An internet of things terminal access control method and system with inherent security features
By performing multi-dimensional parsing and time-series anchor binding on encrypted data streams from IoT terminals, and combining heterogeneous parsing and common-mode adjudication with heterogeneous executors, the challenges of trust assessment and threat identification in IoT terminal access control are solved, thereby enhancing network security protection capabilities.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- STATE GRID HENAN INFORMATION & TELECOMM CO
- Filing Date
- 2026-04-17
- Publication Date
- 2026-07-10
AI Technical Summary
Existing IoT terminal access control solutions struggle to achieve continuous, real-time trust assessment and effective monitoring of terminal behavior in complex IoT environments, as well as threat identification and blocking in encrypted data streams. Furthermore, they lack immunity to inherent security vulnerabilities, resulting in inadequate network security protection.
By performing multi-dimensional parsing of the terminal's encrypted data stream, extracting the terminal's physical feature code and handshake frame, generating an anchored ciphertext block sequence, and binding dynamic access policies based on time-series anchor points, heterogeneous parsing and fingerprint generation are performed using multiple heterogeneous executors, and finally synchronous authorization decisions are achieved through sliding window alignment and common-mode adjudication.
It enables continuous, real-time trust assessment and threat identification of IoT terminals, enhances the system's resistance to complex temporal spoofing, and ensures the accuracy of access authorization and the high availability of services.
Smart Images

Figure CN122372279A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of intelligent control, and more specifically, to an IoT terminal access control method and system with inherent security features. Background Technology
[0002] With the deep application of IoT technology in critical infrastructure fields such as smart power and industrial control, massive numbers of IoT terminals have achieved large-scale access through sensing, communication, and computing technologies. Cloud-edge-device collaboration has become the basic architecture supporting core business operations. Because various IoT terminals are widely distributed in complex production sites and carry massive amounts of power data and core control commands, the terminal side has become a primary target for cyberattacks. In this highly competitive environment, building a terminal access control scheme with inherent security features is of significant strategic importance for ensuring the business continuity and data security of new power systems.
[0003] Most existing IoT terminal access control solutions follow traditional perimeter protection approaches, primarily relying on digital certificates for one-time identity verification at the initial stage, supplemented by static access control lists for authorization. However, this model exposes significant technical bottlenecks in practical applications. On the one hand, terminal behavior is difficult to manage; various heterogeneous terminals can obtain fixed permissions after only initial authentication with certificates, and the system cannot continuously and in real-time assess the trust in their behavior and access status after access. On the other hand, the communication protocols and data encryption / decryption methods of IoT terminals differ greatly from traditional web applications, making it difficult for existing perimeter security devices to effectively monitor and block hidden threats in encrypted data streams. Furthermore, traditional defense methods typically focus on external additional protection, often lacking immunity to "infected" operating environments when there are unknown vulnerabilities or backdoors in the hardware and software themselves. When attackers use their first-mover advantage to carry out coordinated tampering or state spoofing, existing architectures struggle to establish a comprehensive business consistency defense, resulting in significant security challenges for IoT networks.
[0004] Therefore, we look forward to an optimized IoT terminal access control method with inherent security features. Summary of the Invention
[0005] To address the aforementioned technical issues, this application provides an IoT terminal access control method and system with inherent security features.
[0006] According to one aspect of this application, an IoT terminal access control method with inherent security features is provided, comprising: S1: The terminal encrypted data stream is captured and parsed to obtain the handshake frame, the terminal physical feature code and the ciphertext payload, and the ciphertext payload is injected into the timing anchor to generate the anchored ciphertext block sequence. The handshake frame and the terminal physical feature code form an identity set. S2: Based on the terminal physical signature code in the identity set and the certificate digest of the handshake frame, device fingerprint comparison and trust score quantification are performed to obtain dynamic access policies; S3: Bind the dynamic access policy to the metadata header of the anchored ciphertext block sequence and perform multiple copies based on the number of heterogeneous executors to generate a policy binding request set; S4: Use multiple heterogeneous executors to perform heterogeneous independent parsing and fingerprint generation on the policy binding request set to obtain the execution fingerprint set; S5: Based on the time-series anchor point, perform sliding window alignment and common-mode adjudication on the execution fingerprint set to obtain synchronous authorization decisions.
[0007] According to another aspect of this application, an IoT terminal access control system with inherent security features is provided, comprising: The data ingestion and identity anchoring module is used to ingest and parse the encrypted data stream of the terminal to obtain the handshake frame, the terminal physical feature code and the ciphertext payload, and inject the ciphertext payload into the timing anchor point to generate the anchored ciphertext block sequence. The handshake frame and the terminal physical feature code form an identity identifier set. The device authentication and policy generation module is used to perform device fingerprint comparison and trust score quantification based on the terminal physical feature code and handshake frame certificate digest in the identity identifier set to obtain dynamic access policies. The policy binding and request replication module is used to bind dynamic access policies to the metadata header of the anchored ciphertext block sequence and perform multiple replications based on the number of heterogeneous executors to generate policy binding request sets. The heterogeneous parsing and fingerprint generation module is used to perform heterogeneous independent parsing and fingerprint generation on the policy binding request set using multiple heterogeneous executors to obtain the execution fingerprint set. The timing alignment and consensus adjudication module is used to perform sliding window alignment and common mode adjudication on the execution fingerprint set based on timing anchors to obtain synchronous authorization decisions.
[0008] Compared with existing technologies, this application provides an IoT terminal access control method and system with inherent security features. It transforms traditional one-time authentication into a trust scoring and policy mapping that evolves in real-time with the security state by jointly extracting physical and digital features from the encrypted terminal stream and injecting temporal anchors. Furthermore, it utilizes policy binding and multi-modal processing of heterogeneous executors to ensure the logical legitimacy of instruction parsing and performs sliding window consensus adjudication based on temporal features. This approach not only overcomes the technical challenges of identifying encrypted traffic and addressing blind spots in terminal behavior control, but also achieves inherent immunity at the architectural level under dissimilar redundancy. It effectively identifies and blocks collaborative tampering and exploitation of unknown vulnerabilities, significantly improving the system's resistance to complex temporal deception and ensuring the accuracy of access authorization and high availability of services in smart IoT scenarios. Attached Figure Description
[0009] The above and other objects, features, and advantages of this application will become more apparent from the more detailed description of the embodiments of this application in conjunction with the accompanying drawings. The drawings are provided to further illustrate the embodiments of this application and form part of the specification. They are used together with the embodiments of this application to explain this application and do not constitute a limitation thereof. In the drawings, the same reference numerals generally represent the same components or steps.
