, a neural network structure including convolutional layers and pooling layers takes an event sequence as input and outputs a feature vector.

[0073] The feature vector of the spatiotemporal security entropy value is a numerical vector generated by a neural network, which comprehensively reflects the spatiotemporal risk characteristics of historical operational events (providing input for subsequent threat prediction). For example, the vector [0.2, 0.7, 0.5] represents the quantified value of the event's temporal risk, spatial risk, and operational type risk.

[0074] Furthermore, based on the historical operation event data, a feature vector of the spatiotemporal security entropy value is extracted, specifically including: Historical operation event data is spatiotemporally structured and encoded to generate a structured event table containing timestamps, operation subjects, target objects, and geographical locations; Based on the structured event table, the co-occurrence relationship between each operation behavior and the security event label is statistically analyzed within the sliding time window, and the local risk probability distribution of each spatiotemporal unit is calculated. The Shannon entropy of each spatiotemporal unit is calculated using the local risk probability distribution and organized into a spatiotemporal entropy tensor according to the original spatiotemporal topology; Perform multi-layer convolution operations on the spatiotemporal entropy tensor to output a feature vector of spatiotemporal safe entropy values.

[0075] To quantitatively assess the security of operational behaviors in a confidential environment, it is necessary to extract feature representations with spatiotemporal semantics and risk discrimination capabilities from historical operational event data. This embodiment constructs a structured spatiotemporal risk representation system and introduces information entropy and deep convolution mechanisms to generate feature vectors that reflect the spatiotemporal security entropy value that reflects the strength of the correlation between operational uncertainty and security.

[0076] Specifically, historical operation event data is spatiotemporally structured encoded: each operation record in the original log is parsed into a unified format timestamp, operation subject (such as user ID or device identifier), target object (such as file path or service interface), and geographical location (such as the area code of IP address mapping). Based on the preset time granularity (such as minute level) and spatial grid (such as security domain division), these fields are mapped to discrete spatiotemporal coordinates to generate a structured event table that is organized in chronological order and retains spatial context.

[0077] Based on the structured event table, the co-occurrence relationship between each operation and the labeled security event is statistically analyzed within a sliding time window. For example, a fixed-length time window (e.g., 1 hour) is slid along the time axis. Within each window, for each type of operation (e.g., "sensitive file download" or "unauthorized access"), the number of times it appears in each spatial unit is counted. Combined with whether a security event occurs within the window, the conditional probability of the operation under that spatiotemporal unit is calculated, ultimately forming the local risk probability distribution corresponding to each spatiotemporal unit combination.

[0078] The Shannon entropy of each spatiotemporal unit is calculated using the local risk probability distribution. The Shannon entropy reflects the degree of uncertainty of the operation behavior at that spatiotemporal location. Then, the entropy values ​​of all spatiotemporal units are filled into a three-dimensional array according to their original time index and spatial coordinates to construct a spatiotemporal entropy tensor that maintains the original topological structure.

[0079] Multi-layer convolution operations are performed on the spatiotemporal entropy tensor. The spatiotemporal entropy tensor is input into a neural network containing multiple convolutional layers. Each layer uses convolutional kernels of different sizes to jointly extract local patterns and cross-regional dependencies in the time-space dimension. Batch normalization and pooling operations are used in between to enhance robustness. Finally, a feature vector of spatiotemporal safety entropy value with fixed dimension is output through global pooling. This feature vector integrates the spatiotemporal distribution of operational behavior, risk correlation, and information uncertainty.

[0080] S22 performs a nonlinear transformation on the feature vector using an activation function, and outputs the predicted threat mapping result.

[0081] Activation functions are functions that introduce non-linear transformations in neural networks, enabling the model to learn complex patterns (such as ReLU and Sigmoid). For example, the Sigmoid function maps feature vector values ​​to the (0,1) interval, representing threat probabilities.

[0082] The predicted threat mapping result is the threat value (0~1) predicted by the model for a single historical event, which is used for subsequent training and comparison.

[0083] In some embodiments, the feature vector can be input into a fully connected layer, and an activation function (such as Sigmoid) can be applied to perform nonlinear calculations, outputting a scalar value of 0 to 1 to obtain the predicted threat mapping result.

[0084] S23. Based on the predicted threat mapping results and security event labels, a loss function is constructed, and a multi-layer convolutional neural network is trained with minimizing the loss function as the optimization objective to obtain a security assessment model.

