Remote security control system based on computer data
The remote security control system, which uses multi-dimensional identity authentication and instruction integrity verification, solves the problems of single security mechanisms and easy tampering of communication links in existing technologies, and achieves more efficient and reliable remote security control.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- 北京优信新星科技有限公司
- Filing Date
- 2026-05-20
- Publication Date
- 2026-07-03
AI Technical Summary
Existing remote control systems suffer from problems such as a single security mechanism, easy interception and tampering of communication links, and a lack of multi-layered security protection, resulting in low security control efficiency.
It adopts a multi-layered security mechanism that includes multi-dimensional identity authentication, digital certificate verification, key negotiation, and instruction integrity verification. It generates dynamic session keys through biometric, token, and hardware authentication factor verification, and uses whitelist similarity thresholds and hash check values to verify the integrity and matching of control instructions.
It improves the efficiency of remote security control, accurately identifies illegal operations, reduces false negative rates, minimizes misjudgments, and enhances the security and reliability of the system.
Smart Images

Figure CN122339825A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of network security technology in telecommunications, and in particular to a remote security control system based on computer data. Background Technology
[0002] With the continuous development of network communication technology and the widespread adoption of the Internet of Things (IoT), remote control systems are increasingly used in various scenarios such as industrial automation, smart homes, and unattended equipment management. Users can send control commands from geographically distant locations via computer networks or mobile communication networks to operate and manage remote target devices. This control method greatly improves the flexibility and efficiency of equipment management, but it also brings numerous security risks.
[0003] In existing remote control systems, control commands are typically transmitted over public networks in plaintext or with simple encryption, making them highly vulnerable to network eavesdropping and command tampering attacks. Once an attacker intercepts and breaks the communication link, they can forge control commands and send them to the controlled device, causing equipment malfunctions, system paralysis, or even security incidents. For example, in industrial control scenarios, unauthorized control commands may lead to production line shutdowns or equipment damage; in smart home scenarios, malicious attackers may illegally enter a residence by intercepting unlocking commands.
[0004] While existing remote security control systems employ authentication and data encryption to some extent, they still suffer from the following technical shortcomings: First, most systems only perform authentication once when the communication link is established, lacking continuous security monitoring and authorization mechanisms throughout the communication process, making it impossible to promptly detect and block abnormal behavior during the session. Second, the encryption keys in existing systems are usually fixed or have long update cycles. Once the keys are leaked, attackers can illegally control the device for a considerable period, resulting in extremely high security costs. Third, there is a lack of effective mechanisms for verifying the integrity of control commands and preventing replay attacks. Attackers can intercept and repeatedly send legitimate commands to achieve illegal control. Fourth, communication between the control end and the controlled device is mostly one-way authentication, and the controlled device cannot actively verify the legitimate identity of the control end. Fifth, there is a lack of traceable logging and auditing functions for the entire control operation process, making it difficult to trace the source of the attack and the responsible party after a security incident.
[0005] Chinese Patent Publication No. CN101923654A discloses an ultra-high frequency (UHF) reader / writer, comprising an MCU processor module, a SAM security module, an authentication and encryption / decryption module, a radio frequency (RF) read / write module, and a computer communication module. The authentication and encryption / decryption module is connected to both the MCU processor module and the computer communication module, and is used for mutual authentication between the reader / writer and the computer, decryption of encrypted data sent from the computer to the reader / writer, and encryption of data sent by the reader / writer in response to the computer. The SAM security module is connected to the MCU processor module and is used to store multiple sets of keys for different users; these keys are used for mutual authentication and data encryption / decryption between the reader / writer and the computer.
[0006] It is evident that existing technologies suffer from the following problems: the security mechanisms in remote control are simplistic, communication links are easily intercepted and tampered with, and there is a lack of multi-layered security protection, resulting in low efficiency of remote security control. Summary of the Invention
[0007] Therefore, the present invention provides a remote security control system based on computer data to overcome the problems of low efficiency in remote control due to the single security mechanism, easy interception and tampering of communication links, and lack of multi-layer security protection in the prior art.