[0010] Figure 1 This is a flowchart of an IoT terminal access control method with inherent security features according to an embodiment of this application; Figure 2 This is a schematic diagram of data flow in an IoT terminal access control method with inherent security features according to an embodiment of this application; Figure 3 This is a flowchart of step S2 in the IoT terminal access control method with inherent security features according to an embodiment of this application; Figure 4 This is a block diagram of an IoT terminal access control system with inherent security features according to an embodiment of this application. Detailed Implementation
[0011] Hereinafter, exemplary embodiments according to this application will be described in detail with reference to the accompanying drawings. Obviously, the described embodiments are merely some embodiments of this application, and not all embodiments of this application. It should be understood that this application is not limited to the exemplary embodiments described herein.
[0012] As indicated in this application and claims, unless the context clearly indicates otherwise, the words "a," "an," "an," and / or "the" are not specifically singular and may include plural forms. Generally speaking, the terms "comprising" and "including" only indicate the inclusion of explicitly identified steps and elements, which do not constitute an exclusive list, and the method or apparatus may also include other steps or elements.
[0013] While this application makes various references to certain modules of the systems according to embodiments of this application, any number of different modules can be used and run on user terminals and / or servers. The modules described are merely illustrative, and different aspects of the systems and methods may use different modules.
[0014] Flowcharts are used in this application to illustrate the operations performed by the system according to embodiments of this application. It should be understood that the preceding or following operations are not necessarily performed in exact order. Instead, various steps can be processed in reverse order or simultaneously as needed. Furthermore, other operations can be added to these processes, or one or more steps can be removed from them.
[0015] The technical solution of this application proposes an IoT terminal access control method with inherent security features. Figure 1 This is a flowchart of an IoT terminal access control method with inherent security features according to an embodiment of this application. Figure 2 This is a system architecture diagram of an IoT terminal access control method with inherent security features according to an embodiment of this application. Figure 1 and Figure 2 As shown, the IoT terminal access control method with inherent security features according to an embodiment of this application includes the following steps: S1, ingesting and parsing the terminal encrypted data stream to obtain a handshake frame, a terminal physical signature, and a ciphertext payload, and injecting the ciphertext payload into a timing anchor to generate an anchored ciphertext block sequence, wherein the handshake frame and the terminal physical signature constitute an identity set; S2, performing device fingerprint comparison and trust score quantification based on the terminal physical signature in the identity set and the certificate digest of the handshake frame to obtain a dynamic access policy; S3, binding the dynamic access policy to the metadata header of the anchored ciphertext block sequence, and performing multiple copies according to the number of heterogeneous executors to generate a policy binding request set; S4, using multiple heterogeneous executors to perform heterogeneous independent parsing and fingerprint generation on the policy binding request set to obtain an execution fingerprint set; S5, based on the timing anchor, performing sliding window alignment and common mode adjudication on the execution fingerprint set to obtain a synchronous authorization decision.
[0016] Specifically, in step S1, the encrypted data stream from the terminal is ingested and parsed to obtain a handshake frame, a terminal physical feature code, and a ciphertext payload. The ciphertext payload is then injected into a time-series anchor point to generate an anchored ciphertext block sequence. The handshake frame and the terminal physical feature code form an identity set. It should be understood that in complex scenarios such as the Internet of Things for smart power, traditional IoT terminal access control relies solely on application-layer certificates or passwords, lacking deep binding between the terminal's physical entity and logical channel. Furthermore, the heterogeneity of encrypted traffic can easily lead to semantic gaps in the adjudication phase. Therefore, in the technical solution of this application, by ingesting the encrypted data stream and extracting multi-dimensional features at the physical and protocol layers, and injecting time-series anchor points into the ciphertext blocks, a spatiotemporal semantic benchmark is provided for subsequently establishing a cross-time-series anchor point business logic consistency defense line.
[0017] In practice, the terminal's encrypted data stream is first analyzed in multiple dimensions to obtain the terminal's physical layer signature, handshake frame, and ciphertext payload. The terminal's encrypted data stream refers to the original encrypted communication stream sent by the terminal under TLS or other encryption protocols. During this process, deep packet inspection and protocol stack analysis techniques are used to accurately extract the hardware address and radio frequency fingerprint information from the underlying link header of the terminal's encrypted data stream, outputting it as the terminal's physical layer signature. Simultaneously, messages containing digital certificates and security negotiation signaling are extracted from the transport layer session establishment phase, outputting them as handshake frames. The application layer encrypted service payload, after removing physical signatures and handshake signaling, is then extracted and output as the ciphertext payload. The final output handshake frame refers to a protocol frame containing identity verification information such as certificates, public keys, and suite negotiation. The terminal's physical signature is a feature identifier that accurately describes the unique physical attributes of the hardware. The ciphertext payload refers to the encrypted data body after stripping the protocol header.
[0018] Next, after extracting the certificate digest and cipher suite identifier from the handshake frame, the cipher suite identifier, certificate digest, and terminal physical layer feature code are concatenated and packaged to obtain an identity identifier set. Specifically, after obtaining the above preliminary parsing results, the certificate digest information and the cipher suite identifier used are further extracted from the handshake frame. Then, the cipher suite identifier, certificate digest, and the previously extracted terminal physical layer feature code are concatenated and format-normalized at the memory level according to a preset secure data structure, thereby obtaining an identity identifier set representing the unique and tamper-proof identity of the terminal.
[0019] Furthermore, after dividing the ciphertext payload into multiple blocks according to the transmission unit boundary, these blocks are injected with timing anchors to obtain an anchored ciphertext block sequence. In this process, firstly, the continuous ciphertext payload is divided into multiple independent ciphertext blocks according to the transmission unit boundary, i.e., the maximum transmission unit or block message boundary of the application layer protocol. For any given ciphertext block, the system first obtains the precise timestamp of the actual arrival at the gateway in real time and synchronously calls the globally monotonically increasing sequence number allocated by the system clock. Then, a preset secure hash function is used to concatenate the binary data payload of the current ciphertext block with the aforementioned arrival timestamp at the byte level, and a hash operation is performed on the concatenated merged data to extract its instantaneous spatiotemporal feature digest. Finally, the obtained hash digest value is XORed with the corresponding monotonically increasing sequence number to calculate and generate a dynamic timing anchor value. Then, after the timing anchor point is calculated, it is injected as a micro-isolation header into the metadata segment header of the corresponding ciphertext block, and the above process is repeated for all blocks. Finally, by combining all blocks carrying anchor headers, a complete anchor ciphertext block sequence is generated.