[0085] A loss function is a function that measures the difference between the model's predicted values ​​(the predicted threat mapping results) and the actual values ​​(security event labels). For example, the cross-entropy loss function.

[0086] The optimization goal is to gradually reduce the loss function value until convergence by adjusting the weight parameters of the neural network. For example, the gradient descent algorithm can be used to update the weights until the loss value is less than a preset value.

[0087] S12, based on the standard process framework and gateway aggregation mode, constructs multi-level confidentiality task workflows through the process designer component.

[0088] The process designer component is a visual process modeling tool that supports BPMN 2.0. It allows users to drag and drop elements such as gateways and tasks and configure their properties. For example, a user can drag and drop an XOR gateway into the process framework and set a conditional expression.

[0089] In some embodiments, gateway aggregation patterns can be mapped to gateway nodes in a standard process framework (e.g., for XOR aggregation patterns, an XOR gateway is added). The process designer component can automatically insert gateways and configure path logic (e.g., for parallel aggregation patterns, a synchronization node needs to be added).

[0090] The business logic layer passes gateway mode parameters to the process designer component, which generates an executable workflow model based on the standard process framework. For example, given a standard process framework (three-level approval nodes) and a gateway aggregation mode (parallel aggregation mode), the process designer inserts a parallel gateway (split path) before the three-level approval nodes and a parallel aggregation gateway (synchronization path) afterward to obtain a multi-level confidential task workflow.

[0091] Step 103: Generate an electronic ledger based on the carrier attribute data. The electronic ledger records the entire lifecycle trajectory of the classified carrier, which includes the source identifier, the transfer path signature, the encrypted coordinates of the storage location, and the destruction timestamp.

[0092] An electronic ledger is an electronic record-keeping tool used to track the management activities of classified materials in detail, recording their entire lifecycle information, including creation, transfer, storage, and destruction. For example, a database table or log file records all events and responsible parties from document creation to destruction.

[0093] The complete lifecycle trajectory of classified media is the entire historical path of classified media from its creation to its destruction, including key events and attribute changes. For example, the trajectory includes the creation time, circulation record, storage location, and destruction time of a file.

[0094] The source identifier is a unique identifier or signature that indicates the origin of the classified medium, such as the creator or device information. For example, digital signature ID: DOC-001, creator: Zhang San, time: 2023-01-01.

[0095] A file transfer path signature is a digital signature record used to verify the authenticity of the path of a classified document during its transfer process, including the transmitting nodes and the signer. For example, each time a file is transferred, the system adds a signature indicating the transfer path from A to B: Signature: Li Si.

[0096] Encrypted coordinates of storage location are location information protected by encryption technology, representing the storage address of classified media, such as coordinates or paths. For example, AES-encrypted coordinates: server X, coordinates: encrypted string XYZ.

[0097] A destruction timestamp is a time stamp that records the destruction time of classified media, and it usually uses a standard time format. For example, the Unix timestamp destruction time is 1672521600 (corresponding to 2023-01-01, 12:00).

[0098] In some embodiments, carrier attribute data (such as type or location) can be used as input, and the system automatically generates an electronic ledger that records specific elements of the entire lifecycle trajectory of the classified carrier (source identifier, transfer path signature, encrypted coordinates of storage location, and destruction timestamp). Specifically, the system extracts relevant information (such as storage location) from the carrier attribute data, applies encryption or signature technology to generate trajectory elements, and writes them into the ledger database.

[0099] Carrier attribute data provides basic information, which the system processes through a data access layer to create time-series records. Tracking elements ensure the authenticity and confidentiality of the information. For example, if the carrier attribute data is file type: PDF, size: 5MB, the system generates an electronic ledger based on this: first, a source identifier is generated (e.g., source identifier: creator ID-001); when the file is transferred, a transfer path signature is added (e.g., signature: transferred from department A to B, digital signature verification); encrypted coordinates of the storage location are generated based on storage attributes (e.g., encrypted coordinates: AES encrypted GPS location); and a destruction timestamp is recorded upon destruction (e.g., timestamp: the system automatically records the destruction time). The ledger is stored in the carrier information table.