[0008] To achieve the above objectives, the present invention provides a remote security control system based on computer data, comprising: The identity authentication unit is used to verify the user's identity in multiple dimensions before establishing a remote control connection. The user's identity includes biometric authentication factors, token authentication factors, and hardware authentication factors. A digital certificate verification unit, which is connected to the identity authentication unit and is set in the security authentication server, is used to establish a secure control channel between the control end and the controlled end when the multi-dimensional verification is passed and the signature verification based on the security authentication server is passed. A key negotiation unit, which is connected to the digital certificate verification unit, is used to generate a session key based on a shared secret value generated by a key exchange algorithm and a dynamic state factor generated based on the current operating status parameters and timestamp of the controlled end when a secure control channel is established. The verification unit, which is connected to the key negotiation unit, is used to decrypt the control command generated by the user operation based on the session key, and verify the matching result and the integrity of the control command based on the similarity threshold with the whitelist and the preset bit error rate of the hash verification value of the decrypted command, and execute the control command based on the integrity and matching result. An analysis unit, connected to the verification unit, is used to determine the remote security control status based on the deviation of the operation behavior and a preset deviation, and to adjust the similarity threshold or the preset deviation based on the remote security control status. The deviation of the operation behavior is determined based on the instruction sending frequency and instruction type sequence. The analysis unit is also used to adjust the preset bit error rate based on the remote security control status.
[0009] Furthermore, the identity authentication unit includes a biometric feature acquisition module, a dynamic token verification module, and a device hardware fingerprint recognition module; the biometric feature acquisition module is used to generate a biometric authentication factor by acquiring the user's biometric feature data; the dynamic token verification module is used to generate a token authentication factor by generating a dynamic password based on the dynamic token corresponding to the valid time window of the received user input and the time synchronization mechanism of the security server; the device hardware fingerprint recognition module is used to generate a hardware authentication factor by reading the hardware feature code of the control terminal device.
[0010] Furthermore, the analysis unit is also used to obtain the instruction type sequence anomaly rate when the remote security control status is unqualified; the analysis unit is also used to adjust the similarity threshold based on the ratio of the instruction type sequence anomaly rate to the first preset anomaly rate when the instruction type sequence anomaly rate is greater than the first preset anomaly rate; the analysis unit is also used to adjust the preset deviation based on the difference between the second preset anomaly rate and the instruction type sequence anomaly rate when the instruction type sequence anomaly rate is less than or equal to the second preset anomaly rate; wherein, when the deviation of the operation behavior is greater than the preset deviation, it is determined that the remote security control status is unqualified, and the second preset anomaly rate is less than the first preset anomaly rate.
[0011] Furthermore, the analysis unit is also used to increase the similarity threshold based on the ratio of the instruction type sequence anomaly rate to the first preset anomaly rate, and the increase in the similarity threshold is proportional to the ratio.
[0012] Furthermore, the analysis unit is also used to increase the preset deviation based on the difference between the second preset anomaly rate and the instruction type sequence anomaly rate, and the increase in the preset deviation is proportional to the difference.
[0013] Furthermore, the analysis unit is also used to obtain hash verification failure rates corresponding to multiple preset durations when the remote security control status is unqualified after adjusting the similarity threshold or the preset deviation, or when the instruction type sequence anomaly rate is greater than the second preset anomaly rate and less than or equal to the first preset anomaly rate; the analysis unit is also used to calculate the average value of each hash verification failure rate, and when the average value is greater than the preset failure rate, adjust the preset bit error rate based on the difference between the average value and the preset failure rate; the analysis unit is also used to discard the instruction and issue an alarm message when the average value is less than or equal to the preset failure rate.
[0014] Furthermore, the analysis unit is also used to increase the preset bit error rate based on the difference between the average value and the preset failure rate, and the increase in the preset bit error rate is proportional to the difference.
[0015] Furthermore, the analysis unit is also used to repeatedly adjust the preset bit error rate based on the difference between the average value and the preset failure rate when the remote security control status is unqualified after adjusting the preset bit error rate; the analysis unit is also used to count the number of adjustments during the repeated adjustment process, and when the number of adjustments equals the preset number and the remote security control status is unqualified, obtain the average time difference and network round-trip delay between the control end and the controlled end when the multi-dimensional verification is passed.
[0016] Furthermore, the analysis unit is also used to determine the time representation value based on the absolute value of the network round-trip delay and the average time difference; the analysis unit is also used to adjust the effective time window based on the ratio of the time representation value to the preset time representation value when the time representation value is greater than the preset time representation value; the analysis unit is also used to discard the instruction and issue an alarm message when the time representation value is less than or equal to the preset time representation value.
[0017] Furthermore, the analysis unit is also used to increase the effective time window based on the ratio of the time representation value to the preset time representation value, and the increase in the effective time window is proportional to the ratio.