[0020] Specifically, in S2, a dynamic access policy is obtained by comparing device fingerprints and quantifying trust scores based on the terminal physical feature code in the identity identifier set and the certificate digest of the handshake frame. It should be understood that the assessment of the trust level of IoT terminal behavior is the core criterion for zero-trust authorization decisions. Due to the diverse types of devices in the smart IoT network environment and their vulnerability to physical hijacking or identity forgery, single certificate authentication is insufficient to guarantee the security of the access process. By performing multi-dimensional fusion verification of the terminal's physical layer attributes and protocol layer digital credentials, continuous and real-time control over terminal behavior and access permissions can be achieved. Utilizing artificial intelligence technology closely aligned with application scenarios improves the computational efficiency of the trust assessment strategy, thereby ensuring a balance between security, reliability, and availability in the entire zero-trust architecture.
[0021] Figure 3 This is a flowchart of step S2 in the IoT terminal access control method with inherent security features according to an embodiment of this application. Figure 3 As shown, S2 includes: S21, performing field decomposition on the identity identifier set to obtain the hardware address and radio frequency fingerprint, comparing the hardware address and radio frequency fingerprint with the terminal hardware fingerprint database to obtain the physical trusted state vector, and extracting and encapsulating the certificate digest and encryption suite identifier to generate a digital credential to be verified; S22, performing trust quantification of the fusion environment threat on the physical trusted state vector and the digital credential to be verified to obtain a comprehensive trust quantification score; S23, using the comprehensive trust quantification score as the primary key input to the access control permission management matrix for interval mapping lookup to obtain a dynamic access policy.
[0022] Specifically, in step S21, the identity set is decomposed to obtain the hardware address and RFID fingerprint. The hardware address and RFID fingerprint are compared with the terminal hardware fingerprint database to obtain a physical trust state vector. The certificate digest and encryption suite identifier are extracted and encapsulated to generate a digital credential to be verified. In this process, firstly, the identity set is deeply decomposed according to a preset protocol field structure to accurately extract the hardware address and RFID fingerprint. Next, the extracted hardware address and RFID fingerprint are used as input parameters and compared with the terminal hardware fingerprint database stored internally by quantification of feature entropy values. By evaluating the dispersion and matching degree of physical characteristics, a physical trust state vector representing the legality of the underlying hardware is generated. Simultaneously with the physical layer audit, the system extracts the certificate digest and encryption suite identifier from the identity set and reassembles and encapsulates them according to a standardized credential structure to generate a digital credential to be verified representing the digital identity dimension of the terminal.
[0023] Specifically, in step S22, the trust quantification of the physical trusted state vector and the digital credential to be verified is performed on the integrated environmental threat to obtain a comprehensive trust quantification score. In this process, the public key infrastructure is first invoked to perform chain signature verification and validity period verification on the digital credential to be verified, to obtain a credential trustworthiness assessment value reflecting the digital channel. Simultaneously, the environmental threat index output in real time by the situational awareness platform is acquired via a bypass. Furthermore, in order to accurately describe the dynamic changes in the trust level in a "toxic and pathogenic" environment, a quantification algorithm based on a nonlinear exponential penalty mechanism is used to perform integrated environmental threat trust quantification on the physical trusted state vector and the digital credential to be verified. This process can be expressed by the following formula: in, This is the physical reliability state vector. The norm for solving the Physical Trust Vector. This is the credibility assessment value of the digital voucher to be verified after PKI validation. As an environmental threat index, , and These are the weighting coefficients.
[0024] Specifically, in step S23, the comprehensive trust quantification score is used as the primary key input into the access control permission management matrix for interval mapping lookup to obtain the dynamic access policy. That is, after obtaining the comprehensive trust quantification score, the system uses this score as the retrieval primary key input into the background access control permission management matrix for interval mapping lookup. This matrix is pre-configured with restricted permission sets corresponding to different trust tiers, including the breadth of service interface calls, the depth of data access, and the bandwidth threshold of communication links. Based on the interval thresholds matched by the mapping, the system automatically extracts the corresponding control parameters, ultimately generating and outputting a dynamic access policy with fine-grained control features, providing an authorization benchmark for subsequent parsing of heterogeneous executors.
[0025] Specifically, S3 binds the dynamic access policy to the metadata header of the anchored ciphertext block sequence and performs multiple copies based on the number of heterogeneous executors to generate a policy binding request set. It should be understood that in the "toxic" IoT network environment, a single decision execution path is highly vulnerable to attacks targeting specific software vulnerabilities or logical flaws. By forcibly physically binding the generated dynamic access policy to the ciphertext payload carrying timing information, it is possible to ensure that the security policy flows synchronously with the specific business data stream in the complex network, fundamentally preventing spatiotemporal deviations or unauthorized tampering of policies and data during distribution. Simultaneously, based on the dynamic heterogeneous redundancy principle of mimicry defense, the same access object must be projected to multiple dissimilar execution spaces, i.e., heterogeneous executors. This multiple copying mechanism aims to provide original samples for subsequent independent parsing and common-mode adjudication through spatial redundancy, thereby identifying and blocking unknown threats to a specific architecture, ensuring the high availability and security of system authorization decisions.
[0026] In practice, the dynamic access policy is first serialized into a micro-segmentation control header according to the protocol format. This header is then inserted into the metadata segment header of the anchored ciphertext block sequence to obtain the access request metadata object. During this process, the mimicry scheduling module or policy controller first receives the dynamic access policy generated in the preceding steps. The system serializes the dynamic access policy using a type-length-value mapping mechanism or a bitmap mapping mechanism, based on a pre-defined communication handshake protocol specification. In this process, the system converts the logical rules in the policy, such as the subject permission label, data access granularity, and authorization lifecycle, into a machine-understandable binary byte stream, thus constructing the micro-segmentation control header. Next, the anchored ciphertext block sequence, generated in the preceding steps and infused with temporal bitmap features, is located. The processing engine precisely locates the reserved metadata segment space in this sequence and inserts the micro-segmentation control header into its header position using offset calculation logic. This insertion process is not a simple physical splicing but involves a binding operation involving data structure reconstruction. Subsequently, the overall data object after splicing undergoes integrity calculation using a secure digest function to generate its corresponding atomicity identifier. Finally, this composite data unit, containing fine-grained access control rules and business payloads, is encapsulated and output as an access request meta-object. Through this encapsulation logic, the system ensures a deep binding of control semantics and business payloads at the byte level, resulting in a composite data entity with indivisible verification characteristics.