[0100] In some embodiments, generating an electronic ledger based on the carrier attribute data may include: generating a randomly encrypted digital fingerprint based on the carrier's unique identifier, carrier generation time, and encrypted location information in the carrier attribute data; and writing the digital fingerprint and the project's operation log into a blockchain distributed ledger to generate the electronic ledger.

[0101] The carrier attribute data here specifically refers to three subsets: carrier unique identifier, carrier generation time, and encrypted location information.

[0102] The carrier unique identifier is a code that uniquely identifies a classified carrier. It is usually automatically assigned by the system and is used to track the carrier's identity.

[0103] The carrier generation time is the timestamp (including date, hour, minute, and second) of the carrier creation.

[0104] Encrypted location information is encrypted physical / logical storage location data.

[0105] A randomly encrypted digital fingerprint is a unique feature code generated by an encryption algorithm, combined with carrier attributes and a random factor, making it irreversible and tamper-proof. For example, the SHA-256 hash value a1b2c3... (calculated from the identifier, time, location information, and random number).

[0106] In some embodiments, the carrier's unique identifier, generation time, and encrypted location information (e.g., read from a database table field) can be extracted. These three elements are concatenated into a string (e.g., DOC-ID-2023-001|1672521600|AES encrypted coordinates). A random salt value (e.g., a system-generated 8-bit random number) is added, and an encryption algorithm (e.g., SHA-256) is called to generate a hash value as the digital fingerprint.

[0107] The project's operation log is a collection of operational events that record the entire lifecycle of classified materials.

[0108] A blockchain distributed ledger is a decentralized database based on blockchain technology, maintained by multiple nodes, and the data cannot be tampered with after it is written.

[0109] Step 104: Based on the personnel permission data and the supervision and protection triggering strategy, generate a risk warning heat map through the chart designer component.

[0110] The chart designer component is a visualization tool used to create interactive charts, generate heatmaps and other graphs based on data, and supports custom styles and interactions. For example, the chart designer component could be an SDCharts component, where users can select the heatmap type and input data to generate color shades representing risk distribution.

[0111] A risk warning heatmap is a type of chart that uses color variations (such as from green to red) to represent the distribution of risk levels, used to warn of potential confidentiality risks. For example, a heatmap can show risk hotspots in different departments, with high-risk points highlighted in red.

[0112] In some embodiments, a risk warning heatmap can be created using a chart designer component by combining personnel access data (such as user roles) and oversight and safeguard triggering policies (such as risk conditions). Specifically, the system analyzes personnel access data to determine the scope of accessible risk data, and the oversight and safeguard triggering policies provide risk thresholds or rules; the chart designer component takes this data as input and automatically renders the heatmap.

[0113] When data is processed through the business logic layer, the chart designer component calls a visualization library (such as ECharts) to map the data to a heatmap with color coding, thus visualizing the risks. For example, personnel access data allows auditors to view data from all areas, and the monitoring and assurance trigger strategy increments the risk value by 1 when the storage location of the carrier is abnormal. The system uses the SDCharts component to generate a heatmap from the input data: the x-axis represents the department, the y-axis represents time, and the color intensity represents the risk value (e.g., dark red areas represent areas with a high incidence of abnormal storage locations). The chart is displayed at the presentation layer for real-time monitoring.

[0114] Step 105: In response to receiving the project termination instruction, the template designer component generates a standardized confidentiality file based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap, and performs electronic archiving.

[0115] A template designer component is a tool used to create standard document templates (such as Word or Excel formats) and generate documents with a uniform format by configuring parameters. For example, a template designer component could be an SDTemplate component, which allows users to define template fields, and the system can generate a PDF report after populating the data.

[0116] A project termination instruction is a command or signal that indicates the end of a classified project and triggers the archiving process. Examples include a user interface button to terminate a project or an automated system event.

[0117] A standardized confidentiality file is a standardized electronic document that summarizes the entire project lifecycle for traceability and auditing purposes, based on confidentiality file management requirements. For example, a PDF file might include workflow logs, ledger summaries, and risk diagrams.

[0118] Electronic archiving is the process of storing electronic records on a persistent system (such as a database or cloud storage) to ensure long-term preservation and access control. For example, uploading records to a secure server or archiving database.