[0018] Compared with existing technologies, the advantages of this invention are as follows: This invention performs multi-factor authentication (biometrics, token, and hardware) on the user before connection establishment using an identity authentication unit; and establishes a secure control channel between the control end and the controlled end after successful authentication and server signature verification using a digital certificate verification unit; generates a session key by using a shared secret value generated by a key exchange algorithm through a key negotiation unit, combined with a generated dynamic state factor; decrypts control commands based on this session key through a verification unit, and verifies the command matching and integrity according to a whitelist similarity threshold and a preset bit error rate of the hash check value; executes the command after successful verification; finally, determines the remote security control status based on the deviation of the operation behavior, and adjusts the similarity threshold, preset deviation, or preset bit error rate accordingly. This invention improves the efficiency of remote security control.
[0019] Furthermore, the present invention generates authentication factors based on the biometric feature acquisition module, dynamic token verification module and device hardware fingerprint recognition module in the identity authentication unit, which can more accurately verify the user's identity in multiple dimensions, thereby further improving the efficiency of remote security control.
[0020] Furthermore, this invention determines the reasons for unqualified remote security control status based on instruction type sequence anomaly rate, which can more effectively determine the reasons for unqualified remote security control status, thereby enabling more effective adjustment of relevant parameters and further improving remote security control efficiency.
[0021] Furthermore, this invention adjusts the similarity threshold based on the ratio of the instruction type sequence anomaly rate to the preset anomaly rate, which can force control instructions to be executed only if they are almost completely identical to the legal entries in the whitelist. This effectively filters out semantically similar but unauthorized variant instructions, reduces the false negative rate, and further improves the efficiency of remote security control.
[0022] Furthermore, the present invention increases the preset deviation based on the difference between the second preset anomaly rate and the instruction type sequence anomaly rate, which can further avoid normal operation behavior being misjudged as deviating from the safety baseline due to the deviation threshold being set too low, thereby triggering an unsafe state and further improving the efficiency of remote safety control.
[0023] Furthermore, this invention determines the reason for the failure of the remote security control status based on the average of the hash verification failure rates corresponding to multiple preset durations. This allows for a more accurate determination of the cause of the failure, enabling more effective adjustment of subsequent parameters and further improving the efficiency of remote security control.
[0024] Furthermore, the present invention increases the preset bit error rate based on the difference between the average value and the preset failure rate, which can further reduce the situation where a large number of legitimate instructions with very small transmission noise are misjudged due to the preset bit error rate being set too low, thereby further improving the efficiency of remote security control.
[0025] Furthermore, the present invention repeatedly adjusts the preset bit error rate based on the difference between the average value and the preset failure rate, and obtains relevant parameters based on the adjusted remote security control status. This enables the invention to more effectively determine the reasons for the failure of the remote security control status based on multiple operations, thereby further improving the efficiency of remote security control.
[0026] Furthermore, this invention determines the cause of unqualified remote security control status based on the time characterization value determined by the absolute value of network round-trip delay and average time difference. This can more effectively determine the cause of unqualified remote security control status, thereby more effectively adjusting subsequent parameters and further improving the efficiency of remote security control.
[0027] Furthermore, the present invention increases the effective time window based on the ratio of the time representation value to the preset time representation value, which can further accommodate network transmission jitter, clock deviation and routing delay within the normal range, thereby further reducing the token expiration misjudgment rate caused by legitimate delay, and further reducing session interruption and duplicate authentication, thereby further improving the efficiency of remote security control. Attached Figure Description
[0028] Figure 1 This is a schematic diagram of the structure of a remote security control system based on computer data according to an embodiment of the present invention; Figure 2 This is a flowchart illustrating the steps of a remote security control method based on computer data according to an embodiment of the present invention. Figure 3 This is a flowchart illustrating the steps of determining the remote safety control status based on the comparison result between the deviation of the operation behavior and the preset deviation in an embodiment of the present invention. Figure 4 This is a flowchart illustrating the steps of determining the remote security control status based on adjusting the preset position error rate, according to an embodiment of the present invention. Detailed Implementation
[0029] To make the objectives and advantages of the present invention clearer, the present invention will be further described below with reference to embodiments; it should be understood that the specific embodiments described herein are merely for explaining the present invention and are not intended to limit the present invention.
[0030] Preferred embodiments of the present invention will now be described with reference to the accompanying drawings. Those skilled in the art should understand that these embodiments are merely illustrative of the technical principles of the present invention and are not intended to limit the scope of protection of the present invention.