[0027] Next, the access request meta-object is deeply copied multiple times to obtain a sequence of stateless meta-object replicas. During this process, firstly, the input assignment unit in the mimicry scheduling module monitors the access request meta-objects produced by the preceding processing stages. At this time, the system sends a status probe to the intrinsic security base in real time to query and confirm the total number of heterogeneous executions currently in a healthy and active state, denoted as N. Subsequently, the scheduling node enters the memory preparation phase, dynamically allocating and creating N independent heap spaces of equal size but with non-contiguous physical addresses in the system's input / output isolated memory area based on this value. Then, the deep copy driver of the underlying operating system is invoked. At this point, the processing engine, for each allocated isolated address space, synchronously copies every byte, every nested logical field, and all recursive pointer contents contained in the micro-isolation control header of the access request meta-object bit by bit to the target address. That is, a logically equivalent but physically completely independent memory image is generated for each target heterogeneous execution. Then, the system initiates data synchronization verification based on atomic operations to ensure that each copied replica is completely consistent with the content of the original meta-object at the time of initialization. Finally, these N independent data copies are linked sequentially and encapsulated as a sequence of stateless meta-object copies.
[0028] Then, the system iterates through each replica in the stateless meta-object replica sequence, extracts the network routing label matching the corresponding heterogeneous replica from the active executor addressing table, and appends the routing label to the communication packet header of the corresponding replica to obtain the policy binding request set. In this process, firstly, index variables are initialized, and each stateless replica entity in the stateless meta-object replica sequence is retrieved sequentially. Simultaneously, the scheduling engine calls the system's active executor addressing table, which maintains in real-time the physical identifiers, hardware architecture types, and corresponding network addressing parameters of all online nodes in the current intrinsic security foundation. Next, based on the predetermined heterogeneous execution target of the current replica, a primary key query is performed from the active executor addressing table to accurately extract the network routing label matching that specific heterogeneous replica, such as a specific virtual LAN label, the physical address of the internal high-speed bus, or a path index descriptor in a software-defined network. Then, the processing engine calls the underlying network encapsulation driver, pushing the extracted network routing label as an additional protocol layer onto the outside of the communication packet header of the corresponding stateless meta-object replica. Specifically, for each of the N active heterogeneous replicas, a low-level communication encapsulation function is executed. This encapsulation function logically appends the specific network route label corresponding to the executor to the corresponding stateless meta-object copy, thereby generating a request unit with an independent physical pointer. By traversing from the 1st to the Nth executor (where the value of N is determined by the number of real-time records in the active executor addressing table) and performing a logical union operation on all generated independent request units, the final policy-bound request set is formed.
[0029] Specifically, in step S4, multiple heterogeneous executors are used to perform heterogeneous independent parsing and fingerprint generation on the policy binding request set to obtain an execution fingerprint set. By using multiple execution units with dissimilar underlying architectures to process the same set of policy requests in a physically and logically isolated environment, it can be ensured that even if one of the executors has an unknown vulnerability or backdoor specific to its hardware and software environment and is exploited by an attacker, the attack cannot simultaneously trigger anomalies in all executors or produce consistent erroneous results because the other executors use non-homogeneous implementations. This provides a high-confidence fingerprint sample for subsequent common-mode adjudication and negative feedback cleaning.
[0030] In practice, the policy binding request set is first subjected to independent routing reception and heterogeneous decryption processing to obtain an independent plaintext execution sequence. Specifically, multiple underlying heterogeneous execution entities, which are physically separated or logically isolated, such as nodes based on x86 architecture with a Linux kernel, nodes based on ARM architecture with a domestic Kylin kernel, and nodes based on other dissimilar architectures, monitor the internal communication bus or network plane in real time. They independently route and heterogeneously decrypt the incoming policy binding request set to obtain an independent plaintext execution sequence. During this process, each heterogeneous execution entity extracts its own encrypted message copy from the request set based on its own network routing label, and independently decrypts the block ciphertext using a node-specific, non-same-origin cryptographic computing library (e.g., heterogeneous entity A uses OpenSSL, heterogeneous entity B uses BoringSSL) to recover the business plaintext payload, which is then combined to form an independent plaintext execution sequence.
[0031] Next, policy control logic execution and state capture are performed on the independent plaintext execution sequences to obtain a heterogeneous execution state vector set. During this process, after receiving the decrypted plaintext payload, the application layer processes of each heterogeneous executor independently execute refined business access control logic according to the dynamic access policy pre-bound in the request header. For example, they might execute read operations for smart meters in substations or map circuit breaker tripping instructions. Simultaneously with logic execution, the system uses kernel probes or system call interception tools deployed at the operating system level of each node to capture in real time the underlying execution action status codes generated by the executor when processing each data block carrying a timing anchor, as well as the current memory processing progress offset. Finally, this data reflecting the micro-execution state within the executor is structured and encapsulated, thus outputting a heterogeneous execution state vector set.
[0032] Then, state hashing and fingerprint aggregation are performed on the heterogeneous execution state vector sets to obtain the execution fingerprint set. In this process, for the execution fingerprint generated when the k-th heterogeneous executor processes the i-th data block, the execution action status code captured by the underlying probe is first obtained as the basic feature. Next, the current memory processing progress offset of the executor is appended to the status code in binary byte concatenation. Then, the original time-series anchor bitmap accompanying the data block is concatenated to the end of the sequence, forming a composite feature sequence integrating physical progress, logical actions, and spatiotemporal labels. Then, a preset secure hash function (such as the domestic commercial cryptographic SM3 algorithm or SHA-256 algorithm) is called to perform irreversible compression mapping on this composite byte sequence, outputting a fixed-length encrypted hash value as the execution trajectory fingerprint at that moment. Subsequently, the mimicry component operation and maintenance center collects and aggregates the fingerprints generated by all active heterogeneous executors in a heterogeneous synchronous manner, thereby generating the final execution fingerprint set that can be used for consensus comparison by the multi-mode arbiter.