[0119] In some embodiments, when the system receives a project termination instruction, it uses a template designer component to integrate data from multi-level confidentiality task workflows, electronic ledgers, and risk warning heatmaps to generate a standardized confidentiality file, which is then electronically archived. Specifically, the project termination instruction triggers the archiving process; the template designer component loads a predefined template and fills the template fields with input data (workflow paths, ledger traces, and heatmaps); the system generates an archive file and saves it to the archiving location. Its execution principle includes, upon responding to the instruction, the data access layer retrieves relevant information, the template designer component formats the data, and the archiving process ensures compliant storage.

[0120] For example, after a user clicks the project termination button to send a command, the system uses the SDTemplate component to input multi-level confidential task workflows (such as workflow approval chain summaries), electronic ledgers (such as full lifecycle trajectory lists), and risk warning heatmaps (such as heatmap screenshots) based on Word templates, generate standardized confidential files (such as file number: ARC-001, content: project report PDF), and then performs electronic archiving to store them in a secure database.

[0121] Figure 2 This is a schematic diagram of the process for generating a risk warning heatmap according to an embodiment of this application. In some embodiments, the process may include the following operations: Step 201: Based on the supervision and assurance triggering strategy, construct a three-dimensional security matrix including confidentiality, integrity and availability dimensions.

[0122] The confidentiality dimension is a risk assessment indicator that quantifies the degree of information confidentiality and reflects the risk of unauthorized access.

[0123] The integrity dimension is a risk indicator that quantifies the degree of data integrity, reflecting the risk of tampering or damage.

[0124] Availability is a risk indicator that quantifies service availability and reflects the risk of access disruption.

[0125] The three-dimensional security matrix is ​​a risk matrix composed of three dimensions: confidentiality, integrity, and availability.

[0126] In some embodiments, rules related to the three dimensions can be extracted from the policy: confidentiality rules (such as encryption level requirements), integrity rules (such as verification mechanisms), and availability rules (such as backup policies). The rules are then converted into values ​​in the range [0, 1] and a three-dimensional security matrix is ​​output.

[0127] Step 202: Extract personnel permission vectors based on personnel permission data.

[0128] A personnel permission vector is a set of numerical values ​​that structure permission data and reflects a person's secure operational capabilities. For example, the vector [0.7, 0.5, 0.9] indicates that a user has medium-high confidentiality permissions, medium full operational permissions, and high availability management permissions.

[0129] Step 203: The three-dimensional security matrix and the personnel permission vector are weighted and fused, and a risk warning heat map is generated based on the fusion result using the chart designer component.

[0130] Weighted fusion combines the values ​​of matrices and vectors according to their respective weights to generate a comprehensive risk value. For example, confidentiality dimension has a weight of 40%, personnel confidentiality permissions have a weight of 60%, and a weighted sum is calculated by fusion.

[0131] In some embodiments, each dimension can be fused independently, and the fused value = (matrix value × matrix weight) + (vector value × vector weight), with the weights preset by the strategy (e.g., matrix weight 60%, vector weight 40%).

[0132] In some embodiments, a risk warning heatmap can be generated by mapping the numerical values ​​of a vector to corresponding colors.

[0133] Figure 3 This is a schematic diagram of the process for generating standardized confidential files provided in an embodiment of this application. In some embodiments, the process may include the following operations: Step 301: In response to receiving the project termination instruction, the template designer component generates structured parameters for the archived document based on the multi-level confidentiality task workflow, electronic ledger, and risk warning heatmap.

[0134] The template designer component is a tool for configuring standardized document templates, supporting the binding of dynamic parameters in Word / Excel. For example, a predefined confidential document Word template, containing placeholders such as {{workflow summary}}.

[0135] The structured parameters of archived documents are used to transform input data (workflows, ledgers, heatmaps) into structured key-value pairs that the template can recognize.

[0136] In some embodiments, when the system detects a project termination instruction (e.g., the database status field is updated to terminate), it extracts a critical path summary from the multi-level confidentiality task workflow (e.g., the centralized management approval chain has completed 3 levels of review), extracts a full lifecycle summary of the generated carrier from the electronic ledger (e.g., it has been transferred 5 times and the storage location is compliant), and extracts the highest risk value from the risk warning heatmap (e.g., the peak risk of department A is 0.75). Then, the template designer component maps the data into structured parameters.

[0137] Step 302: Obtain the preset encryption algorithm and use the encryption algorithm to encrypt the structured parameters.

[0138] The preset encryption algorithm is the encryption method pre-configured by the system. For example, the Chinese national standard SM4 or AES-256 algorithm.