[0031] It should be noted that, in the description of this invention, unless otherwise explicitly specified and limited, the terms "installation," "connection," and "linking" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; and they can refer to the internal connection of two components. Those skilled in the art can understand the specific meaning of the above terms in this invention according to the specific circumstances.
[0032] Please see Figure 1 The diagram shown illustrates the structure of a remote security control system based on computer data according to an embodiment of the present invention. This embodiment provides a remote security control system based on computer data, comprising an identity authentication unit, a digital certificate verification unit, a key negotiation unit, a verification unit, and an analysis unit.
[0033] The identity authentication unit is used to verify the user's identity in multiple dimensions before establishing a remote control connection. The user's identity includes biometric authentication factors, token authentication factors, and hardware authentication factors. The digital certificate verification unit is connected to the identity authentication unit and is set in the security authentication server. It is used to establish a secure control channel between the control end and the controlled end when the multi-dimensional verification is passed and the signature verification based on the security authentication server is passed. The key negotiation unit is connected to the digital certificate verification unit. It is used to generate a session key based on the shared secret value generated by the key exchange algorithm and the dynamic state factor generated based on the current running status parameters and timestamp of the controlled end when a secure control channel is established. The verification unit is connected to the key negotiation unit. It is used to decrypt the control command generated by the user operation based on the session key, and verify the matching result and the integrity of the control command based on the similarity threshold with the whitelist and the preset bit error rate of the hash verification value of the decrypted command. It also executes the control command based on the integrity and matching result. The analysis unit is connected to the verification unit and is used to determine the remote security control status based on the deviation of the operation behavior and the preset deviation, and to adjust the similarity threshold or the preset deviation based on the remote security control status. The deviation of the operation behavior is determined based on the instruction sending frequency and the instruction type sequence anomaly rate. The analysis unit is also used to adjust the preset bit error rate based on the remote security control status.
[0034] Specifically, the three authentication factors in the identity authentication unit are verified independently, and a remote control request is only allowed if all three pass. If any one factor fails to verify, the control request is terminated.
[0035] Specifically, the digital certificate verification unit is also used to sign and verify the corresponding digital certificate with a private key in response to different verification requests when a remote control session is established. This includes signing and verifying the first digital certificate received by the controlled terminal with a private key when the security authentication server receives a first digital certificate verification request initiated by the controlled terminal, and signing and verifying the second digital certificate received by the control terminal with a private key when the security authentication server receives a second digital certificate verification request initiated by the control terminal.
[0036] Specifically, the key negotiation unit generates the session key as follows: the control end generates a first private key and a first public key, and the controlled end generates a second private key and a second public key. After exchanging public keys, both parties calculate a shared secret value. Simultaneously, the current operating status parameters of the controlled end are collected, including CPU utilization, memory usage, network traffic, and continuous runtime. These operating status parameters are combined with a timestamp and a dynamic status factor is generated using a hash algorithm. Finally, the session key is generated by combining the shared secret value and the dynamic status factor through XOR and hash operations. When a preset time period threshold is reached or a preset trigger condition is detected, the session key is updated, and the key negotiation process is re-executed to generate a new session key.
[0037] Specifically, upon receiving a control command encrypted with the session key, the verification unit first decrypts the ciphertext using the negotiated session key to restore the original control command and its accompanying hash checksum. Next, the verification unit performs a dual check: firstly, it calculates the similarity between the decrypted command content and a pre-stored whitelist. If the similarity is greater than or equal to a preset similarity threshold, the match is successful; otherwise, the command is deemed unauthorized. Secondly, it re-hashes the decrypted command content and compares the result bit-by-bit with the hash checksum attached to the command, calculating the bit error rate. If this bit error rate is less than a preset bit error rate, the integrity verification is successful; otherwise, the command is considered tampered with during transmission. Only when both whitelist matching and control command integrity verifications are successful is the control command submitted to the execution module on the controlled end for execution.
[0038] Specifically, the process of calculating the deviation of operational behavior in the analysis unit is as follows: First, the system establishes a baseline of the user's historical behavior, including the distribution of command sending frequency per unit time under normal conditions and a Markov chain model of command type sequences. In the current remote control session, the system statistically analyzes the command sending frequency deviation and abnormal values of command type sequences in real time. The command sending frequency deviation *f* is the relative deviation between the average command sending frequency of the current session and the historical baseline frequency, i.e. In the formula, For the current frequency, This is the historical average. The historical standard deviation is denoted as ; the instruction type sequence anomaly rate m is calculated by comparing the currently occurring consecutive instruction type sequences with the historical Markov model, and statistically analyzing the proportion of instruction pairs that do not conform to the normal transition probability out of the total number of instruction pairs. Then, the above two indicators are multiplied by preset weighting coefficients and summed to obtain the original deviation score. Finally, the original deviation score is normalized to the [0,1] interval to form the operational behavior deviation degree.