[0033] Specifically, in step S5, based on time-series anchors, a sliding window alignment and common-mode adjudication are performed on the execution fingerprint set to obtain a synchronous authorization decision. It should be understood that in IoT networks with inherent security features, the heterogeneous backend execution entities employ non-homogeneous hardware architectures, operating systems, and protocol stacks, resulting in physical time differences in processing speed, network I / O response, and task scheduling rhythm for the same policy request. Directly comparing the output fingerprints in this asynchronous state would lead to severe data misalignment due to clock drift and network jitter, resulting in numerous misjudgments. Therefore, in the technical solution of this application, a spatiotemporal correlation is established within the sliding alignment window using time-series anchors, logically mapping the originally discretely distributed heterogeneous execution results on the time axis to a logical equivalent. The majority consensus principle is used to filter out non-consensus deviations caused by vulnerability triggering, malicious tampering, or sudden network interference, thereby generating a high-confidence synchronous authorization decision.
[0034] In the first embodiment of this application, the execution fingerprint set is first asynchronously ingested and buffered via a sliding window to obtain a fingerprint matrix to be aligned within the window. During this process, the system receives execution fingerprints asynchronously reported from each physically isolated execution entity in real time and pushes this fingerprint data into a sliding window buffer with a preset time span. Based on the node identifiers and arrival time sequences of the heterogeneous execution entities, the scheduling engine reassembles the scattered fingerprint data streams in memory space into a structured data array with node IDs as rows and buffer time slots as columns, i.e., the fingerprint matrix to be aligned within the window.
[0035] Next, the fingerprint matrix to be aligned within the window undergoes sequence anchor point extraction and flexible spatial alignment to obtain a spatiotemporally aligned consensus candidate set. During this process, the adjudication logic traverses each tuple in the matrix, precisely locating and extracting the unique temporal anchor point label injected during the data ingestion phase. Then, using this anchor point label as the primary key, the linear constraint of physical time is broken, allowing processing fingerprints that originally arrived at different times but logically target the same original ciphertext block to be searched and aggregated onto the same logical adjudication surface. This flexible alignment mechanism based on anchor point features achieves precise compensation for processing time differences between heterogeneous components, mapping candidate fingerprints with the same anchor point identifier in the matrix to the same spatial dimension, thereby producing a spatiotemporally aligned consensus candidate set.
[0036] Then, a majority consensus decision is made on the spatiotemporal aligned consensus candidate set to obtain the synchronization authorization decision. In this process, firstly, the decision algorithm statistically analyzes the preference frequency of the output fingerprints of all heterogeneous replicas under the same anchor point, and locks the consensus result by finding the feature hash value with the highest frequency. For minority fingerprints that deviate from the consensus (i.e., individual execution trajectories judged as abnormal or tampered), the system automatically removes them and marks the corresponding executor for a cleansing process. Finally, based on the consensus fingerprint reached by the majority, the system extracts the corresponding business instructions, encapsulates them with digital signatures, and generates and outputs the synchronization authorization decision that drives the security agent to execute physical actions.
[0037] However, research has revealed that in the sliding window alignment and common mode adjudication process, although the first embodiment has already used time-series anchors to complete the spatial alignment of the output results of different heterogeneous executors and further adopted majority consensus common mode decision to screen out consensus fingerprints, this processing path is essentially still a local adjudication paradigm with a single anchor point, a single moment, and a single frequency. That is, it only conducts cross-sectional statistics around the candidate fingerprint set under the current time-series anchor point, without incorporating the business state continuity relationship, the causal relationship of control behavior, and the physical laws of equipment operation between adjacent anchor points into the adjudication basis. Therefore, in smart power IoT, industrial control IoT, and continuous process monitoring scenarios, it will expose a relatively obvious judgment blind spot.
[0038] In such scenarios, consecutive data blocks are not independent of each other. The control actions, resource states, or sensor feedback corresponding to the previous anchor point often directly constrain the business meaning of the subsequent anchor point. For example, if the previous anchor point corresponds to a circuit breaker executing a tripping command, the subsequent anchor point should have feedback that the feedback loop has been broken or the load current has dropped to near zero. Similarly, if an anchor point corresponds to a load current of 50 amps, the data of the adjacent anchor point should generally only change within the allowable range of equipment inertia, sampling jitter, and operating condition fluctuations, and should not jump to abnormal values several times higher without transition conditions. The first embodiment does not impose any constraints on this type of cross-anchor point state transition relationship, meaning that as long as an attacker can construct a predominantly frequent forged fingerprint at the current anchor point, even if there is a clear business logic break between this fingerprint and historically confirmed states, it may still be accepted as a legitimate result by the majority of decision paths.
[0039] Especially in scenarios with limited heterogeneous redundancy, such as when two executors in a three-mode architecture are synchronously interfered with or hijacked, attackers can use majority-dominated but logically distorted collaborative outputs to bypass the original arbiter, causing the system to output authorization conclusions that formally meet frequency requirements but substantially violate the laws of business evolution. On the other hand, in complex industrial environments, network jitter, differences in heterogeneous protocol stacks, and incomplete synchronization of executor processing rhythms are common occurrences. If rigid decisions are made solely based on the fingerprint frequency of the current anchor point, some results, although less frequent, but more consistent with historical business chains, will be directly blocked because they are temporarily in the minority. This amplifies the impact of occasional network factors on the judgment results, leading to both false rejections and false approvals. It is evident that the problem with the first embodiment is not whether a majority vote was completed, but rather that the majority vote is based on a statistical perspective of an isolated cross-section, failing to identify the special relationships existing within the same business link, namely, the business state transition dependency relationship across time-series anchor points, the causal constraint relationship between control actions and feedback results, and the smooth evolution relationship of continuous physical quantity changes. This means that although the system has heterogeneous redundancy protection capabilities in the spatial dimension, it has not yet formed a business consistency defense line in the time dimension.