[0139] Step 303: Generate a standardized confidential file based on the encrypted structured parameters.

[0140] In some embodiments, encrypted data can be embedded in template placeholders (such as SDTemplate filling ciphertext into a specified location in a Word document), and archive metadata (project number, archive time, etc.) can be added to generate long-term preservation formats such as PDF / A, thereby generating standardized confidential archives.

[0141] Based on the same inventive concept, this application also provides an information management system for the entire project lifecycle, the system comprising: The data acquisition module is used to generate a data collection template for classified projects through the form designer component and to acquire a basic information set of the project; the basic information set of the project includes personnel permission data, carrier attribute data and classified task type data; The process design module is used to construct a multi-level confidential task workflow based on the confidential task type data through the process designer component; the multi-level confidential task workflow includes a confidentiality responsibility allocation path, a centralized management approval chain, and a supervision and protection trigger strategy. An electronic ledger generation module is used to generate an electronic ledger based on the carrier attribute data; the electronic ledger records the entire lifecycle trajectory of the classified carrier, and the entire lifecycle trajectory includes a source identifier, a transfer path signature, encrypted coordinates of the storage location, and a destruction timestamp. The chart design module is used to generate a risk warning heatmap based on the personnel permission data and the supervision and protection triggering strategy through the chart designer component; The template design module is used to respond to a project termination instruction by generating standardized confidentiality files and performing electronic archiving based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap through the template designer component.

[0142] like Figure 4 As shown in the figure, this application provides an electronic device, including a processor 111, a communication interface 112, a memory 113, and a communication bus 114, wherein the processor 111, the communication interface 112, and the memory 113 communicate with each other through the communication bus 114. Memory 113 is used to store computer programs; In one embodiment of this application, when the processor 111 executes the program stored in the memory 113, it implements the method for full-lifecycle information management of projects provided in any of the foregoing method embodiments, including: The form designer component generates a data collection template for classified projects and obtains a basic information set for the project; the basic information set for the project includes personnel permission data, carrier attribute data, and classified task type data. Based on the confidentiality task type data, a multi-level confidentiality task workflow is constructed through the process designer component; the multi-level confidentiality task workflow includes a confidentiality responsibility allocation path, a centralized management approval chain, and a supervision and protection trigger strategy. An electronic ledger is generated based on the carrier attribute data; the electronic ledger records the entire lifecycle trajectory of the classified carrier, and the entire lifecycle trajectory includes the source identifier, the transfer path signature, the encrypted coordinates of the storage location, and the destruction timestamp; Based on the personnel permission data and the supervision and protection triggering strategy, a risk warning heat map is generated through the chart designer component; In response to receiving a project termination instruction, the template designer component generates a standardized confidentiality file based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap, and performs electronic archiving.

[0143] This application also provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements the steps of the information management method for the entire project lifecycle as provided in any of the foregoing method embodiments.

[0144] It should be noted that, in this document, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that includes a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the statement "including a…" does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

[0145] The above description is merely a specific embodiment of the present invention, enabling those skilled in the art to understand or implement the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features claimed herein.

Claims

1. A method for information management throughout the entire project lifecycle, characterized in that, The method includes: The form designer component generates a data collection template for classified projects and obtains a basic information set for the project; the basic information set for the project includes personnel permission data, carrier attribute data, and classified task type data. Based on the confidentiality task type data, a multi-level confidentiality task workflow is constructed through the process designer component; the multi-level confidentiality task workflow includes a confidentiality responsibility allocation path, a centralized management approval chain, and a supervision and protection trigger strategy. An electronic ledger is generated based on the carrier attribute data; the electronic ledger records the entire lifecycle trajectory of the classified carrier, and the entire lifecycle trajectory includes the source identifier, the transfer path signature, the encrypted coordinates of the storage location, and the destruction timestamp; Based on the personnel permission data and the supervision and protection triggering strategy, a risk warning heat map is generated through the chart designer component; In response to receiving a project termination instruction, the template designer component generates a standardized confidentiality file based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap, and performs electronic archiving.