[0039] Specifically, in the current session, whenever a user sends a new command, the system combines it with the previous command to form a command pair and looks up the historical probability of this command pair in the command type transition matrix built by the system based on historical normal operation data. If this probability is lower than a preset normal transition threshold, the command pair is determined to be "not in accordance with normal transition".
[0040] Please see Figure 2 The diagram shown is a flowchart illustrating the steps of a remote security control method based on computer data according to an embodiment of the present invention. The specific steps of the remote security control method based on computer data are as follows: S1 verifies the user's identity in multiple dimensions before establishing a remote control connection through the identity authentication unit. The user's identity includes biometric authentication factors, token authentication factors, and hardware authentication factors. S2, when the digital certificate verification unit connected to the identity authentication unit and set in the security authentication server passes multi-dimensional verification and signature verification based on the security authentication server, a secure control channel is established between the control end and the controlled end. S3, under the condition of establishing a secure control channel, the key negotiation unit connected to the digital certificate verification unit generates a session key based on the shared secret value generated by the key exchange algorithm and the dynamic state factor generated based on the current running status parameters and timestamp of the controlled end; S4, the verification unit connected to the key negotiation unit decrypts the control command generated by the user operation based on the session key, and verifies the matching result and the integrity of the control command based on the similarity threshold with the whitelist and the preset bit error rate of the hash verification value of the decrypted command, and executes the control command based on the integrity and matching result; S5, the analysis unit connected to the verification unit determines the remote security control status based on the deviation of the operation behavior and the preset deviation, and adjusts the similarity threshold or the preset deviation based on the remote security control status, wherein the deviation of the operation behavior is determined based on the instruction sending frequency and the instruction type sequence anomaly rate; the analysis unit is also used to adjust the preset bit error rate based on the remote security control status.
[0041] Please see Figure 3As shown, it is a flowchart of the steps for determining the remote safety control status based on the comparison result of the deviation of the operation behavior and the preset deviation in an embodiment of the present invention.
[0042] Specifically, based on the hardware performance limits of the communication system between the control end and the controlled end, the fault tolerance requirements in the actual remote control environment, and some historical data obtained by statistics and analysis in historical remote control sessions, the corresponding preset parameters or critical parameters are set accordingly.
[0043] Specifically, in the preferred embodiment of the present invention, the preset deviation L0 is 0.86. The comparison process between the operational behavior deviation L and the preset deviation L0 is as follows: If the deviation L of the operation behavior is less than or equal to the preset deviation L0, then the remote safety control status is determined to be qualified. If the deviation L of the operation behavior is greater than the preset deviation L0, then the remote safety control status is determined to be unqualified.
[0044] Specifically, when the remote security control status is unqualified, the anomaly rate of the instruction type sequence is obtained. If the anomaly rate of the instruction type sequence is greater than a first preset anomaly rate, it indicates that a large number of instruction types in the current session are inconsistent with the user's historical behavior patterns. This usually means that there is malicious instruction injection or illegal operation attempts. At this time, increasing the similarity threshold of the whitelist matching can force the control instruction to be almost completely consistent with the legitimate entries in the whitelist before it can be executed. This effectively filters out those semantically similar but unauthorized variant instructions, reduces the false negative rate, and, given that the attack behavior has been identified through behavioral anomalies, the strictness of instruction matching is tightened to block suspected illegal control flow and prevent the device from performing dangerous operations. At the same time, since the anomaly rate is already high, appropriately increasing the threshold will not significantly worsen the pass rate of normal users. Therefore, the similarity threshold is adjusted based on the ratio of the instruction type sequence anomaly rate to the first preset anomaly rate.
[0045] Specifically, the first preset anomaly rate is set based on statistical analysis of the anomaly rate of command type sequences in a large number of historical normal remote control sessions. This is achieved through offline calculation of operation records of legitimate users at different times and under different network environments. Simultaneously, the first preset anomaly rate is set considering the processing capabilities of the controlled terminal hardware and real-time response requirements. Therefore, the general range for the first preset anomaly rate is [4.2%, 5.8%], and thus, a preferred embodiment of this invention uses 5%.