[0040] To address the aforementioned weaknesses, this application proposes an improved mechanism that no longer treats the candidate fingerprints of the current anchor point as isolated discrete samples. Instead, it connects the current anchor point with the previous anchor point into a continuous business state chain, introduces cross-anchor point business logic consistency verification before most consistency decisions, and adopts a dynamic confidence weighting mechanism jointly driven by logical consistency scoring and original frequency during the final decision. This elevates spatial heterogeneous consensus to a composite decision structure that emphasizes both spatial heterogeneous consensus and temporal business consistency.
[0041] Specifically, firstly, confirmed consensus fingerprints of preceding anchor points are extracted from the historical consensus fingerprint sequence. Then, based on these confirmed consensus fingerprints, the legality of business state transitions in the spatiotemporally aligned consensus candidate set is pre-verified to obtain a logical consistency scoring matrix. It should be understood that in a smart IoT control network, the state transition rule base can be composed of control command-feedback state mapping, key process quantity change constraints, equipment action delay windows, and abnormal state transition suppression rules. If a current candidate fingerprint cannot form a rule-permitted transition path with a preceding consensus fingerprint, even if the frequency is high, it will be suppressed from subsequent comprehensive scoring. Therefore, a business logic consistency score is calculated for the relationship between each candidate fingerprint and its preceding consensus fingerprint, considering both whether the state transition belongs to a legal path permitted by the rule base and the similarity between the current candidate and the preceding consensus fingerprint in the fingerprint space. This process can be expressed by the formula: in, This represents the business logic consistency score of the j-th candidate fingerprint under the i-th anchor point relative to the consensus fingerprint of the preceding anchor point, and its value range can be normalized to [0,1]. This represents the j-th candidate fingerprint at the current anchor point; This indicates a consensus fingerprint where the preceding anchor point has been confirmed. Indicates the weight of the legality of state transitions; The legality indicator function is set to 1 when the candidate fingerprint satisfies the business state transition rules relative to the preceding consensus fingerprint, and 0 otherwise. Indicates fingerprint similarity weight; The similarity measure between the candidate fingerprint and the preceding consensus fingerprint can be Hamming distance normalized similarity, cosine similarity, or approximate similarity based on locality-sensitive hashing.
[0042] It is understandable that anomalies in industrial settings do not always manifest as completely different occurrences. Sometimes, they may be frequency-dominant but exhibit non-compliant state transitions. Therefore, it is necessary to incorporate both rigid transfer legitimacy checks and flexible similarity checks, enabling the adjudicator to both intercept malicious results that clearly violate control timing and tolerate minor hash disturbances caused by heterogeneous implementation differences. After this step, the final output is a logical consistency score matrix. This matrix does not directly provide the final decision but serves as a priori constraint for the next round of comprehensive confidence calculation, establishing temporal semantic coordinates for subsequent decisions.
[0043] Secondly, based on the logical consistency scoring matrix, dynamic confidence-weighted frequency statistics are performed on the spatiotemporally aligned consensus candidate set to obtain an enhanced consensus fingerprint. That is, after obtaining the logical consistency scoring matrix, the improved mechanism does not abandon the advantages of the original majority consensus, but retains the original frequency—a core statistic that reflects the degree of spatial consensus among heterogeneous executors—and then adds the logical consistency score with adjustable weights to form an enhanced confidence score. In this way, spatial redundancy remains dominant, while temporal semantic constraints are responsible for correcting majority but unreasonable candidates, ensuring that the final result neither degenerates into pure rule-based judgment nor remains at the level of pure voting.
[0044] Specifically, firstly, for each candidate fingerprint under the current anchor point, its original occurrence frequency is calculated, and then combined with the logical consistency score to form an enhanced confidence score. This process can be expressed by the formula: in, Indicates candidate fingerprints The enhanced confidence score; This indicates the original frequency of occurrence of the candidate fingerprint in the spatiotemporal alignment consensus candidate set corresponding to the current anchor point, i.e., the number of heterogeneous execution entities supporting the fingerprint; This represents the logical consistency amplification factor, used to adjust the strength of the logical score's correction to the final decision; That is, the logical consistency score obtained in the previous step.
[0045] The reason for using multiplicative coupling instead of simple addition is that frequency and logical consistency are not equivalent in terms of adjudication semantics. Frequency reflects how many executors support it, while logical consistency reflects whether this support conforms to the business evolution pattern. Multiplicative coupling allows logical rationality to act as an amplifier or suppressor of spatial consensus, correcting abnormal majoritys without undermining the dominance of frequency. For example, when two candidate fingerprints have similar frequencies, the one with higher logical consistency will naturally win; while even if a candidate has a higher frequency, if it is severely disconnected from the preceding business state, its overall score will be significantly suppressed.
[0046] Subsequently, the fingerprint with the highest enhanced confidence score is selected from all candidate fingerprints as the enhanced consensus fingerprint, denoted as: in, This represents the final enhanced consensus fingerprint of the current i-th anchor point; This represents the candidate fingerprint that maximizes the enhanced confidence score. This represents the set of candidate fingerprints under the current anchor point; This represents the enhanced confidence score for the corresponding candidate fingerprint.
[0047] At this point, the system no longer outputs the most frequently occurring mechanical result, but instead outputs a consensus result that is more reliable in terms of both support for the majority and business continuity. This result can significantly improve the ability to identify collaborative tampering, state spoofing, and time-series frame interpolation attacks.
[0048] Furthermore, the process identifies minority anomalous results in the spatiotemporal aligned consensus candidate set that are inconsistent with the enhanced consensus fingerprint, marks the corresponding heterogeneous executors, and triggers negative feedback cleanup. Uncontaminated plaintext business instructions are then parsed from the enhanced consensus fingerprint and securely encapsulated and digitally signed to generate a synchronization authorization decision. Specifically, after the enhanced consensus fingerprint is determined, subsequent processing continues along the data loop. On one hand, it identifies minority anomalous results that are inconsistent with the enhanced consensus fingerprint and marks the corresponding heterogeneous executors as suspicious, triggering security measures such as negative feedback cleanup, execution weight scheduling, or trust decay to prevent executors deemed anomalous from continuously participating in subsequent decisions. On the other hand, it parses the corresponding uncontaminated plaintext business instructions from the enhanced consensus fingerprint, securely encapsulates and digitally signs them, generates a synchronization access authorization decision, and sends it to the gateway to execute link permission or blocking actions.