2. The method according to claim 1, characterized in that, The process of constructing a multi-level confidentiality task workflow based on the confidentiality task type data through the process designer component includes: Analyze the topological structure of the confidential task type data to generate a standard process framework; Obtain real-time threat values ​​and determine gateway aggregation modes based on the real-time threat values; the gateway aggregation modes include enabling XOR aggregation mode when the real-time threat value is greater than a preset high-risk threshold, enabling parallel aggregation mode when the real-time threat value is in the medium-risk range, and otherwise enabling multi-path aggregation mode. Based on the standard process framework and the gateway aggregation mode, the multi-level confidentiality task workflow is constructed through the process designer component.

3. The method according to claim 2, characterized in that, The acquisition of real-time threat values ​​includes: Obtain the carrier operation event sequence, and calculate the risk probability distribution of each event based on the carrier operation event sequence; Based on the risk probability distribution and geographic encryption coefficient of each event, the spatiotemporal security entropy value is calculated. The spatiotemporal security entropy value is input into a pre-trained security assessment model, and the output threat mapping result is used as the real-time threat value.

4. The method according to claim 3, characterized in that, The security assessment model was obtained through the following methods: Retrieve historical operation event data and corresponding security event tags; Based on the historical operation event data, extract the feature vector of the spatiotemporal security entropy value; The feature vector is nonlinearly transformed by an activation function to output the predicted threat mapping result. Based on the predicted threat mapping results and the security event labels, a loss function is constructed, and a multi-layer convolutional neural network is trained with minimizing the loss function as the optimization objective to obtain the security assessment model.

5. The method according to claim 4, characterized in that, The step of extracting the feature vector of spatiotemporal security entropy value based on the historical operation event data includes: Historical operation event data is spatiotemporally structured and encoded to generate a structured event table containing timestamps, operation subjects, target objects, and geographical locations; Based on the structured event table, the co-occurrence relationship between each operation behavior and the security event label is statistically analyzed within the sliding time window, and the local risk probability distribution of each spatiotemporal unit is calculated. The Shannon entropy of each spatiotemporal unit is calculated using the local risk probability distribution and organized into a spatiotemporal entropy tensor according to the original spatiotemporal topology; Perform multi-layer convolution operations on the spatiotemporal entropy tensor to output a feature vector of spatiotemporal safe entropy values.

6. The method according to claim 1, characterized in that, The process of generating a risk warning heatmap based on the personnel permission data and the supervision and protection triggering strategy, using a chart designer component, includes: Based on the aforementioned monitoring and protection triggering strategy, a three-dimensional security matrix is ​​constructed, including confidentiality, integrity, and availability dimensions. Extract the personnel permission vector based on the aforementioned personnel permission data; The three-dimensional security matrix and the personnel permission vector are weighted and fused, and the risk warning heat map is generated by the chart designer component based on the fusion result.

7. The method according to claim 1, characterized in that, In response to receiving a project termination instruction, the template designer component generates a standardized confidentiality file based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap, including: In response to receiving the project termination instruction, the template designer component generates structured parameters for the archived document based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap; Obtain a preset encryption algorithm and use the encryption algorithm to encrypt the structured parameters; The standardized confidential file is generated based on the encrypted structured parameters.

8. An information management system for the entire project lifecycle, characterized in that, The system includes: The data acquisition module is used to generate a data collection template for classified projects through the form designer component and to acquire a basic information set of the project; the basic information set of the project includes personnel permission data, carrier attribute data and classified task type data; The process design module is used to construct a multi-level confidential task workflow based on the confidential task type data through the process designer component; the multi-level confidential task workflow includes a confidentiality responsibility allocation path, a centralized management approval chain, and a supervision and protection trigger strategy. An electronic ledger generation module is used to generate an electronic ledger based on the carrier attribute data; the electronic ledger records the entire lifecycle trajectory of the classified carrier, and the entire lifecycle trajectory includes a source identifier, a transfer path signature, encrypted coordinates of the storage location, and a destruction timestamp. The chart design module is used to generate a risk warning heatmap based on the personnel permission data and the supervision and protection triggering strategy through the chart designer component; The template design module is used to respond to a project termination instruction by generating standardized confidentiality files and performing electronic archiving based on the multi-level confidentiality task workflow, the electronic ledger, and the risk warning heatmap through the template designer component.

9. An electronic device, characterized in that, It includes a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus; Memory, used to store computer programs; When a processor executes a program stored in memory, it implements the steps of the information management method for the entire project lifecycle as described in any one of claims 1-7.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the steps of the information management method for the entire project lifecycle as described in any one of claims 1-7.