[0046] Specifically, in this embodiment of the invention, a preset ratio P0 = 1.2 is set between the instruction type sequence anomaly rate and the first preset anomaly rate. The process of setting the preset ratio P and the preset ratio P0 based on the instruction type sequence anomaly rate and the first preset anomaly rate is as follows: If the preset ratio P of the instruction type sequence abnormality rate to the first preset abnormality rate is less than or equal to the preset ratio P0, then the similarity threshold is adjusted to 1.15 times the original similarity threshold, wherein the adjusted similarity threshold is retained to two decimal places. If the preset ratio P of the instruction type sequence abnormality rate to the first preset abnormality rate is greater than the preset ratio P0, then the similarity threshold is adjusted to 1.53 times the original similarity threshold, wherein the adjusted similarity threshold is retained to two decimal places. Specifically, the above multiples are determined based on a comprehensive analysis of historical experience and experimental data to identify the corresponding values that yielded the best results.
[0047] Specifically, if the abnormality rate of the instruction type sequence is less than or equal to the second preset abnormality rate, it indicates that the actual control instruction sequence issued by the user is highly consistent with the expected normal behavior pattern, and there is no abnormal or malicious operation trajectory. If the system still determines that the remote security control status is unqualified, that is, because the deviation threshold is set too low, normal operation behavior is misjudged as deviating from the safety baseline, thereby triggering an unsafe state, the preset deviation is adjusted based on the difference between the second preset abnormality rate and the abnormality rate of the instruction type sequence.
[0048] Specifically, the process of setting the second preset anomaly rate involves the system collecting operation logs of normal users at different times and under different network conditions, calculating the anomaly rate of the instruction type sequence for each session, plotting its probability density distribution curve, selecting the 90th percentile of the statistical distribution as the base value, and then rounding it up appropriately while leaving a reasonable tolerance to set the second preset anomaly rate. Therefore, the general selection range for the second preset anomaly rate is [0.89%, 1.11%], and thus, the preferred embodiment of the present invention is 1%.
[0049] Specifically, in this embodiment of the invention, a preset difference Q0 = 0.1% is set between the second preset anomaly rate and the instruction type sequence anomaly rate. The comparison process based on the difference Q between the second preset anomaly rate and the instruction type sequence anomaly rate and the preset difference Q0 is as follows: If the difference Q between the second preset anomaly rate and the instruction type sequence anomaly rate is less than or equal to the preset difference Q0, then the preset deviation is adjusted to 1.04 times the original preset deviation, wherein the adjusted preset deviation is rounded up. If the difference Q between the second preset anomaly rate and the instruction type sequence anomaly rate is greater than the preset difference Q0, then the preset deviation is adjusted to 1.09 times the original preset deviation, wherein the adjusted preset deviation is rounded up. Specifically, the above multiples are determined based on a comprehensive analysis of historical experience and experimental data to identify the corresponding values that yielded the best results.
[0050] Specifically, if the remote security control status is unqualified after adjusting the similarity threshold or the preset deviation, or if the instruction type sequence anomaly rate is greater than the second preset anomaly rate and less than or equal to the first preset anomaly rate, the hash verification failure rate corresponding to multiple preset durations is obtained; the average value of each hash verification failure rate is calculated. If the average value is greater than the preset failure rate, it indicates that under normal network conditions and without attacks, if the hash verification failure rate continuously exceeds the preset failure rate, that is, more than 3 out of 20 consecutive instructions are discarded due to hash mismatch, it indicates that the preset bit error rate is set too low, causing a large number of legitimate instructions with minimal transmission noise to be misjudged as incomplete. The preset bit error rate is then adjusted based on the difference between the average value and the preset failure rate. If the average value is less than or equal to the preset failure rate, the instructions are discarded and an alarm message is issued.
[0051] Specifically, the process of setting the preset failure rate is as follows: Under conditions of no attack and normal network environment, the system collects a large number of control commands from the complete process of sending and receiving, calculates the hash verification result for each command, counts the failure rate in each session, and plots its distribution curve. Based on the distribution result, an initial preset failure rate is determined, and considering the occasional bit error margin under the hardware performance limit, the initial preset failure rate is adjusted to determine the final preset failure rate. Therefore, the general selection range of the preset failure rate is [0.4%, 0.6%], and thus, the preferred embodiment of the present invention is 0.5%.