[0049] Meanwhile, the enhanced consensus fingerprint formed at the current anchor point is not discarded after this round of judgment, but is added to the historical consensus fingerprint sequence as a prerequisite for the next anchor point to perform business logic consistency verification, thus forming a time-series verification chain that is continuously transmitted across anchor points. In this way, the system can accumulate the trusted state evolution trajectory on the protected business link one anchor point at a time, so that each new access decision is completed on the basis of the confirmed historical context. This not only improves the fitting ability to continuous control scenarios, but also avoids the semantic gap caused by judging each anchor point from scratch. For typical scenarios such as smart grid circuit breaker control, distribution terminal linkage protection, industrial robot motion chain control, and high-value sensor anomaly joint judgment, this processing method can not only filter out occasional minority biases caused by differences in heterogeneous protocol stacks, but also identify those fake consensuses that appear to form a majority but are inconsistent in control flow and physical evolution, thus establishing the gateway-side authorization decision on a more stable, continuous, and harder-to-falsify trusted foundation.
[0050] Specifically, after the aforementioned modifications, the adjudication mechanism has transformed from a planar decision-making system that relied solely on the frequency of the current anchor fingerprint to a three-dimensional decision-making structure that simultaneously utilizes spatial redundancy information and temporal service semantic information. This enables the IoT terminal access control system to achieve higher decision-making accuracy and stronger stability when facing complex on-site network environments and advanced attack behaviors. In a three-mode or multi-mode heterogeneous execution architecture, even if most executors are subject to synchronous interference, as long as their output results cannot form a legitimate transition relationship with historical service states, they cannot directly penetrate the adjudicator based on frequency advantage. This significantly suppresses the majority-dominated path, which was originally easily exploited by coordinated attacks. For continuous control and continuous monitoring scenarios, the historical consensus fingerprint sequence continuously provides preceding service context, allowing the adjudication of each anchor point to be verified by combining the continuity of device state and the smoothness of physical quantity changes. This reduces the probability of misjudgment caused by network jitter, subtle differences in protocol stacks, and time drift, thereby improving the reliability of authorization release and circuit breaker blocking. Meanwhile, a minority of anomalous executors are promptly marked and entered into the negative feedback processing chain after each round of judgment. This reduces the continuous consumption of subsequent adjudication resources by anomalous executors, helping to improve the overall effective utilization rate of the heterogeneous executor set and the stable throughput of the adjudication path. The final synchronous access authorization decision does not merely satisfy the superficial condition of majority support, but simultaneously satisfies the composite trust conditions of historical continuity, reasonable state, rule compliance, and spatial consensus. This makes the entire IoT terminal access control mechanism with inherent security characteristics more suitable for deployment in high-risk environments such as power IoT, industrial control IoT, and critical infrastructure access networks. Without sacrificing system response continuity, it enhances the defense capabilities against unknown threats, collaborative forgery, and business logic deception.
[0051] In summary, the IoT terminal access control method with inherent security features according to the embodiments of this application is explained. It transforms traditional one-time authentication into a trust scoring and policy mapping that evolves in real-time with the security state by jointly extracting physical and digital features from the encrypted terminal stream and injecting temporal anchors. Furthermore, it utilizes policy binding and multi-modal processing of heterogeneous executors to ensure the logical legitimacy of instruction parsing and performs sliding window consensus adjudication based on temporal features. This approach not only overcomes the technical challenges of identifying encrypted traffic and addressing blind spots in terminal behavior control, but also achieves inherent immunity under dissimilar redundancy at the architectural level. It effectively identifies and blocks collaborative tampering and exploitation of unknown vulnerabilities, significantly improving the system's resistance to complex temporal deception and ensuring the accuracy of access authorization and high availability of services in smart IoT scenarios.
[0052] Furthermore, an IoT terminal access control system with inherent security features is also provided.
[0053] Figure 4 This is a block diagram of an IoT terminal access control system with inherent security features according to an embodiment of this application. Figure 4 As shown, the IoT terminal access control system 300 with inherent security features according to an embodiment of this application includes: a data ingestion and identity anchoring module 310, used to ingest and parse the encrypted data stream of the terminal to obtain a handshake frame, a terminal physical feature code, and a ciphertext payload, and inject the ciphertext payload into a timing anchor point to generate an anchored ciphertext block sequence, wherein the handshake frame and the terminal physical feature code constitute an identity identifier set; and a device authentication and policy generation module 320, used to perform device fingerprint comparison and trust score based on the terminal physical feature code in the identity identifier set and the certificate digest of the handshake frame. The system quantizes to obtain a dynamic access policy; a policy binding and request replication module 330 binds the dynamic access policy to the metadata header of the anchored ciphertext block sequence and performs multiple replications based on the number of heterogeneous executors to generate a policy binding request set; a heterogeneous parsing and fingerprint generation module 340 uses multiple heterogeneous executors to perform heterogeneous independent parsing and fingerprint generation on the policy binding request set to obtain an execution fingerprint set; and a timing alignment and consensus adjudication module 350 performs sliding window alignment and consensus adjudication on the execution fingerprint set based on timing anchors to obtain a synchronous authorization decision.
[0054] As described above, the IoT terminal access control system 300 with inherent security features according to the embodiments of this application can be implemented in various wireless terminals, such as servers with IoT terminal access control algorithms having inherent security features. In one possible implementation, the IoT terminal access control system 300 with inherent security features according to the embodiments of this application can be integrated into the wireless terminal as a software module and / or a hardware module. For example, the IoT terminal access control system 300 with inherent security features can be a software module in the operating system of the wireless terminal, or it can be an application developed for the wireless terminal; of course, the IoT terminal access control system 300 with inherent security features can also be one of many hardware modules of the wireless terminal.
[0055] Alternatively, in another example, the IoT terminal access control system 300 with inherent security features and the wireless terminal can also be separate devices, and the IoT terminal access control system 300 with inherent security features can be connected to the wireless terminal via wired and / or wireless networks, and transmit interactive information in accordance with an agreed data format.
[0056] The various embodiments of this disclosure have been described above. These descriptions are exemplary and not exhaustive, nor are they limited to the disclosed embodiments. Many modifications and variations will be apparent to those skilled in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen to best explain the principles, practical application, or improvement of the technology in the market, or to enable others skilled in the art to understand the embodiments disclosed herein.