[0052] Specifically, in this embodiment of the invention, a preset difference R0 = 0.05% is set between the average value and the preset failure rate. The comparison process between the difference R0 and the preset failure rate is as follows: If the difference R between the average value and the preset failure rate is less than or equal to the preset difference R0, the preset position error rate will be adjusted to 1.17 times the original preset position error rate. The adjusted preset position error rate will be retained to two decimal places. If the difference R between the average value and the preset failure rate is greater than the preset difference R0, the preset position error rate will be adjusted to 1.36 times the original preset position error rate. The adjusted preset position error rate will be retained to two decimal places. Specifically, the above multiples are determined based on a comprehensive analysis of historical experience and experimental data to identify the corresponding values that yielded the best results.
[0053] Please see Figure 4 The diagram shown is a flowchart illustrating the steps of determining the remote security control status based on adjusting the preset position error rate in an embodiment of the present invention.
[0054] Specifically, if the remote security control status fails after adjusting the preset bit error rate, the preset bit error rate is repeatedly adjusted based on the difference between the average value and the preset failure rate. During this repeated adjustment, the number of adjustments is counted. If the number of adjustments equals the preset number and the remote security control status fails, the average time difference and network round-trip latency between the control end and the controlled end are obtained when multi-dimensional verification passes. A time characterization value is determined based on the absolute values of the network round-trip latency and the average time difference. If the time characterization value is greater than the preset time characterization value, it indicates that the network round-trip latency between the control end and the controlled end is... The absolute value of the delay and the average time difference together determine the actual total delay from token generation to verification. If this time representation value is greater than the preset security tolerance, it means that the currently set valid time window for the token is too narrow and cannot cover normal legitimate fluctuations caused by network jitter, clock drift, or transmission delay. This will frequently result in the token expiring before reaching the controlled end, causing verification failure and misjudging the security status as unqualified. In this case, the valid time window is adjusted based on the ratio of the time representation value to the preset time representation value. If the time representation value is less than or equal to the preset time representation value, the instruction is discarded and an alarm message is issued.
[0055] Specifically, the time representation value is the sum of the absolute value of the average time difference and the network round-trip delay.
[0056] Specifically, the process of setting the preset time representation value involves collecting the network round-trip delay between the control end and the controlled end, as well as the absolute value of the average time difference between the two system times, and calculating the time representation value for each verification. Under normal network conditions and clock synchronization, the preset time representation value is set by fitting the distribution of a large number of successful verification samples, taking into account potential network jitter, cumulative clock crystal drift, and hardware processing overhead in the actual environment, and adding a reasonable margin to the upper limit of the normal distribution. Therefore, the general range for the preset time representation value is [200ms, 300ms], and thus, the preferred embodiment of the present invention is 250ms.
[0057] Specifically, in this embodiment of the invention, a preset ratio T0 = 1.15 is set between the time representation value and the preset time representation value. The comparison process between the ratio T0 and the preset time representation value is as follows: If the ratio T of the time representation value to the preset time representation value is less than or equal to the preset ratio T0, the effective time window will be adjusted to 1.2 times the original effective time window, where the adjusted effective time window will be rounded up. If the ratio T of the time representation value to the preset time representation value is greater than the preset ratio T0, the effective time window will be adjusted to 1.83 times the original effective time window, where the adjusted effective time window will be rounded up. Specifically, the above multiples are determined based on a comprehensive analysis of historical experience and experimental data to identify the corresponding values that yielded the best results.
[0058] The technical solution of the present invention has been described above with reference to the preferred embodiments shown in the accompanying drawings. However, it will be readily understood by those skilled in the art that the scope of protection of the present invention is obviously not limited to these specific embodiments. Without departing from the principles of the present invention, those skilled in the art can make equivalent changes or substitutions to the relevant technical features, and the technical solutions after these changes or substitutions will all fall within the scope of protection of the present invention.
[0059] The above description is merely a preferred embodiment of the present invention and is not intended to limit the invention. Various modifications and variations can be made to the present invention by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.
Claims
1. A remote security control system based on computer data, characterized in that, include: The identity authentication unit is used to verify the user's identity in multiple dimensions before establishing a remote control connection. The user's identity includes biometric authentication factors, token authentication factors, and hardware authentication factors. A digital certificate verification unit, which is connected to the identity authentication unit and is set in the security authentication server, is used to establish a secure control channel between the control end and the controlled end when the multi-dimensional verification is passed and the signature verification based on the security authentication server is passed. A key negotiation unit, which is connected to the digital certificate verification unit, is used to generate a session key based on a shared secret value generated by a key exchange algorithm and a dynamic state factor generated based on the current operating status parameters and timestamp of the controlled end when a secure control channel is established. The verification unit, which is connected to the key negotiation unit, is used to decrypt the control command generated by the user operation based on the session key, and verify the matching result and the integrity of the control command based on the similarity threshold with the whitelist and the preset bit error rate of the hash verification value of the decrypted command, and execute the control command based on the integrity and matching result. An analysis unit, connected to the verification unit, is used to determine the remote security control status based on the deviation of the operation behavior and a preset deviation, and to adjust the similarity threshold or the preset deviation based on the remote security control status. The deviation of the operation behavior is determined based on the deviation value of the instruction sending frequency and the abnormal rate of the instruction type sequence. The analysis unit is also used to adjust the preset bit error rate based on the remote security control status.
2. The remote security control system based on computer data according to claim 1, characterized in that, The identity authentication unit includes a biometric feature acquisition module, a dynamic token verification module, and a device hardware fingerprint recognition module; The biometric data acquisition module is used to generate biometric authentication factors based on the collected biometric data of the user. The dynamic token verification module is used to generate a token authentication factor based on the dynamic token corresponding to the valid time window of the received user input and the dynamic password generated by the time synchronization mechanism of the security server. The device hardware fingerprint recognition module is used to generate a hardware authentication factor by reading the hardware feature code of the control terminal device.
3. The remote security control system based on computer data according to claim 2, characterized in that, The analysis unit is also used to obtain the instruction type sequence anomaly rate when the remote security control status is unqualified; The analysis unit is also used to adjust the similarity threshold based on the ratio of the instruction type sequence anomaly rate to the first preset anomaly rate when the instruction type sequence anomaly rate is greater than the first preset anomaly rate. The analysis unit is also used to adjust the preset deviation based on the difference between the second preset deviation rate and the instruction type sequence deviation rate when the instruction type sequence anomaly rate is less than or equal to the second preset anomaly rate. Specifically, if the deviation of the operation behavior is greater than the preset deviation, the remote security control status is determined to be unqualified, and the second preset anomaly rate is less than the first preset anomaly rate.
4. The remote security control system based on computer data according to claim 3, characterized in that, The analysis unit is also used to increase the similarity threshold based on the ratio of the instruction type sequence anomaly rate to the first preset anomaly rate, and the increase in the similarity threshold is proportional to the ratio.
5. The remote security control system based on computer data according to claim 4, characterized in that, The analysis unit is also used to increase the preset deviation based on the difference between the second preset anomaly rate and the instruction type sequence anomaly rate, and the increase in the preset deviation is proportional to the difference.
6. The remote security control system based on computer data according to claim 5, characterized in that, The analysis unit is also used to obtain hash verification failure rates corresponding to multiple preset durations when the remote security control status is unqualified after adjusting the similarity threshold or the preset deviation, or when the instruction type sequence abnormality rate is greater than the second preset abnormality rate and less than or equal to the first preset abnormality rate. The analysis unit is also used to calculate the average failure rate of each hash check, and when the average failure rate is greater than the preset failure rate, adjust the preset bit error rate based on the difference between the average failure rate and the preset failure rate. The analysis unit is also used to discard instructions and issue alarm information when the average value is less than or equal to a preset failure rate.
7. The remote security control system based on computer data according to claim 6, characterized in that, The analysis unit is also used to increase the preset bit error rate based on the difference between the average value and the preset failure rate, and the increase in the preset bit error rate is proportional to the difference.
8. The remote security control system based on computer data according to claim 7, characterized in that, The analysis unit is also used to repeatedly adjust the preset bit error rate based on the difference between the average value and the preset failure rate when the remote security control status is unqualified after adjusting the preset bit error rate. The analysis unit is also used to count the number of adjustments during repeated adjustments, and when the number of adjustments equals the preset number and the remote safety control status is unqualified, to obtain the average time difference and network round-trip latency between the control end and the controlled end when the multi-dimensional verification is passed.
9. The remote security control system based on computer data according to claim 8, characterized in that, The analysis unit is also used to determine time characterization values based on the absolute values of network round-trip delay and average time difference; The analysis unit is also used to adjust the effective time window based on the ratio of the time representation value to the preset time representation value when the time representation value is greater than the preset time representation value. The analysis unit is also used to discard the instruction and issue an alarm message when the time representation value is less than or equal to the preset time representation value.
10. The remote security control system based on computer data according to claim 9, characterized in that, The analysis unit is also used to increase the effective time window based on the ratio of the time representation value to the preset time representation value, and the increase in the effective time window is proportional to the ratio.