Claims
1. A method for access control of IoT terminals with inherent security features, characterized in that, include: S1: The terminal encrypted data stream is captured and parsed to obtain the handshake frame, the terminal physical feature code and the ciphertext payload, and the ciphertext payload is injected into the timing anchor to generate the anchored ciphertext block sequence. The handshake frame and the terminal physical feature code form an identity set. S2: Based on the terminal physical signature code in the identity set and the certificate digest of the handshake frame, device fingerprint comparison and trust score quantification are performed to obtain dynamic access policies; S3: Bind the dynamic access policy to the metadata header of the anchored ciphertext block sequence and perform multiple copies based on the number of heterogeneous executors to generate a policy binding request set; S4: Use multiple heterogeneous executors to perform heterogeneous independent parsing and fingerprint generation on the policy binding request set to obtain the execution fingerprint set; S5: Based on the time-series anchor point, perform sliding window alignment and common-mode adjudication on the execution fingerprint set to obtain synchronous authorization decisions.
2. The IoT terminal access control method with inherent security features according to claim 1, characterized in that, Step S1 includes: Multidimensional analysis of the terminal encrypted data stream is performed to obtain the terminal physical layer signature, handshake frame, and ciphertext payload; After extracting the certificate digest and cipher suite identifier from the handshake frame, the cipher suite identifier, certificate digest and terminal physical layer feature code are concatenated and packaged to obtain the identity identifier set; After dividing the ciphertext payload into multiple blocks according to the transmission unit boundary, these blocks are injected into timing anchors to obtain the anchored ciphertext block sequence.
3. The IoT terminal access control method with inherent security features according to claim 1, characterized in that, Step S2 includes: The identity set is decomposed to obtain the hardware address and radio frequency fingerprint. The hardware address and radio frequency fingerprint are compared with the terminal hardware fingerprint database to obtain the physical trusted state vector. The certificate digest and encryption suite identifier are extracted and encapsulated to generate the digital credential to be verified. The trust quantification of the physical trust state vector and the digital credential to be verified is performed on the environmental threat to obtain a comprehensive trust quantification score; The comprehensive trust quantification score is used as the primary key input into the access control permission management matrix to perform range mapping lookup to obtain the dynamic access policy.
4. The IoT terminal access control method with inherent security features according to claim 3, characterized in that, The trust quantification of the physical trusted state vector and the digital credential to be verified is performed on the integrated environmental threat to obtain a comprehensive trust quantification score. This includes: using the following formula to perform the integrated environmental threat trust quantification on the physical trusted state vector and the digital credential to be verified: in, This is the physical reliability state vector. The norm for solving the Physical Trust Vector. This is the credibility assessment value of the digital voucher to be verified after PKI validation. As an environmental threat index, , and These are the weighting coefficients.
5. The IoT terminal access control method with inherent security features according to claim 1, characterized in that, Step S3 includes: The dynamic access policy is serialized into a micro-segmentation control header according to the protocol format. The micro-segmentation control header is inserted into the metadata segment header of the anchored ciphertext block sequence to obtain the access request meta-object. Perform multiple deep copies of the access request meta object to obtain a sequence of stateless meta object copies; Traverse each replica in the stateless meta-object replica sequence, extract the network route label matching the corresponding heterogeneous replica from the active executor addressing table, and append the route label to the communication packet header of the corresponding replica to obtain the policy binding request set.
6. The IoT terminal access control method with inherent security features according to claim 1, characterized in that, Step S4 includes: Independent routing and heterogeneous decryption processing are performed on the policy binding request set to obtain an independent plaintext execution sequence; Perform policy control logic execution and state capture on independent plaintext execution sequences to obtain a heterogeneous execution state vector set; A state hash operation and fingerprint set aggregation are performed on the heterogeneous execution state vector set to obtain the execution fingerprint set.
7. The IoT terminal access control method with inherent security features according to claim 1, characterized in that, Step S5 includes: Asynchronous fingerprint acquisition and sliding window buffering are performed on the execution fingerprint set to obtain the fingerprint matrix to be aligned within the window; Sequence anchor point extraction and flexible spatial alignment are performed on the fingerprint matrix to be aligned within the window to obtain a spatiotemporal alignment consensus candidate set. A majority consensus decision is made on the spatiotemporal alignment consensus candidate set to obtain a synchronous authorization decision.
8. The IoT terminal access control method with inherent security features according to claim 1, characterized in that, A majority consensus decision is made on the spatiotemporal alignment consensus candidate set to obtain a synchronization authorization decision, including: Extract the confirmed consensus fingerprint of the preceding anchor point from the historical consensus fingerprint sequence, and perform business state transition legality pre-verification on the spatiotemporal aligned consensus candidate set based on the confirmed consensus fingerprint of the preceding anchor point to obtain the logical consistency scoring matrix. Based on the logical consistency scoring matrix, dynamic confidence weighted frequency statistics are performed on the spatiotemporal aligned consensus candidate set to obtain an enhanced consensus fingerprint. Identify minority anomalous results in the spatiotemporally aligned consensus candidate set that are inconsistent with the enhanced consensus fingerprint and mark the corresponding heterogeneous executors to trigger negative feedback cleaning. Extract uncontaminated plaintext business instructions from the enhanced consensus fingerprint and perform secure encapsulation and digital signature to generate synchronous authorization decisions.
9. An IoT terminal access control system with inherent security features, characterized in that, include: The data ingestion and identity anchoring module is used to ingest and parse the encrypted data stream of the terminal to obtain the handshake frame, the terminal physical feature code and the ciphertext payload, and inject the ciphertext payload into the timing anchor point to generate the anchored ciphertext block sequence. The handshake frame and the terminal physical feature code form an identity identifier set. The device authentication and policy generation module is used to perform device fingerprint comparison and trust score quantification based on the terminal physical feature code and handshake frame certificate digest in the identity identifier set to obtain dynamic access policies. The policy binding and request replication module is used to bind dynamic access policies to the metadata header of the anchored ciphertext block sequence and perform multiple replications based on the number of heterogeneous executors to generate policy binding request sets. The heterogeneous parsing and fingerprint generation module is used to perform heterogeneous independent parsing and fingerprint generation on the policy binding request set using multiple heterogeneous executors to obtain the execution fingerprint set. The timing alignment and consensus adjudication module is used to perform sliding window alignment and common mode adjudication on the execution fingerprint set based on timing anchors to obtain synchronous authorization decisions.